66f3de8e8f1c5_lyla334.exe

First submission 2024-09-25 12:26:01 Last sumbission 2024-10-04 21:51:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 408.5 KB (418304 bytes)
Compile time: 2024-03-29 07:13:45
MD5: 51636e7775782f91df225f511b297f96
SHA1: bd338186079c1afd2750416c02b8650dbb6e463a
SHA256: 07439f8a2adbe031b3b1f4bca85a8f8e99dfac6499ec6f9261d3c01d7a744bb6
Import Hash : dbcafdf90cf6fa1f29b89e8542f94f6a
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 26/77 VT report date: 2024-09-25 12:00:45
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://males.mugutu.com/yuop/66f3de8e8f1c5_lyla334.exe VirusTotal Report males.mugutu.com VirusTotal Report 2024-10-04 21:51:04

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xf922 64000 a504ee9fd3ffb81f3e456a8394cd6a04821056c6 ff712c545ae7edd8026859da76c7773d
.rdata 0x11000 0x2ff88 196608 3045b261a24be4d32339404092eebe74e0e6d323 650317ad238466c42203c9380aa67748
.data 0x41000 0x201b210 24064 1a29cf85aa06eff7f3646938f565f3fbe8c655c2 b7c609fa60cf74bc75615aea4113703e
.rsrc 0x205d000 0x20550 132608 f9611d4075605ef9987ee732c6d7c3c11588bd39 0284e4c62e43ebd31135392061e23bc7

PE Resources 8

Name Language Sublanguage Offset Size Data
ZAVUTIDORAMACE LANG_TAMIL SUBLANG_DEFAULT 0x2076448 7729
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x207b8f8 1384
RT_ICON LANG_TAMIL SUBLANG_DEFAULT 0x2075f78 1128
RT_STRING LANG_TAMIL SUBLANG_DEFAULT 0x207d158 1014
RT_ACCELERATOR LANG_TAMIL SUBLANG_DEFAULT 0x2078280 56
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x207be60 48
RT_GROUP_ICON LANG_TAMIL SUBLANG_DEFAULT 0x20763e0 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x207be90 600

Meta infos 7

LegalCopyright: Copyright (C) 2023, Cedrano
InternalNames: PinchesNotLapes
FileVersions: 94.25.12.50
FileDescription: GlobalEnw
Translation: 0x2a7f 0x07e9
ProductVersions: 8.59.43
ProductName: Penough

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Text
0.txt
Library
KERNEL32.dll
WUSER32.DLL
mscoree.dll
WINHTTP.dll
USER32.dll
MSIMG32.dll
GDI32.dll

Strings analysis - Possible IPs found 1

94.25.12.50

Import functions