DigitalSide Threat Intel

fixing.exe

First submission 2024-10-13 22:39:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 72.07 KB (73802 bytes)
Compile time: 2009-06-04 13:51:33
MD5: 4acf8829e5241b6f1307521ee9e0e370
SHA1: 1e5220d361959f86fef5dcdc1d72c17bf3792418
SHA256: a655508a5a17b33a17c8da9e00dff0294a2b048260785e96582b9c7f3dbb25f4
Import Hash : 481f47bbb2c9c21e108d65f52b04c448
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 67/77 VT report date: 2024-10-13 22:14:36
Malware Type 1 trojan
Threat Type 3 swrort cryptz marte

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://94.72.98.157:8080/fixing.exe VirusTotal Report 94.72.98.157 VirusTotal Report 2024-10-13 22:39:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xa966 45056 f035f7e7141108e0aabdc8e8ee242249ac3d8e93 e90e67907b6ef9aea2c7baf925d62067
.rdata 0xc000 0xfe6 4096 2d1b3b256819734be18a5171828f544f2fe3c678 25d7ceee3aa85bb3e8c5174736f6f830
.data 0xd000 0x705c 16384 46bdccde681141c8e779b47220c1d7b1a1b9b011 283b5f792323d57b9db4d2bcc46580f8
.rsrc 0x15000 0x7c8 4096 2e051ef30946f9bed1931d1f9dde3ebdb9b99b89 c13a9413aea7291b6fc85d75bfcde381

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x15060 1896

Meta infos 10

LegalCopyright: Copyright 2009 The Apache Software Foundation.
InternalName: ab.exe
FileVersion: 2.2.14
CompanyName: Apache Software Foundation
OriginalFilename: ab.exe
ProductVersion: 2.2.14
FileDescription: ApacheBench command line utility
Translation: 0x0409 0x04b0
Comments: Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
ProductName: Apache HTTP Server

Anti debug functions 2

GetLastError
TerminateProcess

Strings analysis - File found

Library
ADVAPI32.dll
ntdll.dll
MSVCRT.dll
KERNEL32.dll
WS2_32.dll
WSOCK32.dll

Strings analysis - Possible URLs found 7

http://
http://www.apache.org/
http://www.apache.org/licenses/LICENSE-2.0
http://www.zeustech.net/
http://www.zeustech.net/<br
https://
http://www.apache.org/<br

Import functions

Function Address Souspicious Anti Debug
FreeSid 0x40c000
AllocateAndInitializeSid 0x40c004
Function Address Souspicious Anti Debug
PeekNamedPipe 0x40c00c
ReadFile 0x40c010
WriteFile 0x40c014
LoadLibraryA 0x40c018
GetProcAddress 0x40c01c
GetVersionExA 0x40c020
GetExitCodeProcess 0x40c024
TerminateProcess 0x40c028
LeaveCriticalSection 0x40c02c
SetEvent 0x40c030
ReleaseMutex 0x40c034
EnterCriticalSection 0x40c038
DeleteCriticalSection 0x40c03c
InitializeCriticalSection 0x40c040
CreateMutexA 0x40c044
GetFileType 0x40c048
SetLastError 0x40c04c
FreeEnvironmentStringsW 0x40c050
GetEnvironmentStringsW 0x40c054
GlobalFree 0x40c058
GetCommandLineW 0x40c05c
TlsAlloc 0x40c060
TlsFree 0x40c064
DuplicateHandle 0x40c068
GetCurrentProcess 0x40c06c
SetHandleInformation 0x40c070
CloseHandle 0x40c074
GetSystemTimeAsFileTime 0x40c078
FileTimeToSystemTime 0x40c07c
GetTimeZoneInformation 0x40c080
FileTimeToLocalFileTime 0x40c084
SystemTimeToFileTime 0x40c088
SystemTimeToTzSpecificLocalTime 0x40c08c
Sleep 0x40c090
FormatMessageA 0x40c094
GetLastError 0x40c098
WaitForSingleObject 0x40c09c
CreateEventA 0x40c0a0
SetStdHandle 0x40c0a4
SetFilePointer 0x40c0a8
CreateFileA 0x40c0ac
CreateFileW 0x40c0b0
GetOverlappedResult 0x40c0b4
DeviceIoControl 0x40c0b8
GetFileInformationByHandle 0x40c0bc
LocalFree 0x40c0c0
Function Address Souspicious Anti Debug
_iob 0x40c0c8
_except_handler3 0x40c0cc
__set_app_type 0x40c0d0
__p__fmode 0x40c0d4
__p__commode 0x40c0d8
_adjust_fdiv 0x40c0dc
__setusermatherr 0x40c0e0
_initterm 0x40c0e4
__getmainargs 0x40c0e8
__p___initenv 0x40c0ec
_XcptFilter 0x40c0f0
_exit 0x40c0f4
_onexit 0x40c0f8
__dllonexit 0x40c0fc
strrchr 0x40c100
wcsncmp 0x40c104
_close 0x40c108
wcslen 0x40c10c
wcscpy 0x40c110
strerror 0x40c114
modf 0x40c118
strspn 0x40c11c
realloc 0x40c120
__p__environ 0x40c124
__p__wenviron 0x40c128
_errno 0x40c12c
free 0x40c130
strncmp 0x40c134
strstr 0x40c138
strncpy 0x40c13c
_ftol 0x40c140
qsort 0x40c144
fopen 0x40c148
perror 0x40c14c
fclose 0x40c150
fflush 0x40c154
calloc 0x40c158
malloc 0x40c15c
signal 0x40c160
printf 0x40c164
_isctype 0x40c168
atoi 0x40c16c
exit 0x40c170
__mb_cur_max 0x40c174
_pctype 0x40c178
strchr 0x40c17c
fprintf 0x40c180
_controlfp 0x40c184
_strdup 0x40c188
_strnicmp 0x40c18c
Function Address Souspicious Anti Debug
WSARecv 0x40c194
WSASend 0x40c198
Function Address Souspicious Anti Debug
getsockopt 0x40c1a0
connect 0x40c1a4
htons 0x40c1a8
gethostbyname 0x40c1ac
ntohl 0x40c1b0
inet_ntoa 0x40c1b4
setsockopt 0x40c1b8
socket 0x40c1bc
closesocket 0x40c1c0
select 0x40c1c4
ioctlsocket 0x40c1c8
__WSAFDIsSet 0x40c1cc
WSAStartup 0x40c1d0
WSACleanup 0x40c1d4
WSAGetLastError 0x40c1d8

