6523.exe

First submission 2022-07-31 16:17:06

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 177.5 KB (181760 bytes)
Compile time: 2021-08-05 15:37:09
MD5: 58d35072179a21651280a0fbec91a63c
SHA1: 154a4fa1733c2ce1a28275d8f38628e33ed46bce
SHA256: ba42c7e7d7c090fd8d3f5bd10fdc2b3a976dda7c0c3ddcb6db16ea90f3a3a8a7
Import Hash : e0c800659a243c7f8c8dcb4fa6607236
Sections 3 .text .data .rsrc
Directories 3 import resource debug
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://derweekge.com/vento/6523.exe VirusTotal Report derweekge.com VirusTotal Report 2022-07-31 16:17:06

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1fd28 130560 2b321f92d9d5f690a33b57352a78d134ad61d823 b7c8301b323a83649815e34200deb5c2
.data 0x21000 0x1ff010 11776 04893187aba222ee7f4f4bd28ecddce932c9990c 67467566466820096a11c128a4e627c5
.rsrc 0x221000 0x9470 38400 d2698cb29339cf24d74d8666b3a5c1d097ac64c2 9f0a1ab5005f1a82beda9d44c635548b

PE Resources 7

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x2275d0 14
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x228910 2216
RT_ICON LANG_KANNADA SUBLANG_DEFAULT 0x227100 1128
RT_STRING LANG_FRENCH SUBLANG_FRENCH_SWISS 0x229f60 1296
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x2291b8 34
RT_GROUP_ICON LANG_KANNADA SUBLANG_DEFAULT 0x227568 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x2291e0 408

Meta infos 3

FileVersions: 48.90.12.34
Copyrighz: Copyright (C) 2022, pozkarte
ProjectVersion: 84.64.75.52

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
ADVAPI32.dll
KERNEL32.dll
USER32.dll
WINHTTP.dll
GDI32.dll

Strings analysis - Possible IPs found 2

48.90.12.34
84.64.75.52

Import functions