random.exe

First submission 2024-09-01 22:08:10 Last sumbission 2024-09-01 22:48:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1783.5 KB (1826304 bytes)
Compile time: 2024-08-23 15:14:53
MD5: 5f608251065b3a8efb3d707df00ffede
SHA1: 8b5ee84f54f599d9ad9369ec38aaca5d2a59873c
SHA256: 27dab34b33fd6fd425193ab264e1a0bbcc695a173c64de5d479fc96e189f979e
Import Hash : 2eabe9054cad5152567f0699947a2c5b
Sections 7 .rsrc .idata agodkpeb frgsmfqf .taggant
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 30/78 VT report date: 2024-09-01 17:44:02
Malware Type 2 trojan miner
Threat Type 2 pwsx stealc

URLs, FQDN and IP indicators 3

URL Host (FQDN/IP) Date Added
hXXps://www.qualityfinance.net/steam/random.exe VirusTotal Report www.qualityfinance.net VirusTotal Report 2024-09-01 22:48:04
hXXps://www.smartfinancecard.org/steam/random.exe VirusTotal Report www.smartfinancecard.org VirusTotal Report 2024-09-01 22:14:01
hXXps://finwizards.org/steam/random.exe VirusTotal Report finwizards.org VirusTotal Report 2024-09-01 22:08:10

PE Sections 5 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x23d000 80896 f7d16b53ba6315d42506ccd9d51a23fcdef45773 f46100e84ef50b9bfe850984c2c81498
.rsrc 0x23e000 0x1000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x23f000 0x1000 512 5ddb4f9813a4bab7ce7ecfde3d29073258d2c2b4 380655991303f284fcb90ef8e49522a1
0x240000 0x2b2000 512 fa3a7694a18912da5ff6b514200d32e459c11f3d 130d636b06e8b3e83a4af73b5a423524
agodkpeb 0x4f2000 0x1a7000 1730560 71ab289860a8c0dabba9716a146593c69c364675 24f1f3eae2b27a4bf5709de1c06e4cef
frgsmfqf 0x699000 0x1000 1024 7360999422c7d5acf9fb3aec8d559130e1b3f097 607aded1263a2ca4bb95038b43842d0c
.taggant 0x69a000 0x3000 8704 141fada6cdd95c2db1215b8438bd95a2d993f741 82ccdafb74b58c08847a9f13a142624c

Strings analysis - File found

Library
MSVCRT.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
builder.exe 2023-02-01 16:59:03 71169e2bb6e19b3c3edcd7d8f3d6d3f1
random.exe 2024-05-19 20:21:02 d7153d7505810d7600f9c3d879eb344d
random.exe 2024-05-30 13:39:02 5b92f2d747654de7258e0a1b92e8800c
random.exe 2024-05-30 13:40:02 fcf91c5536050feef02c4f31d2bcadcc
sarra.exe 2024-05-30 13:33:02 7768e0cf2b9e571d6da5498bfa81d6fc
random.exe 2024-05-30 17:14:02 e25317bc8e09044cd19df691f2078316
random.exe 2024-05-30 17:12:02 3eaecc080bd77a152119127af73707b3
sarra.exe 2024-05-30 17:13:02 c11d2e44aa3ffef22a3f41ac3432a4a3
random.exe 2024-06-04 22:58:02 713a645c9524d137db3c5547b12708f7
sarra.exe 2024-06-04 23:00:03 10813bac0740848c94f38a687efafd03
random.exe 2024-06-04 23:19:03 4be144e00cac43d4f322b6a9baca9dad
lenin.exe 2024-06-06 05:44:02 9af8f8becc44507318bc70e70a898488
kenzo.exe 2024-06-11 16:51:03 8d9501061e3c3a3255f1643685a45b87
random.exe 2024-06-14 16:08:08 562aebb8c1532478b331ab682d6cfefe
num.exe 2024-06-24 12:29:02 bd034ca154769f1df2a8ceb60c204380
amadka.exe 2024-06-28 21:43:19 48748ca4d44fb37a2bae87561b9c9628
random.exe 2024-07-26 01:56:02 353a5658d91ce23243d408d8f0d21340
enter.exe 2024-07-26 09:25:02 6f59ce88b52487bba7eb59e81525c4f5
enter.exe 2024-07-26 13:32:02 33a84ea233fe9fe1b4c85e533a228bbd
random.exe 2024-07-26 14:42:02 2f8340243dafb72a273d5afe0bc4bb5c
enter.exe 2024-07-26 17:01:02 44653b124b4a62d8fd4bb6fc5f48be05
random.exe 2024-07-27 16:19:02 246a2188eb95e0eda77ad4891c4dc765
random.exe? 2024-08-26 11:18:02 2f403e10e45293e1bcb5253aa422dffb
leto.exe 2024-08-26 12:59:02 2c828ff1d5f16164afe4f5428420d66f
random.exe 2024-08-28 02:41:02 6e5042ff1ec6df9aee18f4eea7864524
emptyfilename.tmp 2024-08-28 12:37:02 8a88665eb48a805506f8c70dc2471c16
random.exe 2024-09-01 21:56:21 b95bace368ebdca478fcaf4279b38399
random.exe 2024-09-02 06:58:02 457d9a15d305df62fe34c5076f3cad9d
lamp.exe 2024-09-03 16:12:02 68542ccb1dbce6ed08f452a53d9d08c0