ipscan.exe

First submission 2024-09-28 16:15:03 Last sumbission 2024-10-15 19:38:05

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Mime type:	application/x-dosexec
File size:	108.5 KB (111104 bytes)
Compile time:	2004-04-07 19:48:10
MD5:	6c1bcf0b1297689c8c4c12cc70996a75
SHA1:	9d99a2446aa54f00af0b049f54afa52617a6a473
SHA256:	40dc213fe4551740e12cac575a9880753a9dacd510533f31bd7f635e743a7605
Import Hash :	9368eb48dce6312cc6e8d24b90c63070
Sections 3	UPX0 UPX1 .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	37/77 VT report date: 2024-09-28 05:26:33
Malware Type 3	hacktool pua trojan
Threat Type 3	portscan nettool angry

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://file.edunet.ac/ipscan.exe	file.edunet.ac	2024-10-15 19:38:10

PE Sections 2 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
UPX0	0x1000	0x2e000	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
UPX1	0x2f000	0x1a000	104448	6b3d1eb2e337b1756595889649fd2ccf7eb20d7f	7c30587528d73cde0f0955557a5cec92
.rsrc	0x49000	0x2000	5632	fc0a33c8f1239eed00369bc39e757210603a94b8	5cc6d5f69163fe15be4454b775f4745b

PE Resources 11

Name	Language	Sublanguage	Offset	Size	Data
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x42df0	180
RT_BITMAP	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x437c8	324
RT_ICON	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x49eb8	296
RT_MENU	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x3ebd0	1886	PE Resource: RT_MENU - Data Tp@>N>^P%tGE @WXMt`"v{D&$rb V mytJ;me+ [C>r8wXC.ahg8iZp~Iwl3+d/vq 39tlNu}f[_P\|`CRN^L}a3V2V5(p?0Xth/}d=j$=v=1dq] 9=#j0=)Wdn[g97_xu&~B;62tuV2OyYQ!Z)\V:9Yu Tl(Gu+"&Nh,@<;[+A0@9vk-R8xt.X%g(0PQi 5J>IEQ]FR5/;J}C),jbt#j\M=L)AA00KPdLI1 x\|Fi=A7kHV<m#P\c@7PwDoL\KqWPU= S)@ %n8F BsFz^:&cp]XUOJQ 7\:6j,<n$m3L&P!Ld3$WNtT_=OYs}Ci )$N: 'g=hP02+e);@Le@ZrBH" `oRd4%58E@V(\y@8ki`\|a\ L{(!t kEOuUD:iLpQ k@5@mSV"TP4iIx-[x8Szy}u${+]+>)Mm (;'1;z;~9{a};u4 ]~ ?t$ujVV1}nBjiu+t5mx:H{E;PTqPcWu!(NPB@&% mFF Vf~=4t[~}8C//i)wy&`(CWw_gtYugR P2F m#h_thd6`,Ys6CB=~m4Wb=r= [wRd^B3UW-([~\$atQ&;YssNLq8ec8H\|)0<%vPUqgY0IXf$e1$mNy<i u6WhnS,(Jn% jL-\pte#9 Jtu6pf<Udar&WUf$KM$8v!x$$4yH~T%,(#Fp6X60u 0{ &BWaBDSh6S3]~5?nU,u']4I 8 tk7faG(\6*4'}a@!RKgnWP!tB<#KQ[@j%j P2@d tN@ 6n t!8}?Xp Ma[t -zVhJ(hZW/K-'hI`7M<vh~f;N@e-y?D@tj@>]rx
RT_DIALOG	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x434b8	232
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x450f8	44
RT_ACCELERATOR	LANG_NEUTRAL	SUBLANG_DEFAULT	0x40048	200
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x42ea8	34
RT_GROUP_ICON	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x49fe4	34
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x4a00c	832	PE Resource: RT_VERSION - Data @4VS_VERSION_INFO?StringFileInfo\|040904b0CommentsHCompanyNameAngryziber SoftwareJFileDescriptionAngry IP scanner6FileVersion0, 0, 0, 0.InternalNameipscanJLegalCopyrightCopyright (C) 2000(LegalTrademarks>OriginalFilenameipscan.exe PrivateBuild ProductName:ProductVersion0, 0, 0, 0 SpecialBuildDVarFileInfo$Translation
None	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x41be0	466

Meta infos 13

LegalCopyright:	Copyright (C) 2000
InternalName:	ipscan
FileVersion:	0, 0, 0, 0
FileDescription:	Angry IP scanner
SpecialBuild:
CompanyName:	Angryziber Software
LegalTrademarks:
Comments:
ProductName:
ProductVersion:	0, 0, 0, 0
PrivateBuild:
Translation:	0x0409 0x04b0
OriginalFilename:	ipscan.exe

Packers detected 3

UPX v0.80 - v0.84
UPX 2.90 (LZMA)
UPX -> www.upx.sourceforge.net

Strings analysis - File found

Library
ADVAPI32.dll
SHELL32.dll
KERNEL32.dll
COMDLG32.dll
+.DLL
USER32.dll
COMCTL32.dll
GDI32.dll
ole32.dll
WSOCK32.dll

Import functions

comdlg32.dll 1 GDI32.dll 1 SHELL32.dll 1 KERNEL32.DLL 3 WINSPOOL.DRV 1 ADVAPI32.dll 1 WSOCK32.dll 1 ole32.dll 1 USER32.dll 1 COMCTL32.dll 1

Function	Address	Souspicious	Anti Debug
GetOpenFileNameA	0x44a448

Function	Address	Souspicious	Anti Debug
SaveDC	0x44a450

Function	Address	Souspicious	Anti Debug
SHGetMalloc	0x44a460

Function	Address	Souspicious	Anti Debug
LoadLibraryA	0x44a428
GetProcAddress	0x44a42c
ExitProcess	0x44a430

Function	Address	Souspicious	Anti Debug
OpenPrinterA	0x44a470

Function	Address	Souspicious	Anti Debug
RegCloseKey	0x44a438

Function	Address	Souspicious	Anti Debug
getservbyname	0x44a478

Function	Address	Souspicious	Anti Debug
CoInitialize	0x44a458

Function	Address	Souspicious	Anti Debug
GetDC	0x44a468

Function	Address	Souspicious	Anti Debug
None	0x44a440