goldman1234.exe

First submission 2024-02-11 05:23:03

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 2535.5 KB (2596352 bytes)
Compile time: 2024-02-09 18:50:20
MD5: 5f4f97f402bcd5935346a94e47299ec1
SHA1: 554b5d093fe36d58011c6f20b7fa27cf35f9bf20
SHA256: 7c5db88208d7506a8d72d159d347e74e3cc49828d7596f908b1ce3a7ed10a2a4
Import Hash : 5d68de0544abec4f6be91e05245b348d
Sections 7 .text .rdata .data .pdata .00cfg .tls .reloc
Directories 3 import tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.233.132.167/lend/goldman1234.exe VirusTotal Report 193.233.132.167 VirusTotal Report 2024-02-11 05:23:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x42c6 17408 986c8b848adc5e3d852c16c1eba68c9eeb87a71c 8c7e6da7b50f2e2da136e01d4ccfde4e
.rdata 0x6000 0x1388 5120 6f5d9562a13912654ff4e9b40ab291775607d47c 41a182a123f959f45ffa30ee6231acee
.data 0x8000 0x2740d0 2570752 7a74698359ae330757805fb1349c1bb246d25399 30ffe76787432ef90f1c09c09e7f969a
.pdata 0x27d000 0x150 512 4e02fa8160ccde3c751dbb0c59e5af158870c8ba 62ed705895e4985e20161cd990d745dc
.00cfg 0x27e000 0x10 512 7c9d8859eadd0c878ef339317f1dd025b88a243c b18c7380298e104adf73576fa46bccc1
.tls 0x27f000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x280000 0x70 512 8fb56f2d568d7f253193961f61b948a4010a16da d4ea7ae787e08c3c30f2f0ccdb60c1a3

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
KERNEL32.dll
MSVCRT.dll

Import functions

Name Latest seen MD5
joekr1234.exe 2024-02-11 06:24:03 8eee0f0bcbb9d63691ac5cda65dfc44c