BnWxM.exe

First submission 2022-08-02 20:35:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
File type: 1476.0 KB (1511424 bytes)
Compile time: 2021-06-30 04:16:18
MD5: 44e041dc2e445fcd33cc89b8453d0539
SHA1: 99faf5ac243f30d7041e7018f41490023b552f60
SHA256: 707ce4ec41a0a919739998e1260e50eb8eca2808ee69df64b07a5e985d1068ad
Import Hash : 6ed4f5f04d62b18d96b26d6db7c18840
Sections 3 UPX0 UPX1 UPX2
Directories 3 import tls relocation
Virus Total: 48/71 VT report date: 2022-08-01 18:43:41

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 3

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/mBPHk.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 20:35:02
hXXp://109.206.241.81/htdocs/FgNRQ.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:22:06
hXXp://109.206.241.81/htdocs/BnWxM.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:31:06

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0x271000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x272000 0x171000 1509888 ab697db3033e085d64ca631c48dc999b2c8f471a 15aa896c46b26f1f3f4083adf0c4e6fb
UPX2 0x3e3000 0x1000 512 02e0ccb9850ae14e5cc96e6a0df57d574ca67528 5e6d1b38824863d6712192089144b752

Packers detected 1

UPX -> www.upx.sourceforge.net

Strings analysis - File found

Database
SU.dB
Library
KERNEL32.dll

Import functions

Name Latest seen MD5
bghost.exe 2021-10-28 11:36:04 83754fa016cb31ea372d1b3f6c34708d
ethm2305.exe 2021-11-04 14:10:03 ee30d6928c9de84049aa055417cc767e
watchdog.exe 2021-11-24 19:19:02 e0a50c60a85bfbb9ecf45bff0239aaa3
aeza.exe 2022-03-22 14:56:03 abd2b41cae837a1f9aa09bb254a5beb9
build_o.exe 2022-04-08 11:28:02 cb7a0339d242373fd96920fd74465806
build.exe 2022-04-08 12:27:02 3241871a3d1cafc408fbb476f6c04dc3
build.exe 2022-04-19 08:31:02 ea328235a695694caee064ff5738b5f3
build.exe 2022-04-20 09:16:03 7b45ba64e7e6efb2de53e191aa7f4819
update.exe 2022-05-20 07:51:03 b4aa27a1339c69d99121a4fe4fac94f7
WxRfM.exe 2022-07-26 19:42:04 c0aec085c4a40d42297566227d175847
101.exe 2022-07-28 00:22:01 d30ae9e3c1a66b23090622a255dfb918