DigitalSide Threat Intel

c.exe

First submission 2022-08-03 14:43:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 463.0 KB (474112 bytes)
Compile time: 2022-02-09 19:22:02
MD5: 5594e0ca7eaa0ae566ff83214c547e78
SHA1: 50b33de91d3a16b6eab91380a941ef852f7e36f8
SHA256: f87d3d53935db06707f2303dee46335a41419ca6cb6e599cf03eed703a85f194
Import Hash : 029a987f21e33b48f24d21b6f9ff1129
Sections 7 .text .rdata .data .tls .gfids .rsrc .reloc
Directories 5 import resource debug tls relocation
Virus Total: 53/71 VT report date: 2022-08-02 16:27:44

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://jg.studio/c.exe VirusTotal Report jg.studio VirusTotal Report 2022-08-03 14:43:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x52aed 338944 de59e4ca964512050b041a15ae81756d711c8313 22ca55e1b948eef6d8eaa74c178eb61c
.rdata 0x54000 0x16fb4 94208 352f6a2ff2e34506e7d6759af55eaa9aeda3f7b1 58738501e97e6c76ea591261c4b943d8
.data 0x6b000 0x3eec 3584 a069a2cddd54faf4620819c79e6b50ab370798cb 90efd231c85fb53e2e544c3917cc650c
.tls 0x6f000 0x9 512 aa0d33a0c854e073439067876e932688b65cb6a9 1f354d76203061bfdd5a53dae48d5435
.gfids 0x70000 0x230 1024 543908de16087fdc46fd32bba746b043f69effd0 68b4acc15e6a4d63a54be2808ea37520
.rsrc 0x71000 0x4c28 19968 2b6773c0ad739bb9bf0ed90c0dabc8c0e7b70bff ded2c2a6e4bd59a0dc54284d4be239c9
.reloc 0x76000 0x3884 14848 3bc93ba4ff3fd609d08cb71ba1f2459349330701 3eea2222f194b26e650b5b689079235b

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ITALIAN SUBLANG_ITALIAN 0x73024 9640
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x755cc 1562
RT_GROUP_ICON LANG_ITALIAN SUBLANG_ITALIAN 0x75be8 62

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Database
\key3.db
Text
\sysinfo.txt
license_code.txt
Library
mscoree.dll
KERNEL32.dll
SHLWAPI.dll
WINMM.dll
ADVAPI32.dll
ntdll.dll
WS2_32.dll
USER32.dll
PSAPI.DLL
SHELL32.dll
Powrprof.dll
gdiplus.dll
urlmon.dll
GDI32.dll

