output.exe

First submission 2024-02-04 18:24:21

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 317.06 KB (324669 bytes)
Compile time: 2023-08-04 09:44:32
MD5: 4c881a51c633cc64886b21371cd26fef
SHA1: 9a624b1f948a2b774466dea51f5f59170adcea6f
SHA256: e30bbbbcc4382318111e16114a89c1d9aec3bcb151331be1fd3442e701cbbb66
Sections 18 .text .data .rdata .xdata .pdata .bss .idata .CRT .tls .rsrc /4 /19 /31 /45 /57 /70 /81 /92
Directories 2 import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://47.99.151.68:1302/output.exe VirusTotal Report 47.99.151.68 VirusTotal Report 2024-02-04 18:24:21

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1fa8 8192 6404f0b780f8466e067d7280e8b7dd3fc99b5a9c 775a6eb203680ff02abf08a65970cb44
.data 0x3000 0xc0 512 15eac20a494288bb542595f4dcb6a27b199d7eb1 7f5672dd2d958eec66d6852b22025d3c
.rdata 0x4000 0x920 2560 a01b92d9caa0739fb1478b0ab0035841fb7d61c8 ec8d97aec90f46a572c0326b047a5ce2
.xdata 0x5000 0x1ec 512 d60fa839bf83712444d610757e7bf2844d355a62 14b47a0878092885752acdcdb6926ec5
.pdata 0x6000 0x258 1024 ac1a91d133d0f277c4c5800580215e08b78c2833 057f2b9de81c5d5aee7e67d3cc632965
.bss 0x7000 0x980 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x8000 0x838 2560 98372f95d8c6d6a25ee603f21180c6affdf67156 f5bd68e4c05ff4180b2bccf9f399e11a
.CRT 0x9000 0x68 512 f331685f2e2590772d176e9a075eacde7e00c8f4 f9f1c31eff55831279b5f354818ad8ec
.tls 0xa000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0xb000 0x4e8 1536 d8c6bb5e232b4098168c9378078aaf4e9d77ee3f 3b7f4d778dd55680650e27ddd712b430
/4 0xc000 0x4a0 1536 a16c7275b22f385532c01176fdacd6091fb6fb25 019421cdbd1462214d7d628bd5374338
/19 0xd000 0x38e9e 233472 05cf514c165eae3796476af747f63deb4973a8fb 3216ddf2fb7c122cab4e6bcde49068df
/31 0x46000 0x26e4 10240 a27e24819816568d09802db711fdbb68c31ffcf2 e8f17117d0c4f0b0ae44cd754c4daca2
/45 0x49000 0x35fb 13824 4670e8ec1ce071d4d130de199bbcca55e00cac0c 4e4ab19ed60ef2e73603c04615917324
/57 0x4d000 0xa38 3072 d3b1119c7243c53efdfca7e6a40b7420db58d220 b2bef1d4a16d34d3e6ca5ffb887007c3
/70 0x4e000 0x7c1 2048 79e32969713066bc096de77950787470e51f5915 0ad247b5a4c4beb665fd14ebb18bae35
/81 0x4f000 0x2fb9 12288 29f2e2151b4e5132092bf60757f5cc6c2f522d58 0c6eb2ad43bbb593df0a8c20c30ab140
/92 0x52000 0x4d0 1536 f8f64748bc80082ae7942e7874e676b86124ad6b 3ef820e8da944a9b49034cccc6288d68

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0xb058 1167

Strings analysis - File found

Text
config.txt
Library
KERNEL32.dll
MSVCRT.dll