svc01.exe

First submission 2022-08-02 21:43:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 943.5 KB (966144 bytes)
Compile time: 1992-06-20 00:22:17
MD5: 6036b574d93e0f406160cb2fd5ae636d
SHA1: bf7a1f488e36139f75e93458fd71f660cf7996e0
SHA256: 0094a21cdba5b0d2622b2686f64dbcccf090675ae7ae86f21d4063ac1e17ccf9
Import Hash : 5f2a5ba208506b49b681af6fe077e44e
Sections 9 .text .itext .data .bss .idata .tls .rdata .reloc .rsrc
Directories 4 import resource tls relocation
Virus Total: 23/71 VT report date: 2022-08-02 18:02:26

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://179.43.175.187/rakb/svc01.exe VirusTotal Report 179.43.175.187 VirusTotal Report 2022-08-02 21:43:02

PE Sections 4 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x842f4 541696 dae965296c58234d95f7d5f44f4805f760bdbbb8 683c2a9b18e83f71f6cd74078820a75d
.itext 0x86000 0x8dc 2560 f5bac7f9bf7462e916089d12434bf8befdeab62e 2b02d7185004a3d5759ebbb11353f749
.data 0x87000 0x2278 9216 02049cf651673f141eeff9082b1c4341dbf64f03 d44e6ca08bc21c1a5bf8630ec4baf3be
.bss 0x8a000 0x37d0 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x8e000 0x2874 10752 e029bde5249eb5fa3edc426eebdc223887fb4074 b88979ef4c82e9901ed6ec1d474b45ae
.tls 0x91000 0x34 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x92000 0x18 512 d00d0279f9c460099dbc6c860d697dd47fcad1ac eb79b000f696dc839ac21992914c24d8
.reloc 0x93000 0x9248 37888 f4006074a0fb191ac56d67e208a51b8b83326c92 dbbe48c48d9e5bfe5f4db59684e57ea9
.rsrc 0x9d000 0x58800 362496 94fb53fbdaf08798fb47b082f09c69f14ac84b9f 44a97a0bf0651fb6e3b9907ce7e3d6da

PE Resources 10

Name Language Sublanguage Offset Size Data
MP3NU LANG_ENGLISH SUBLANG_ENGLISH_US 0x9dbfc 290067
RT_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0xe5048 308
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0xe63b0 232
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0xe90f8 1128
RT_DIALOG LANG_NEUTRAL SUBLANG_NEUTRAL 0xe95b4 82
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0xebf90 692
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0xec5a0 6483
RT_GROUP_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0xedf6c 20
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0xedf80 48
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0xedfb0 30752

Meta infos 63

PlaceHolder19:
PlaceHolder27:
PlaceHolder17:
PlaceHolder12:
PlaceHolder16:
PlaceHolder02:
PlaceHolder39:
PlaceHolder13:
PlaceHolder14:
PlaceHolder21:
PlaceHolder03:
PlaceHolder44:
PlaceHolder20:
PlaceHolder41:
PlaceHolder30:
FileVersion: 1.0.0.0
ProductName: Envision
PlaceHolder37:
PlaceHolder43:
PlaceHolder01:
PlaceHolder09:
PlaceHolder50:
PlaceHolder28:
PlaceHolder42:
PlaceHolder33:
PlaceHolder53:
PlaceHolder29:
PlaceHolder49:
PlaceHolder26:
PlaceHolder47:
PlaceHolder18:
PlaceHolder52:
CompanyName: Bitnami
PlaceHolder45:
PlaceHolder22:
PlaceHolder11:
PlaceHolder08:
PlaceHolder24:
PlaceHolder15:
ProductVersion: 8.1.1-2
Translation: 0x0409 0x04b0
PlaceHolder34:
PlaceHolder55:
PlaceHolder38:
PlaceHolder05:
PlaceHolder51:
OriginalFilename: Envision Digital
PlaceHolder35:
PlaceHolder04:
PlaceHolder36:
PlaceHolder23:
PlaceHolder10:
PlaceHolder06:
PlaceHolder46:
PlaceHolder31:
PlaceHolder25:
PlaceHolder07:
FileDescription:
PlaceHolder40:
LegalCopyright: Copyright Bitnami
PlaceHolder32:
PlaceHolder48:
PlaceHolder54:

Packers detected 5

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0
Borland Delphi v6.0 - v7.0
BobSoft Mini Delphi -> BoB / BobSoft

Anti debug functions 5

FindWindowA
GetLastError
GetWindowThreadProcessId
RaiseException
UnhandledExceptionFilter

Strings analysis - File found

Library
Invalid ownerE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL
MAPI32.dll
USER32.dll
UxTheme.dll
OLEAUT32.dll
COMCTL32.dll
ole32.dll
IMM32.dll
ADVAPI32.dll
GDI32.dll
KERNEL32.dll
vcltest3.dll
VERSION.dll

Import functions