loster.exe

First submission 2024-02-11 00:01:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 2356.0 KB (2412544 bytes)
Compile time: 2024-02-09 08:51:44
MD5: 62888e93e8a9b835451bd3371d4b5218
SHA1: 4f123717a885b2b519e9d665438ae03fbb427868
SHA256: f60de73720434f0a8a96dea4e1126ff7f726da511fb5befa4166bbdfd11bca56
Import Hash : 2eabe9054cad5152567f0699947a2c5b
Sections 7 .rsrc .idata bdhfriqu rzncxhcm .taggant
Directories 3 import resource relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://91.92.254.184/penza/loster.exe VirusTotal Report 91.92.254.184 VirusTotal Report 2024-02-11 00:01:02

PE Sections 6 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x136000 585216 858616a882c6738ec255d3cecaf6df6c08805f52 a39d8844fdcdac6edb833804e9328cd4
.rsrc 0x137000 0x110a0 8192 dc188acc7b74eadba38b206d1b50d68aa8682536 aeec17b0e3fadd8461997a4f36ce6d27
.idata 0x149000 0x1000 512 5e2665ef83d53c2c9333b29ae262182f2c55c30c 588e00183b8b4dbb8c7106492f04143d
0x14a000 0x2be000 512 fc2f9b1ff25551ffc9f529f4369c5a0b05bec87a b3f4e9fe5d099f4a8df42ef1a2dfb2dd
bdhfriqu 0x408000 0x1b9000 1803776 de2126edb7ecaaabc38f2a940f9188d2f80bd28f d50e406f72bbef623ad757a2795b16a9
rzncxhcm 0x5c1000 0x1000 1536 01c7fb7e2f48cc777dfe81cd7f0b42f6d30175bd 68f427df30f73222a16c8507defe0b4e
.taggant 0x5c2000 0x3000 8704 72bcd503260e75deb4c959e6660568d30281f7ef 1b4963d29c1dc241c7ebb4ea500e9f9b

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x5af69c 67624
RT_GROUP_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x5bfec4 20
RT_VERSION LANG_RUSSIAN SUBLANG_RUSSIAN 0x5bfed8 692
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x5c0472 381

Meta infos 9

LegalCopyright: (c) 1999-2022 Jonathan Bennett
InternalName: Ay3Info.exe
FileVersion: 3.3.16.1
CompanyName: Au3
ProductVersion: 3.3.16.1
FileDescription: Ay3Info
Translation: 0x0409 0x04b0
OriginalFilename: Ay3Info.exe
ProductName: Ay3Info

Strings analysis - File found

Library
KERNEL32.dll

Strings analysis - Possible IPs found 1

3.3.16.1

Import functions

Name Latest seen MD5
dota.exe 2024-02-06 05:06:03 9e4d39ed30534cc58a95507c99370a47
amert.exe 2024-02-06 06:41:03 a3cd3871ba24037d9aba6b0b053cf34a
rega.exe 2024-02-07 02:02:02 43836f75d5662bc72af946abefe786ce
bucha.exe 2024-02-08 03:22:04 3e9650a7b961e437db222dfb746e2be9
ladas.exe 2024-02-08 07:03:03 2fae8d32357ed07bf6a6b216f376f867
hunta.exe 2024-02-09 12:02:02 094c7deac7308ea0c8e656efae033a64
hunta.exe 2024-02-10 13:41:02 48bd66cb49e7451cbdb078e2698a1290
micro.exe 2024-02-10 15:22:02 bfcbce795272ae853a343628bd213390