DigitalSide Threat Intel

get3.exe

First submission 2023-09-13 14:31:03

File details

File type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Mime type: application/x-dosexec
File size: 673.0 KB (689152 bytes)
Compile time: 2023-09-13 06:32:08
MD5: 55cd0ace56d09766e3a8e22f94815bd6
SHA1: 85be7be1a0563bf91bc978781e8f27f55781f4b3
SHA256: 2b8efd48c9c1df057c44651ad85b13acf4609ea4143a62dd335fa7d1a575aa5e
Sections 2 .text .rsrc
Directories 1 resource
Virus Total: 11/70 VT report date: 2023-09-13 12:25:57

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.42.32.101/files/get3.exe VirusTotal Report 193.42.32.101 VirusTotal Report 2023-09-13 14:31:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x2000 0xa7466 685568 0717e2b1dfa4353db4e1d4cd1c55974ee8e85f97 29694da3b19d6dfd47c8858c4b7ae278
.rsrc 0xaa000 0xa34 3072 c84261cb341f2d5653db21e77fe8228291ed2357 fea5eef0a11e5c4b15597474031ebc04

PE Resources 2

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0xaa480 968
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0xaa848 490

Meta infos 10

LegalCopyright: \xa9 2023 \x800c\x96e8\x800c\x9e7f\x8001\x97f3\x8003.
InternalName: \x8033\x9aa8\x800c\x8c78\x8001\x8f9b\x7fbd\x7530\x543e\x96e8
FileVersion: 2.4.0.5
CompanyName: \x800c\x96e8\x800c\x9e7f\x8001\x97f3\x8003
OriginalFilename: \x7fbd\x91d1\x7f8a\x9a6c\x81ea\x9999\x8033\x91d1\x7c73
ProductVersion: 2.4.0.5
Translation: 0x0000 0x04b0
FileDescription: \x81ea\x4e03\x81ea\x9801\x8001 \x8001\x9762\x81f3\x8d70\x8001\x9ecd\x7fbd\x9762\x8033\x8c9d \x8003\x96b9\x7f8a\x9ecd\x800c\x91d1\x81f3 \x8001\x9996\x543e\x9149\x81f3\x81fc\x8001 \x543e\x516d\x7f8a\x96bb\x81f3\x9593\x7c73\x9580\x81ea \x800c \x800c\x9ecd\x7fbd\x8eab\x81ea\x8db3 \x8001\x9593\x7c73\x9ce5\x8033\x9ad8\x8033\x9999\x7f8a\x99ac \x7c73\x8eca\x7f8a \x81f3 \x81f3 \x8033 \x8001\x8eab\x8033\x9f20\x543e\x8f9b\x8033.
Comments: \x81ea\x9a6c\x7c73\x9580\x81ea\x99ac \x7f8a\x8fb5\x800c\x8c55\x81ea\x8d70\x7c73\x9e7f\x81f3\x9f20 \x8003\x9f8d\x7f8a\x9a6c\x81ea\x65e9 \x7c73\x9fa0\x543e\x96b9\x7c73\x7530\x7c73\x9ecd\x81f3 \x81f3\x4e09\x8001\x9762\x8033\x9efd\x543e\x8c78 \x8033\x98a8\x8033\x975e\x8003\x97f3\x81f3 \x7f8a\x8c9d\x7fbd \x8003\x9801\x7f8a\x98db \x7fbd\x958b\x81ea\x9999\x800c\x9ecd.
ProductName: \x81ea\x98db\x7fbd\x9efd\x81f3\x516b\x7f8a

Packers detected 2

Microsoft Visual C++ vx.x DLL
Microsoft Visual C++ v6.0

Strings analysis - Possible IPs found 1

2.4.0.5