ax.exe

First submission 2024-10-16 20:08:10

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	2065.03 KB (2114587 bytes)
Compile time:	2017-02-28 07:00:26
MD5:	431c75b491aa7535b92c5d9c00e23675
SHA1:	08f45830bc988aa234db210881c3e6a10c92cd5a
SHA256:	66efd841fe3f48cba194688551284c8b7b775d8dd7401b813fd879bf7b366e7f
Import Hash :	bb9d495821e6e730a7a07045d899c977
Sections 4	.text .rdata .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	65/77 VT report date: 2024-09-18 02:58:14
Malware Type 2	trojan dropper
Threat Type 3	farfli flystudio lyquj

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://212.64.10.223:90/ax.exe	212.64.10.223	2024-10-16 20:08:11

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x7bab6	507904	c10380bd4594226626a79d8dfb8d4e1c5660c103	bb85b1384ad637932508d3a97ac8d370
.rdata	0x7d000	0x12c52	77824	5c5e0d0e2c41b404e6bb75a8e041ea1706d9962f	9052c91fbd3b4aea65ce1c3b70c5c622
.data	0x90000	0x279a8	73728	97f83166735496de21052485ceadbf177448163d	f0077e4df5de8e191daacf03272aef99
.rsrc	0xb8000	0x2c4e8	184320	7c9924e8e659bbb3530574d4825f3c6628088e95	6b4da7c4a6917ec77b7be3c4b74346b6

PE Resources 10

Name	Language	Sublanguage	Offset	Size	Data
TEXTINCLUDE	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xb8db8	337	PE Resource: TEXTINCLUDE - Data #define _AFX_NO_SPLITTER_RESOURCES #define _AFX_NO_OLE_RESOURCES #define _AFX_NO_TRACKER_RESOURCES #define _AFX_NO_PROPERTY_RESOURCES #if !defined(AFX_RESOURCE_DLL) \|\| defined(AFX_TARG_CHS) #ifdef _WIN32 LANGUAGE 4, 2 #pragma code_page(936) #endif //_WIN32 #include "l.chs\afxres.rc" // Standard components #endif
RT_CURSOR	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xb92a8	180
RT_BITMAP	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xba9b0	324
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xe2104	1128
RT_MENU	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xe2578	644	PE Resource: RT_MENU - Data &R.U_ &F.0RU_ Ctrl+PageUp&L.0R>\U_ Ctrl+PageDown&P. NNU_ Ctrl+!&N.NNU_ Ctrl+!&U. NNu PageUp &D.NNu PageDown&G.0Rc[U_ Ctrl+G&F.W[k&F.0RW[k Ctrl+Home&L.0R>\W[k Ctrl+End&P. NNW[k Shift+Tab &N.NNW[k Tab/Enter &U. NNL !&D.NNL !&D.X R&A.mRzzU_ Ctrl+N&D.9eS Rdr` Ctrl+D&K.nd@b g RdU_&Z.nzzpenc^
RT_DIALOG	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xe37c0	396
RT_STRING	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xe4208	36
RT_GROUP_CURSOR	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xe4254	34
RT_GROUP_ICON	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0xe4304	20
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xe4318	461	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 4

GetLastError
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 2

VMware trick
VMCheck.dll

Strings analysis - File found

Library
ntdll.dll
ADVAPI32.dll
mscoree.dll
USER32.dll
WININET.dll
KERNEL32.dll
SHELL32.dll
hid.dll
OLEAUT32.dll
SHLWAPI.dll
mscoreei.dll
DINPUT8.dll
GDI32.dll
MPR.dll
_USER32.dll
MSVCRT.dll
WS2_32.dll
COMCTL32.dll
<kernel32.dll
NETAPI32.dll
ole32.dll
clr.dll
mscorwks.dll
7PSAPI.DLL
PSAPI.DLL
diasymreader.dll
WINMM.dll
mscorsvr.dll
IPHLPAPI.DLL
COMDLG32.dll
KernelBase.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Import functions

comdlg32.dll 4 WINMM.dll 17 GDI32.dll 82 SHELL32.dll 3 KERNEL32.dll 131 WINSPOOL.DRV 3 ADVAPI32.dll 5 ole32.dll 3 COMCTL32.dll 2 WS2_32.dll 9 USER32.dll 152 OLEAUT32.dll 3

