DigitalSide Threat Intel

mar2.exe

First submission 2023-09-17 02:33:06

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 5319.0 KB (5446656 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 3bffffda1e470fede020d005d03929da
SHA1: 42bffdd24aa6e60b3b0807ff2aa5d321c9e3d9c6
SHA256: 4c4e0c61380662adc756d147f9c51ead1d3a6913f49510eae2766270b778f427
Import Hash : a9c887a4f18a3fede2cc29ceea138ed3
Sections 4 .text .rdata .bss .rsrc
Directories 2 import resource
Virus Total: 51/71 VT report date: 2023-09-17 00:30:03

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://lightyearsaheads.com/mar2.exe VirusTotal Report lightyearsaheads.com VirusTotal Report 2023-09-17 02:33:06

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x640 2048 4add7ec68b07c0ec51ad45be10a5f0db8e4350b1 85121a8ee4dc5dd86837644728593ff5
.rdata 0x2000 0x530a23 5442560 9ef108a160652a1ded747ba1597426a429d1aa4b 469de7b3b7365c6da83e399d384c03f1
.bss 0x533000 0x4 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x534000 0x2f8 1024 679056b2c6310f2bf1e6fdaba34b9cbaa86bdd56 2172a89a6451a8dd87cab8a779e1724d

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x534058 667

Strings analysis - File found

Database
mN.Db
Library
MSVCRT.dll
KERNEL32.dll
SHELL32.dll

Strings analysis - Possible IPs found 1

9.6.1.2

Strings analysis - Possible URLs found 1

http://www.w3.org/2001/XMLSchema-instance

Import functions

Function Address Souspicious Anti Debug
ShellExecuteA 0x9328b8
Function Address Souspicious Anti Debug
SetUnhandledExceptionFilter 0x9328c0
Function Address Souspicious Anti Debug
malloc 0x932870
memset 0x932874
strcmp 0x932878
strcpy 0x93287c
getenv 0x932880
sprintf 0x932884
fopen 0x932888
fwrite 0x93288c
fclose 0x932890
__argc 0x932894
__argv 0x932898
_environ 0x93289c
_XcptFilter 0x9328a0
__set_app_type 0x9328a4
_controlfp 0x9328a8
__getmainargs 0x9328ac
exit 0x9328b0

Related files by ImpHash 8 a9c887a4f18a3fede2cc29ceea138ed3

Name Latest seen MD5
nigguy_1.exe 2023-05-27 03:55:02 25344f4f54ec2afff00c28ca9c2a1818
wowo2.exe 2023-08-28 00:41:04 61d0c8c6e860f92b549c3f0b0412be53
rock.exe 2023-08-28 00:46:02 1d4913e1a16b1f61d67eb7b8de501714
super.exe 2023-08-28 02:46:03 5bf6b19fd947c3fef6a8cc3555b2f18d
rockas.exe 2023-09-01 17:52:03 98628dba1be12d83b13f1b2bd25d85b6
ummaa.exe 2023-09-01 22:07:02 58bc43389c3e720c0af4ff563d5ed7ce
soso.exe 2023-09-02 07:39:03 6dc87042689e8ee4fcf2ad4978251c44
rockss.exe 2023-09-18 07:13:02 b32d5a382373d7df0c1fec9f15f0724a