cs-daili.exe

First submission 2024-10-15 19:39:04

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	296.0 KB (303104 bytes)
Compile time:	2021-10-21 16:17:33
MD5:	4adcb0f7a3d272d2897488bc269a102b
SHA1:	6eba2700f071030c82cfaa6165f2439f2865c02d
SHA256:	a59992138030f8f040b0048d8e7e1faf429bdfd2d0ef1ea26fecb90f40a862ed
Import Hash :	5e726a232a120b1495be711a060576c9
Sections 3	.text .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	23/76 VT report date: 2023-01-28 18:48:54

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://dow.andylab.cn/cs-daili.exe	dow.andylab.cn	2024-10-15 19:39:04

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x458a8	286720	6109ee49b34afadf4293bca34d42467db85b427c	7ce9e34e618598df3523657828428d86
.data	0x47000	0x20e0	4096	1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d	620f0b67a91f7f74151bc5be745b7110
.rsrc	0x4a000	0x11a8	8192	625a27013fe0c840ff1e57f28b2f7884cd880e8f	f3997ad3af61bdd1967d122e9daa729a

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x4a300	3752	PE Resource: RT_ICON - Data (0` !!)$5! !$%$1,)),1565J:%cEBA1cU9FGFRQJJQRRRRRUZZZZcYJcYR{eJkgZZ]cZaccbccikkkksmcsmk{sc{ukkqssss{yssu{{z{Yam!i)qJyJsR}s))9999)))191)))1119991191999999JJ{JBJJJBJRZBBJJBJJBJRRZZcskgck{s{c{JBBJJBBJZRZZZckkfs{v{6`vd{ XdLLd/+866"!&&&((.)7`}WUT=7.1&&.YJQiPPPPPPPOM1<LfKHHKKKHHjNFAs^CgLIeeMGJIF]BAA:g@CBBIJJQmQOKJFZx:DBIJQQbckeJ>CBJOSOtwCBIOSaV}i_AFJRyo{ABMQSVvzABq~\VXVRpr\|AFJlQXXVXVQF5 (A?nVVVmJB3BLEXdJB2^uySIBuiI; ah4 ,8 . # +[9#$ &((&&&&.(&&&(((1.&&&&(((..&&&&(((...11&&&&(((...111&&&&(((...111&&&&((((..0111%&&'((-..1111
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x4a2ec	20
RT_VERSION	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x4a0f0	508

Name

Language

Sublanguage

Offset

Size

Data

RT_ICON

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x4a300

3752

RT_GROUP_ICON

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x4a2ec

RT_VERSION

LANG_CHINESE

SUBLANG_CHINESE_SIMPLIFIED

0x4a0f0

508

Meta infos 6

InternalName:	cs-daili
ProductVersion:	2021.10.0017
Translation:	0x0804 0x04b0
ProductName:	\x7f51\x7edc\x4ee3\x7406
OriginalFilename:	cs-daili.exe
FileVersion:	2021.10.0017

Packers detected 1

Microsoft Visual Basic v5.0 - v6.0

Strings analysis - File found

Temporary
\~ConvIconToBmp.tmp
Autogen
C:\Program Files (x86)\VB6Mini\bin\VB6.OLB
Data
taskkill /f /im NewTcp.Dat
Library
MSVBVM60.DLL
USER32.dll
GDI32.dll
WININET.dll
OLEAUT32.dll
UxTheme.dll
VBA6.DLL
VB5!6&vb6chs.dll
SHELL32.dll

