2.exe

First submission 2024-07-09 13:04:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 272.0 KB (278528 bytes)
Compile time: 2024-07-05 22:42:03
MD5: 536b6b4464f2476d693267bd71d9a1ee
SHA1: 0ffd5e3a9c48947f9744b30a938b4aed50e8999c
SHA256: cced1a3811e37720251db4e3d5836ea94da430682863ca61b2ff9940b7d56965
Import Hash : ff120d96cb39498bfde3c6d322aff8f2
Sections 4 .text .rdata .data .reloc
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 40/78 VT report date: 2024-07-09 12:37:21
Malware Type 1 trojan
Threat Type 3 lazy lummastealer sdum

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://77.91.77.33/2.exe VirusTotal Report 77.91.77.33 VirusTotal Report 2024-07-09 13:04:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x36e2b 225280 410b4fc17aeefdb6865ad117dfb5caa9317f4f7e e85126f9d7bca44cd04b7de930fa88c4
.rdata 0x38000 0x2aa7 11264 99f75b77d1db42cadf16aa013ff7f2e85685758c 60fc93286b20d9559b2f21355b4833e1
.data 0x3b000 0xed98 23552 748e2ffdb6911bcbcc1e080245fabbba74a196ca 744bce3a26c94a91dab819dc3dc3d407
.reloc 0x4a000 0x42f0 17408 8ef418d9598b337825d71e3dba3626001694b35a d082005b3d3e99930ee2a756144f0f37

Strings analysis - File found

Library
ole32.dll
KERNEL32.dll
GDI32.dll
USER32.dll
OLEAUT32.dll

Import functions