1_encoded.exe
First submission 2024-09-03 12:24:02
Last sumbission 2024-10-14 23:32:02
File details
| File type: | PE32+ executable (GUI) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 7.0 KB (7168 bytes) |
| Compile time: | 2010-04-15 00:06:53 |
| MD5: | 6c098287139a5808d04237dd4cdaec3f |
| SHA1: | aea943805649919983177a66d3d28a5e964da027 |
| SHA256: | 53932083665adaf933f3d524e1d8399ee4530e03b53d0d39fcbc227041e6a787 |
| Import Hash : | b4c6fff030479aa3b12625be67bf4914 |
| Sections 3 | .text��� .rdata�� .uqso��� |
| Directories 2 | import relocation |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 54/79 VT report date: 2024-09-03 12:02:25 |
| Malware Type 2 | trojan hacktool |
| Threat Type 3 | metasploit rozena meterpreter |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://fish.hackbiji.cc/1_encoded.exe  |
fish.hackbiji.cc |
2024-10-14 23:32:04 |
PE Sections 2 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x104e | 4608 | e66374a7f405687da2de82ab3fbcad13858fa6b2 | a4a5deae25708a9e05f50bcad7075c86 | |
| .rdata�� | 0x3000 | 0x84 | 512 | 8885def670a24a00f44a9116b8f3026d05018237 | 7da018c884ec2544252f77ce4b577778 | |
| .uqso��� | 0x4000 | 0x2c8 | 1024 | ea228b6a7d2edfd2c7b7ee75d9c2bc1c5cdbba28 | 12130d227e2a90545bcf1d84e9f0822f |
Strings analysis - File found
| Library |
| KERNEL32.dll |
Import functions
| Name | Latest seen | MD5 |
|---|---|---|
| bad.exe | 2022-10-30 08:35:02 | fc29a78b088f4f8763b539951c0224be |
| danger.exe | 2022-10-30 08:39:01 | 84e3dd5b7aa0d74884c87cce88d44424 |
| laliga.exe | 2022-10-30 08:46:01 | b233e282903a8868b63d0b1ca8f99388 |
| hello1.exe | 2022-11-12 10:39:07 | a25b1023588ff9f60c9f077225e87dd3 |
| NetSySCLI.exe | 2023-03-23 07:17:03 | 367030209dfe9a7f1631b8edad37cfa3 |
| payload.exe | 2023-03-24 13:51:04 | 67e524e151efc62a8f5d3bbf8531e70a |
| reverse.exe | 2023-04-25 11:13:01 | d32a31a376731f31251a2d17ea3828bf |
| reverse.exe | 2024-05-16 09:55:03 | a82bf5b8bd59d570d8731e1a3d79051f |
| 64.exe | 2024-05-20 07:17:02 | e1517885f6c71f7b3dafa6d4610c4762 |
| win-test.exe | 2024-05-24 09:32:02 | eb5d27678207ba63921c0b18a655bf3f |
| reverse.exe | 2024-05-29 10:51:02 | 4d26ca2043c4603d6c5b6f235811b779 |
| rev.exe | 2024-05-29 10:52:02 | b3e1688a68a66cf3844242de091a1dde |
| rev5555.exe | 2024-05-29 10:53:01 | f75045a4f4bcd1bc4bb24e2e284e9c68 |
| 4441.exe | 2024-05-29 10:54:02 | 50a2e65a4d576d9aeb3b0b396ae3e898 |
| itit.exe | 2024-05-29 10:55:02 | a63b46b7836c6c260dc4b37d7c640d3f |
| rev5757.exe | 2024-05-29 10:56:01 | da7b09c790012d9eb2bcddf7ea88a2cd |
| rev1.exe | 2024-05-29 10:58:01 | 286a3f0b531a16a03b70c53a85df0e2a |
| rev5656.exe | 2024-05-29 10:59:02 | 6a9cbc059911a2dc01fbdb901a0107e8 |
| dmshell.exe | 2024-06-28 09:27:01 | a62abdeb777a8c23ca724e7a2af2dbaa |
| reverse.exe | 2024-06-27 18:32:02 | 8d4d8e821af9e7bdcdaa505c7234fa25 |
| ssdfsa | 2024-07-02 08:57:02 | 079141b41d33eb41162ccea4de999d02 |
| zdalne | 2024-07-02 08:58:02 | 51cb8a1abde68de1732d00a5edd0b09c |
| tv2.exe | 2024-07-16 07:52:02 | 108f1fb53a61d46e8df4331ed0724c9d |
| prompt.exe | 2024-09-03 08:36:02 | 26ea34638c9aab0fb5411b9944f50404 |
| rev.exe | 2024-09-03 08:39:01 | c457b64b8faf93fb23adb3d3b6a6cb78 |
| payload.exe | 2024-10-14 17:48:02 | ca6ae34bf2b35aacb25a27f94fb1f7d5 |
| msf4448.exe | 2024-09-24 05:50:05 | aa752f99b9bfd2ebbb36acdfdf2fa2b8 |
| mvchost.exe | 2024-09-28 15:23:03 | 4f121ea16b6d93625750722b82b68566 |
| payload.exe | 2024-09-28 23:04:03 | 84645e696ff3763e398258c36c38643b |
| met.exe | 2024-10-06 04:12:02 | fa6b37cebbbfc8d88e026cc7667498e4 |