11.exe

First submission 2022-08-02 21:33:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 1294.03 KB (1325087 bytes)
Compile time: 1992-06-20 00:22:17
MD5: 70de51ca375c085e9f7ff666d7860673
SHA1: 3e172cd1e9035a7510ab86fa284db00c3f0bcd29
SHA256: 22539844faca3d0029a5421ecc146979eb16ac4257fe8011a84f0686052f5b19
Import Hash : c9adc83b45e363b21cd6b11b5da0501f
Sections 8 CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 4 import resource tls relocation
Virus Total: 34/69 VT report date: 2022-08-02 17:14:20

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://62.204.41.118/11.exe VirusTotal Report 62.204.41.118 VirusTotal Report 2022-08-02 21:33:01

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
CODE 0x1000 0x244cc 148992 b23023c88b9130efa688c77a0d24e6a2c423fab6 5e14e4ede2e2215bc7d72837b9871f8f
DATA 0x26000 0x2894 10752 e6d34e556463e08e8b1c5b5cbb9967c3c662c029 abafcbfbd7f8ac0226ca496a92a0cf06
BSS 0x29000 0x10f5 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x2b000 0x1798 6144 57dbb9ad99992432dba6a1ca14ffddf7780ddf98 a4e0ac39d5ed487ceea059fa23dfce5e
.tls 0x2d000 0x8 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0x2e000 0x18 512 7d9ccb6391020266050c96487449a1aadfbe589d c4fdd0c5c9efb616fcc85d66056ca490
.reloc 0x2f000 0x1884 6656 4d98e9a5cd438d32008aa2db9c2af8f5714c89fd 867a1120317d51734587a74f6ee70016
.rsrc 0x31000 0x1cdc 7680 eb9f6664b465f211cacd0acc5462bf0f36f1c37a 85a1c9f43a8dfa980f9e8f4d178da8be

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x31be8 2216
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x324a0 272
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x325b0 62
RT_VERSION LANG_RUSSIAN SUBLANG_RUSSIAN 0x325f0 884
RT_MANIFEST LANG_RUSSIAN SUBLANG_RUSSIAN 0x32964 886

Meta infos 6

Translation: 0x0409 0x04e4
LegalCopyright: Company
FileDescription: NewProduct 1.00 Installation
Comments:
FileVersion: 1.00
CompanyName: Company

Packers detected 4

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0
BobSoft Mini Delphi -> BoB / BobSoft

Anti debug functions 5

FindWindowA
GetLastError
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
UxTheme.dll
PSAPI.DLL
COMCTL32.dll
ole32.dll
ADVAPI32.dll
USER32.dll
GDI32.dll
OLEAUT32.dll
KERNEL32.dll
cabinet.dll
WINMM.dll
SHELL32.dll

Strings analysis - Possible URLs found 10

https://iplogger.org/1nfDK4
http://www.company.com/
http://
https://iplogger.org/1RCgX4
https://iplogger.org/1R9EV4
https://iplogger.org/1RCTV4
https://iplogger.org/1R7EV4
https://iplogger.org/1RyjC4
https://iplogger.org/1A4aK4
https://iplogger.org/1RLtX4

Import functions

Name Latest seen MD5
1.exe 2022-07-17 11:08:03 67b7a8d8395ae6f46b97b47351adcc8d
tag12312341.exe 2022-07-17 11:52:02 01e48b3b61d25f3a10a7dc0a06e4eb17
vidar.exe 2022-07-17 11:53:03 a6a51c63436cab71241f89451ebe0ac8
namdoitntn.exe 2022-07-17 11:54:02 ce2126d6ce78ff9697fb56967d1b8774
22.exe 2022-07-17 11:55:03 2f7dfe9a88a2197d3c36c5427778585c
F0geI.exe 2022-07-17 11:56:02 de7f65eb86210a7be6f62dfdab90a900
EU.exe 2022-07-26 22:20:02 f052acab310330627d5e20b1107b9d76