lamp.exe
First submission 2024-09-03 16:12:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 1744.5 KB (1786368 bytes) |
Compile time: | 2024-08-23 15:14:53 |
MD5: | 68542ccb1dbce6ed08f452a53d9d08c0 |
SHA1: | edb30c1007a946c76ae51acf3b45918ede16c3e4 |
SHA256: | 8e84c53178f9724d608c00a624e3efa68492d9269949a98eda8d5687c9c5cb36 |
Import Hash : | 2eabe9054cad5152567f0699947a2c5b |
Sections 7 | .rsrc .idata wwlaweht lqgyjmwp .taggant |
Directories 2 | import relocation |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 37/79 VT report date: 2024-09-03 15:58:24 |
Malware Type 1 | trojan |
Threat Type 2 | pwsx stealc |
URLs, FQDN and IP indicators 1
PE Sections 6 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
0x1000 | 0x23d000 | 80896 | d99a7217cebbfd60f5f164fb7abe25642abd4b41 | d06d8b33a09c1c7892af96ece73ede73 | ||
.rsrc | 0x23e000 | 0x1000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.idata | 0x23f000 | 0x1000 | 512 | 5ddb4f9813a4bab7ce7ecfde3d29073258d2c2b4 | 380655991303f284fcb90ef8e49522a1 | |
0x240000 | 0x2a0000 | 512 | 0b29422664a1aa9cd12c211b408d98dc95b22325 | 787b51443cfa985a60136bf51bc9d243 | ||
wwlaweht | 0x4e0000 | 0x19d000 | 1690624 | 0b542e16021af62c199f106e257003434f3cd611 | 9bd210e22e7cb893b4fe9895840a6629 | |
lqgyjmwp | 0x67d000 | 0x1000 | 1024 | 9087d044038b37da02d9572245a2e80ae3007551 | b8be4eef32424aacba0a7a80f208c3ac | |
.taggant | 0x67e000 | 0x3000 | 8704 | 3e044288d8d3c9cb158241e2066d7020c91d0c94 | 98186dd0a1ce935534798281523085d4 |
Strings analysis - File found
Library |
MSVCRT.dll |
KERNEL32.dll |
Import functions
Name | Latest seen | MD5 |
---|---|---|
builder.exe | 2023-02-01 16:59:03 | 71169e2bb6e19b3c3edcd7d8f3d6d3f1 |
random.exe | 2024-05-19 20:21:02 | d7153d7505810d7600f9c3d879eb344d |
random.exe | 2024-05-30 13:39:02 | 5b92f2d747654de7258e0a1b92e8800c |
random.exe | 2024-05-30 13:40:02 | fcf91c5536050feef02c4f31d2bcadcc |
sarra.exe | 2024-05-30 13:33:02 | 7768e0cf2b9e571d6da5498bfa81d6fc |
random.exe | 2024-05-30 17:14:02 | e25317bc8e09044cd19df691f2078316 |
random.exe | 2024-05-30 17:12:02 | 3eaecc080bd77a152119127af73707b3 |
sarra.exe | 2024-05-30 17:13:02 | c11d2e44aa3ffef22a3f41ac3432a4a3 |
random.exe | 2024-06-04 22:58:02 | 713a645c9524d137db3c5547b12708f7 |
sarra.exe | 2024-06-04 23:00:03 | 10813bac0740848c94f38a687efafd03 |
random.exe | 2024-06-04 23:19:03 | 4be144e00cac43d4f322b6a9baca9dad |
lenin.exe | 2024-06-06 05:44:02 | 9af8f8becc44507318bc70e70a898488 |
kenzo.exe | 2024-06-11 16:51:03 | 8d9501061e3c3a3255f1643685a45b87 |
random.exe | 2024-06-14 16:08:08 | 562aebb8c1532478b331ab682d6cfefe |
num.exe | 2024-06-24 12:29:02 | bd034ca154769f1df2a8ceb60c204380 |
amadka.exe | 2024-06-28 21:43:19 | 48748ca4d44fb37a2bae87561b9c9628 |
random.exe | 2024-07-26 01:56:02 | 353a5658d91ce23243d408d8f0d21340 |
enter.exe | 2024-07-26 09:25:02 | 6f59ce88b52487bba7eb59e81525c4f5 |
enter.exe | 2024-07-26 13:32:02 | 33a84ea233fe9fe1b4c85e533a228bbd |
random.exe | 2024-07-26 14:42:02 | 2f8340243dafb72a273d5afe0bc4bb5c |
enter.exe | 2024-07-26 17:01:02 | 44653b124b4a62d8fd4bb6fc5f48be05 |
random.exe | 2024-07-27 16:19:02 | 246a2188eb95e0eda77ad4891c4dc765 |
random.exe? | 2024-08-26 11:18:02 | 2f403e10e45293e1bcb5253aa422dffb |
leto.exe | 2024-08-26 12:59:02 | 2c828ff1d5f16164afe4f5428420d66f |
random.exe | 2024-08-28 02:41:02 | 6e5042ff1ec6df9aee18f4eea7864524 |
emptyfilename.tmp | 2024-08-28 12:37:02 | 8a88665eb48a805506f8c70dc2471c16 |
random.exe | 2024-09-01 21:56:21 | b95bace368ebdca478fcaf4279b38399 |
random.exe | 2024-09-01 22:48:02 | 5f608251065b3a8efb3d707df00ffede |
random.exe | 2024-09-02 06:58:02 | 457d9a15d305df62fe34c5076f3cad9d |