lux64.exe

First submission 2024-02-04 18:28:04

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 296.5 KB (303616 bytes)
Compile time: 2022-05-02 13:52:55
MD5: 6db34be976cf8a343f7bfb01dfa87d70
SHA1: 2d2cf446e043623a0a395574fbfc4e88dcaa65c1
SHA256: d64e0a998b3eff49a724312d3528a696b0c92c3ecc2130326864a239dee5e4d4
Import Hash : 6676d6dfd2063d93860eb7a1ce2bd577
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://175.24.197.196/lux64.exe VirusTotal Report 175.24.197.196 VirusTotal Report 2024-02-04 18:28:04

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2f03f 193024 79c9e36424dd995c020dad13e6f7c754103dc8ad ca980dbea2bc7dd8227d77f4ca81ff35
.rdata 0x31000 0xfec0 65536 31e82af0640c088e6a04b807ed1bab18bdc97a7e 944482dca7121964eb21f1a50a4fbff6
.data 0x41000 0xb990 25600 0e46a418af6cc01a1426846e66083ad67374bb76 7ffc4a2806927aff0405f4316915a357
.pdata 0x4d000 0x2aa8 11264 902a9b8ec613686fae0987f2531a0068551f8643 a0873c39bfcf6de0a9cbcc3353362d2d
.rsrc 0x50000 0x1b4 512 b8ef3454a39fb6d7217ba88766ed65b906f7d02e fe873a7da75e1ecb94b684f88caf6202
.reloc 0x51000 0x1992 6656 60f8545a26cbf6f947df25d52ad20ab420a708f8 be966111fd4d60fbd7785c515ee82633

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x50058 346

Packers detected 2

Microsoft Visual C++ 8.0 (DLL)
Microsoft Visual C++ 8.0

Anti debug functions 8

FindWindowA
GetLastError
IsDebuggerPresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
SHELL32.dll
KERNEL32.dll
ntdll.dll
USER32.dll
ADVAPI32.dll
WININET.dll
mscoree.dll
NETAPI32.dll
SHLWAPI.dll
WINMM.dll
OLEAUT32.dll
WS2_32.dll
DINPUT8.dll
ole32.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Import functions

Name Latest seen MD5
output_64.exe 2024-02-04 18:26:18 b27c86172b5ae181811cc482e218df58