actives.exe
First submission 2024-10-15 16:26:04
File details
| File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 2634.04 KB (2697256 bytes) |
| Compile time: | 2021-01-06 12:06:39 |
| MD5: | 51514245009764a9f3e9455c23711df8 |
| SHA1: | 51202c8d2511fda33e76ffd55e3ce24880680515 |
| SHA256: | 86c8e804eeb34d0f0aff2bacb297a0c0077a7e0e3ca423609a0970b5221c13bc |
| Import Hash : | 26db5052cd8ede8ee590a842731769c5 |
| Sections 4 | .text��� .rdata�� .data��� .rsrc��� |
| Directories 2 | import resource |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 60/77 VT report date: 2024-10-15 09:17:01 |
| Malware Type 3 | trojan dropper ransomware |
| Threat Type 3 | aenjaris msil blocker |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://20.210.245.1/actives.exe  |
20.210.245.1 |
2024-10-15 16:26:05 |
PE Sections 1 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x796a | 31232 | 48eb1f55e39e38fd3f7249c6d4d4e9821dcc9ae4 | 488cb7d1197391cd7b7cd4cfcce2c2ad | |
| .rdata�� | 0x9000 | 0x11a0 | 4608 | c214e9c3b914ee7a9a6944b0fb8b21f714ca7697 | a9557a490993c9167af186604d5fa0d6 | |
| .data��� | 0xb000 | 0x4f38 | 2560 | 0c2d72db306c1115bb320d567c59e3abdea787e5 | 9bd97b23a6778c0c0e548678792f9a88 | |
| .rsrc��� | 0x10000 | 0x2480c4 | 2392576 | d8ce5218f2014798c18884624e538a982f8c4b08 | 7a5a26caa432409acfc14d094552b734 |
PE Resources 4
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x201e8 | 1128 | |
| RT_RCDATA | LANG_RUSSIAN | SUBLANG_RUSSIAN | 0x257dd8 | 26 | |
| RT_GROUP_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x257df4 | 118 | |
| RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x257e6c | 598 |
Packers detected 4
| Microsoft Visual C++ v6.0 |
| Microsoft Visual C++ 5.0 |
| Microsoft Visual C++ |
| Installer VISE Custom |
Anti debug functions 4
| GetLastError |
| RaiseException |
| TerminateProcess |
| UnhandledExceptionFilter |
Strings analysis - File found
| Data |
| \ntuser.dat |
| XML |
| System.Xml |
| Library |
| ADVAPI32.dll |
| WSOCK32.dll |
| SHELL32.dll |
| USER32.dll |
| KERNEL32.dll |
| MSVCR90.dll |
| mscoree.dll |
| MSVCP90.dll |
| SHLWAPI.dll |
| urlmon.dll |
| OLEAUT32.dll |
| msvcm90.dll |
Strings analysis - Possible URLs found 1
| http://serverjarvis.sytes.net/resource_vir/command.php?version=0019 |