iWGTR.exe

First submission 2022-07-11 10:29:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 440.0 KB (450560 bytes)
Compile time: 2022-07-10 23:34:43
MD5: 441e8511c4bd646d55c6001a99057c8d
SHA1: 25d14c05535d580bf13a2dcc48bf63eda296ea14
SHA256: 658142bdeec19fb3ff0556a38a592458b7f005f69d11a39c34d67fd9efe6222c
Import Hash : df8fbcbe90e1e305a660f0ac2aa4fae4
Sections 3 .text .data .rsrc
Directories 2 import resource
Virus Total: 54/71 VT report date: 2022-08-02 18:54:57

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 9

URL Host (FQDN/IP) Date Added
hXXp://srv43923540.ultasrv.com/oFNTE.exe VirusTotal Report srv43923540.ultasrv.com VirusTotal Report 2022-07-11 10:29:02
hXXp://srv43923540.ultasrv.com/EmMGF.exe VirusTotal Report srv43923540.ultasrv.com VirusTotal Report 2022-07-12 09:22:06
hXXp://102.37.220.234/htdocs/yHYWC.exe VirusTotal Report 102.37.220.234 VirusTotal Report 2022-07-21 13:34:08
hXXp://102.37.220.234/htdocs/BgNDT.exe VirusTotal Report 102.37.220.234 VirusTotal Report 2022-07-22 13:21:08
hXXp://102.37.220.234/htdocs/mZWED.exe VirusTotal Report 102.37.220.234 VirusTotal Report 2022-07-26 18:31:10
hXXp://102.37.220.234/htdocs/oKSCQ.exe VirusTotal Report 102.37.220.234 VirusTotal Report 2022-07-26 21:42:07
hXXp://109.206.241.81/htdocs/zWQXY.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 19:49:09
hXXp://109.206.241.81/htdocs/gWRDK.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 20:10:09
hXXp://109.206.241.81/htdocs/iWGTR.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:01:07

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6a29c 438272 6cf72132cbbcfd3522428339bc9fa779140aa2e6 1c65f5af24b32d8c80e2922313afb580
.data 0x6c000 0xbd8 4096 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x6d000 0xa0c 4096 e2e260a6832718af0b8ab390e5a45b056a55a146 2df7dffa0e17a0b5313897211532dcc4

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x6d4cc 296
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x6d49c 48
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x6d150 844

Meta infos 11

FileDescription: bolbanac
OriginalFilename: DL_NATIVE_BOTNET00933.exe
LegalCopyright: fishers 2684
Translation: 0x0409 0x04b0
InternalName: DL_NATIVE_BOTNET00933
Comments: flybelt
LegalTrademarks: cuspated
FileVersion: 4.06.0005
ProductName: cusparia
ProductVersion: 4.06.0005
CompanyName: fireblende grasper

Packers detected 2

Microsoft Visual Basic v5.0
Microsoft Visual Basic v5.0 - v6.0

Strings analysis - File found

Autogen
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Library
SHELL32.dll
MSVBVM60.DLL
KERNEL32.dll
VBA6.DLL

Strings analysis - Possible URLs found 1

https://api.telegram.org/bot

Import functions

Name Latest seen MD5
dZDPM.exe 2022-07-26 18:33:02 cbe965aab3f57da4ceda5886e90db6b4
wWLNq.exe 2022-07-26 20:48:03 50de304cffc8136ad4710f12411bb8b9