tdpremium_cracked_1.exe?ex=670e6426&is=670d12a6&hm=9c53cc5408224b60897157362a03d438bf1a14daaa34f6ba1db17b10cdfdab56&
First submission 2024-10-14 16:33:01
File details
File type: | PE32+ executable (console) x86-64, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 1172.5 KB (1200640 bytes) |
Compile time: | 2024-07-09 01:42:07 |
MD5: | 5d6229f175579637daeb2291a3da3b31 |
SHA1: | f2b0354193543ec378e158da7236ed23e2e2af0d |
SHA256: | af506c42e5b4829f5230793b61dcb6d4bf4e309ce717d1ef08381f6747ba8dce |
Import Hash : | 6f181bbb9b68fced5b0aaae00cf24483 |
Sections 6 | .text .rdata .data .pdata .rsrc .reloc |
Directories 5 | import resource debug tls relocation |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 58/77 VT report date: 2024-10-14 03:00:48 |
Malware Type 2 | trojan downloader |
Threat Type 3 | lazy nekark elxlr |
URLs, FQDN and IP indicators 1
PE Sections 0 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0xd77c0 | 882688 | 2dd9b956a588dd0d0fdb92c74ff7a160df98a0af | 7f4df4ec922199eeb31d18eb603959cd | |
.rdata | 0xd9000 | 0x2ab8a | 175104 | 493efe9512254e1e09e3f883fb36aa0e721fb6aa | 3f3d59e94624faca9db80f28c1708b4e | |
.data | 0x104000 | 0x1b918 | 104448 | c577e0d4ce3b8e4c5029e8582d09b7bfa9cbb382 | 91a2e2a8834c21236688279e5e797549 | |
.pdata | 0x120000 | 0x843c | 34304 | acec35ffde7874031d774ec48ba04eb1618e1c20 | c5a4169827e7e7c42488a80ff5017bdd | |
.rsrc | 0x129000 | 0x1e8 | 512 | 4f852fc6fdcee92e86e167b158d2b886d7885596 | 02bf6b9ce69074dfd5c11a7453a0d75a | |
.reloc | 0x12a000 | 0x8f4 | 2560 | 34c6de3e3003b99447fd2a63a9500a736daafe5e | 5f758df0e519758a0a5a725b81f5657a |
PE Resources 1
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x129060 | 392 |
Packers detected 1
Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 11
FindWindowA |
FindWindowW |
GetLastError |
GetWindowThreadProcessId |
IsDebuggerPresent |
IsProcessorFeaturePresent |
OutputDebugStringW |
Process32FirstW |
Process32NextW |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Temporary |
%s.%s.tmp |
Text |
imgui_log.txt |
Library |
d3d9.dll |
api-ms-win-crt-utility-l1-1-0.dll |
ADVAPI32.dll |
secur32.dll |
rpcrt4.dll |
d3dx9_43.dll |
security.dll |
dwmapi.dll |
normaliz.dll |
vcruntime140.dll |
WS2_32.dll |
WLDAP32.dll |
SHELL32.dll |
msvcp140.dll |
xinput1_3.dll |
api-ms-win-crt-string-l1-1-0.dll |
xinput1_2.dll |
xinput9_1_0.dll |
api-ms-win-crt-time-l1-1-0.dll |
VCRUNTIME140_1.dll |
IMM32.dll |
KERNEL32.dll |
Crypt32.dll |
USER32.dll |
USERENV.dll |
api-ms-win-crt-heap-l1-1-0.dll |
api-ms-win-crt-locale-l1-1-0.dll |
api-ms-win-crt-runtime-l1-1-0.dll |
api-ms-win-crt-convert-l1-1-0.dll |
xinput1_1.dll |
xinput1_4.dll |
api-ms-win-crt-stdio-l1-1-0.dll |
IPHLPAPI.DLL |
api-ms-win-crt-conio-l1-1-0.dll |
api-ms-win-crt-filesystem-l1-1-0.dll |
api-ms-win-crt-math-l1-1-0.dll |
Strings analysis - Possible IPs found 26
127.0.0.1 |
2.5.4.8 |
2.5.4.9 |
2.5.4.6 |
2.5.4.7 |
2.5.4.4 |
2.5.4.5 |
2.5.4.3 |
2.5.4.72 |
2.5.4.10 |
2.5.4.11 |
2.5.4.12 |
2.5.4.13 |
2.5.4.17 |
1.3.14.3 |
2.5.4.45 |
101.3.4.2 |
2.5.29.19 |
2.5.4.65 |
2.5.29.17 |
2.5.4.46 |
2.5.29.18 |
2.5.4.44 |
2.5.4.43 |
2.5.4.42 |
2.5.4.41 |
Strings analysis - Possible URLs found 6
https://curl.haxx.se/docs/http-cookies.html |
ftp://%s:%s@%s |
file:// |
http://www.dotcolon.net/ |
file://%s%s%s |
http://www.dotcolon.net/Vegur |
Import functions
MSVCP140.dll 72
CRYPT32.dll 16
KERNEL32.dll 84
dwmapi.dll 1
d3dx9_43.dll 2
api-ms-win-crt-locale-l1-1-0.dll 3
api-ms-win-crt-filesystem-l1-1-0.dll 7
api-ms-win-crt-math-l1-1-0.dll 12
api-ms-win-crt-utility-l1-1-0.dll 3
VCRUNTIME140.dll 15
api-ms-win-crt-conio-l1-1-0.dll 1
USER32.dll 45
IMM32.dll 4
api-ms-win-crt-string-l1-1-0.dll 10
VCRUNTIME140_1.dll 1
api-ms-win-crt-runtime-l1-1-0.dll 28
api-ms-win-crt-convert-l1-1-0.dll 7
SHELL32.dll 1
RPCRT4.dll 3
api-ms-win-crt-stdio-l1-1-0.dll 35
d3d9.dll 1
USERENV.dll 1
api-ms-win-crt-time-l1-1-0.dll 2
WLDAP32.dll 18
api-ms-win-crt-heap-l1-1-0.dll 6
ADVAPI32.dll 16
WS2_32.dll 29
Normaliz.dll 1
Name | Latest seen | MD5 |
---|---|---|
nixware.exe?ex=670e24bc&is=670cd33c&hm=af5878e94690e9a510718688af3b94871b080031d1827cea314136c3157e3fe2& | 2024-10-14 16:46:03 | 53f178ea0c14b901bc30cc22687d384d |