crypted.exe

First submission 2024-02-09 15:23:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 473.47 KB (484832 bytes)
Compile time: 2012-07-14 00:47:16
MD5: 65cd874d67b647231c7ebfa6456550f3
SHA1: f0015a87abf20ddf082634c68c46b0ba4ae039b1
SHA256: b4a2a7caa9d02a3b48f3d04e80d82631e0bc9bc52c6de90269786593b9cabd47
Import Hash : bf5a4aa99e5b160f8521cadd6bfe73b8
Sections 4 .text .rdata .data .rsrc
Directories 4 import resource debug security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://transfer.sh/get/1fuFh0Ruzu/crypted.exe VirusTotal Report transfer.sh VirusTotal Report 2024-02-09 15:23:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x19718 104448 403b401031fd0b6260ce635c770fbc9654f06a21 f20642e72250c03276a3d99a40304662
.rdata 0x1b000 0x6db4 28160 ac050a1809ae127615e1683adb73d87013096d10 5826801f33fc1b607aa8e942aa92e9fa
.data 0x22000 0x30c0 5632 c5c9b70d1fbe0cb0f1d48ea41ef1cd0da70d708d 2fe51a72ede820cd7cf55a77ba59b1f4
.rsrc 0x26000 0x51dfc 335360 8fb95486dd4b2c2733c51a23d74f83d3ad1a8296 e44e98aebfe5f2ad7a19aa48d1d2af7b

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x778b0 32
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x778d0 832
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x77c10 490

Meta infos 11

LegalCopyright: Copyright 2023
Assembly Version: 1.0.0.0
InternalName: Stereo.exe
FileVersion: 1.0.0.0
CompanyName: Mileages
Comments: Replacer
ProductName: Telegraphically Nil
ProductVersion: 1.0.0.0
FileDescription: Leftwards Gran Sensationally
Translation: 0x0000 0x04b0
OriginalFilename: Stereo.exe

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
fd90006388a911cf84de26af68be7aa0 8fb8ce46e1a715a9c9cb99506ba08ae1781bf65c 10208 474624

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
OLEAUT32.dll
ole32.dll
USER32.dll

Strings analysis - Possible URLs found 14

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://ocsp.digicert.com0C
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://ocsp.digicert.com0\
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://ocsp.digicert.com0X

Import functions

Name Latest seen MD5
.NetFramework.exe 2023-06-22 19:16:03 b8bee86a938a8b2245aa9343077958a6
Lion.exe 2023-06-27 19:52:02 1cbb726aada6d392c55f2a52113d05eb
mo.exe 2023-06-28 10:56:02 8ef917494a0e51cc61e491173b16150d
btt.exe 2023-06-29 07:32:01 e052e7de9592d69a07411a1d2bb182b6
haitianzx.exe 2023-07-05 07:31:03 2d2e577e7bb99c8854fdc99d94eb1338
looorlki.exe 2023-07-07 08:36:02 02702bec6d76bf792b0ce39f6fab58e9
NBbH87.exe 2023-07-14 12:42:01 e8a59b068f08284eb4159afadb10110e
Asx.exe 2023-07-14 14:24:02 af2e78a40b94d6e6b5f1d002d340c059
MNKLOP873.exe 2023-07-20 07:25:02 a79a555d8074362ce42e03465fc6655d
SuWar3Tools.exe 2023-09-04 20:11:05 8306a21a9f7d2d20d2ef8df82d9a7750
B.exe 2023-09-13 09:52:03 1c91d91d58c62fb93b9d3a7ee6f273fc
CB.exe 2023-09-13 11:12:02 f89a7590147ed0c19e142705acf490af
F.exe 2023-09-13 11:13:02 be5d8aca3a377e02a7effcdc07029afd
Gen.exe 2023-09-13 17:34:03 d0fa181e7c69e0b03b243c2190910ddd
Bossf.exe 2023-09-14 09:32:02 638c636255e504c4770e02f7271daa6c
Bossk.exe 2023-09-14 09:33:03 81c2a78ac19f048e31da4ca0fa9b001a
WhiteCrypt.exe 2023-09-22 16:56:20 c4d37e5aeffecf5dd8728a71d204dca1
RRAIN.exe 2023-09-29 11:02:02 b6de2a88ddd8a054aa19818d7f0f7e5f
RAINN.exe 2023-09-29 14:15:02 6b262e3cfe7e64378337669bbdf768fb
MMkNn.exe 2023-11-05 18:12:02 576ea37ddee70b9062761e4bcc0c6a64
legnew.exe 2024-01-22 14:49:02 3b8212d9d6fdc390c9f5c9262563c34f
leg221.exe 2024-01-23 03:24:02 d177caf6762f5eb7e63e33d19c854089
alex.exe 2024-01-24 19:42:02 a615f2eee64c5d7449a8792cc782b6d6
gold1201001.exe 2024-01-25 01:26:02 6c0b848e31c8d918fa82aae9d760d821
uedfh12.exe 2024-01-25 14:03:01 511dcb92421ebd7e873e753f804c6b4f
crypted_1686680d.exe 2024-01-25 18:02:01 fc774a4455b8929454e016518dfd234c
MRK.exe 2024-01-25 21:20:02 8b5cf3d102548da37888f34d3d468e27
lololoolll.exe 2024-01-26 20:04:02 8bb5a33d341fa1694ab9c00258421182
rdxx1.exe 2024-01-27 00:01:02 810da00c69d55e89dca3bfe9a6f6a420
ExifWork.exe 2024-01-27 18:21:02 b6c715763e1eef89c0600361384e1d45
aoiido.exe 2024-01-28 18:23:01 34e24e68ad58de1a5cbb7ddd21c8f993
mrk1234.exe 2024-01-30 03:43:01 bf2a3e48b0ea897e1cb01f8e2d37a995
IInurhametov_crypted_LAB.exe 2024-01-30 15:22:02 c53b40a7f6ae33b3e318813db209e82e
hfhfhf.exe 2024-02-02 15:22:01 6af08d4b1b9db23c9f2022bf73a69d01
crptchk.exe 2024-02-02 01:28:02 63d9528b6667199d22c482f15643ab31
d.exe 2024-02-02 16:41:02 e2ad970208bda82f93edbd096261346f
dffdfdf.exe 2024-02-03 05:44:01 268cf16a004a6b7515bec416b64ee904
logo3.jpg 2024-02-03 13:21:08 a7dcdb8a4ecf815beac47a344d9b7259
daissss.exe 2024-02-03 22:24:03 10a331a12ca40f3293dfadfcecb8d071
crpta.exe 2024-02-04 07:04:03 2060ab69656588e8acefcde9c7cc0a5f
ed.exe 2024-02-09 15:22:02 e8cf89d1792220473647c863fa44cb40
crypted.exe 2024-02-09 17:24:02 b45eeb95925aa16b9bb9112e4f57554b
goldpricesup12.exe 2024-02-11 07:18:02 70ac96d1219c3f70b75ffeb5becc1b87