Ryesfzsg-TikTiok-4.exe

First submission 2022-07-31 17:43:02

File details

File type: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
File type: 5228.0 KB (5353472 bytes)
Compile time: 2094-04-30 20:27:42
MD5: 5ac4db2f6181bd89459bffbe040e9f34
SHA1: 79a0f7f6256e85c485cd090c6e767e084a81edbf
SHA256: e4546d19839b78710e9a07fdfd401fedf28383c7e12ea7d216837b5a76819d35
Sections 2 .text .rsrc
Directories 1 resource
Virus Total: 15/71 VT report date: 2022-07-31 14:49:39

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://141.98.6.236/TikTok-Bot/Ryesfzsg-TikTiok-4.exe VirusTotal Report 141.98.6.236 VirusTotal Report 2022-07-31 17:43:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x2000 0x50b9e0 5290496 2551a9e36d470c86b593e6095149468a7218763c 8123286510d635f2d741c99ecb8c6209
.rsrc 0x50e000 0xf2e4 62464 85197bf7f44a3db33b8bbe7e3da3eafc966c7227 3e2b027a9e9f917044ece4d8a6b00f8c

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x5144c8 34597
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x51cbf0 146
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x51cc84 1140
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x51d0f8 490

Meta infos 12

OriginalFilename: Ryesfzsg-TikTiok-4.exe
Assembly Version: 10.0.17763.1697
Translation: 0x0000 0x04b0
InternalName: Ryesfzsg-TikTiok-4.exe
FileVersion: 10.0.17763.1697
LegalTrademarks:
ProductVersion: 10.0.17763.1697
FileDescription: User Account Control Panel Host
LegalCopyright: \xa9 Microsoft Corporation. All rights reserved.
Comments: User Account Control Panel Host
ProductName: Microsoft\xae Windows\xae Operating System
CompanyName: Microsoft Corporation

Packers detected 2

Microsoft Visual C++ vx.x DLL
Microsoft Visual C++ v6.0