build1555.exe

First submission 2024-07-08 16:46:04 Last sumbission 2024-07-12 12:46:04

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 11003.5 KB (11267584 bytes)
Compile time: 2024-06-27 06:46:49
MD5: 6b1eb54b0153066ddbe5595a58e40536
SHA1: adf81c3104e5d62853fa82c2bd9b0a5becb4589a
SHA256: d39627a497bf5f7e89642ef14bb0134193bc12ad18a2eadddf305c4f8d69b0b8
Import Hash : a15389e7a3e3d8aabef3d1422091a217
Sections 12 .text .data .rdata .eh_fram .pdata .xdata .bss .idata .CRT .tls .rsrc .reloc
Directories 4 import resource tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 52/78 VT report date: 2024-07-04 22:11:10
Malware Type 1 trojan
Threat Type 3 python amadey stealer

URLs, FQDN and IP indicators 3

URL Host (FQDN/IP) Date Added
hXXp://77.91.77.82/lend/build1555.exe VirusTotal Report 77.91.77.82 VirusTotal Report 2024-07-12 12:46:06
hXXp://77.91.77.80/lend/build1555.exe VirusTotal Report 77.91.77.80 VirusTotal Report 2024-07-12 12:44:06
hXXp://77.91.77.81/lend/build1555.exe VirusTotal Report 77.91.77.81 VirusTotal Report 2024-07-08 16:46:04

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1acb8 110080 93c98acf6077b1534201e2d80b35507dc8ea50a5 564cdac22d4b6eb80ed22d62e2af8cab
.data 0x1c000 0x110 512 cb410c4fd9a0944b830861ea5fefbd5e753fd162 56e0b205a46042efed9873d262eafef4
.rdata 0x1d000 0x2b50 11264 4a419b6289cd7d04d351bb425e95b120048fc6b4 e09c29aece2145ff6f637b4e583e2c91
.eh_fram 0x20000 0x4 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.pdata 0x21000 0x828 2560 c87337e89159c4ad6d7304e9579c8975cfae8663 f859c9498e87ed242ea4db425abf433a
.xdata 0x22000 0x9f8 2560 db261fec126c497ffa50788b6401f7362268fc03 0909c88e12759409e6c8549cf820c0ba
.bss 0x23000 0x11c90 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x35000 0xe10 4096 3bca7add7d28fe7987386167da4dffb8a52fc390 2becb3c15eff8f2bdb465ffae1a86fdc
.CRT 0x36000 0x60 512 6bb48364c326bff2996990c3b250ee5960a5c7d4 07e69f3736a8764d0b4dfee6522cd1ac
.tls 0x37000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x38000 0xa9e078 11133440 cd0d2bb897dd3f56a1f4826190f23599ffa102f7 e921d3e984d1186c4d8bc488d198b32a
.reloc 0xad7000 0x94 512 93db17648c3292c955a41e93b141a0b42f69eec0 9ee08ac64f5e3870546c64de50fe714a

PE Resources 2

Name Language Sublanguage Offset Size Data
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x380a0 11131872