rootup.exe

First submission 2024-09-28 18:04:13 Last sumbission 2024-09-28 18:05:19

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Mime type: application/x-dosexec
File size: 777.41 KB (796066 bytes)
Compile time: 2012-02-04 23:43:24
MD5: 62a18cdbe8e50b650590b503f34fd657
SHA1: 87bcddc0d6b913ba0e31a9c980661b7bc5b7360b
SHA256: f616ad45e258bbb7d21a33a6405cbdbeed1eb46532dc1225d6313c66039b72a2
Import Hash : 6058ac660564f64af764bdf1e4fe5d2b
Sections 3 UPX0 UPX1 .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 55/77 VT report date: 2024-09-28 17:32:40
Malware Type 2 trojan worm
Threat Type 3 agentb autoit yahlover

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://58.23.215.62:8765/rootup.exe VirusTotal Report 58.23.215.62 VirusTotal Report 2024-09-28 18:05:21
hXXp://36.249.46.174:8765/rootup.exe VirusTotal Report 36.249.46.174 VirusTotal Report 2024-09-28 18:04:13

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0x7c000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x7d000 0x4b000 305664 bb1da5ee1c0135b1b885bd00379b23e461f30151 b49af743872e9cf29c6854b39703ca9c
.rsrc 0xc8000 0x8000 29696 a358e94a1accad5d8f1f0984435bd65d5e8e2330 3624c2f68ee79828a49d90b8ecbe27ff

PE Resources 7

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xce6f0 1128
RT_MENU LANG_ENGLISH SUBLANG_ENGLISH_UK 0xc1b28 78
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_UK 0xc1b78 240
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0xc2b80 132
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_UK 0xcec14 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_UK 0xcec2c 412
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xcedcc 620

Meta infos 4

CompiledScript: AutoIt v3 Script: 3, 3, 9, 0
Translation: 0x0809 0x04b0
FileVersion: 3, 3, 9, 0
FileDescription:

Packers detected 3

UPX v0.80 - v0.84
UPX 2.90 (LZMA)
UPX -> www.upx.sourceforge.net

Strings analysis - File found

Library
ADVAPI32.dll
OLEAUT32.dll
VERSION.dll
SHELL32.dll
PSAPI.DLL
GDI32.dll
COMCTL32.dll
ole32.dll
USER32.dll
WSOCK32.dll
WININET.dll
USERENV.dll
WINMM.dll
KERNEL32.dll
COMDLG32.dll
ICMP.DLL
MPR.dll

Import functions

Name Latest seen MD5
DelHosts.exe 2024-09-28 17:43:16 b0283aa6cc06b0880a1681f2c9802f05
clear.exe 2024-09-28 18:39:20 954e4290b830ec048c7b700dfedd4df0
xunyouup.exe 2024-09-28 19:21:05 9cc3f6bec0f422e8cff29838f66a4b42
culclientUp.exe 2024-09-28 19:27:05 915b7366ba2e87a3f5a6810903cbc38a
vncDbnt.exe 2024-09-28 19:20:05 3597cd93701c4505d035a34271e0b931
WezoAutoUP.exe 2024-09-28 17:05:05 46748aff6fcab034d0affddc99c6d876
wzoptup.exe 2024-09-28 17:59:05 206c606e09f81262fbc85065ceca4f59
Downdd.exe 2024-09-28 17:41:10 f6be85b0254a308f77189fc96fa6f38e
CardPWD.exe 2024-09-28 19:31:11 2ae78305061a7a1491e4371e49f506f8
WezoEventUP.exe 2024-09-28 19:16:09 47bfeea9297530e45f26c4877bc078a6
fixHosts.exe 2024-09-28 17:39:05 754c738f12caa66eae85d417a235908e
pcstoryrestart.exe 2024-09-28 19:19:05 b69808cf234575a70239f8cfde03d77d
huoronguninstall.exe 2024-09-28 19:02:17 bede47f1fc4c20a850f70986399419d9
huorong.exe 2024-09-28 18:29:06 2b7bff01c4165d267d31d52c15b2d0ec
DownYGX.exe 2024-09-28 18:33:10 36f62b7cdf6f360b0eec74c5a371a102
wxupup.exe 2024-09-28 19:01:23 5fb6829b52847d878a98f9069e5c5fa4
RunGameADD.exe 2024-09-28 18:28:29 c2e60013e06179236d27f81811f848df
uuvipfix.exe 2024-09-28 19:05:33 46be1d2a2de1c43b0169874d14503098