Function	Address	Souspicious	Anti Debug
GetFileTitleA	0x47d684
GetSaveFileNameA	0x47d688
GetOpenFileNameA	0x47d68c
ChooseColorA	0x47d690

Function	Address	Souspicious	Anti Debug
midiOutReset	0x47d604
midiStreamRestart	0x47d608
midiStreamStop	0x47d60c
midiStreamOut	0x47d610
waveOutUnprepareHeader	0x47d614
waveOutPrepareHeader	0x47d618
waveOutWrite	0x47d61c
waveOutPause	0x47d620
midiOutPrepareHeader	0x47d624
midiStreamProperty	0x47d628
waveOutReset	0x47d62c
waveOutClose	0x47d630
waveOutGetNumDevs	0x47d634
waveOutOpen	0x47d638
midiOutUnprepareHeader	0x47d63c
midiStreamOpen	0x47d640
midiStreamClose	0x47d644

Function	Address	Souspicious	Anti Debug
GetTextMetricsA	0x47d024
LineTo	0x47d028
Escape	0x47d02c
ExtTextOutA	0x47d030
TextOutA	0x47d034
RectVisible	0x47d038
PtVisible	0x47d03c
GetViewportExtEx	0x47d040
ExtSelectClipRgn	0x47d044
SetBkColor	0x47d048
CreateRectRgnIndirect	0x47d04c
SetStretchBltMode	0x47d050
GetClipRgn	0x47d054
CreatePolygonRgn	0x47d058
SelectClipRgn	0x47d05c
DeleteObject	0x47d060
CreateDIBitmap	0x47d064
GetSystemPaletteEntries	0x47d068
CreatePalette	0x47d06c
StretchBlt	0x47d070
SelectPalette	0x47d074
RealizePalette	0x47d078
GetDIBits	0x47d07c
GetWindowExtEx	0x47d080
GetViewportOrgEx	0x47d084
GetWindowOrgEx	0x47d088
BeginPath	0x47d08c
EndPath	0x47d090
PathToRegion	0x47d094
CreateEllipticRgn	0x47d098
CreateRoundRectRgn	0x47d09c
GetTextColor	0x47d0a0
GetBkMode	0x47d0a4
GetBkColor	0x47d0a8
GetROP2	0x47d0ac
GetStretchBltMode	0x47d0b0
GetPolyFillMode	0x47d0b4
CreateCompatibleBitmap	0x47d0b8
CreateDCA	0x47d0bc
CreateBitmap	0x47d0c0
SelectObject	0x47d0c4
GetObjectA	0x47d0c8
CreatePen	0x47d0cc
PatBlt	0x47d0d0
CombineRgn	0x47d0d4
CreateRectRgn	0x47d0d8
FillRgn	0x47d0dc
CreateSolidBrush	0x47d0e0
MoveToEx	0x47d0e4
ExcludeClipRect	0x47d0e8
GetClipBox	0x47d0ec
ScaleWindowExtEx	0x47d0f0
SetWindowExtEx	0x47d0f4
SetWindowOrgEx	0x47d0f8
ScaleViewportExtEx	0x47d0fc
SetViewportExtEx	0x47d100
OffsetViewportOrgEx	0x47d104
SetViewportOrgEx	0x47d108
SetMapMode	0x47d10c
SetTextColor	0x47d110
SetROP2	0x47d114
SetPolyFillMode	0x47d118
SetBkMode	0x47d11c
RestoreDC	0x47d120
SaveDC	0x47d124
GetStockObject	0x47d128
CreateFontIndirectA	0x47d12c
EndPage	0x47d130
EndDoc	0x47d134
DeleteDC	0x47d138
StartDocA	0x47d13c
StartPage	0x47d140
BitBlt	0x47d144
CreateCompatibleDC	0x47d148
Ellipse	0x47d14c
Rectangle	0x47d150
LPtoDP	0x47d154
DPtoLP	0x47d158
GetCurrentObject	0x47d15c
RoundRect	0x47d160
GetTextExtentPoint32A	0x47d164
GetDeviceCaps	0x47d168

