DigitalSide Threat Intel

7f3c2473d1e6.exe

First submission 2024-10-15 13:00:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 624.04 KB (639016 bytes)
Compile time: 2024-10-14 18:39:29
MD5: 3d8c2fb9d4272ae0a835faa7715132ef
SHA1: b1a01340c98ec2c4654773c1a034897c16fa21c6
SHA256: 28b2ac088b804ab3e059a37134602c92f4f87010b650252f61cad73422827918
Import Hash : 5569ec101333623476b6cdb226005b45
Sections 4 .text .rdata .data .reloc
Directories 5 import debug tls relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 43/77 VT report date: 2024-10-15 09:33:02
Malware Type 1 trojan
Threat Type 3 lazy pwsx stealc

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://assets.gziraq.com/css/7f3c2473d1e6.exe VirusTotal Report assets.gziraq.com VirusTotal Report 2024-10-15 13:00:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x28799 165888 221a7d8ade1d5b84d7b0427b4beeac93bb152a2a 9bb731a80e731aa5421e42123222decb
.rdata 0x2a000 0xc3b2 50176 3274afd5b61cd7d4e72a0d528a825fc4174a14da c4327b542cc934cdc4ec42bad10c107b
.data 0x37000 0x63338 402432 776f45c61714dc96d3604cd5994e4bc2b17e676d e60c2ce0d6f2bee63e2a2c5e96128a2f
.reloc 0x9b000 0x2420 9728 0e9d98aeaf8198d24a8a8563ae54209c2f40edc5 98dd90b5433b9b20700dfd0bd18856bf

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
7cd905d59ba4f31c082c2e2bfd88980f 7f1b1df25765fde2a6305fe2fe1ce76edfbe0529 9768 629248

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Strings analysis - Possible URLs found 15

http://www.entrust.net/rpa03
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://crl.entrust.net/2048ca.crl0
http://www.digicert.com/CPS0
https://www.entrust.net/rpa0
http://ocsp.entrust.net02
http://ocsp.entrust.net03
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl.entrust.net/ts1ca.crl0
http://ocsp.digicert.com0\
http://aia.entrust.net/ts1-chain256.cer01
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

Import functions

Function Address Souspicious Anti Debug
CloseHandle 0x42a000
FreeConsole 0x42a004
ReleaseSRWLockExclusive 0x42a008
AcquireSRWLockExclusive 0x42a00c
WakeAllConditionVariable 0x42a010
SleepConditionVariableSRW 0x42a014
IsProcessorFeaturePresent 0x42a018
IsDebuggerPresent 0x42a01c
UnhandledExceptionFilter 0x42a020
SetUnhandledExceptionFilter 0x42a024
GetStartupInfoW 0x42a028
GetModuleHandleW 0x42a02c
QueryPerformanceCounter 0x42a030
GetCurrentProcessId 0x42a034
GetCurrentThreadId 0x42a038
GetSystemTimeAsFileTime 0x42a03c
InitializeSListHead 0x42a040
GetCurrentProcess 0x42a044
TerminateProcess 0x42a048
WideCharToMultiByte 0x42a04c
GetStringTypeW 0x42a050
MultiByteToWideChar 0x42a054
RaiseException 0x42a058
TryAcquireSRWLockExclusive 0x42a05c
GetLastError 0x42a060
FreeLibraryWhenCallbackReturns 0x42a064
CreateThreadpoolWork 0x42a068
SubmitThreadpoolWork 0x42a06c
CloseThreadpoolWork 0x42a070
GetModuleHandleExW 0x42a074
InitOnceBeginInitialize 0x42a078
InitOnceComplete 0x42a07c
EncodePointer 0x42a080
DecodePointer 0x42a084
EnterCriticalSection 0x42a088
LeaveCriticalSection 0x42a08c
InitializeCriticalSectionEx 0x42a090
DeleteCriticalSection 0x42a094
LCMapStringEx 0x42a098
GetProcAddress 0x42a09c
GetCPInfo 0x42a0a0
CreateFileW 0x42a0a4
RtlUnwind 0x42a0a8
SetLastError 0x42a0ac
InitializeCriticalSectionAndSpinCount 0x42a0b0
TlsAlloc 0x42a0b4
TlsGetValue 0x42a0b8
TlsSetValue 0x42a0bc
TlsFree 0x42a0c0
FreeLibrary 0x42a0c4
LoadLibraryExW 0x42a0c8
ExitProcess 0x42a0cc
GetModuleFileNameW 0x42a0d0
GetStdHandle 0x42a0d4
WriteFile 0x42a0d8
GetCommandLineA 0x42a0dc
GetCommandLineW 0x42a0e0
HeapAlloc 0x42a0e4
HeapFree 0x42a0e8
CompareStringW 0x42a0ec
LCMapStringW 0x42a0f0
GetLocaleInfoW 0x42a0f4
IsValidLocale 0x42a0f8
GetUserDefaultLCID 0x42a0fc
EnumSystemLocalesW 0x42a100
GetFileType 0x42a104
FindClose 0x42a108
FindFirstFileExW 0x42a10c
FindNextFileW 0x42a110
IsValidCodePage 0x42a114
GetACP 0x42a118
GetOEMCP 0x42a11c
GetEnvironmentStringsW 0x42a120
FreeEnvironmentStringsW 0x42a124
SetEnvironmentVariableW 0x42a128
GetProcessHeap 0x42a12c
SetStdHandle 0x42a130
GetFileSizeEx 0x42a134
SetFilePointerEx 0x42a138
FlushFileBuffers 0x42a13c
GetConsoleOutputCP 0x42a140
GetConsoleMode 0x42a144
ReadFile 0x42a148
HeapReAlloc 0x42a14c
HeapSize 0x42a150
ReadConsoleW 0x42a154
WriteConsoleW 0x42a158

Related files by ImpHash 3 5569ec101333623476b6cdb226005b45

Name Latest seen MD5
63e909b3647d.exe 2024-10-15 06:42:02 a3c8303513d8123153c8c368ed72d8ee
d74f5005fa82.exe 2024-10-15 12:58:02 97205cf6d2ee23dd42eeea47c32edd53
f2e7fcb20146.exe 2024-10-15 12:59:02 52d72533b757da622a9d7c76abd8b70d