Import functions

MSVBVM60.DLL 145

Function	Address	Souspicious	Anti Debug
__vbaVarSub	0x401000
__vbaStrI2	0x401004
_CIcos	0x401008
_adj_fptan	0x40100c
__vbaVarMove	0x401010
__vbaFreeVar	0x401014
__vbaLenBstr	0x401018
None	0x40101c
__vbaStrVarMove	0x401020
__vbaLateIdCall	0x401024
__vbaEnd	0x401028
__vbaFreeVarList	0x40102c
_adj_fdiv_m64	0x401030
__vbaRaiseEvent	0x401034
__vbaNextEachVar	0x401038
__vbaFreeObjList	0x40103c
__vbaLineInputVar	0x401040
_adj_fprem1	0x401044
__vbaRecAnsiToUni	0x401048
None	0x40104c
__vbaCopyBytes	0x401050
__vbaStrCat	0x401054
None	0x401058
__vbaLsetFixstr	0x40105c
__vbaSetSystemError	0x401060
__vbaHresultCheckObj	0x401064
_adj_fdiv_m32	0x401068
__vbaAryDestruct	0x40106c
None	0x401070
__vbaVarForInit	0x401074
__vbaExitProc	0x401078
__vbaI4Abs	0x40107c
None	0x401080
__vbaFileCloseAll	0x401084
__vbaObjSet	0x401088
__vbaOnError	0x40108c
None	0x401090
_adj_fdiv_m16i	0x401094
__vbaObjSetAddref	0x401098
_adj_fdivr_m16i	0x40109c
None	0x4010a0
__vbaFpR4	0x4010a4
__vbaBoolVar	0x4010a8
__vbaFpR8	0x4010ac
__vbaVarTstLt	0x4010b0
_CIsin	0x4010b4
None	0x4010b8
__vbaErase	0x4010bc
__vbaChkstk	0x4010c0
__vbaCyVar	0x4010c4
__vbaFileClose	0x4010c8
EVENT_SINK_AddRef	0x4010cc
None	0x4010d0
__vbaVarAbs	0x4010d4
__vbaGenerateBoundsError	0x4010d8
None	0x4010dc
__vbaStrCmp	0x4010e0
None	0x4010e4
__vbaAryConstruct2	0x4010e8
__vbaPrintObj	0x4010ec
__vbaI2I4	0x4010f0
DllFunctionCall	0x4010f4
__vbaCastObjVar	0x4010f8
__vbaRedimPreserve	0x4010fc
_adj_fpatan	0x401100
__vbaR4Var	0x401104
__vbaLateIdCallLd	0x401108
__vbaRedim	0x40110c
__vbaRecUniToAnsi	0x401110
EVENT_SINK_Release	0x401114
None	0x401118
__vbaUI1I2	0x40111c
_CIsqrt	0x401120
__vbaObjIs	0x401124
EVENT_SINK_QueryInterface	0x401128
__vbaExceptHandler	0x40112c
__vbaStrToUnicode	0x401130
None	0x401134
__vbaPrintFile	0x401138
None	0x40113c
_adj_fprem	0x401140
_adj_fdivr_m64	0x401144
__vbaFPException	0x401148
__vbaInStrVar	0x40114c
None	0x401150
__vbaUbound	0x401154
__vbaStrVarVal	0x401158
__vbaVarCat	0x40115c
None	0x401160
__vbaI2Var	0x401164
None	0x401168
None	0x40116c
None	0x401170
_CIlog	0x401174
__vbaErrorOverflow	0x401178
__vbaFileOpen	0x40117c
__vbaInStr	0x401180
__vbaNew2	0x401184
__vbaVarLateMemCallLdRf	0x401188
_adj_fdiv_m32i	0x40118c
None	0x401190
_adj_fdivr_m32i	0x401194
__vbaStrCopy	0x401198
None	0x40119c
__vbaI4Str	0x4011a0
__vbaFreeStrList	0x4011a4
_adj_fdivr_m32	0x4011a8
_adj_fdiv_r	0x4011ac
None	0x4011b0
None	0x4011b4
__vbaVarTstNe	0x4011b8
__vbaVarSetVar	0x4011bc
__vbaI4Var	0x4011c0
__vbaVarAdd	0x4011c4
None	0x4011c8
__vbaStrToAnsi	0x4011cc
__vbaVarDup	0x4011d0
None	0x4011d4
__vbaFpI2	0x4011d8
__vbaVarCopy	0x4011dc
None	0x4011e0
__vbaFpI4	0x4011e4
__vbaVarLateMemCallLd	0x4011e8
__vbaUnkVar	0x4011ec
__vbaR8IntI2	0x4011f0
__vbaLateMemCallLd	0x4011f4
__vbaVarSetObjAddref	0x4011f8
_CIatan	0x4011fc
__vbaStrMove	0x401200
__vbaCastObj	0x401204
__vbaR8IntI4	0x401208
__vbaStrVarCopy	0x40120c
__vbaForEachVar	0x401210
_allmul	0x401214
__vbaFpCSngR4	0x401218
__vbaLateIdSt	0x40121c
_CItan	0x401220
None	0x401224
__vbaFPInt	0x401228
__vbaAryUnlock	0x40122c
__vbaVarForNext	0x401230
_CIexp	0x401234
__vbaFreeObj	0x401238
__vbaFreeStr	0x40123c
None	0x401240