Function	Address	Souspicious	Anti Debug
ShellExecuteA	0x47d390
Shell_NotifyIconA	0x47d394
SHGetSpecialFolderPathA	0x47d398

Function	Address	Souspicious	Anti Debug
FreeEnvironmentStringsA	0x47d170
UnhandledExceptionFilter	0x47d174
GetACP	0x47d178
HeapSize	0x47d17c
TerminateProcess	0x47d180
GetLocalTime	0x47d184
GetSystemTime	0x47d188
GetTimeZoneInformation	0x47d18c
RaiseException	0x47d190
RtlUnwind	0x47d194
GetStartupInfoA	0x47d198
GetOEMCP	0x47d19c
GetCPInfo	0x47d1a0
GetProcessVersion	0x47d1a4
SetErrorMode	0x47d1a8
GlobalFlags	0x47d1ac
FreeEnvironmentStringsW	0x47d1b0
GetFileTime	0x47d1b4
GetFileSize	0x47d1b8
TlsGetValue	0x47d1bc
LocalReAlloc	0x47d1c0
TlsSetValue	0x47d1c4
TlsFree	0x47d1c8
GlobalHandle	0x47d1cc
TlsAlloc	0x47d1d0
LocalAlloc	0x47d1d4
lstrcmpA	0x47d1d8
GetVersion	0x47d1dc
GlobalGetAtomNameA	0x47d1e0
GlobalAddAtomA	0x47d1e4
GlobalFindAtomA	0x47d1e8
GlobalDeleteAtom	0x47d1ec
lstrcmpiA	0x47d1f0
SetEndOfFile	0x47d1f4
UnlockFile	0x47d1f8
LockFile	0x47d1fc
FlushFileBuffers	0x47d200
SetFilePointer	0x47d204
DuplicateHandle	0x47d208
lstrcpynA	0x47d20c
SetLastError	0x47d210
FileTimeToLocalFileTime	0x47d214
FileTimeToSystemTime	0x47d218
LocalFree	0x47d21c
InterlockedDecrement	0x47d220
InterlockedIncrement	0x47d224
GetEnvironmentStrings	0x47d228
GetEnvironmentStringsW	0x47d22c
SetHandleCount	0x47d230
GetStdHandle	0x47d234
GetFileType	0x47d238
GetEnvironmentVariableA	0x47d23c
HeapDestroy	0x47d240
HeapCreate	0x47d244
VirtualFree	0x47d248
SetEnvironmentVariableA	0x47d24c
LCMapStringA	0x47d250
LCMapStringW	0x47d254
VirtualAlloc	0x47d258
IsBadWritePtr	0x47d25c
GetStringTypeA	0x47d260
GetStringTypeW	0x47d264
SetUnhandledExceptionFilter	0x47d268
CompareStringA	0x47d26c
CompareStringW	0x47d270
IsBadReadPtr	0x47d274
IsBadCodePtr	0x47d278
SetStdHandle	0x47d27c
WideCharToMultiByte	0x47d280
MultiByteToWideChar	0x47d284
GetCurrentProcess	0x47d288
GetWindowsDirectoryA	0x47d28c
GetSystemDirectoryA	0x47d290
CreateSemaphoreA	0x47d294
ResumeThread	0x47d298
ReleaseSemaphore	0x47d29c
EnterCriticalSection	0x47d2a0
LeaveCriticalSection	0x47d2a4
GetProfileStringA	0x47d2a8
WriteFile	0x47d2ac
ReadFile	0x47d2b0
WaitForMultipleObjects	0x47d2b4
CreateFileA	0x47d2b8
SetEvent	0x47d2bc
FindResourceA	0x47d2c0
LoadResource	0x47d2c4
LockResource	0x47d2c8
GetModuleFileNameA	0x47d2cc
GetCurrentThreadId	0x47d2d0
ExitProcess	0x47d2d4
GlobalSize	0x47d2d8
GlobalFree	0x47d2dc
DeleteCriticalSection	0x47d2e0
InitializeCriticalSection	0x47d2e4
lstrcatA	0x47d2e8
lstrlenA	0x47d2ec
WinExec	0x47d2f0
lstrcpyA	0x47d2f4
FindNextFileA	0x47d2f8
CloseHandle	0x47d2fc
GlobalReAlloc	0x47d300
HeapFree	0x47d304
HeapReAlloc	0x47d308
GetProcessHeap	0x47d30c
HeapAlloc	0x47d310
GetFullPathNameA	0x47d314
FreeLibrary	0x47d318
LoadLibraryA	0x47d31c
GetLastError	0x47d320
GetVersionExA	0x47d324
WritePrivateProfileStringA	0x47d328
CreateThread	0x47d32c
CreateEventA	0x47d330
Sleep	0x47d334
GlobalAlloc	0x47d338
GlobalLock	0x47d33c
GlobalUnlock	0x47d340
GetTempPathA	0x47d344
FindFirstFileA	0x47d348
FindClose	0x47d34c
GetFileAttributesA	0x47d350
DeleteFileA	0x47d354
SetCurrentDirectoryA	0x47d358
GetVolumeInformationA	0x47d35c
GetModuleHandleA	0x47d360
GetProcAddress	0x47d364
MulDiv	0x47d368
GetCommandLineA	0x47d36c
GetTickCount	0x47d370
WaitForSingleObject	0x47d374
GetCurrentThread	0x47d378

