bucha.exe

First submission 2024-02-08 03:22:04

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 2258.0 KB (2312192 bytes)
Compile time: 2024-02-06 18:33:24
MD5: 3e9650a7b961e437db222dfb746e2be9
SHA1: 72e69dab7c5bfc6a4740667b65a712e48ba1bf0b
SHA256: 244f83eb73141f35b9b4e44d10cc285a66af6f06ecac378e446ed3f6f3ad9ba1
Import Hash : 2eabe9054cad5152567f0699947a2c5b
Sections 7 .rsrc .idata rjiotglt kgqggrdk .taggant
Directories 3 import resource relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://apexmia.com/icons/bucha.exe VirusTotal Report apexmia.com VirusTotal Report 2024-02-08 03:22:04

PE Sections 6 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x136000 585728 8eb91990e990cbfa02ec38c139ed9e538d9d3428 375481e72f365a98226fbb135fa5f1e0
.rsrc 0x137000 0x4390 4608 d027ee40f6ab2112fc23a8667f751b86708d9db1 50941d68a7763f3f3a548487597aae33
.idata 0x13c000 0x1000 512 75fe5948b5af5a23fd6ab94dbe7bb656318b389f 6b601ab8b353fc8e280a8942b2550963
0x13d000 0x2b6000 512 701a8962145adeb38eed52ef59e08d3347aa4e04 e7745fff4fca4e0192049c3accb9afc6
rjiotglt 0x3f3000 0x1a1000 1707008 90c663d22af96940ee2d0ffc9866951214ff8007 5f9069cb3d5b9179170677ec3d31aef4
kgqggrdk 0x594000 0x1000 1024 cfd62f0e8b4d857753223436e975afcd43157bbd 9b8c06346e34bf02732d55d427cade61
.taggant 0x595000 0x3000 8704 df198d9f6af67f8f1fe4d649d05215dc11195187 95df50ef62e9635088897cfec78ecd66

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x590dc8 9640
RT_GROUP_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x593370 48
RT_VERSION LANG_RUSSIAN SUBLANG_RUSSIAN 0x5933a0 664
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x59391e 381

Meta infos 8

LegalCopyright: (c) 2019
InternalName: RiotClient.exe
FileVersion: 70.0.0.247
FileDescription: Riot Client
Translation: 0x0409 0x04b0
ProductName: RiotClient
OriginalFilename: RiotClientServices.exe
ProductVersion: 70.0.0.247

Anti debug functions 1

VMware trick

Strings analysis - File found

Library
KERNEL32.dll

Strings analysis - Possible IPs found 1

70.0.0.247

Import functions

Name Latest seen MD5
dota.exe 2024-02-06 05:06:03 9e4d39ed30534cc58a95507c99370a47
amert.exe 2024-02-06 06:41:03 a3cd3871ba24037d9aba6b0b053cf34a
rega.exe 2024-02-07 02:02:02 43836f75d5662bc72af946abefe786ce
ladas.exe 2024-02-08 07:03:03 2fae8d32357ed07bf6a6b216f376f867
hunta.exe 2024-02-09 12:02:02 094c7deac7308ea0c8e656efae033a64
hunta.exe 2024-02-10 13:41:02 48bd66cb49e7451cbdb078e2698a1290
micro.exe 2024-02-10 15:22:02 bfcbce795272ae853a343628bd213390
loster.exe 2024-02-11 00:01:02 62888e93e8a9b835451bd3371d4b5218