08-01-203902.exe

First submission 2022-08-01 16:41:03

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
File type: 772.5 KB (791040 bytes)
Compile time: 2019-03-29 20:33:58
MD5: 6ba6939dd3340c258d0bb7e6713f7a8f
SHA1: 484e48d05ddb8896451835044ec2d0d55ae91a87
SHA256: b272e8e8ffe0f39e02eb7dcbda676eb53dc20697d0811b1abbfb7bd04895cec7
Import Hash : 5bc8a0631fa7fd2b752e4b03f17591f9
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 4 import resource tls relocation
Virus Total: 11/70 VT report date: 2022-08-01 14:15:51

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://173.242.115.166/AAAA/1/08-01-203902.exe VirusTotal Report 173.242.115.166 VirusTotal Report 2022-08-01 16:41:03

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x51fd5 335872 b01f46eaf6ba8ce33ac00503b963df713c3b0f66 ad30ef5a3f7c719702970eeb0dee7113
.rdata 0x53000 0x2de1c 188416 08f71d8e287b17d205e5315819fff42bf027ac7a 4b59868dc81d8a185a83fa6625479a90
.data 0x81000 0xe438 36864 a5c1af0c1ce21cd844f5d8de2d64e3533be9959f a96694423325ba172550f63356fc758f
.pdata 0x90000 0x1524 5632 81e5937b17758e80ab8720ef972edd23a31d2cbe 4d629b40c80d15b7b3c32a369e45297f
.rsrc 0x92000 0x365d8 222720 24dc0359053e1290c9dce1d981de29e7449791e0 0ad083ca2858dd3c56d45e056a48c472
.reloc 0xc9000 0x38 512 2a45264965614211c44a809455e4e1b68b0383d9 f4d26382f1fcfa3d0b24fb236699ccaf

PE Resources 4

Name Language Sublanguage Offset Size Data
OCX LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x96650 204288
RT_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x961a8 1128
RT_GROUP_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x96610 62
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xc8450 392

Anti debug functions 6

FindWindowW
GetLastError
OutputDebugStringW
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
ntdll.dll
USER32.dll
GDI32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
08-01-022710.exe 2022-08-01 15:27:03 d557f062295665080e28063b06b35872
07-31-125922.exe 2022-08-01 17:18:03 95a7535e2d9c9476854c21e9d60cda33