Import functions

Function Address Souspicious Anti Debug
PathFileExistsW 0x454334
PathFileExistsA 0x454338
StrToIntA 0x45433c
Function Address Souspicious Anti Debug
URLDownloadToFileW 0x454490
URLOpenBlockingStreamW 0x454494
Function Address Souspicious Anti Debug
GetLocaleInfoA 0x4540b0
CreateToolhelp32Snapshot 0x4540b4
OpenMutexA 0x4540b8
Process32NextW 0x4540bc
LoadLibraryA 0x4540c0
Process32FirstW 0x4540c4
GetProcAddress 0x4540c8
VirtualProtect 0x4540cc
SetLastError 0x4540d0
VirtualFree 0x4540d4
VirtualAlloc 0x4540d8
GetNativeSystemInfo 0x4540dc
HeapAlloc 0x4540e0
GetProcessHeap 0x4540e4
FreeLibrary 0x4540e8
IsBadReadPtr 0x4540ec
GetTempPathW 0x4540f0
OpenProcess 0x4540f4
lstrcatW 0x4540f8
GetCurrentProcessId 0x4540fc
GetTempFileNameW 0x454100
GetCurrentProcess 0x454104
GetSystemDirectoryA 0x454108
GlobalAlloc 0x45410c
GlobalLock 0x454110
GetTickCount 0x454114
GlobalUnlock 0x454118
WriteProcessMemory 0x45411c
ResumeThread 0x454120
GetThreadContext 0x454124
VirtualAllocEx 0x454128
ReadProcessMemory 0x45412c
CreateProcessW 0x454130
SetThreadContext 0x454134
LocalAlloc 0x454138
GlobalFree 0x45413c
MulDiv 0x454140
SizeofResource 0x454144
GetLongPathNameW 0x454148
SetFilePointer 0x45414c
FindResourceA 0x454150
LockResource 0x454154
LoadResource 0x454158
LocalFree 0x45415c
FormatMessageA 0x454160
GetModuleFileNameA 0x454164
lstrcpynA 0x454168
AllocConsole 0x45416c
CreateMutexA 0x454170
QueryPerformanceCounter 0x454174
EnterCriticalSection 0x454178
LeaveCriticalSection 0x45417c
InitializeCriticalSection 0x454180
DeleteCriticalSection 0x454184
HeapSize 0x454188
WriteConsoleW 0x45418c
SetStdHandle 0x454190
SetEnvironmentVariableW 0x454194
SetEnvironmentVariableA 0x454198
FreeEnvironmentStringsW 0x45419c
GetEnvironmentStringsW 0x4541a0
GetCommandLineW 0x4541a4
GetCommandLineA 0x4541a8
GetOEMCP 0x4541ac
IsValidCodePage 0x4541b0
FindFirstFileExA 0x4541b4
ReadConsoleW 0x4541b8
GetConsoleMode 0x4541bc
GetConsoleCP 0x4541c0
FlushFileBuffers 0x4541c4
GetFileType 0x4541c8
GetTimeZoneInformation 0x4541cc
EnumSystemLocalesW 0x4541d0
GetUserDefaultLCID 0x4541d4
IsValidLocale 0x4541d8
GetTimeFormatW 0x4541dc
GetDateFormatW 0x4541e0
HeapReAlloc 0x4541e4
GetACP 0x4541e8
GetStdHandle 0x4541ec
GetModuleHandleExW 0x4541f0
MoveFileExW 0x4541f4
RtlUnwind 0x4541f8
RaiseException 0x4541fc
LoadLibraryExW 0x454200
GetCPInfo 0x454204
GetStringTypeW 0x454208
GetLocaleInfoW 0x45420c
LCMapStringW 0x454210
CompareStringW 0x454214
TlsFree 0x454218
TlsSetValue 0x45421c
CopyFileW 0x454220
DeleteFileA 0x454224
ExpandEnvironmentStringsA 0x454228
FindNextFileA 0x45422c
FindFirstFileA 0x454230
GetFileSize 0x454234
TerminateThread 0x454238
CreateDirectoryW 0x45423c
GetLastError 0x454240
SetFileAttributesW 0x454244
GetModuleHandleA 0x454248
RemoveDirectoryW 0x45424c
MoveFileW 0x454250
SetFilePointerEx 0x454254
GetLogicalDriveStringsA 0x454258
DeleteFileW 0x45425c
GetFileAttributesW 0x454260
FindClose 0x454264
lstrlenA 0x454268
GetDriveTypeA 0x45426c
FindNextFileW 0x454270
GetFileSizeEx 0x454274
FindFirstFileW 0x454278
ExitProcess 0x45427c
CreateProcessA 0x454280
PeekNamedPipe 0x454284
CreatePipe 0x454288
TerminateProcess 0x45428c
ReadFile 0x454290
HeapFree 0x454294
HeapCreate 0x454298
CreateEventA 0x45429c
GetLocalTime 0x4542a0
CreateThread 0x4542a4
SetEvent 0x4542a8
CreateEventW 0x4542ac
WaitForSingleObject 0x4542b0
Sleep 0x4542b4
GetModuleFileNameW 0x4542b8
CloseHandle 0x4542bc
ExitThread 0x4542c0
CreateFileW 0x4542c4
WriteFile 0x4542c8
QueryPerformanceFrequency 0x4542cc
TlsGetValue 0x4542d0
TlsAlloc 0x4542d4
InitializeCriticalSectionAndSpinCount 0x4542d8
MultiByteToWideChar 0x4542dc
DecodePointer 0x4542e0
EncodePointer 0x4542e4
