66e5f96b41510_GageEpa.exe#111us

First submission 2024-09-27 20:38:02 Last sumbission 2024-10-05 12:55:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1228.71 KB (1258203 bytes)
Compile time: 2012-02-24 20:19:43
MD5: 43044a8822f069feddd9c02fe36d8517
SHA1: 7ed988939944d311a580e145198a6b4cc5741355
SHA256: 4c26dd1754f1bd8da1c39bc2c7721d5bccbd6403d56f0370c53ee4d518167874
Import Hash : be41bf7b8cc010b614bd36bbca606973
Sections 6 .text .rdata .data .ndata .rsrc .reloc
Directories 3 import resource relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 53/77 VT report date: 2024-09-22 10:12:12
Malware Type 2 trojan dropper
Threat Type 3 znyonm agpc runner

URLs, FQDN and IP indicators 3

URL Host (FQDN/IP) Date Added
hXXp://males.mugutu.com/yuop/66e5f96b41510_GageEpa.exe#111us VirusTotal Report males.mugutu.com VirusTotal Report 2024-10-05 12:55:06
hXXp://hans.uniformeslaamistad.com/yuop/66e5f96b41510_GageEpa.exe VirusTotal Report hans.uniformeslaamistad.com VirusTotal Report 2024-10-04 22:29:04
hXXp://playd.healthnlife.pk/yuop/66e5f96b41510_GageEpa.exe VirusTotal Report playd.healthnlife.pk VirusTotal Report 2024-10-03 13:24:18

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6f1c 28672 189dda88a6c847f2561d302faa3a43c92aef4329 64fef99d80ead9051b6e85267342c734
.rdata 0x8000 0x2a62 11264 05985b7f60a664d2595e9406ae3b208c97597bbc 07990aaa54c3bc638bb87a87f3fb13e3
.data 0xb000 0x3e66dc 512 03dcf00e29427359059c911b4ef21794fc8e9237 f8e9fc8c226177087968ccda63fbab7d
.ndata 0x3f2000 0x81000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x473000 0x21b92 138240 9022ac7f9c25de8dd4b82eea2e59aab4dcc4eefa e33fad2d99874a65a3aa658506137825
.reloc 0x495000 0x320e 13312 d8e17fa5d620abbea57e9257935836d6e316531a 639a8ec8b1a5c1264724cd4f2b5fd802

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x491f98 9832
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x49481c 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x49487c 62
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x4948bc 726

Packers detected 1

Nullsoft PiMP Stub -> SFX

Anti debug functions 2

FindWindowExW
GetLastError

Strings analysis - File found

Log
install.log
Temporary
~nsu.tmp
Library
ADVAPI32.dll
VERSION.dll
SHELL32.dll
PSAPI.DLL
COMCTL32.dll
ole32.dll
KERNEL32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible URLs found 1

