data64_4.exe

First submission 2022-08-01 05:13:03

File details

File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File type: 2048.5 KB (2097664 bytes)
Compile time: 2022-07-29 18:40:59
MD5: 4d8158eea8e29f4e0d9738fbbb3397ea
SHA1: b31600513610f9a46e22016ed23c90aeb80f17cd
SHA256: 57e59ff44608d3b3bbd16f293a724552b9528a00336d26c70313aa3cf54836b0
Import Hash : 5163b901e63589d6b74136c9f07dbc8f
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total: 27/71 VT report date: 2022-07-31 23:10:35

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://malanche.com/15/data64_4.exe VirusTotal Report malanche.com VirusTotal Report 2022-08-01 05:13:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x125000 1199104 80ab8c8bf390310ad34ae774d8f94ab916bf057a da4028e12d656d6c65ca00a9d04a3000
.rdata 0x126000 0xb000 45056 d90d10a91ffaf26a3bdf337bca18d28fc22f9816 5db3b6f4db11ffb632099b61f04a3194
.data 0x131000 0xe8000 851456 f48e8bd10934f272bc92d22ea2d1f9e628525447 8cbacda37898eb0c99632dc5dda15682
.rsrc 0x219000 0x1000 512 3942b767ca8d9066447d8611e4a52d9c977f36e6 eecdde00ad9bedc79db90a2c3e5c66f4
.reloc 0x21a000 0x1000 512 bedcf6757325ed09fff8d3ef777a7bd5c8862ba6 ea81763ee8144b8a3b9befc1c0064f38

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x219060 381

Anti debug functions 4

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
api-ms-win-crt-heap-l1-1-0.dll
KERNEL32.dll
api-ms-win-crt-stdio-l1-1-0.dll
mscoree.dll
api-ms-win-crt-runtime-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll

Import functions

Name Latest seen MD5
data64_4.exe 2022-07-31 17:18:02 2eef072591fa615c5a3e8762076210d2