FortniteSeason.exe?ex=670c6711&is=670b1591&hm=1838944b424d1f3f4707b2217308c0efca9ea83971731367222b05135df55e0a&
First submission 2024-10-13 19:39:04
File details
| File type: | PE32+ executable (GUI) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 18282.74 KB (18721521 bytes) |
| Compile time: | 2024-10-06 15:51:58 |
| MD5: | 4bb4e8cd407b78326e017d130816fd7e |
| SHA1: | 647815008159f1a909f1b1322797db34265f5809 |
| SHA256: | 8d585cf2d943c6eb52ade4903b42e85a2bcfa2237a324e39a752d1eeeb1c9a87 |
| Import Hash : | 1e92fd54d65284238a0e3b74b2715062 |
| Sections 7 | .text��� .rdata�� .data��� .pdata�� _RDATA�� .rsrc��� .reloc�� |
| Directories 4 | import resource debug relocation |
File features detected
Signed
XOR
OSINT Enrichments
| Virus Total: | 33/77 VT report date: 2024-10-13 02:42:03 |
| Malware Type 1 | trojan |
| Threat Type 2 | stealer python |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXps://cdn.discordapp.com/attachments/1294814463379243019/1294820505295257741/FortniteSeason.exe?ex=670c6711&is=670b1591&hm=1838944b424d1f3f4707b2217308c0efca9ea83971731367222b05135df55e0a&  |
cdn.discordapp.com |
2024-10-13 19:39:04 |
PE Sections 1 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x28710 | 165888 | e15872f0de54a6d043e4393fbd549ea1610b0883 | e4f89af1ba6511882cb4cd14d9f6eca0 | |
| .rdata�� | 0x2a000 | 0x1282e | 76288 | b738e957caef86f85eb128054f95e2d0e35c6634 | d95bb84286c1c30cc15f099892bfe181 | |
| .data��� | 0x3d000 | 0x103e8 | 3584 | d4c953f89fd70f37e55ba6c4ce6eebd2bc17e4db | 8197d15b5af8fff7ec6022f8809b64c8 | |
| .pdata�� | 0x4e000 | 0x20a0 | 8704 | e2a1cf46fa7fcdbc7939358c02a9de9d85500ef8 | 77e2f2d72516a8aa1832e8298e54381f | |
| _RDATA�� | 0x51000 | 0x15c | 512 | 354e5acb26cebcef4e637aaf6bae5f3a05ee3243 | 0ed86077474ad8a4a0621ecbc29cb84c | |
| .rsrc��� | 0x52000 | 0xf498 | 62976 | de01d1fdfeee73131e7f47a08c86957cd254bd13 | ac8c7cbe6626a5ff9e2bb1338d967035 | |
| .reloc�� | 0x62000 | 0x754 | 2048 | 7d1edc41fd0cf54f92d860819a4ea04e5f5c470b | 7fed9a3addc55d51107d5af5a380ab8e |
PE Resources 3
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x60a3c | 1128 | |
| RT_GROUP_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x60ea4 | 104 | |
| RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x60f0c | 1417 |
Packers detected 1
| Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 6
| GetLastError |
| IsDebuggerPresent |
| IsProcessorFeaturePresent |
| RaiseException |
| TerminateProcess |
| UnhandledExceptionFilter |
Anti debug functions 1
| Virtual Box |
Strings analysis - File found
| Backup |
| h.oLd |
| Compressed |
| base_library.zip |
| xbase_library.zip |
| Text |
| xpyinstaller-5.1.dist-info\COPYING.txt |
| xpyinstaller-5.1.dist-info\top_level.txt |
| xaltgraph-0.17.4.dist-info\top_level.txt |
| xpyinstaller-5.1.dist-info\entry_points.txt |
| Library |
| mscoree.dll |
| bpywintypes310.dll |
| bpythoncom310.dll |
| bsqlite3.dll |
| bpython3.dll |
| blibssl-1_1.dll |
| bmfc140u.dll |
| GDI32.dll |
| ADVAPI32.dll |
| KERNEL32.dll |
| COMCTL32.dll |
| ucrtbase.dll |
| blibffi-7.dll |
| bVCRUNTIME140.dll |
| bpython310.dll |
| USER32.dll |
| bVCRUNTIME140_1.dll |
| blibcrypto-1_1.dll |
| 6python310.dll |
Strings analysis - Possible URLs found 1
| http://schemas.microsoft.com/SMI/2016/WindowsSettings |
Import functions
| Name | Latest seen | MD5 |
|---|---|---|
| p.exe | 2023-02-03 12:25:03 | 827c83f08d1c139e4b6698bdcf386da8 |
| os.exe | 2023-02-26 07:32:03 | 6de5d012e62d89d1cd13da4b73fa4c1f |
| RedEngine.exe?ex=670ee657&is=670d94d7&hm=1fb3be7c5dbd639fd3fe9c400d7f1b7ee0c687c2bd04b1a006af92203233d76b& | 2024-10-15 20:07:03 | 7dd15869ebc69745e11649e9074c9a1c |