ZipEU.exe

First submission 2022-08-03 16:13:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 338.5 KB (346624 bytes)
Compile time: 2022-01-04 15:10:54
MD5: 468042278a3e4841d3e33ccca10d99ca
SHA1: 22532f37096a200d448420359c01bbebaaf6b820
SHA256: b92e9e2c758e32857506f9472cc51aec4b499afa6f703f7c40218e4e4258da86
Import Hash : 7e4b40ca154bd059f7d22ed12b0ce64d
Sections 6 .text .data .misomob .babuma .pivaxu .rsrc
Directories 3 import resource debug
Virus Total: 33/71 VT report date: 2022-08-03 03:29:08

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.56.146.131/ZipEU.exe VirusTotal Report 193.56.146.131 VirusTotal Report 2022-08-03 16:13:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x321c2 205312 d9df3808458b9164a47e70ce50ea751fea691986 5275dae89dc89cb9e83f51755a0e5802
.data 0x34000 0x19f68 69632 038e60b6d74194c68db89cc23a13d185314cc010 e014c233c083bc94577a745eccb522e5
.misomob 0x4e000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.babuma 0x4f000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.pivaxu 0x50000 0x96 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x51000 0x108d0 68096 99c19f642d574c8081fdb6ed7974fa4f1eab3bfe 33d43108f8479cd180d41fdecf10b255

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_KOREAN SUBLANG_KOREAN 0x60ee8 1128
RT_STRING LANG_KOREAN SUBLANG_KOREAN 0x61688 582
RT_ACCELERATOR LANG_KOREAN SUBLANG_KOREAN 0x613c8 112
RT_GROUP_ICON LANG_KOREAN SUBLANG_KOREAN 0x540f8 76
RT_VERSION LANG_KOREAN SUBLANG_KOREAN 0x61498 316

Meta infos 1

Translations: 0x0353 0x0366

Anti debug functions 7

GetLastError
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
MSPDB80.DLL
USER32.dll

Strings analysis - Possible IPs found 2

95.77.6.8
68.41.92.92

Import functions