Related files by ImpHash 42 481f47bbb2c9c21e108d65f52b04c448

Name Latest seen MD5
repackend.exe 2022-09-17 09:02:02 315a5c5871b0de15997d187b93b94d97
maxi.exe 2022-10-30 08:32:02 e07965f2bf26b320383323f54e9f1977
rabba.exe 2022-10-30 08:33:02 cfffd8f19174f53ca45cd1e2d3ba73d3
dox.exe 2022-10-30 08:34:01 d5f0a0bf41182aa382b53c9758588086
dollar.exe 2022-10-30 08:36:02 facb41b0215d5399bd97b68f05efe5aa
buga.exe 2022-10-30 08:37:02 d269ca499f52149626d2485bbf74ea35
sanki.exe 2022-10-30 08:38:04 4f3eb4cd6ae13a74d09f29aed9cd73f4
baba.exe 2022-10-30 08:40:05 c12886ed570cc61fd178e690907cfb44
tornado.exe 2022-10-30 08:41:02 2b75c349e90df1fc14b38873992ec3af
solid.exe 2022-10-30 08:42:02 fd87146f6e2a130b1454724a961a1b8a
tray.exe 2022-10-30 08:43:02 face8fd03157a49e11c71259c826b167
yaya.exe 2022-10-30 08:44:02 2416d6cfb74b5277d570aa7ce4702bf3
windox.exe 2022-10-30 08:45:03 46e9d62aa9266ce1ed2a8620934bd7cd
aboki.exe 2022-10-30 08:47:01 b7a0bc8b94f5e9ae7da97a4b96671aae
sfc.exe 2022-10-30 08:48:02 29613e2dec4fc95380ceb7b7f9927ce1
ndulele.exe 2022-10-30 08:49:02 2cb908660103e6449ac76bdae06d81c2
OpenThis.exe 2023-01-19 11:35:02 c5f53044cf4bee51438be9acc5c5c442
reverse.exe 2024-05-20 07:20:02 94604756b7991e2361c98c1ffd1a50ff
venom.exe 2024-05-24 09:05:03 195032debcdcfbd4e56986070144a475
backdoor.exe 2024-05-24 09:31:01 32bab4b22104f0e73eb9f98efa619a68
example.exe 2024-05-24 09:33:02 356697b39d3721250aa3cc92bacc6120
1668093182.exe 2024-05-29 05:18:02 9fbc495f7b8396fd10b994d966f88796
h 2024-07-02 08:59:02 d3905c1568990dad69b03e5b792f2725
4444.exe 2024-07-04 08:06:03 1aca2436ee8c1ef6271dfebd4312b3d7
Extension.exe 2024-08-27 17:01:01 683947f7c0388cde0bf1ec8ca7845226
Documents.exe 2024-08-27 20:03:01 69622bc5a1fc62775a2b77cc4bbbdc00
Launcher.exe 2024-08-30 20:11:02 58fecf9d072c83e0d7ce4fa4c08af240
Extension2.exe 2024-09-22 12:30:02 d1ba5271cc1825702119cfd7e0232f81
TripVPN.exe 2024-09-22 12:39:02 f1796b78cb43fa7b6805584f0c3207c1
CovidPass.exe 2024-09-22 12:40:01 4ff07dff62d31b141d2ff73725935c08
sample.exe 2024-09-22 12:41:02 fe62c6284cc763752ff6801c12f29b33
Icon.exe 2024-09-22 14:09:01 1b73bb409f96bd368cfefa6635f358af
Launcher.exe 2024-09-22 15:06:01 2bf2123730614e66c7a5b926a7eea340
Uploader.exe 2024-09-22 15:08:02 b6b77de46fac92727df6141f2699e398
Organiser.exe 2024-09-22 15:28:01 2939997c9fc9dca6ccf9124200c5bcf7
Excel.exe 2024-09-22 15:57:02 c72a3773f36c1e96d38c8178ce4c3142
Extension.exe 2024-09-22 15:58:01 5c74e515750a07cd1800406809bccdfe
Prototype.exe 2024-09-22 16:20:02 f52a6c6e1c8be6ea65f385f16d2680b6
32.exe.txt 2024-09-28 03:09:02 33c05328038a99ed239df21e508182e6
shell.exe 2024-09-28 23:50:02 04e600266eb46ccb8e3712a48deac3a9
6.exe 2024-10-09 23:41:02 5a68e9c6b62d77db7874b7c027bdba7f
foot.exe 2024-10-11 10:20:02 13ab1cb658c72b66c3a8bce31405ac1d