DigitalSide Threat Intel

foto5445.exe

First submission 2023-09-13 10:55:03

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1014.5 KB (1038848 bytes)
Compile time: 2023-09-13 10:54:39
MD5: 3ee86d1734ad1891b99c7fdeb5382960
SHA1: 5c1885eec4b79d73c45c48d0358cc5938cede4b3
SHA256: 72fc33e337d34f54fc45bfa285846aa269cf1be05acb6e56a9b380d7817b20c8
Import Hash : 29c8b785823d6c11cf3aae5ebbb5f0e6
Sections 6 .text .rdata .data .bsp .rsrc .reloc
Directories 6 import export resource debug tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://77.91.124.231/new/foto5445.exe VirusTotal Report 77.91.124.231 VirusTotal Report 2023-09-13 10:55:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2967c 169984 70bdd60e877377bf34f67183764c88c4e8db201a 6862aa8edef409e1bcc54c52d2679669
.rdata 0x2b000 0xefa4 61440 be07a10b0c116ee2c2829df7f402efca44b1a977 7d2e936512896b3d50bc8f28502c1172
.data 0x3a000 0x2b10 7168 fefb6b70c80057e7f8b64544dd1869073489b200 ed3356dfdf856ccbae026cf6e70449f8
.bsp 0x3d000 0xc0a90 789504 7e3eeca8ee31943a6fe5c629f60d04ac790fc2eb 07eecc6933eb6cbc2aaab2faf5d9e737
.rsrc 0xfe000 0x1e0 512 60619c2dde1cbb012c2bdc1b307141af77c7c005 59dc56be5fc815710ac16425abbe8583
.reloc 0xff000 0x22f0 9216 da2c82382ea48281c99469408c7451386ce94b6b 7b2f50f4561f7994a8a87fcd061a3525

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xfe060 381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
api-ms-win-core-synch-l1-2-0.dll
mscoree.dll
KERNEL32.dll
ole32.dll
USER32.dll

Import functions

Function Address Souspicious Anti Debug
CoGetApartmentType 0x42b198
CoGetObjectContext 0x42b19c
Function Address Souspicious Anti Debug
CreateFileW 0x42b000
HeapSize 0x42b004
ReadConsoleW 0x42b008
SetStdHandle 0x42b00c
GetProcessHeap 0x42b010
GetLastError 0x42b014
RaiseException 0x42b018
GetCurrentThreadId 0x42b01c
IsProcessorFeaturePresent 0x42b020
FreeLibraryWhenCallbackReturns 0x42b024
CreateThreadpoolWork 0x42b028
SubmitThreadpoolWork 0x42b02c
CloseThreadpoolWork 0x42b030
GetModuleHandleExW 0x42b034
MultiByteToWideChar 0x42b038
InitializeConditionVariable 0x42b03c
WakeConditionVariable 0x42b040
WakeAllConditionVariable 0x42b044
SleepConditionVariableSRW 0x42b048
InitOnceComplete 0x42b04c
InitOnceBeginInitialize 0x42b050
GetStringTypeW 0x42b054
InitializeSRWLock 0x42b058
ReleaseSRWLockExclusive 0x42b05c
AcquireSRWLockExclusive 0x42b060
TryAcquireSRWLockExclusive 0x42b064
WideCharToMultiByte 0x42b068
CloseHandle 0x42b06c
WaitForSingleObjectEx 0x42b070
GetExitCodeThread 0x42b074
QueryPerformanceCounter 0x42b078
EnterCriticalSection 0x42b07c
LeaveCriticalSection 0x42b080
InitializeCriticalSectionEx 0x42b084
DeleteCriticalSection 0x42b088
EncodePointer 0x42b08c
DecodePointer 0x42b090
LCMapStringEx 0x42b094
GetSystemTimeAsFileTime 0x42b098
GetModuleHandleW 0x42b09c
GetProcAddress 0x42b0a0
WriteConsoleW 0x42b0a4
GetCPInfo 0x42b0a8
InitializeCriticalSectionAndSpinCount 0x42b0ac
SetEvent 0x42b0b0
ResetEvent 0x42b0b4
CreateEventW 0x42b0b8
UnhandledExceptionFilter 0x42b0bc
SetUnhandledExceptionFilter 0x42b0c0
GetCurrentProcess 0x42b0c4
TerminateProcess 0x42b0c8
IsDebuggerPresent 0x42b0cc
GetStartupInfoW 0x42b0d0
GetCurrentProcessId 0x42b0d4
InitializeSListHead 0x42b0d8
SetEnvironmentVariableW 0x42b0dc
RtlUnwind 0x42b0e0
SetLastError 0x42b0e4
TlsAlloc 0x42b0e8
TlsGetValue 0x42b0ec
TlsSetValue 0x42b0f0
TlsFree 0x42b0f4
FreeLibrary 0x42b0f8
LoadLibraryExW 0x42b0fc
CreateThread 0x42b100
ExitThread 0x42b104
FreeLibraryAndExitThread 0x42b108
ExitProcess 0x42b10c
GetModuleFileNameW 0x42b110
GetStdHandle 0x42b114
WriteFile 0x42b118
GetCommandLineA 0x42b11c
GetCommandLineW 0x42b120
HeapAlloc 0x42b124
HeapFree 0x42b128
CompareStringW 0x42b12c
LCMapStringW 0x42b130
GetLocaleInfoW 0x42b134
IsValidLocale 0x42b138
GetUserDefaultLCID 0x42b13c
EnumSystemLocalesW 0x42b140
GetFileType 0x42b144
GetFileSizeEx 0x42b148
SetFilePointerEx 0x42b14c
FlushFileBuffers 0x42b150
GetConsoleOutputCP 0x42b154
GetConsoleMode 0x42b158
ReadFile 0x42b15c
HeapReAlloc 0x42b160
FindClose 0x42b164
FindFirstFileExW 0x42b168
FindNextFileW 0x42b16c
IsValidCodePage 0x42b170
GetACP 0x42b174
GetOEMCP 0x42b178
GetEnvironmentStringsW 0x42b17c
FreeEnvironmentStringsW 0x42b180
Function Address Souspicious Anti Debug
GetForegroundWindow 0x42b188
CreatePopupMenu 0x42b18c
FlashWindowEx 0x42b190

PE Exports 1 suspicious

Function Address
_jbxjgbguyw3@4 0x405420

Related files by ImpHash 3 29c8b785823d6c11cf3aae5ebbb5f0e6

Name Latest seen MD5
fotod445.exe 2023-09-12 20:11:03 4f125016bafd01db0f30a335c199497c
vur.exe 2023-09-12 21:51:02 73a427553c9c3d8b5f5377630c5d9c61
cryptedBB.exe 2023-09-13 15:12:02 3dd01710d9d6f58e5588ad656f0441a1