200.exe

First submission 2024-07-09 13:08:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 513.0 KB (525312 bytes)
Compile time: 2023-08-14 12:03:36
MD5: 6e92403000cd93d2283f0e2ade62d143
SHA1: 5e465ee6eaee422dd1da281ff9ef652a3c04f065
SHA256: 75887848fa990fa853d474551f3fbd7608f1c482a4379d6a93cdb2f3c405e07a
Import Hash : a29b75aa02b5d1109f62547b7ede22a2
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 31/78 VT report date: 2024-07-09 12:51:32
Malware Type 2 trojan pua
Threat Type 2 krypt tofsee

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://fookonline.com/tech/200.exe VirusTotal Report fookonline.com VirusTotal Report 2024-07-09 13:08:04

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6727e 422912 7241176c0e48f4a5a18c784d411769ed9fdc209b 9734a889b64c8a6be5c5bb7f9eb29ef6
.rdata 0x69000 0x3010 12800 1b90d7a3501af200b2f5cea7de3b49bbf06eba5e 15c7ac4f13ea5d913aa108279702c3ff
.data 0x6d000 0x23efa84 45056 667ae38f6d2668498e42eb90832da00098960184 83eddc207c6a8a7a77aafd8c9b15057e
.rsrc 0x245d000 0xa990 43520 aaec9bf08f6c44e42ae58ca339d7050f0376dc0e cab7e2cbb4fe6a70aa8d3128f8a057ba

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_JAPANESE SUBLANG_DEFAULT 0x2466850 1128
RT_DIALOG LANG_NEUTRAL SUBLANG_NEUTRAL 0x2466fb8 88
RT_STRING LANG_JAPANESE SUBLANG_DEFAULT 0x2467790 508
RT_GROUP_ICON LANG_JAPANESE SUBLANG_DEFAULT 0x2466cb8 118
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x2466d30 648

Meta infos 8

LegalCopyright: Copyrights (C) 2023, Navisradi
InternalName: Lie
FileVersions: 62.76.74.12
FileDescription: FeelsLike
OriginalFilenames: Otlasi
Translation: 0x0f6d 0x041d
ProductVersions: 41.62.63.10
ProductName: Morjez

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
MSIMG32.dll
WUSER32.DLL
mscoree.dll
ADVAPI32.dll
WINHTTP.dll
ole32.dll
USER32.dll

Strings analysis - Possible IPs found 2

62.76.74.12
41.62.63.10

Import functions