2.exe

First submission 2022-07-30 13:00:39

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
File type: 11663.13 KB (11943048 bytes)
Compile time: 2022-07-27 18:12:35
MD5: 3e3f0dd72ecf94cc8078e8961d119d39
SHA1: 9b7f36e856a976917cbe3154183d2d3fe461060d
SHA256: 004b48a76dd25d7ad2536235dd209a84ad3b1f4a34909b709da815b053432344
Import Hash : b38b405c4538963d693f13eb70227ff9
Sections 12 .text .data .rdata .eh_fram .pdata .xdata .bss .idata .CRT .tls .rsrc .reloc
Directories 4 import resource tls relocation
Virus Total: 37/71 VT report date: 2022-08-01 23:43:41

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 3

URL Host (FQDN/IP) Date Added
hXXp://repo.ark-event.net/downloads/svchosts.exe VirusTotal Report repo.ark-event.net VirusTotal Report 2022-07-30 13:00:39
hXXp://38.242.218.245/2.exe VirusTotal Report 38.242.218.245 VirusTotal Report 2022-07-31 16:16:09
hXXp://38.242.143.87/2.exe VirusTotal Report 38.242.143.87 VirusTotal Report 2022-08-02 21:36:10

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1c318 115712 0eda73f20df487672f8669a88473dbfdfdbb8134 6614d9657efcfbebd812deffc9cfbb12
.data 0x1e000 0x120 512 ab8d8afe5d84ef3c33b19d5e89b9e91a4a45f8e0 0d9c9077a46c5eb96498c4b49a6f9b94
.rdata 0x1f000 0x2b90 11264 5c61883eaef7bc0792e6bf8613eb39ac9b89cf94 faf9f93afe66da60f22a462b8aaa44e9
.eh_fram 0x22000 0x4 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.pdata 0x23000 0x7f8 2048 d55d59460b912dcd1973fff0535ced8b9ed9d6d8 f69b6028e4b3592deb33ee23f346ba2d
.xdata 0x24000 0x9d0 2560 b80ad1e6de7f654bbefec5c34fc701efd4007b73 969217a4cc1e72d0bbb39810907cbb72
.bss 0x25000 0xfc80 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x35000 0xc90 3584 65603ab0a05e16fd64d9b48310bc5163dca0b768 2ae483d8f9c88086997525b020d04ffd
.CRT 0x36000 0x60 512 6c78a8310235cde096ebc21de9dec13a09e8391d 2c3672d0f6857994d569172123f60bee
.tls 0x37000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x38000 0x398 1024 a6f695aafb0bfff52e0ce8bb7f21be2a2faf6b69 fd6bcc90beb36f5a92c3ec6c96072957
.reloc 0x39000 0x98 512 0030a91e4fca87c64ed64358fcb6ce9adbf6dbf8 0f3e0d846f3ddf68e523e803f944b10c

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x38058 829

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
SHELL32.dll
KERNEL32.dll
libgcc_s_dw2-1.dll
imagehlp.dll
MSVCRT.dll

Import functions