DigitalSide Threat Intel

4.exe

First submission 2024-10-12 12:53:04

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 7157.0 KB (7328768 bytes)
Compile time: 2024-10-11 19:25:45
MD5: 49d7ba824b7249c26927e8a086eb879b
SHA1: 51596a606413b95477c9f655c2dfad328a94baf0
SHA256: a10386e4d53db8a045aedf7261adfbe05c0afd80a2550b7ad856cec3663cc66d
Import Hash : 41db2083dac89343aef584a51a80b293
Sections 9 .text .data .rdata .eh_fram .bss .idata .CRT .tls .reloc
Directories 3 import tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://103.130.147.211/Files/4.exe VirusTotal Report 103.130.147.211 VirusTotal Report 2024-10-12 12:53:04

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x499c68 4824576 99f1247905efcd6bbcd9952fb9e81b2bccb0769e 131aeb790fa1b4069f4d079a79edd45d
.data 0x49b000 0x1e7100 1995264 3468a2cfac0b06e852a679d82f5cb5e64c23e7f1 22aba8ab8718b3b9e4bbdc722bc9e203
.rdata 0x683000 0xe324 58368 50f7c973684e53015cb06471e9abe8ce6ad0d293 42911933f7edfadeaed86f31b5cf337f
.eh_fram 0x692000 0x210c 8704 089c3e7ef8a2f1536952c1d084eafec25ee88c7f 03b25ad11df83c6377a854105026d1c7
.bss 0x695000 0xb74 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x696000 0xb78 3072 a367ed782ea4d1330709a126cea75dd784460811 aa8b0559c664205cc5a5e0b0104ebb08
.CRT 0x697000 0x30 512 e49e627b7c6243bf7494f5adc26113ffaa38338d 947565758601e59a9e2e145caaaaefe2
.tls 0x698000 0x8 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x699000 0x6a8f8 436736 5dea728600e4c4b21b05f3165a1db233292f83ad 2b166d1a394213febf3ce2718928b3c1

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
MSVCRT.dll
ADVAPI32.dll
KERNEL32.dll
libgcc_s_dw2-1.dll

Import functions

Function Address Souspicious Anti Debug
CryptAcquireContextA 0xa9621c
CryptGenRandom 0xa96220
CryptReleaseContext 0xa96224
Function Address Souspicious Anti Debug
DeleteCriticalSection 0xa9622c
EnterCriticalSection 0xa96230
FreeLibrary 0xa96234
GetLastError 0xa96238
GetModuleHandleA 0xa9623c
GetModuleHandleW 0xa96240
GetNativeSystemInfo 0xa96244
GetProcAddress 0xa96248
GetProcessHeap 0xa9624c
GetStartupInfoA 0xa96250
GetThreadLocale 0xa96254
HeapAlloc 0xa96258
HeapFree 0xa9625c
InitializeCriticalSection 0xa96260
IsBadReadPtr 0xa96264
IsDBCSLeadByteEx 0xa96268
LeaveCriticalSection 0xa9626c
LoadLibraryA 0xa96270
MultiByteToWideChar 0xa96274
SetLastError 0xa96278
SetUnhandledExceptionFilter 0xa9627c
Sleep 0xa96280
TlsGetValue 0xa96284
VirtualAlloc 0xa96288
VirtualFree 0xa9628c
VirtualProtect 0xa96290
VirtualQuery 0xa96294
WideCharToMultiByte 0xa96298
lstrlenA 0xa9629c
Function Address Souspicious Anti Debug
__getmainargs 0xa962a4
__initenv 0xa962a8
__mb_cur_max 0xa962ac
__p__acmdln 0xa962b0
__p__commode 0xa962b4
__p__fmode 0xa962b8
__set_app_type 0xa962bc
__setusermatherr 0xa962c0
_amsg_exit 0xa962c4
_assert 0xa962c8
_cexit 0xa962cc
_errno 0xa962d0
_chsize 0xa962d4
_exit 0xa962d8
_filelengthi64 0xa962dc
_fileno 0xa962e0
_initterm 0xa962e4
_iob 0xa962e8
_lock 0xa962ec
_onexit 0xa962f0
_unlock 0xa962f4
_wcsnicmp 0xa962f8
abort 0xa962fc
atoi 0xa96300
bsearch 0xa96304
calloc 0xa96308
exit 0xa9630c
fclose 0xa96310
fflush 0xa96314
fgetpos 0xa96318
fopen 0xa9631c
fputc 0xa96320
fread 0xa96324
free 0xa96328
freopen 0xa9632c
fsetpos 0xa96330
fwrite 0xa96334
getc 0xa96338
islower 0xa9633c
isspace 0xa96340
isupper 0xa96344
isxdigit 0xa96348
localeconv 0xa9634c
malloc 0xa96350
mbstowcs 0xa96354
memcmp 0xa96358
memcpy 0xa9635c
memmove 0xa96360
memset 0xa96364
mktime 0xa96368
localtime 0xa9636c
difftime 0xa96370
_mkdir 0xa96374
perror 0xa96378
qsort 0xa9637c
realloc 0xa96380
remove 0xa96384
setlocale 0xa96388
signal 0xa9638c
strchr 0xa96390
strcmp 0xa96394
strerror 0xa96398
strlen 0xa9639c
strncmp 0xa963a0
strncpy 0xa963a4
strtol 0xa963a8
strtoul 0xa963ac
tolower 0xa963b0
ungetc 0xa963b4
vfprintf 0xa963b8
time 0xa963bc
wcslen 0xa963c0
wcstombs 0xa963c4
_stat 0xa963c8
_write 0xa963cc
_utime 0xa963d0
_open 0xa963d4
_fileno 0xa963d8
_close 0xa963dc
_chmod 0xa963e0

Related files by ImpHash 7 41db2083dac89343aef584a51a80b293

Name Latest seen MD5
javumarfirst.exe 2024-10-03 21:30:03 506f20dc6d2d9a4bd2725a726679b74e
3.exe 2024-10-07 02:00:06 4574de6b9f970058f5306aa830f3a132
11.exe 2024-10-07 02:55:06 284c99e2aa6644acd914e7d1a245deed
sadsay.exe 2024-10-10 06:26:03 735bb5f55a17215700840c04a8b40a03
JavUmar.exe 2024-10-10 21:07:03 3394808f2d5c141b86e33a51ace8a577
33.exe 2024-10-12 23:11:10 e071b6dd90f4c7a9d23632bfb9517925
JavUmar1.exe 2024-10-14 09:37:02 7105a2ba8c897b6c2072a6ab0bdecdf1