DigitalSide Threat Intel

f2e7fcb20146.exe

First submission 2024-10-15 12:59:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 547.54 KB (560680 bytes)
Compile time: 2024-10-15 12:45:44
MD5: 52d72533b757da622a9d7c76abd8b70d
SHA1: 19c68b2e61cfc42f67fe9ff465090a7dd144497e
SHA256: 2ab30c776c2b8751c67c46212251ab0b91c5e8090505d82eb0ade18e33dd9002
Import Hash : 5569ec101333623476b6cdb226005b45
Sections 4 .text .rdata .data .reloc
Directories 5 import debug tls relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://assets.gziraq.com/css/f2e7fcb20146.exe VirusTotal Report assets.gziraq.com VirusTotal Report 2024-10-15 12:59:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x28799 165888 4ffd8224e515c5eef78598ee9c7ac12c5ab9774a 0a31f97b62ce4057583e947c8c93fd16
.rdata 0x2a000 0xc3b2 50176 ff173fd5d07c4ada50c04278635a59e641fab6e5 a70d8239fa5d38bc4c001ecb666e244f
.data 0x37000 0x50138 324096 280adc906175e085cddd084480ab281ab9184684 74f7f4bd4ed536512ae841040e6d005a
.reloc 0x88000 0x2420 9728 0efdf0833ae37002de450d163c04df8fccf75257 aa35c0504bfb93ae36a174fdf49b1d3b

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
7cd905d59ba4f31c082c2e2bfd88980f 7f1b1df25765fde2a6305fe2fe1ce76edfbe0529 9768 550912

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Strings analysis - Possible URLs found 15

http://www.entrust.net/rpa03
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://crl.entrust.net/2048ca.crl0
http://www.digicert.com/CPS0
https://www.entrust.net/rpa0
http://ocsp.entrust.net02
http://ocsp.entrust.net03
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl.entrust.net/ts1ca.crl0
http://ocsp.digicert.com0\
http://aia.entrust.net/ts1-chain256.cer01
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

Import functions

Function Address Souspicious Anti Debug
CloseHandle 0x42a000
FreeConsole 0x42a004
ReleaseSRWLockExclusive 0x42a008
AcquireSRWLockExclusive 0x42a00c
WakeAllConditionVariable 0x42a010
SleepConditionVariableSRW 0x42a014
IsProcessorFeaturePresent 0x42a018
IsDebuggerPresent 0x42a01c
UnhandledExceptionFilter 0x42a020
SetUnhandledExceptionFilter 0x42a024
GetStartupInfoW 0x42a028
GetModuleHandleW 0x42a02c
QueryPerformanceCounter 0x42a030
GetCurrentProcessId 0x42a034
GetCurrentThreadId 0x42a038
GetSystemTimeAsFileTime 0x42a03c
InitializeSListHead 0x42a040
GetCurrentProcess 0x42a044
TerminateProcess 0x42a048
WideCharToMultiByte 0x42a04c
GetStringTypeW 0x42a050
MultiByteToWideChar 0x42a054
RaiseException 0x42a058
TryAcquireSRWLockExclusive 0x42a05c
GetLastError 0x42a060
FreeLibraryWhenCallbackReturns 0x42a064
CreateThreadpoolWork 0x42a068
SubmitThreadpoolWork 0x42a06c
CloseThreadpoolWork 0x42a070
GetModuleHandleExW 0x42a074
InitOnceBeginInitialize 0x42a078
InitOnceComplete 0x42a07c
EncodePointer 0x42a080
DecodePointer 0x42a084
EnterCriticalSection 0x42a088
LeaveCriticalSection 0x42a08c
InitializeCriticalSectionEx 0x42a090
DeleteCriticalSection 0x42a094
LCMapStringEx 0x42a098
GetProcAddress 0x42a09c
GetCPInfo 0x42a0a0
CreateFileW 0x42a0a4
RtlUnwind 0x42a0a8
SetLastError 0x42a0ac
InitializeCriticalSectionAndSpinCount 0x42a0b0
TlsAlloc 0x42a0b4
TlsGetValue 0x42a0b8
TlsSetValue 0x42a0bc
TlsFree 0x42a0c0
FreeLibrary 0x42a0c4
LoadLibraryExW 0x42a0c8
ExitProcess 0x42a0cc
GetModuleFileNameW 0x42a0d0
GetStdHandle 0x42a0d4
WriteFile 0x42a0d8
GetCommandLineA 0x42a0dc
GetCommandLineW 0x42a0e0
HeapAlloc 0x42a0e4
HeapFree 0x42a0e8
CompareStringW 0x42a0ec
LCMapStringW 0x42a0f0
GetLocaleInfoW 0x42a0f4
IsValidLocale 0x42a0f8
GetUserDefaultLCID 0x42a0fc
EnumSystemLocalesW 0x42a100
GetFileType 0x42a104
FindClose 0x42a108
FindFirstFileExW 0x42a10c
FindNextFileW 0x42a110
IsValidCodePage 0x42a114
GetACP 0x42a118
GetOEMCP 0x42a11c
GetEnvironmentStringsW 0x42a120
FreeEnvironmentStringsW 0x42a124
SetEnvironmentVariableW 0x42a128
GetProcessHeap 0x42a12c
SetStdHandle 0x42a130
GetFileSizeEx 0x42a134
SetFilePointerEx 0x42a138
FlushFileBuffers 0x42a13c
GetConsoleOutputCP 0x42a140
GetConsoleMode 0x42a144
ReadFile 0x42a148
HeapReAlloc 0x42a14c
HeapSize 0x42a150
ReadConsoleW 0x42a154
WriteConsoleW 0x42a158

Related files by ImpHash 3 5569ec101333623476b6cdb226005b45

Name Latest seen MD5
63e909b3647d.exe 2024-10-15 06:42:02 a3c8303513d8123153c8c368ed72d8ee
d74f5005fa82.exe 2024-10-15 12:58:02 97205cf6d2ee23dd42eeea47c32edd53
7f3c2473d1e6.exe 2024-10-15 13:00:02 3d8c2fb9d4272ae0a835faa7715132ef