update.exe

First submission 2022-08-03 10:19:02

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
File type: 421.0 KB (431104 bytes)
Compile time: 2022-07-08 15:55:12
MD5: 459b0bdd45947e5861ce2d876c3c4033
SHA1: cce9113d8a8b515bfb7d83acf7b1996994144a33
SHA256: a2d546749333d57f7370f528e63ab3b688f72b2b33fb33bdbcab494efc766bd1
Import Hash : e90de0c769aaf7f6d42e62efc3778812
Sections 10 .text .data .rdata .pdata .xdata .bss .idata .CRT .tls .rsrc
Directories 3 import resource tls
Virus Total: 20/71 VT report date: 2022-08-03 07:27:04

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://146.70.24.168/load/update.exe VirusTotal Report 146.70.24.168 VirusTotal Report 2022-08-03 10:19:02
hXXps://dexpsystem.com/load/update.exe VirusTotal Report dexpsystem.com VirusTotal Report 2022-08-03 10:45:08

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e88 8192 bd7de3dee69e8fabbd5b1cdcc262f3de414afede 115a08200e1cd9bf5b0768f852cd2a5b
.data 0x3000 0x64b50 412672 118b62fa7859c9be29a780e65ff3740b54e33cb8 6866c1b033fa149125150dd4cf437470
.rdata 0x68000 0x8f0 2560 47f84e0c1fa15b56bccbf93956efc3f40c658e29 9e9fe20422ec42867cab6badf851f1d6
.pdata 0x69000 0x288 1024 51c6222fb9c5650c45eda1dc6b37788e8cbce656 7e23b2498215ee4bdf8fc0ee29556da9
.xdata 0x6a000 0x210 1024 afe9655936cf39aa695bc72abd21266185a208ec 636985a75400aa413ab5c3db52d2e6f5
.bss 0x6b000 0x980 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x6c000 0x824 2560 590d396a094f59dd8412f24cd6dd8a696fc717af 6d48c2726c850b075741aef1f17ff7a4
.CRT 0x6d000 0x68 512 fda47ae799db11c42cb182a970a1d8efa857497d bc664edb9eee3bd9eecad0e585781d7e
.tls 0x6e000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x6f000 0x3e8 1024 6c30e9d953a117ec0209fd959efd2efa40c2e900 f3b766383496941225450ffa32dce6c8

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x6f058 908

Meta infos 9

FileDescription: Windows Explorer
LegalCopyright: \xa9 Microsoft Corporation. All rights reserved.
Translation: 0x0409 0x04f2
InternalName: explorer
ProductName: Microsoft\xae Windows\xae Operating System
CompanyName: Microsoft Corporation
FileVersion: 10.0.19041.1266 (WinBuild.160101.0800)
OriginalFilename: EXPLORER.EXE
ProductVersion: 10.0.19041.1266

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
MSVCRT.dll
KERNEL32.dll

Import functions