http://nsis.sf.net/NSIS_Error

Import functions

Name Latest seen MD5
HrNQKzxJSJyBHMe.exe 2022-09-11 14:15:10 5fd7895ad8c6f4cbafeb0877637027ad
smartsoftsignew.exe 2024-05-31 21:25:02 66a5a529386533e25316942993772042
AdaptorOvernight.exe 2024-07-08 12:58:05 e0d29de6e2fa7590f857f1ef825c943c
ComeDraft.exe 2024-07-20 07:35:02 5f661bce27073f4b496277cbc2fa246d
InfluencedNervous.exe 2024-09-01 22:05:22 1b0fe9739ef19752cb12647b6a4ba97b
PharmaciesDetection.exe 2024-09-02 01:57:02 569720e2c07b1d34bac1366bf2b1c97a
BallsClassified.exe 2024-07-26 23:07:02 b74b4dc696daa20dccd7f743c8c1e1a2
HostelCurves.exe 2024-07-28 15:40:03 9512f65eed44bccd7da4ca3d8adb397d
AnneSalt.exe 2024-08-25 13:11:02 0dac2872a9c5b21289499db3dcd2f18d
ConsiderableWinners.exe 2024-08-25 13:24:03 a23837debdc8f0e9fce308bff036f18f
SemiconductorNot.exe 2024-09-02 03:09:02 7adfc6a2e7a5daa59d291b6e434a59f3
NorthSperm.exe 2024-08-27 15:01:02 ff83471ce09ebbe0da07d3001644b23c
66d08591035ef_AttachmentDaughters.exe#1 2024-08-29 17:43:02 abb713cf90e8345c0b6b79345cbdc9d6
66d0c13d2f0ed_ImpressedHub.exe 2024-10-06 10:14:02 2f5226b4116ce79afb6dcb32fa647954
66d1b31955f50_SunshineSolving.exe 2024-10-05 10:57:02 0a34380175bb4da2cce136e0cb3d3e04
updataxx3264.exe 2024-09-03 15:34:06 0885bc5d9c2aa1895ebd5fcad13b53be
66d60cd3ce002_SeparatelyDied.exe 2024-10-05 12:10:05 1959ce1e98b798963f8b7d04bfb71e69
TikTokTool24.exe 2024-09-05 09:50:04 3c0bc60ec3907224b9720d80bf799281
66ed8059174df_ConsiderMilfs.exe 2024-09-20 16:34:02 12860c8f39570ea1a7256b7ed9dabccf
66e86c030044f_UniversityGradually.exe 2024-10-05 13:56:02 8bc957246166f6b5d99c1b63d34dd663
file.exe 2024-09-21 17:32:02 9b990bb6a27b497a1a19b8665b02b557
file1.exe 2024-09-21 18:41:03 bfc3d290228830fb01f0238e5ade7803
pic4.jpg 2024-09-22 13:35:03 2881d62826eb02ac92a022b2155e4007
66f19da1b85de_cryotr.exe 2024-10-05 12:59:02 8f13e73a3c7d22ee7c1730cf8821f7ac
66f25393e0294_STcryotr.exe 2024-10-05 12:39:01 e457e6ce6ea00506eec98fab4ab49f74
66f5726937cd7_AngryBaths.exe 2024-09-26 16:59:01 dcf197da548e85d911ce6d40222b3592
66f5920e5f6b9_PoliciesCups.exe#angry 2024-09-26 19:29:02 db5245aa66c7883d72b0f718467c842b
66f5a3dbd9df9_ParentingContractor.exe 2024-10-05 10:58:02 4f3ddd6692d604ecf2bd37d93d0f2387
splwow64.exe 2024-09-27 16:32:02 2b01c9b0c69f13da5ee7889a4b17c45e
VidsUsername.exe 2024-09-27 19:34:02 081c87c612e074a69ed34d7102543bbc
KeyFormed.exe 2024-09-27 20:27:02 a823c6a042891f63236b8ae3d9c13ba3
66daf6d8ac980_PeakSports.exe#pend 2024-09-28 01:47:02 bdefc54e5fe6f091f968a28aa63783ba
66e01056bf2b0_crymeta.exe#kiscrmeta 2024-09-28 02:19:03 0675a6d25449fba8a9a04fae80448789
66e08d1814f75_BrickAaron.exe 2024-10-03 18:22:01 5673f47783f3a8e794f6863f1a7c3c7d
66f8f23776c09_DisplayedScreensavers.exe 2024-10-04 01:36:02 659535a3135886f39da6baf90e54ad98
BlankOffense.exe 2024-09-30 08:43:02 1bec0616f2e4dc133175566d1c6bd6dd
66fad513a308f_SubstituteAgain.exe 2024-10-04 21:57:04 35bab7028aa376556c3236b773506a9b
66fbd9a4db4c9_GovernmentalSa.exe#abd 2024-10-01 14:44:02 5e55a47b6d7053f9d1ff19539863b8c2
66f98113b83e6_BellyVary.exe 2024-10-02 02:45:01 db7b43084f7a44e3290774e36d49ce41
66bc8193eca9e_Setup.exe 2024-10-03 12:38:12 02edfdc2fb2ff2725436b7646b7f06ad
66b11f4cc8fbf_MarriageWriters.exe 2024-10-05 17:55:02 9347630d9d6b626d7fefbbdea5d20fe9
PkContent.exe 2024-10-03 21:25:02 87c051a77edc0cc77a4d791ef72367d1
DeliciousPart.exe 2024-10-03 21:26:02 8432070440b9827f88a75bef7e65dd60
66fd8d779da5e_EscortsRadios.exe 2024-10-05 12:40:02 9f2aa036b01b51f6ce185d8c2410c22a
66d4be7ccdf92_UniformDaniel.exe 2024-10-04 22:32:01 edafae4e89866d79921eabe87af81458
1.exe 2024-10-05 02:51:02 774c8215da3cb73644d36ca3f60e676b
66f69a884f4b8_PossessionInfo.exe 2024-10-05 13:38:02 24fb3edc746f33e554573ca372828c24
66b7a4a075311_AsianAsp.exe 2024-10-05 17:58:02 4f92aec3cd981658d5311657bee27d9a
67024df52de10_ElliottProtocols_nopump.exe#stealckiscrypto 2024-10-06 21:54:02 1e31ae89e90ab1a25e4d578b19154bd7