dnhosts.exe

First submission 2022-08-03 17:14:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 286.0 KB (292864 bytes)
Compile time: 2021-12-06 08:36:52
MD5: 5444bb6ecd7a6a7cf116727b040dce76
SHA1: a6b4491e2725856660d813d6d584dab208ac4107
SHA256: 35e6c3107e12e99a041a0d5a1d467b9c985463d1c04ecef5b02a70ea52974133
Import Hash : 66024f9fc825520e1141e944711cd31d
Sections 3 .text .data .rsrc
Directories 3 import resource debug
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://213.227.154.149/dnhosts.exe VirusTotal Report 213.227.154.149 VirusTotal Report 2022-08-03 17:14:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x3ca1c 248832 e4ec7ff3660efa1fb2e36efa0f05475db1a23856 884dd363840d3fa6938890badde6b718
.data 0x3e000 0x2083ad0 12288 2b39a49c727c8d06e8304c596764e112a47e9b40 401e82536fba886fe8aab0c8e0841426
.rsrc 0x20c2000 0x7650 30720 c7fff27aa8b8bdae3e8f487ee1b980ee4ed0a24a fc97a4236af5eee78cbaf4f012ac9391

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_KANNADA SUBLANG_DEFAULT 0x20c7f90 1128
RT_STRING LANG_FRENCH SUBLANG_FRENCH_SWISS 0x20c91f0 1118
RT_GROUP_ICON LANG_KANNADA SUBLANG_DEFAULT 0x20c83f8 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x20c8470 404
None LANG_NEUTRAL SUBLANG_NEUTRAL 0x20c8460 10

Meta infos 3

FileVersions: 48.90.12.34
Copyrighz: Copyright (C) 2022, pozkarte
ProjectVersion: 82.79.7.9

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
USER32.dll

Strings analysis - Possible IPs found 2

48.90.12.34
82.79.7.9

Import functions