DigitalSide Threat Intel

63e909b3647d.exe

First submission 2024-10-16 08:02:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1281.0 KB (1311744 bytes)
Compile time: 2024-10-16 07:51:44
MD5: 569696c36297eccb3dcde365a9dee8ba
SHA1: 3759c943c1d0bf4fe80016493a60159e58a554f2
SHA256: 7810d38c053203887e72f127235361d3d21777e621e8d73ef46489ec3bfca9ea
Import Hash : 2927377c817d8ecf7304e8505e1e4f5f
Sections 6 .text .rdata .data .rsrc .reloc .cache
Directories 4 import resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 0/0 VT report date: 2024-10-16 07:58:29

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://web.johnmccrea.com/css/63e909b3647d.exe VirusTotal Report web.johnmccrea.com VirusTotal Report 2024-10-16 08:02:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1358a 79360 51f8bb25753d67a0af28817f44fa093e3c56ca0b fe6cf0537129563b356d5f3f1f5e5b09
.rdata 0x15000 0x7d94 32256 1d95bafc70b13f59bf4f196095d78c037d873c12 d01b9159a87590bb58a0eb61312ce62e
.data 0x1d000 0x5445c 342528 79e10326e12a4c2f6cebeb22a14a65f65f910454 3169c2725e55d39a338a97f1854bc1c9
.rsrc 0x72000 0x1e0 512 48849c1cdec6adb772bfeddd03488b9c0e2f8526 1a74fae71ecce055ab8978394eed8aa8
.reloc 0x73000 0x12b8 5120 67d4f8068bbac4db3308a35feb3a320ea6282901 a713f2cff0eca0747cc8e1ef6048ab7e
.cache 0x75000 0xcf850 850432 aec555f8fadc93e5192c9e05e940fe8f211d18f7 8f6e3687e4ba0820e85fd128a5ad485c

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x72060 381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Import functions

Function Address Souspicious Anti Debug
EncodePointer 0x415000
WriteConsoleW 0x415004
CreateFileW 0x415008
HeapReAlloc 0x41500c
CloseHandle 0x415010
GetCurrentThreadId 0x415014
WaitForSingleObjectEx 0x415018
GetExitCodeThread 0x41501c
ReleaseSRWLockExclusive 0x415020
AcquireSRWLockExclusive 0x415024
TryAcquireSRWLockExclusive 0x415028
WakeAllConditionVariable 0x41502c
QueryPerformanceCounter 0x415030
GetSystemTimeAsFileTime 0x415034
GetModuleHandleW 0x415038
GetProcAddress 0x41503c
UnhandledExceptionFilter 0x415040
SetUnhandledExceptionFilter 0x415044
GetCurrentProcess 0x415048
TerminateProcess 0x41504c
IsProcessorFeaturePresent 0x415050
GetCurrentProcessId 0x415054
InitializeSListHead 0x415058
IsDebuggerPresent 0x41505c
GetStartupInfoW 0x415060
HeapSize 0x415064
RaiseException 0x415068
RtlUnwind 0x41506c
GetLastError 0x415070
SetLastError 0x415074
DecodePointer 0x415078
EnterCriticalSection 0x41507c
LeaveCriticalSection 0x415080
DeleteCriticalSection 0x415084
InitializeCriticalSectionAndSpinCount 0x415088
TlsAlloc 0x41508c
TlsGetValue 0x415090
TlsSetValue 0x415094
TlsFree 0x415098
FreeLibrary 0x41509c
LoadLibraryExW 0x4150a0
CreateThread 0x4150a4
ExitThread 0x4150a8
FreeLibraryAndExitThread 0x4150ac
GetModuleHandleExW 0x4150b0
GetStdHandle 0x4150b4
WriteFile 0x4150b8
GetModuleFileNameW 0x4150bc
ExitProcess 0x4150c0
HeapAlloc 0x4150c4
HeapFree 0x4150c8
LCMapStringW 0x4150cc
GetFileType 0x4150d0
GetFileSizeEx 0x4150d4
SetFilePointerEx 0x4150d8
FindClose 0x4150dc
FindFirstFileExW 0x4150e0
FindNextFileW 0x4150e4
IsValidCodePage 0x4150e8
GetACP 0x4150ec
GetOEMCP 0x4150f0
GetCPInfo 0x4150f4
GetCommandLineA 0x4150f8
GetCommandLineW 0x4150fc
MultiByteToWideChar 0x415100
WideCharToMultiByte 0x415104
GetEnvironmentStringsW 0x415108
FreeEnvironmentStringsW 0x41510c
SetStdHandle 0x415110
GetStringTypeW 0x415114
GetProcessHeap 0x415118
FlushFileBuffers 0x41511c
GetConsoleOutputCP 0x415120
GetConsoleMode 0x415124