rsb.exe

First submission 2024-02-04 17:22:02

File details

File type: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 1730.5 KB (1772032 bytes)
Compile time: 2024-02-03 14:40:01
MD5: 5b32fd55fe0d459269f2c09bb286cddf
SHA1: 73343cbf7c655f92226cfdd5454c1440bbb720cf
SHA256: bc72ff9af642f90aed120dbd3c9c0ff0315b88f9badf6b59f55943252c7c366f
Import Hash : bcdb03ee8222d8fb75e62428fd387fb3
Sections 11 .text .data .rdata .pdata .xdata .bss .idata .CRT .tls .rsrc .reloc
Directories 4 import resource tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://lilitisback.com/static/rsb.exe VirusTotal Report lilitisback.com VirusTotal Report 2024-02-04 17:22:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x12d038 1233408 17f5ab906ce0ea6ef5fe3e6b4f1e4e7395d0fdd8 49aec3f789645ac0e76f6bbe2e3ab6e9
.data 0x12f000 0x290 1024 5e9c3399967425dd4474815d505605cf1611d5e8 e5e54dfa61a07a15889c9b5df684370d
.rdata 0x130000 0x6c780 444416 4ea0a0a07c88662dc78789ecb8da40a951864e4d eebc65ebf9113d7161fb3d73d87172d1
.pdata 0x19d000 0x7008 29184 344cf4b2f48b26791959f54abd8dadcdb1441497 eb79ce5a1ecfb7a3d6fa55b494b470a9
.xdata 0x1a5000 0x9d18 40448 6f83a1564f161d56d6a8ecd24d4af14ff8aaac67 5b6b92dd79c32184e2b7470ffbc8936c
.bss 0x1af000 0x340 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x1b0000 0x2cbc 11776 f356a2cff9c56e5423e40302a8ac915c6c3da1be 022dc26d028bea4301f91c43e7e65a94
.CRT 0x1b3000 0x70 512 afb7100186b0f8109b3681d464d941e1cff77540 82c042da5ebf8d225706f54055f55fe7
.tls 0x1b4000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x1b5000 0x4e8 1536 c5e2de08274f169f5d83cf64205d09eae0086340 656a78355773bf8edddd989900a10572
.reloc 0x1b6000 0x1fa0 8192 2ed898740ffa300bfb053e7d2cb48b416faf4990 541da9ded75abd54b83132f7bd0ad933

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x1b5058 1167

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 3

GetLastError
IsDebuggerPresent
RaiseException

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Library
ntdll.dll
secur32.dll
Crypt32.dll
pdh.dll
api-ms-win-crt-string-l1-1-0.dll
OLEAUT32.dll
api-ms-win-crt-time-l1-1-0.dll
NETAPI32.dll
api-ms-win-crt-private-l1-1-0.dll
ole32.dll
Powrprof.dll
ADVAPI32.dll
api-ms-win-crt-environment-l1-1-0.dll
USER32.dll
PSAPI.DLL
api-ms-win-crt-runtime-l1-1-0.dll
KERNEL32.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
bcrypt.dll
IPHLPAPI.DLL
SHELL32.dll
api-ms-win-crt-math-l1-1-0.dll
WS2_32.dll

Strings analysis - Possible IPs found 3

5.5.7.3
1.3.6.1
127.0.0.1

Strings analysis - Possible URLs found 5

file://C:\Users\Admin\.cargo\registry\src\index.crates.io-6f17d22bba15001f\url-2.5.0\src\parser.rs
https://github.com/clap-rs/clap/issuesC:\Users\Admin\.cargo\registry\src\index.crates.io-6f17d22bba15001f\clap_builder-4.4.9\src\builder\arg.rs
file:///file://
http://
https://

Import functions