AppReseter_forOutlooker.exe

First submission 2024-10-18 02:59:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 313.5 KB (321024 bytes)
Compile time: 2012-07-14 00:47:16
MD5: 4c4200cdf2e58dee2b4db5200c231468
SHA1: 5906b36911e9a1abd56c8bc7c60255ae67c84cf4
SHA256: 8241ed9b5cbf2bdbc37576027497125c0d77ecbaec322d434605454794786bbe
Import Hash : bf5a4aa99e5b160f8521cadd6bfe73b8
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 43/77 VT report date: 2024-10-16 20:38:41
Malware Type 2 trojan pua
Threat Type 2 injuke obzk

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://3.94.86.69/files/AppReseter_forOutlooker.exe VirusTotal Report 3.94.86.69 VirusTotal Report 2024-10-18 02:59:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x19718 104448 ed7a235ef3603a86704bf72846dfa3b65dd307fb b63ced21ee5d70196718716969e87a25
.rdata 0x1b000 0x6db4 28160 ac050a1809ae127615e1683adb73d87013096d10 5826801f33fc1b607aa8e942aa92e9fa
.data 0x22000 0x30c0 5632 c5c9b70d1fbe0cb0f1d48ea41ef1cd0da70d708d 2fe51a72ede820cd7cf55a77ba59b1f4
.rsrc 0x26000 0x2c438 181760 2f9d11b05f5c85f4d4e650d405bfc08941809e2f d52db823db143795fe6e1752be3a882b

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x261b4 4264
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x51eb4 32
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x51ed4 20
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x51ee8 868
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x5224c 490

Meta infos 12

LegalCopyright: Copyright \xa9 2023
Assembly Version: 1.0.0.0
InternalName: AppReseter.exe
FileVersion: 1.0.0.0
CompanyName: Zanzero E Services
LegalTrademarks:
Comments: Raavan
ProductName: App Reseter
ProductVersion: 1.0.0.0
FileDescription: All App Reseter
Translation: 0x0000 0x04b0
OriginalFilename: AppReseter.exe

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
USER32.dll
OLEAUT32.dll
ole32.dll

Import functions

Name Latest seen MD5
notepad.exe 2022-09-09 15:16:02 6bf5488cbc8b5475997c8f9feb9b80f6
microsoft.exe 2022-10-23 20:23:04 9f3c5b6fa2a40d0d97d82d1f509b7168
data64_2.exe 2022-11-20 09:03:03 07b50673f04622d62836838790613452
data64_1.exe 2022-11-20 10:06:02 ebef6f629d4dd92f8c4714b4f9693642
data64_3.exe 2022-11-20 10:09:02 27b8430e57ed40e3c090e662233a10eb
ZydSimple.exe 2023-01-16 18:42:31 207cc906a41b0ac0b673e6b54191dae8
.NetFramework.exe 2023-06-22 19:16:03 b8bee86a938a8b2245aa9343077958a6
fee.exe 2024-05-19 01:25:03 38531b2b0413ec8925c2ab8d9755d24b
MyCheckBack.exe 2024-05-25 17:01:05 58d9da67f31be50170dadd4ff9a837ad
GGWS_UPLOAD.exe 2024-05-27 20:09:08 cbaa1a61c93704f1540e48a8dd9bac14
STHealthClient.exe 2024-05-25 18:28:08 70ab645e72548443cea20ffd8005dc1a
STHealthUp.exe 2024-05-26 00:04:04 e78473bca17b8e1e7353570719b5ad0c
STHealthUpdate.exe 2024-05-27 10:08:06 6f5df1cb4767052b0b77e4e93fdda84d
STHealthUpload.exe 2024-05-27 11:01:05 26c7da49199c31fcfe179cee64b89116
STHealthBQ.exe 2024-05-27 11:02:05 e67f683eac76d370334f3fdf51aa430a
66cf56ae6e345_ColeusesWalkathon.exe 2024-10-04 23:14:02 afed25699b68eb6b0d7fa7fa382c55b7
systems.exe 2024-09-02 00:53:01 454a942056f6d69c4a06ffedffea974a
66e464075714d_otr.exe 2024-10-05 10:54:02 39792b5d0b6a20c9216623181135f397
%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe 2024-09-23 13:37:05 a30cc69a6a902257d633dba5653ca990
66e463dc5d817_cry.exe 2024-10-07 22:00:02 338e222dbbbe3d87219fc2ba4e6936da
66e010f468498_otr.exe 2024-10-05 13:55:02 faaf13f6a1dd574396fea7e084504150
66e014584fcee_w2.exe 2024-10-07 21:13:02 d11952cce9c0e9a38a52fbf887e96681
66e014874bec8_w9.exe 2024-10-05 00:24:02 d6c976ddbf72de3a56834b7583f7f7cc
66e805302f63c_otr.exe 2024-10-05 12:19:02 d3d2aafaf86262baa7528e397f1ce761
66e80492300c8_cry.exe 2024-10-05 11:18:02 fef7cb7c3bd0e8204e3e7fecc544e6e6
ped.exe 2024-10-04 19:12:15 101a98643dbcbf0c0c02d45b8126a590
AppReseter.exe 2024-10-18 02:58:03 121dcbcd91af6526e15ff12ce63fe34b