WideCharToMultiByte 0x4542e8
InitializeSListHead 0x4542ec
GetSystemTimeAsFileTime 0x4542f0
GetCurrentThreadId 0x4542f4
IsProcessorFeaturePresent 0x4542f8
GetStartupInfoW 0x4542fc
SetUnhandledExceptionFilter 0x454300
UnhandledExceptionFilter 0x454304
IsDebuggerPresent 0x454308
GetModuleHandleW 0x45430c
WaitForSingleObjectEx 0x454310
ResetEvent 0x454314
SetEndOfFile 0x454318
Function Address Souspicious Anti Debug
GdiplusStartup 0x454464
GdipGetImageEncoders 0x454468
GdipCloneImage 0x45446c
GdipAlloc 0x454470
GdipDisposeImage 0x454474
GdipFree 0x454478
GdipGetImageEncodersSize 0x45447c
GdipSaveImageToStream 0x454480
GdipSaveImageToFile 0x454484
GdipLoadImageFromStream 0x454488
Function Address Souspicious Anti Debug
send 0x45441c
socket 0x454420
connect 0x454424
recv 0x454428
gethostbyname 0x45442c
WSASetLastError 0x454430
inet_addr 0x454434
gethostbyaddr 0x454438
getservbyport 0x45443c
ntohs 0x454440
getservbyname 0x454444
htonl 0x454448
htons 0x45444c
inet_ntoa 0x454450
closesocket 0x454454
WSAGetLastError 0x454458
WSAStartup 0x45445c
Function Address Souspicious Anti Debug
CryptAcquireContextA 0x454000
CryptGenRandom 0x454004
CryptReleaseContext 0x454008
GetUserNameW 0x45400c
RegEnumKeyExA 0x454010
QueryServiceStatus 0x454014
CloseServiceHandle 0x454018
OpenSCManagerW 0x45401c
OpenSCManagerA 0x454020
ControlService 0x454024
StartServiceW 0x454028
QueryServiceConfigW 0x45402c
ChangeServiceConfigW 0x454030
OpenServiceW 0x454034
EnumServicesStatusW 0x454038
AdjustTokenPrivileges 0x45403c
LookupPrivilegeValueA 0x454040
OpenProcessToken 0x454044
RegCreateKeyA 0x454048
RegCloseKey 0x45404c
RegQueryInfoKeyW 0x454050
RegQueryValueExA 0x454054
RegCreateKeyExW 0x454058
RegEnumKeyExW 0x45405c
RegSetValueExW 0x454060
RegSetValueExA 0x454064
RegOpenKeyExA 0x454068
RegOpenKeyExW 0x45406c
RegCreateKeyW 0x454070
RegDeleteValueW 0x454074
RegEnumValueW 0x454078
RegQueryValueExW 0x45407c
RegDeleteKeyA 0x454080
Function Address Souspicious Anti Debug
PlaySoundW 0x4543f0
mciSendStringA 0x4543f4
mciSendStringW 0x4543f8
waveInClose 0x4543fc
waveInAddBuffer 0x454400
waveInStart 0x454404
waveInOpen 0x454408
waveInUnprepareHeader 0x45440c
waveInPrepareHeader 0x454410
waveInStop 0x454414
Function Address Souspicious Anti Debug
ShellExecuteW 0x454320
ShellExecuteExA 0x454324
Shell_NotifyIconA 0x454328
ExtractIconA 0x45432c
Function Address Souspicious Anti Debug
SetForegroundWindow 0x454344
SetClipboardData 0x454348
EnumWindows 0x45434c
ExitWindowsEx 0x454350
EmptyClipboard 0x454354
ShowWindow 0x454358
SetWindowTextW 0x45435c
MessageBoxW 0x454360
IsWindowVisible 0x454364
TranslateMessage 0x454368
DispatchMessageA 0x45436c
GetMessageA 0x454370
GetWindowTextW 0x454374
wsprintfW 0x454378
GetClipboardData 0x45437c
UnhookWindowsHookEx 0x454380
GetForegroundWindow 0x454384
GetWindowThreadProcessId 0x454388
GetKeyboardLayout 0x45438c
SetWindowsHookExA 0x454390
CloseClipboard 0x454394
OpenClipboard 0x454398
GetKeyboardState 0x45439c
CallNextHookEx 0x4543a0
CloseWindow 0x4543a4
SendInput 0x4543a8
mouse_event 0x4543ac
DrawIcon 0x4543b0
GetSystemMetrics 0x4543b4
GetIconInfo 0x4543b8
SystemParametersInfoW 0x4543bc
GetCursorPos 0x4543c0
RegisterClassExA 0x4543c4
GetKeyboardLayoutNameA 0x4543c8
GetWindowTextLengthW 0x4543cc
GetKeyState 0x4543d0
ToUnicodeEx 0x4543d4
AppendMenuA 0x4543d8
CreateWindowExA 0x4543dc
DefWindowProcA 0x4543e0
TrackPopupMenu 0x4543e4
CreatePopupMenu 0x4543e8
Function Address Souspicious Anti Debug
CreateCompatibleBitmap 0x454088
CreateCompatibleDC 0x45408c
StretchBlt 0x454090
GetDIBits 0x454094
DeleteDC 0x454098
DeleteObject 0x45409c
CreateDCA 0x4540a0
GetObjectA 0x4540a4
SelectObject 0x4540a8