Function	Address	Souspicious	Anti Debug
ClosePrinter	0x47d64c
DocumentPropertiesA	0x47d650
OpenPrinterA	0x47d654

Function	Address	Souspicious	Anti Debug
RegOpenKeyExA	0x47d000
RegCreateKeyExA	0x47d004
RegCloseKey	0x47d008
RegSetValueExA	0x47d00c
RegQueryValueA	0x47d010

Function	Address	Souspicious	Anti Debug
OleUninitialize	0x47d698
OleInitialize	0x47d69c
CLSIDFromString	0x47d6a0

Function	Address	Souspicious	Anti Debug
ImageList_Destroy	0x47d018
None	0x47d01c

Function	Address	Souspicious	Anti Debug
inet_ntoa	0x47d65c
WSACleanup	0x47d660
closesocket	0x47d664
WSAAsyncSelect	0x47d668
recvfrom	0x47d66c
ioctlsocket	0x47d670
recv	0x47d674
getpeername	0x47d678
accept	0x47d67c

Function	Address	Souspicious	Anti Debug
GetForegroundWindow	0x47d3a0
LoadIconA	0x47d3a4
TranslateMessage	0x47d3a8
DrawFrameControl	0x47d3ac
DrawEdge	0x47d3b0
DrawFocusRect	0x47d3b4
WindowFromPoint	0x47d3b8
GetMessageA	0x47d3bc
DispatchMessageA	0x47d3c0
SetRectEmpty	0x47d3c4
RegisterClipboardFormatA	0x47d3c8
CreateIconFromResourceEx	0x47d3cc
CreateIconFromResource	0x47d3d0
DrawIconEx	0x47d3d4
CreatePopupMenu	0x47d3d8
AppendMenuA	0x47d3dc
ModifyMenuA	0x47d3e0
CreateMenu	0x47d3e4
CreateAcceleratorTableA	0x47d3e8
GetDlgCtrlID	0x47d3ec
GetSubMenu	0x47d3f0
EnableMenuItem	0x47d3f4
ClientToScreen	0x47d3f8
EnumDisplaySettingsA	0x47d3fc
LoadImageA	0x47d400
SystemParametersInfoA	0x47d404
ShowWindow	0x47d408
IsWindowEnabled	0x47d40c
TranslateAcceleratorA	0x47d410
GetKeyState	0x47d414
CopyAcceleratorTableA	0x47d418
PostQuitMessage	0x47d41c
IsZoomed	0x47d420
GetClassInfoA	0x47d424
DefWindowProcA	0x47d428
GetMenu	0x47d42c
SetMenu	0x47d430
PeekMessageA	0x47d434
IsIconic	0x47d438
SetFocus	0x47d43c
GetActiveWindow	0x47d440
GetWindow	0x47d444
DestroyAcceleratorTable	0x47d448
SetWindowRgn	0x47d44c
GetMessagePos	0x47d450
ScreenToClient	0x47d454
ChildWindowFromPointEx	0x47d458
CopyRect	0x47d45c
LoadBitmapA	0x47d460
WinHelpA	0x47d464
KillTimer	0x47d468
SetTimer	0x47d46c
ReleaseCapture	0x47d470
GetCapture	0x47d474
SetCapture	0x47d478
GetScrollRange	0x47d47c
SetScrollRange	0x47d480
SetScrollPos	0x47d484
SetRect	0x47d488
InflateRect	0x47d48c
IntersectRect	0x47d490
DestroyIcon	0x47d494
