5KNCHALAH.exe
First submission 2024-09-27 16:33:02
File details
File type: | PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 1623.5 KB (1662464 bytes) |
Compile time: | 2024-09-06 03:42:05 |
MD5: | 3f99c2698fc247d19dd7f42223025252 |
SHA1: | 043644883191079350b2f2ffbefef5431d768f99 |
SHA256: | ba8561bf19251875a15471812042adac49f825c69c3087054889f6107297c6f3 |
Sections 2 | .text .rsrc |
Directories 1 | resource |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 54/76 VT report date: 2024-09-18 08:30:11 |
Malware Type 2 | trojan dropper |
Threat Type 3 | msil crysan purelogsstealer |
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x2000 | 0x1954b0 | 1660416 | 65e3d8d9ae5d71107ded552afef64f9ac7dd6b56 | fbf3765183a8599b1e5d487a5631a41c | |
.rsrc | 0x198000 | 0x570 | 1536 | 5d1c5727a114524d91812beb66fc3893537efb60 | 104e72c808eb8de2cdcaf3ed762769fa |
PE Resources 2
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x1980a0 | 796 | |
RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x1983bc | 436 |
Meta infos 12
LegalCopyright: | Copyright \xa9 2010 |
Assembly Version: | 1.0.0.0 |
InternalName: | 5KNCHALAH.exe |
FileVersion: | 1.0.0.0 |
CompanyName: | |
LegalTrademarks: | |
Comments: | |
ProductName: | 5KNCHALAH |
ProductVersion: | 1.0.0.0 |
FileDescription: | 5KNCHALAH |
Translation: | 0x0000 0x04b0 |
OriginalFilename: | 5KNCHALAH.exe |
Packers detected 2
Microsoft Visual C++ vx.x DLL |
Microsoft Visual C++ v6.0 |
Strings analysis - File found
XML |
System.Xml |
Library |
GDI32.dll |