msgbox2.file

First submission 2024-02-04 17:35:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 72.5 KB (74240 bytes)
Compile time: 2024-01-15 11:46:23
MD5: 65ea5410c5869dd9aa8511bdbeaab5bd
SHA1: cdd0d5e4bfae2d9d5e8f9b300c1e7bf6050196da
SHA256: d87d9fc0475f77301abc81d105c1603e74e6f03210694418fc20c7c8c6f1b393
Import Hash : 67b092a69844bee71741beabb06b1afb
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://5.42.65.115/files/msgbox2.file VirusTotal Report 5.42.65.115 VirusTotal Report 2024-02-04 17:35:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xa6e8 43008 2b1264378a880966722ee9a26a34cdf8a5d032b5 969edb1d0722a635df795ccc89b12b50
.rdata 0xc000 0x5a3e 23552 f6e288010b4794f1276927cc9c5046c786950345 40946e65f9d21118b04a477424e93f32
.data 0x12000 0x12a4 2560 78e7eb77487ec680883f9dac985f42394d1c07bc 37945817b245d8ba509f2c9f50aff8a2
.rsrc 0x14000 0x1e0 512 8089325985b9f78b361d2bef5ce408f2815c083a f1b801d7cee918c8de20c6e09bf27838
.reloc 0x15000 0xdb0 3584 6b1f06a1549aba68f73e52df7e218532920ba5c8 bf81b773ea10e9e8c56088326a36daa3

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x14060 381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
xmscoree.dll
USER32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
msgbox1.file 2024-02-04 17:32:02 ac6132e51eeb91f7d294c448fc2605a0