install.exe

First submission 2024-02-08 17:36:03 Last sumbission 2024-02-08 18:01:03

File details

File type: PE32+ executable (console) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 10097.61 KB (10339957 bytes)
Compile time: 2024-02-07 20:40:23
MD5: 68a70167645fa690aa89281024abacd1
SHA1: fbee26b4e7890b81ec8f3d5456ac0d301e9cb3ae
SHA256: 4835fecbbc2b930aae3834d4610bfde5a8375e7212ec8e68e4ae0b96de4656ce
Import Hash : ba5546933531fafa869b1f86a4e2a959
Sections 7 .text .rdata .data .pdata _RDATA .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://80.66.64.3/install.exe VirusTotal Report 80.66.64.3 VirusTotal Report 2024-02-08 18:01:05
hXXp://195.123.230.238/install.exe VirusTotal Report 195.123.230.238 VirusTotal Report 2024-02-08 17:36:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x28890 166400 0096271c79c3d968f613d77cadf00b501654732d 7c71956ea75242f33df45f4d2c19a4d8
.rdata 0x2a000 0x1271a 75776 ec2662983779859498b8dde37c63083593147ec3 e024d695918a384124535ee59bf4381c
.data 0x3d000 0x103f8 3584 f2aa811253ab892e71f1b7504c587bf82745a97d 9bd2cebaa3285e8e266c4c373a15119d
.pdata 0x4e000 0x20e8 8704 766a44657256d34a9f078520111dc930b12eab3d f2a57235499cb8c84daf2de6f18a85eb
_RDATA 0x51000 0x15c 512 3fc974a4d946f337bd627c48ae2f1a7f995fb5e1 32c20bb907888de565d4d8836d097016
.rsrc 0x52000 0xef8c 61440 d533cdd280aaa83a9ab88c79d3ae510bfa34d45f dabc2b77a65cf1196a989f49ae2bdf8d
.reloc 0x61000 0x75c 2048 63cd7f76452e70da0d19e5f98896f2b8ef442b80 b7279c82d58eeae8dc663879402c6f2e

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x605ac 1128
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x60a14 104
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x60a7c 1293

Packers detected 2

Microsoft Visual C++ 8.0 (DLL)
Microsoft Visual C++ 8.0

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Compressed
base_library.zip
xbase_library.zip
Library
mscoree.dll
ADVAPI32.dll
bapi-ms-win-core-console-l1-1-0.dll
bapi-ms-win-core-libraryloader-l1-1-0.dll
KERNEL32.dll
bapi-ms-win-core-file-l1-1-0.dll
bpywin32_system32\pywintypes38.dll
bapi-ms-win-crt-multibyte-l1-1-0.dll
bapi-ms-win-core-processenvironment-l1-1-0.dll
bapi-ms-win-core-processthreads-l1-1-1.dll
bapi-ms-win-crt-math-l1-1-0.dll
bapi-ms-win-core-interlocked-l1-1-0.dll
bpython38.dll
bapi-ms-win-core-file-l1-2-0.dll
bapi-ms-win-crt-utility-l1-1-0.dll
bapi-ms-win-crt-environment-l1-1-0.dll
bapi-ms-win-core-namedpipe-l1-1-0.dll
ucrtbase.dll
bapi-ms-win-crt-convert-l1-1-0.dll
bpython3.dll
blibssl-1_1.dll
Bapi-ms-win-core-synch-l1-2-0.dll
bapi-ms-win-core-file-l2-1-0.dll
bapi-ms-win-crt-time-l1-1-0.dll
bapi-ms-win-core-debug-l1-1-0.dll
bapi-ms-win-core-datetime-l1-1-0.dll
bapi-ms-win-core-string-l1-1-0.dll
bapi-ms-win-crt-locale-l1-1-0.dll
bapi-ms-win-crt-filesystem-l1-1-0.dll
bapi-ms-win-crt-runtime-l1-1-0.dll
bapi-ms-win-core-synch-l1-1-0.dll
bucrtbase.dll
bapi-ms-win-crt-process-l1-1-0.dll
bapi-ms-win-core-handle-l1-1-0.dll
bapi-ms-win-core-util-l1-1-0.dll
bPythonwin\mfc140u.dll
bVCRUNTIME140_1.dll
bapi-ms-win-core-profile-l1-1-0.dll
bapi-ms-win-crt-string-l1-1-0.dll
bMSVCP140.dll
bapi-ms-win-core-localization-l1-2-0.dll
bapi-ms-win-crt-conio-l1-1-0.dll
blibffi-7.dll
bapi-ms-win-crt-heap-l1-1-0.dll
bpywin32_system32\pythoncom38.dll
bapi-ms-win-crt-stdio-l1-1-0.dll
bapi-ms-win-core-heap-l1-1-0.dll
bVCRUNTIME140.dll
bapi-ms-win-core-timezone-l1-1-0.dll
bapi-ms-win-core-sysinfo-l1-1-0.dll
blibcrypto-1_1.dll
bapi-ms-win-core-memory-l1-1-0.dll
bapi-ms-win-core-rtlsupport-l1-1-0.dll
4python38.dll
bapi-ms-win-core-processthreads-l1-1-0.dll
bapi-ms-win-core-errorhandling-l1-1-0.dll

Strings analysis - Possible URLs found 1

http://schemas.microsoft.com/SMI/2016/WindowsSettings

Import functions

Name Latest seen MD5
Guardian.exe 2023-07-05 07:34:06 b6224676697824f203b0a7c4face0c27
newpy.exe 2023-07-09 15:21:03 b28167faf2bcf0150d5e816346abb42d
webcam.exe 2023-12-05 15:01:10 06e2fea8b5942ce905c4aaba31fac143