Launcher.exe

First submission 2024-08-30 20:11:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 72.07 KB (73802 bytes)
Compile time: 2009-09-02 10:13:46
MD5: 58fecf9d072c83e0d7ce4fa4c08af240
SHA1: 9dbb129065c547d70314e67e77da985a89f2b4e1
SHA256: 9e43386a1ac03a9a8417f2fcaf68a89c1483719067714ed90995a6df2aa5d018
Import Hash : 481f47bbb2c9c21e108d65f52b04c448
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://89.197.154.116/Launcher.exe VirusTotal Report 89.197.154.116 VirusTotal Report 2024-08-30 20:11:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xa966 45056 bcb3fe336a96dc2b34355e6f59fdb84b4deea8d4 58170158f6dcc6683a75d9f988878188
.rdata 0xc000 0xfe6 4096 2d1b3b256819734be18a5171828f544f2fe3c678 25d7ceee3aa85bb3e8c5174736f6f830
.data 0xd000 0x705c 16384 46bdccde681141c8e779b47220c1d7b1a1b9b011 283b5f792323d57b9db4d2bcc46580f8
.rsrc 0x15000 0x7c8 4096 2e051ef30946f9bed1931d1f9dde3ebdb9b99b89 c13a9413aea7291b6fc85d75bfcde381

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x15060 1896

Meta infos 10

LegalCopyright: Copyright 2009 The Apache Software Foundation.
InternalName: ab.exe
FileVersion: 2.2.14
CompanyName: Apache Software Foundation
OriginalFilename: ab.exe
ProductVersion: 2.2.14
FileDescription: ApacheBench command line utility
Translation: 0x0409 0x04b0
Comments: Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
ProductName: Apache HTTP Server

Anti debug functions 2

GetLastError
TerminateProcess

Strings analysis - File found

Library
ADVAPI32.dll
KERNEL32.dll
ntdll.dll
MSVCRT.dll
WS2_32.dll
WSOCK32.dll

Strings analysis - Possible URLs found 7

http://www.apache.org/licenses/LICENSE-2.0
http://www.zeustech.net/
http://
http://www.apache.org/
http://www.zeustech.net/<br
https://
http://www.apache.org/<br

Import functions

Name Latest seen MD5
repackend.exe 2022-09-17 09:02:02 315a5c5871b0de15997d187b93b94d97
maxi.exe 2022-10-30 08:32:02 e07965f2bf26b320383323f54e9f1977
rabba.exe 2022-10-30 08:33:02 cfffd8f19174f53ca45cd1e2d3ba73d3
dox.exe 2022-10-30 08:34:01 d5f0a0bf41182aa382b53c9758588086
dollar.exe 2022-10-30 08:36:02 facb41b0215d5399bd97b68f05efe5aa
buga.exe 2022-10-30 08:37:02 d269ca499f52149626d2485bbf74ea35
sanki.exe 2022-10-30 08:38:04 4f3eb4cd6ae13a74d09f29aed9cd73f4
baba.exe 2022-10-30 08:40:05 c12886ed570cc61fd178e690907cfb44
tornado.exe 2022-10-30 08:41:02 2b75c349e90df1fc14b38873992ec3af
solid.exe 2022-10-30 08:42:02 fd87146f6e2a130b1454724a961a1b8a
tray.exe 2022-10-30 08:43:02 face8fd03157a49e11c71259c826b167
yaya.exe 2022-10-30 08:44:02 2416d6cfb74b5277d570aa7ce4702bf3
windox.exe 2022-10-30 08:45:03 46e9d62aa9266ce1ed2a8620934bd7cd
aboki.exe 2022-10-30 08:47:01 b7a0bc8b94f5e9ae7da97a4b96671aae
sfc.exe 2022-10-30 08:48:02 29613e2dec4fc95380ceb7b7f9927ce1
ndulele.exe 2022-10-30 08:49:02 2cb908660103e6449ac76bdae06d81c2
OpenThis.exe 2023-01-19 11:35:02 c5f53044cf4bee51438be9acc5c5c442
reverse.exe 2024-05-20 07:20:02 94604756b7991e2361c98c1ffd1a50ff
venom.exe 2024-05-24 09:05:03 195032debcdcfbd4e56986070144a475
backdoor.exe 2024-05-24 09:31:01 32bab4b22104f0e73eb9f98efa619a68
example.exe 2024-05-24 09:33:02 356697b39d3721250aa3cc92bacc6120
1668093182.exe 2024-05-29 05:18:02 9fbc495f7b8396fd10b994d966f88796
h 2024-07-02 08:59:02 d3905c1568990dad69b03e5b792f2725
4444.exe 2024-07-04 08:06:03 1aca2436ee8c1ef6271dfebd4312b3d7
Extension.exe 2024-08-27 17:01:01 683947f7c0388cde0bf1ec8ca7845226
Documents.exe 2024-08-27 20:03:01 69622bc5a1fc62775a2b77cc4bbbdc00