66f3de8e8f1c5_lyla334.exe
First submission 2024-09-25 12:26:01
Last sumbission 2024-10-04 21:51:01
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 408.5 KB (418304 bytes) |
Compile time: | 2024-03-29 07:13:45 |
MD5: | 51636e7775782f91df225f511b297f96 |
SHA1: | bd338186079c1afd2750416c02b8650dbb6e463a |
SHA256: | 07439f8a2adbe031b3b1f4bca85a8f8e99dfac6499ec6f9261d3c01d7a744bb6 |
Import Hash : | dbcafdf90cf6fa1f29b89e8542f94f6a |
Sections 4 | .text .rdata .data .rsrc |
Directories 3 | import resource debug |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 26/77 VT report date: 2024-09-25 12:00:45 |
Malware Type 1 | trojan |
URLs, FQDN and IP indicators 1
PE Sections 2 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0xf922 | 64000 | a504ee9fd3ffb81f3e456a8394cd6a04821056c6 | ff712c545ae7edd8026859da76c7773d | |
.rdata | 0x11000 | 0x2ff88 | 196608 | 3045b261a24be4d32339404092eebe74e0e6d323 | 650317ad238466c42203c9380aa67748 | |
.data | 0x41000 | 0x201b210 | 24064 | 1a29cf85aa06eff7f3646938f565f3fbe8c655c2 | b7c609fa60cf74bc75615aea4113703e | |
.rsrc | 0x205d000 | 0x20550 | 132608 | f9611d4075605ef9987ee732c6d7c3c11588bd39 | 0284e4c62e43ebd31135392061e23bc7 |
PE Resources 8
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
ZAVUTIDORAMACE | LANG_TAMIL | SUBLANG_DEFAULT | 0x2076448 | 7729 | |
RT_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x207b8f8 | 1384 | |
RT_ICON | LANG_TAMIL | SUBLANG_DEFAULT | 0x2075f78 | 1128 | |
RT_STRING | LANG_TAMIL | SUBLANG_DEFAULT | 0x207d158 | 1014 | |
RT_ACCELERATOR | LANG_TAMIL | SUBLANG_DEFAULT | 0x2078280 | 56 | |
RT_GROUP_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x207be60 | 48 | |
RT_GROUP_ICON | LANG_TAMIL | SUBLANG_DEFAULT | 0x20763e0 | 104 | |
RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x207be90 | 600 |
Meta infos 7
LegalCopyright: | Copyright (C) 2023, Cedrano |
InternalNames: | PinchesNotLapes |
FileVersions: | 94.25.12.50 |
FileDescription: | GlobalEnw |
Translation: | 0x2a7f 0x07e9 |
ProductVersions: | 8.59.43 |
ProductName: | Penough |
Packers detected 2
Microsoft Visual C++ 8 |
VC8 -> Microsoft Corporation |
Anti debug functions 6
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Text |
0.txt |
Library |
KERNEL32.dll |
WUSER32.DLL |
mscoree.dll |
WINHTTP.dll |
USER32.dll |
MSIMG32.dll |
GDI32.dll |
Strings analysis - Possible IPs found 1
94.25.12.50 |