build16666.exe

First submission 2024-07-09 13:06:03 Last sumbission 2024-07-12 12:43:03

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 1703.0 KB (1743872 bytes)
Compile time: 2024-07-09 02:06:02
MD5: 4640faeafa95ce219c649e9f5cbffd75
SHA1: 19dd0e5c193e679825066ea9faa8c283a3d62cdd
SHA256: 5e2839553458547a92fff7348862063b30510e805a550e02d94a89bd8fd0768d
Import Hash : a338797fb02813f0ef44a2dae655cd61
Sections 11 .text .data .rdata .pdata .xdata .bss .idata .CRT .tls .rsrc .reloc
Directories 4 import resource tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 19/78 VT report date: 2024-07-09 12:37:26
Malware Type 1 trojan
Threat Type 3 dbadur filerepmalware misc

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://77.91.77.80/lend/build16666.exe VirusTotal Report 77.91.77.80 VirusTotal Report 2024-07-12 12:43:05
hXXp://77.91.77.82/lend/build16666.exe VirusTotal Report 77.91.77.82 VirusTotal Report 2024-07-12 12:42:06

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x194d58 1658368 fd9545cbf7858221dc8cdf514e6a8ab7315dfb85 bd8ee6ec59c3cdd1b1857eae1c422da6
.data 0x196000 0x940 2560 e8b6a4308885a9d8e0fcae9060888133f2e39948 62d5eee943206c67e6dbeb3ab0ebdd47
.rdata 0x197000 0xa9e0 43520 bd8a14db5b957cd4ecf15a8158ca7466721343b4 28ef97229b183d5962b23b5a8b97b4e7
.pdata 0x1a2000 0x4674 18432 5703a625969cbb13a34ed6c6b48e72c64bb855ee 74f6cc5d8156fd6f1cbe54eb06f08d66
.xdata 0x1a7000 0x3b88 15360 5c2c1187faa6fd89493ee5e8fefbe2f4764326ab 3bbe8cacf861c26037df2ba6818a9ffc
.bss 0x1ab000 0x65ed0 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x211000 0x664 2048 1ad201e8f8b80dd463da7a90db0052a1ecd3386e 5a48e7e4155d7236b0748fd98fe8245e
.CRT 0x212000 0x68 512 10a6ce3e74734c4c61d98a3aeb3cd436b4c8b776 faa2ddb3d096f071218338dd9404d447
.tls 0x213000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x214000 0x138 512 5a62edd762252883f7579bdb99ddd9f5d143e0bb 3c0df8aa156a53af14fb4a7085c4af12
.reloc 0x215000 0x324 1024 93af6ebc792b01d7ad66e178fd5080f43186d5d9 dac286ad7dedd89e9c9425b291a9a27a

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x214058 220

Meta infos 1

Translation: 0x0409 0x04e4

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
MSVCRT.dll
@Advapi32.dll
@USER32.DLL
@ole32.dll
@winhttp.dll
@psapi.dll
KERNEL32.dll
@shell32.dll
@kernel32.dll

Import functions

Name Latest seen MD5
build1111.exe 2024-07-09 06:20:02 dea351e95b2d5b0a6b3911d531315550