11.exe

First submission 2022-08-02 21:33:01

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
File type:	1294.03 KB (1325087 bytes)
Compile time:	1992-06-20 00:22:17
MD5:	70de51ca375c085e9f7ff666d7860673
SHA1:	3e172cd1e9035a7510ab86fa284db00c3f0bcd29
SHA256:	22539844faca3d0029a5421ecc146979eb16ac4257fe8011a84f0686052f5b19
Import Hash :	c9adc83b45e363b21cd6b11b5da0501f
Sections 8	CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 4	import resource tls relocation
Virus Total:	34/69 VT report date: 2022-08-02 17:14:20

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://62.204.41.118/11.exe	62.204.41.118	2022-08-02 21:33:01

PE Sections 3 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
CODE	0x1000	0x244cc	148992	b23023c88b9130efa688c77a0d24e6a2c423fab6	5e14e4ede2e2215bc7d72837b9871f8f
DATA	0x26000	0x2894	10752	e6d34e556463e08e8b1c5b5cbb9967c3c662c029	abafcbfbd7f8ac0226ca496a92a0cf06
BSS	0x29000	0x10f5	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0x2b000	0x1798	6144	57dbb9ad99992432dba6a1ca14ffddf7780ddf98	a4e0ac39d5ed487ceea059fa23dfce5e
.tls	0x2d000	0x8	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rdata	0x2e000	0x18	512	7d9ccb6391020266050c96487449a1aadfbe589d	c4fdd0c5c9efb616fcc85d66056ca490
.reloc	0x2f000	0x1884	6656	4d98e9a5cd438d32008aa2db9c2af8f5714c89fd	867a1120317d51734587a74f6ee70016
.rsrc	0x31000	0x1cdc	7680	eb9f6664b465f211cacd0acc5462bf0f36f1c37a	85a1c9f43a8dfa980f9e8f4d178da8be

PE Resources 5

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x31be8	2216
RT_RCDATA	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x324a0	272
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x325b0	62
RT_VERSION	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x325f0	884	PE Resource: RT_VERSION - Data t4VS_VERSION_INFO?StringFileInfo040904e4Comments=CompanyNameCompany =FileDescriptionNewProduct 1.00 Installation JFileVersion1.00 eLegalCopyrightCompany DVarFileInfo$Translation
RT_MANIFEST	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x32964	886	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="" name="Microsoft.Windows.SIM" type="win32"/> <description>Smart Install Maker - create setup software</description> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator"/> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" publicKeyToken="6595b64144ccf1df" language="" processorArchitecture="*"/> </dependentAssembly> </dependency> </assembly>

Meta infos 6

Translation:	0x0409 0x04e4
LegalCopyright:	Company
FileDescription:	NewProduct 1.00 Installation
Comments:
FileVersion:	1.00
CompanyName:	Company

Packers detected 4

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0
BobSoft Mini Delphi -> BoB / BobSoft

Anti debug functions 5

FindWindowA
GetLastError
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
UxTheme.dll
PSAPI.DLL
COMCTL32.dll
ole32.dll
ADVAPI32.dll
USER32.dll
GDI32.dll
OLEAUT32.dll
KERNEL32.dll
cabinet.dll
WINMM.dll
SHELL32.dll

Strings analysis - Possible URLs found 10

https://iplogger.org/1nfDK4
http://www.company.com/
http://
https://iplogger.org/1RCgX4
https://iplogger.org/1R9EV4
https://iplogger.org/1RCTV4
https://iplogger.org/1R7EV4
https://iplogger.org/1RyjC4
https://iplogger.org/1A4aK4
https://iplogger.org/1RLtX4

Import functions

cabinet.dll 3 kernel32.dll 88 ole32.dll 6 oleaut32.dll 3 winmm.dll 2 gdi32.dll 39 comctl32.dll 4 shell32.dll 8 advapi32.dll 19 user32.dll 77

Function	Address	Souspicious	Anti Debug
FDIDestroy	0x42b5c8
FDICopy	0x42b5cc
FDICreate	0x42b5d0

