DigitalSide Threat Intel

ZmYfQBiw.exe

First submission 2023-09-15 08:46:04

File details

File type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 4967.5 KB (5086720 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 4eccb4065ef0b815cd77fe425adf4aef
SHA1: da358ed94289242737316711f65c676293ab96b4
SHA256: 77f9af325a7d2d630405e05a1922d5009b79408f408de6da2298af3d28c3f424
Import Hash : 9aebf3da4677af9275c461261e5abde3
Sections 3 UPX0 UPX1 .rsrc
Directories 5 import export resource tls relocation
Virus Total: 45/71 VT report date: 2023-09-15 05:36:59

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://107.189.4.239/ZmYfQBiw.exe VirusTotal Report 107.189.4.239 VirusTotal Report 2023-09-15 08:46:04

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0x881000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x882000 0x4da000 5084672 a1a09edb356d5da1e665a4f61e520a794431cd0b d3f46db6d129ead27c04febf2d26bdea
.rsrc 0xd5c000 0x1000 1536 4bf199616c631c373911a3da259ca62b5fbafed2 ca9c628fdf798470cf906e66ed0e68a5

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0xd5c05c 1167

Strings analysis - File found

Database
j& ".dB
Library
KERNEL32.dll
MSVCRT.dll

Strings analysis - Possible IPs found 1

2.5.4.3

Import functions

Function Address Souspicious Anti Debug
LoadLibraryA 0x140d5c528
ExitProcess 0x140d5c530
GetProcAddress 0x140d5c538
VirtualProtect 0x140d5c540
Function Address Souspicious Anti Debug
exit 0x140d5c550

Related files by ImpHash 2 9aebf3da4677af9275c461261e5abde3

Name Latest seen MD5
123.exe 2023-06-26 21:45:03 54d16b2bd83331c4512e3392271ac098
bilkad.exe 2023-07-28 08:06:02 c4fe973e479a2af02dce5b9888e97917