UnregisterClassA	0x47d498
OffsetRect	0x47d49c
IsWindowVisible	0x47d4a0
EnableWindow	0x47d4a4
RedrawWindow	0x47d4a8
GetWindowLongA	0x47d4ac
SetWindowLongA	0x47d4b0
GetSysColor	0x47d4b4
SetActiveWindow	0x47d4b8
SetCursorPos	0x47d4bc
LoadCursorA	0x47d4c0
SetCursor	0x47d4c4
GetDC	0x47d4c8
FillRect	0x47d4cc
IsRectEmpty	0x47d4d0
ReleaseDC	0x47d4d4
IsChild	0x47d4d8
DestroyMenu	0x47d4dc
SetForegroundWindow	0x47d4e0
GetWindowRect	0x47d4e4
EqualRect	0x47d4e8
UpdateWindow	0x47d4ec
ValidateRect	0x47d4f0
InvalidateRect	0x47d4f4
GetClientRect	0x47d4f8
GetFocus	0x47d4fc
GetWindowTextA	0x47d500
GetWindowTextLengthA	0x47d504
CharUpperA	0x47d508
GetWindowDC	0x47d50c
BeginPaint	0x47d510
EndPaint	0x47d514
TabbedTextOutA	0x47d518
DrawTextA	0x47d51c
GrayStringA	0x47d520
GetDlgItem	0x47d524
DestroyWindow	0x47d528
CreateDialogIndirectParamA	0x47d52c
EndDialog	0x47d530
GetNextDlgTabItem	0x47d534
GetWindowPlacement	0x47d538
RegisterWindowMessageA	0x47d53c
GetLastActivePopup	0x47d540
GetMessageTime	0x47d544
RemovePropA	0x47d548
CallWindowProcA	0x47d54c
GetPropA	0x47d550
UnhookWindowsHookEx	0x47d554
SetPropA	0x47d558
GetClassLongA	0x47d55c
CallNextHookEx	0x47d560
SetWindowsHookExA	0x47d564
CreateWindowExA	0x47d568
GetMenuItemID	0x47d56c
GetMenuItemCount	0x47d570
RegisterClassA	0x47d574
GetScrollPos	0x47d578
AdjustWindowRectEx	0x47d57c
MapWindowPoints	0x47d580
SendDlgItemMessageA	0x47d584
ScrollWindowEx	0x47d588
IsDialogMessageA	0x47d58c
SetWindowTextA	0x47d590
MoveWindow	0x47d594
CheckMenuItem	0x47d598
SetMenuItemBitmaps	0x47d59c
GetMenuState	0x47d5a0
GetMenuCheckMarkDimensions	0x47d5a4
GetClassNameA	0x47d5a8
GetDesktopWindow	0x47d5ac
LoadStringA	0x47d5b0
GetSysColorBrush	0x47d5b4
GetParent	0x47d5b8
GetTopWindow	0x47d5bc
PostMessageA	0x47d5c0
IsWindow	0x47d5c4
SetParent	0x47d5c8
DestroyCursor	0x47d5cc
SendMessageA	0x47d5d0
SetWindowPos	0x47d5d4
MessageBoxA	0x47d5d8
GetCursorPos	0x47d5dc
GetSystemMetrics	0x47d5e0
EmptyClipboard	0x47d5e4
SetClipboardData	0x47d5e8
OpenClipboard	0x47d5ec
GetClipboardData	0x47d5f0
CloseClipboard	0x47d5f4
wsprintfA	0x47d5f8
PtInRect	0x47d5fc

Function	Address	Souspicious	Anti Debug
UnRegisterTypeLib	0x47d380
RegisterTypeLib	0x47d384
LoadTypeLib	0x47d388