Function	Address	Souspicious	Anti Debug
DeleteCriticalSection	0x42b1cc
LeaveCriticalSection	0x42b1d0
EnterCriticalSection	0x42b1d4
InitializeCriticalSection	0x42b1d8
VirtualFree	0x42b1dc
VirtualAlloc	0x42b1e0
LocalFree	0x42b1e4
LocalAlloc	0x42b1e8
GetVersion	0x42b1ec
GetCurrentThreadId	0x42b1f0
WideCharToMultiByte	0x42b1f4
GetThreadLocale	0x42b1f8
GetStartupInfoA	0x42b1fc
GetLocaleInfoA	0x42b200
GetCommandLineA	0x42b204
FreeLibrary	0x42b208
ExitProcess	0x42b20c
WriteFile	0x42b210
UnhandledExceptionFilter	0x42b214
RtlUnwind	0x42b218
RaiseException	0x42b21c
GetStdHandle	0x42b220
TlsSetValue	0x42b250
TlsGetValue	0x42b254
LocalAlloc	0x42b258
GetModuleHandleA	0x42b25c
WriteFile	0x42b288
WinExec	0x42b28c
WaitForSingleObject	0x42b290
TerminateProcess	0x42b294
SystemTimeToFileTime	0x42b298
Sleep	0x42b29c
SetFileTime	0x42b2a0
SetFilePointer	0x42b2a4
SetErrorMode	0x42b2a8
SetEndOfFile	0x42b2ac
ReadFile	0x42b2b0
OpenProcess	0x42b2b4
MultiByteToWideChar	0x42b2b8
LocalFileTimeToFileTime	0x42b2bc
LoadLibraryA	0x42b2c0
GlobalFree	0x42b2c4
GlobalAlloc	0x42b2c8
GetVersion	0x42b2cc
GetUserDefaultLangID	0x42b2d0
GetProcAddress	0x42b2d4
GetModuleHandleA	0x42b2d8
GetLocalTime	0x42b2dc
GetLastError	0x42b2e0
GetFileTime	0x42b2e4
GetFileSize	0x42b2e8
GetExitCodeProcess	0x42b2ec
GetCurrentThread	0x42b2f0
GetCurrentProcess	0x42b2f4
FreeLibrary	0x42b2f8
FindClose	0x42b2fc
FileTimeToSystemTime	0x42b300
FileTimeToLocalFileTime	0x42b304
DosDateTimeToFileTime	0x42b308
CompareFileTime	0x42b30c
CloseHandle	0x42b310
WritePrivateProfileStringA	0x42b528
SetFileAttributesA	0x42b52c
SetCurrentDirectoryA	0x42b530
RemoveDirectoryA	0x42b534
LoadLibraryA	0x42b538
GetWindowsDirectoryA	0x42b53c
GetVersionExA	0x42b540
GetTimeFormatA	0x42b544
GetTempPathA	0x42b548
GetSystemDirectoryA	0x42b54c
GetShortPathNameA	0x42b550
GetPrivateProfileStringA	0x42b554
GetModuleHandleA	0x42b558
GetModuleFileNameA	0x42b55c
GetFullPathNameA	0x42b560
GetFileAttributesA	0x42b564
GetDiskFreeSpaceA	0x42b568
GetDateFormatA	0x42b56c
GetComputerNameA	0x42b570
GetCommandLineA	0x42b574
FindNextFileA	0x42b578
FindFirstFileA	0x42b57c
ExpandEnvironmentStringsA	0x42b580
DeleteFileA	0x42b584
CreateFileA	0x42b588
CreateDirectoryA	0x42b58c
CompareStringA	0x42b590

Function	Address	Souspicious	Anti Debug
OleInitialize	0x42b490
OleInitialize	0x42b5d8
CoTaskMemFree	0x42b5dc
CoCreateInstance	0x42b5e0
CoUninitialize	0x42b5e4
CoInitialize	0x42b5e8

Function	Address	Souspicious	Anti Debug
SysFreeString	0x42b244
SysReAllocStringLen	0x42b248
SysAllocStringLen	0x42b488

Function	Address	Souspicious	Anti Debug
timeKillEvent	0x42b47c
timeSetEvent	0x42b480

Function	Address	Souspicious	Anti Debug
StretchDIBits	0x42b318
StretchBlt	0x42b31c
SetWindowOrgEx	0x42b320
SetTextColor	0x42b324
SetStretchBltMode	0x42b328
SetRectRgn	0x42b32c
SetROP2	0x42b330
SetPixel	0x42b334
SetDIBits	0x42b338
SetBrushOrgEx	0x42b33c
SetBkMode	0x42b340
SetBkColor	0x42b344
SelectObject	0x42b348
SaveDC	0x42b34c
RestoreDC	0x42b350
OffsetRgn	0x42b354
MoveToEx	0x42b358
IntersectClipRect	0x42b35c
GetStockObject	0x42b360
GetPixel	0x42b364
GetDIBits	0x42b368
ExtSelectClipRgn	0x42b36c
ExcludeClipRect	0x42b370
DeleteObject	0x42b374
DeleteDC	0x42b378
CreateSolidBrush	0x42b37c
CreateRectRgn	0x42b380
CreateDIBitmap	0x42b384
CreateDIBSection	0x42b388
CreateCompatibleDC	0x42b38c
CreateCompatibleBitmap	0x42b390
CreateBrushIndirect	0x42b394
CreateBitmap	0x42b398
CombineRgn	0x42b39c
BitBlt	0x42b3a0
GetTextExtentPoint32A	0x42b514
GetObjectA	0x42b518
CreateFontIndirectA	0x42b51c
AddFontResourceA	0x42b520

Function	Address	Souspicious	Anti Debug
ImageList_Draw	0x42b498
ImageList_SetBkColor	0x42b49c
ImageList_Create	0x42b4a0
InitCommonControls	0x42b4a4

