AyBtH.exe

First submission 2022-08-02 20:08:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 2829.83 KB (2897751 bytes)
Compile time: 2022-07-10 23:34:43
MD5: 56b6e17006b25ce5586d1441a2db7cc8
SHA1: 65163f385f5180a1dee189044d1df296af61ce70
SHA256: 31f20e519939289560661eb6fe04be9f73bbf17c3c22a9b8087c59e60bae8873
Import Hash : f129731702b1d5092688bce75a5d4e19
Sections 7 .imports .rsrc .themida .boot
Directories 2 import resource
Virus Total: 37/70 VT report date: 2022-08-01 18:50:21

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/AyBtH.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 20:08:02

PE Sections 5 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x6a29c 419679 d55b399620f3867e5d90c16a011c6c60e38632b0 9a5bab228f4fe20d034b46f542e1a5fd
0x6c000 0xbd8 7 81548145ccc3810bfde762aa1ea4a9a3f060a90d 87386a61e93b27828cf8b95013de11eb
0x6d000 0xa0c 791 af9f406347c6a6b879841b830bc18cf02e8dd0d3 5676c243ab1a01e53a1dbb02e67c2a07
.imports 0x6e000 0x1000 4096 e4b36c8e9db21a9b3bd814d7e3569e583e93a34d 69cf50aa956155dffe6d61243744a1a6
.rsrc 0x6f000 0x1000 4096 5529aa8431584edc9fd59ef4148ae6856856ebd0 67a2df5e91aca11572f5dd94a011990e
.themida 0x70000 0x3e8000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.boot 0x458000 0x258000 2455383 65595082f11d72ee043c105f4e4b44bbcb170def 4996f620d3bbe54fae69e68c4f4f999a

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x6f540 296
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x6f678 48
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x6f6b8 844

Meta infos 11

FileDescription: bolbanac
OriginalFilename: DL_NATIVE_BOTNET00933.exe
LegalCopyright: fishers 2684
Translation: 0x0409 0x04b0
InternalName: DL_NATIVE_BOTNET00933
Comments: flybelt
LegalTrademarks: cuspated
FileVersion: 4.06.0005
ProductName: cusparia
ProductVersion: 4.06.0005
CompanyName: fireblende grasper

Anti debug functions 1

VMware trick

Strings analysis - File found

Library
MSVBVM60.DLL
KERNEL32.dll

Import functions