BnWxM.exe
First submission 2022-08-02 20:35:02
File details
| File type: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| File type: | 1476.0 KB (1511424 bytes) |
| Compile time: | 2021-06-30 04:16:18 |
| MD5: | 44e041dc2e445fcd33cc89b8453d0539 |
| SHA1: | 99faf5ac243f30d7041e7018f41490023b552f60 |
| SHA256: | 707ce4ec41a0a919739998e1260e50eb8eca2808ee69df64b07a5e985d1068ad |
| Import Hash : | 6ed4f5f04d62b18d96b26d6db7c18840 |
| Sections 3 | UPX0���� UPX1���� UPX2���� |
| Directories 3 | import tls relocation |
| Virus Total: | 48/71 VT report date: 2022-08-01 18:43:41 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 3
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://109.206.241.81/htdocs/mBPHk.exe  |
109.206.241.81 |
2022-08-02 20:35:02 |
| hXXp://109.206.241.81/htdocs/FgNRQ.exe |
109.206.241.81 |
2022-08-02 21:22:06 |
| hXXp://109.206.241.81/htdocs/BnWxM.exe |
109.206.241.81 |
2022-08-02 21:31:06 |
PE Sections 2 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| UPX0���� | 0x1000 | 0x271000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| UPX1���� | 0x272000 | 0x171000 | 1509888 | ab697db3033e085d64ca631c48dc999b2c8f471a | 15aa896c46b26f1f3f4083adf0c4e6fb | |
| UPX2���� | 0x3e3000 | 0x1000 | 512 | 02e0ccb9850ae14e5cc96e6a0df57d574ca67528 | 5e6d1b38824863d6712192089144b752 |
Packers detected 1
| UPX -> www.upx.sourceforge.net |
Strings analysis - File found
| Database |
| SU.dB |
| Library |
| KERNEL32.dll |
Import functions
| Name | Latest seen | MD5 |
|---|---|---|
| bghost.exe | 2021-10-28 11:36:04 | 83754fa016cb31ea372d1b3f6c34708d |
| ethm2305.exe | 2021-11-04 14:10:03 | ee30d6928c9de84049aa055417cc767e |
| watchdog.exe | 2021-11-24 19:19:02 | e0a50c60a85bfbb9ecf45bff0239aaa3 |
| aeza.exe | 2022-03-22 14:56:03 | abd2b41cae837a1f9aa09bb254a5beb9 |
| build_o.exe | 2022-04-08 11:28:02 | cb7a0339d242373fd96920fd74465806 |
| build.exe | 2022-04-08 12:27:02 | 3241871a3d1cafc408fbb476f6c04dc3 |
| build.exe | 2022-04-19 08:31:02 | ea328235a695694caee064ff5738b5f3 |
| build.exe | 2022-04-20 09:16:03 | 7b45ba64e7e6efb2de53e191aa7f4819 |
| update.exe | 2022-05-20 07:51:03 | b4aa27a1339c69d99121a4fe4fac94f7 |
| WxRfM.exe | 2022-07-26 19:42:04 | c0aec085c4a40d42297566227d175847 |
| 101.exe | 2022-07-28 00:22:01 | d30ae9e3c1a66b23090622a255dfb918 |