360.exe

First submission 2024-02-04 18:34:31

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1654.86 KB (1694577 bytes)
Compile time: 2021-08-06 18:38:04
MD5: 52a0c816c0b08797231e212fe26cb825
SHA1: 543a0cd559a34d7c49b6c0bb3ea1bd062efe2e69
SHA256: 302d5df2993d6a387ea35f8533aeea54af7ad83d1cbfe69eb2ebe6c47e04366d
Sections 5 .data .sedata .idata .rsrc .sedata
Directories 2 import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://103.45.104.76:81/360.exe VirusTotal Report 103.45.104.76 VirusTotal Report 2024-02-04 18:34:31

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.data 0x1000 0x227000 1418752 8a696c0726ad4535f6052c2b994776114a9129bb 5a4769028a32188c554d34399f1e05e0
.sedata 0x228000 0xbe000 775680 f247bce889730bf1a0f271c5d65fa4c5bf7f3dd9 cf537dfd4fea9175d1833ee284a03bcb
.idata 0x2e6000 0x1000 512 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x2e7000 0x16000 88064 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.sedata 0x2fd000 0x1000 4096 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e

Anti debug functions 1

VMware trick

Strings analysis - File found

Library
hid.dll
ntdll.dll
USER32.dll
mscorwks.dll
mscoree.dll
ADVAPI32.dll
MSVCRT.dll
mscoreei.dll
KernelBase.dll
KERNEL32.dll
mscorsvr.dll
IPHLPAPI.DLL
PSAPI.DLL
SHELL32.dll
clr.dll
diasymreader.dll