Related files by ImpHash 31 029a987f21e33b48f24d21b6f9ff1129

Name Latest seen MD5
Kante98.exe 2022-03-02 10:55:02 97f29f1582b5af3a48c557ac0d83bec3
hh.exe 2022-03-17 19:02:01 44ae6be8ffaa6f53c990c3e58a482971
regg.exe 2022-03-22 01:38:01 427f1494e1a52d28b862510add64ed15
DHLL.exe 2022-03-24 15:51:02 8245b52e309dea8c63cd26155647298b
99.exe 2022-03-24 23:43:02 def5e965c4a177ef419a5382ed0f45d5
harvey.exe 2022-03-26 10:49:01 ca27d1e84e00b7a1d86d784c9516a41f
33.exe 2022-03-28 21:02:02 64d7045bb593fcb01e73d22c1cfcc38c
STC.exe 2022-03-30 01:34:02 b933b611ce9fad4e6ea2a50a45388039
SAS.exe 2022-04-05 03:10:02 7d800b2a825316b0b0457eb8e47142ee
BADDEST.exe 2022-04-05 20:45:03 91a143928b17958a04875a7bc322bc48
8888.exe 2022-04-05 22:03:01 2c528cc769588b0e27903bc6cea1b32a
7777.exe 2022-04-06 18:19:02 af55f4f0ffbbf50f4307021641f33678
hart.exe 2022-04-08 04:09:02 b1c9f2fc6258a5d92275772d639d8a3d
har.exe 2022-04-08 23:21:02 f81dbefe25f9ce6113ca870505cc0810
Turk.exe 2022-04-16 05:41:01 40d82a004c7e5b07a82fea2037f97cb3
a1wr.exe 2022-04-23 18:41:02 a76746acdd25c4f0800a64847962282a
1.exe 2022-06-18 08:16:03 b88d08039e00b7f812f00612bdacd07c
4.exe 2022-06-18 08:30:03 1b0fcb758db13bbc5233239bae1de2b9
s.exe 2022-06-18 08:31:03 f1b55410ed2dbb79bc832cc8dcafd047
z.exe 2022-06-18 08:44:03 28afb35b42a002ef55e554c060e730cd
6.exe 2022-06-18 08:46:03 e37ca9486ea18cef00f0322d2385c2ac
41.exe 2022-06-18 08:47:03 dac30ffff266ed8b7aaaadde0dd0df1c
8.exe 2022-06-30 19:23:02 3d88a2651713a9cf1b8eca4a6a3783fe
1.exe 2022-06-30 19:25:02 504bba9f6bd183e67b7cb0dfb8766f63
2.exe 2022-06-30 19:51:02 ff972845d37e50804e2c4cb86f3f743a
mMLBa.exe 2022-07-26 20:01:03 096492414fe97b8cc2740ef65e909f54
remcos_agent.exe 2022-07-28 16:51:02 335b1296fa572b01158f7e8ef89c7064
8.exe 2022-08-03 14:42:01 dee8aee08099b043b5de884349a31792
b.exe 2022-08-03 15:19:02 2a2ee40a729b9e1dcf30327a115b9652
504.exe 2022-08-03 20:12:02 04f5b2bd193cfbc571ebb0aac306ccb3
77.exe 2022-08-03 20:13:01 b4c7966345974a5554e5d99fa2800297