Function	Address	Souspicious	Anti Debug
SHGetFileInfoA	0x42b4ac
ShellExecuteExA	0x42b5bc
ShellExecuteA	0x42b5c0
SHGetSpecialFolderLocation	0x42b5f0
SHGetPathFromIDListA	0x42b5f4
SHGetMalloc	0x42b5f8
SHChangeNotify	0x42b5fc
SHBrowseForFolderA	0x42b600

Function	Address	Souspicious	Anti Debug
RegQueryValueExA	0x42b234
RegOpenKeyExA	0x42b238
RegCloseKey	0x42b23c
RegCloseKey	0x42b264
OpenThreadToken	0x42b268
OpenProcessToken	0x42b26c
GetTokenInformation	0x42b270
FreeSid	0x42b274
EqualSid	0x42b278
AllocateAndInitializeSid	0x42b27c
AdjustTokenPrivileges	0x42b280
RegSetValueExA	0x42b598
RegQueryValueExA	0x42b59c
RegQueryInfoKeyA	0x42b5a0
RegOpenKeyExA	0x42b5a4
RegEnumKeyExA	0x42b5a8
RegCreateKeyExA	0x42b5ac
LookupPrivilegeValueA	0x42b5b0
GetUserNameA	0x42b5b4

Function	Address	Souspicious	Anti Debug
GetKeyboardType	0x42b228
MessageBoxA	0x42b22c
WaitMessage	0x42b3a8
ValidateRect	0x42b3ac
TranslateMessage	0x42b3b0
ShowWindow	0x42b3b4
SetWindowPos	0x42b3b8
SetTimer	0x42b3bc
SetParent	0x42b3c0
SetForegroundWindow	0x42b3c4
SetFocus	0x42b3c8
SetCursor	0x42b3cc
SendMessageA	0x42b3d0
ScreenToClient	0x42b3d4
ReleaseDC	0x42b3d8
PostQuitMessage	0x42b3dc
OffsetRect	0x42b3e0
KillTimer	0x42b3e4
IsZoomed	0x42b3e8
IsWindowVisible	0x42b3ec
IsWindowEnabled	0x42b3f0
IsWindow	0x42b3f4
IsIconic	0x42b3f8
InvalidateRect	0x42b3fc
GetWindowRgn	0x42b400
GetWindowRect	0x42b404
GetWindowDC	0x42b408
GetUpdateRgn	0x42b40c
GetSystemMetrics	0x42b410
GetSystemMenu	0x42b414
GetSysColor	0x42b418
GetParent	0x42b41c
GetWindow	0x42b420
GetKeyState	0x42b424
GetFocus	0x42b428
GetDCEx	0x42b42c
GetDC	0x42b430
GetCursorPos	0x42b434
GetClientRect	0x42b438
GetCapture	0x42b43c
FillRect	0x42b440
ExitWindowsEx	0x42b444
EnumWindows	0x42b448
EndPaint	0x42b44c
EnableWindow	0x42b450
EnableMenuItem	0x42b454
DrawIcon	0x42b458
DestroyWindow	0x42b45c
DestroyIcon	0x42b460
DeleteMenu	0x42b464
CopyImage	0x42b468
ClientToScreen	0x42b46c
BeginPaint	0x42b470
CharLowerBuffA	0x42b474
wvsprintfA	0x42b4b4
SetWindowLongA	0x42b4b8
SetPropA	0x42b4bc
SendMessageA	0x42b4c0
RemovePropA	0x42b4c4
RegisterClassA	0x42b4c8
PostMessageA	0x42b4cc
PeekMessageA	0x42b4d0
MessageBoxA	0x42b4d4
LoadIconA	0x42b4d8
LoadCursorA	0x42b4dc
GetWindowTextLengthA	0x42b4e0
GetWindowTextA	0x42b4e4
GetWindowLongA	0x42b4e8
GetPropA	0x42b4ec
GetClassLongA	0x42b4f0
GetClassInfoA	0x42b4f4
FindWindowA	0x42b4f8
DrawTextA	0x42b4fc
DispatchMessageA	0x42b500
DefWindowProcA	0x42b504
CreateWindowExA	0x42b508
CallWindowProcA	0x42b50c

Name	Latest seen	MD5
1.exe	2022-07-17 11:08:03	67b7a8d8395ae6f46b97b47351adcc8d
tag12312341.exe	2022-07-17 11:52:02	01e48b3b61d25f3a10a7dc0a06e4eb17
vidar.exe	2022-07-17 11:53:03	a6a51c63436cab71241f89451ebe0ac8
namdoitntn.exe	2022-07-17 11:54:02	ce2126d6ce78ff9697fb56967d1b8774
22.exe	2022-07-17 11:55:03	2f7dfe9a88a2197d3c36c5427778585c
F0geI.exe	2022-07-17 11:56:02	de7f65eb86210a7be6f62dfdab90a900
EU.exe	2022-07-26 22:20:02	f052acab310330627d5e20b1107b9d76