66d8985a256af_installer.exe

First submission 2024-09-04 19:48:02

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 4857.94 KB (4974530 bytes)
Compile time: 2012-05-10 10:34:40
MD5: 4b0348bf0a8544b5c6b90c79bbeca054
SHA1: fffc3fed695f793866fc13fd2000531134e8874f
SHA256: aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0
Import Hash : ce92706925e359aa40f23197a9743843
Sections 5 .text .rdata .data .pdata .rsrc
Directories 3 import resource security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 14/79 VT report date: 2024-09-04 19:39:17
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://147.45.44.104/yuop/66d8985a256af_installer.exe VirusTotal Report 147.45.44.104 VirusTotal Report 2024-09-04 19:48:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1b300 111616 347710d71a7059c2d8e943dcebe4a481f3bb7e81 643d4d5512b6ada56e2a13964b71f570
.rdata 0x1d000 0x52a2 21504 11a11880d7a7c8eddc524c5345c30a90e8726c22 4888581b1f6d73fcfaf679eb2500c4af
.data 0x23000 0x2f68 3072 1005a8ed8253ef91ac15f544465510a4f754fd03 24b7f532e0985a338e74a2bde02e07f0
.pdata 0x26000 0x16e0 6144 f0867fee774119fe1924b4d9df96342bd1a77301 1c1230c663f280fbde04cc10c5014dcc
.rsrc 0x28000 0x48f92 299008 a8e88b649aef21d8280dbf837341940b6de6d9aa 1a5fb610b1e110b6c229b59ae9dde189

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x7076c 1128
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x70bd4 118
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x70c4c 838

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Anti debug functions 1

Bochs & QEmu CPUID Trick

File signature

MD5 SHA1 Block size Virtual Address
925a6b2cf5754b5d2f6b0c7002bb4241 da651a27cdb20fb8312e99aa38e8638047ae6163 21912 4952618

Strings analysis - File found

Executable
Vk.SO
Library
%setup_app_tmp.dll
ADVAPI32.dll
SHELL32.dll
COMCTL32.dll
USER32.dll
KERNEL32.dll
MSVCRT.dll
OLEAUT32.dll
ole32.dll
GDI32.dll

Strings analysis - Possible URLs found 15

http://ocsp.digicert.com0\
http://ocsp.digicert.com0C
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://ocsp.digicert.com0A
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://www.digicert.com/CPS0
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://sourceforge.net/projects/s-zipsfxbuilder/)
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://ocsp.digicert.com0X
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

Import functions

Name Latest seen MD5
66d7540419a3a_installer.exe 2024-09-04 00:24:02 9a0770b61e54640630a3c8542c5bc7ac