5KNCHALAH.exe

First submission 2024-09-27 16:33:02

File details

File type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Mime type: application/x-dosexec
File size: 1623.5 KB (1662464 bytes)
Compile time: 2024-09-06 03:42:05
MD5: 3f99c2698fc247d19dd7f42223025252
SHA1: 043644883191079350b2f2ffbefef5431d768f99
SHA256: ba8561bf19251875a15471812042adac49f825c69c3087054889f6107297c6f3
Sections 2 .text .rsrc
Directories 1 resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 54/76 VT report date: 2024-09-18 08:30:11
Malware Type 2 trojan dropper
Threat Type 3 msil crysan purelogsstealer

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.215.113.117/inc/5KNCHALAH.exe VirusTotal Report 185.215.113.117 VirusTotal Report 2024-09-27 16:33:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x2000 0x1954b0 1660416 65e3d8d9ae5d71107ded552afef64f9ac7dd6b56 fbf3765183a8599b1e5d487a5631a41c
.rsrc 0x198000 0x570 1536 5d1c5727a114524d91812beb66fc3893537efb60 104e72c808eb8de2cdcaf3ed762769fa

PE Resources 2

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x1980a0 796
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x1983bc 436

Meta infos 12

LegalCopyright: Copyright \xa9 2010
Assembly Version: 1.0.0.0
InternalName: 5KNCHALAH.exe
FileVersion: 1.0.0.0
CompanyName:
LegalTrademarks:
Comments:
ProductName: 5KNCHALAH
ProductVersion: 1.0.0.0
FileDescription: 5KNCHALAH
Translation: 0x0000 0x04b0
OriginalFilename: 5KNCHALAH.exe

Packers detected 2

Microsoft Visual C++ vx.x DLL
Microsoft Visual C++ v6.0

Strings analysis - File found

XML
System.Xml
Library
GDI32.dll