DigitalSide Threat Intel

JavUmar1.exe

First submission 2024-10-14 09:37:02

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 7283.0 KB (7457792 bytes)
Compile time: 2024-10-13 17:44:47
MD5: 7105a2ba8c897b6c2072a6ab0bdecdf1
SHA1: d3659027483c2825c8430a41a0c3e439aac78e2f
SHA256: abc53ac9f7564ceba0a7548b880b1e92c8e0329ff9680e3c5f06abcbd4e869b9
Import Hash : 41db2083dac89343aef584a51a80b293
Sections 9 .text .data .rdata .eh_fram .bss .idata .CRT .tls .reloc
Directories 3 import tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 23/77 VT report date: 2024-10-14 09:17:16
Malware Type 1 trojan
Threat Type 1 cryptbot

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.215.113.26/JavUmar1.exe VirusTotal Report 185.215.113.26 VirusTotal Report 2024-10-14 09:37:02

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x4c5528 5002752 7060be3203d8c69d6f471a6d5a3481d11e31b8ae 3b279bf93d94ab22d0e28a73e7862ebd
.data 0x4c7000 0x1da560 1943040 ab6626305e340712c5d8e0b21b86256242f9bb8a 016a019e22381b9a78e4a677dfc29c25
.rdata 0x6a2000 0xf484 62976 7c11b08f40802966a2f02cb80a36c10ff8cc2b9d 6dc914609215d0f0bd0c8235622e4bd1
.eh_fram 0x6b2000 0x210c 8704 bb21be0df063a17882b0ba8e0b7c1cf35a59bce2 992f32ca83fa100daaa498dcbf920a8e
.bss 0x6b5000 0xb74 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x6b6000 0xb78 3072 f259a92c8c002c560c691d03b9151ad45745ed56 97c698ca6b5b7a5c0fcdc583433c42b8
.CRT 0x6b7000 0x30 512 e49e627b7c6243bf7494f5adc26113ffaa38338d 947565758601e59a9e2e145caaaaefe2
.tls 0x6b8000 0x8 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x6b9000 0x6a34c 435200 3197add55af361fbba670a4babac5f798365e027 accad031cb3a2885317d96ea1731e4cc

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
MSVCRT.dll
ADVAPI32.dll
KERNEL32.dll
libgcc_s_dw2-1.dll

Import functions

Function Address Souspicious Anti Debug
CryptAcquireContextA 0xab621c
CryptGenRandom 0xab6220
CryptReleaseContext 0xab6224
Function Address Souspicious Anti Debug
DeleteCriticalSection 0xab622c
EnterCriticalSection 0xab6230
FreeLibrary 0xab6234
GetLastError 0xab6238
GetModuleHandleA 0xab623c
GetModuleHandleW 0xab6240
GetNativeSystemInfo 0xab6244
GetProcAddress 0xab6248
GetProcessHeap 0xab624c
GetStartupInfoA 0xab6250
GetThreadLocale 0xab6254
HeapAlloc 0xab6258
HeapFree 0xab625c
InitializeCriticalSection 0xab6260
IsBadReadPtr 0xab6264
IsDBCSLeadByteEx 0xab6268
LeaveCriticalSection 0xab626c
LoadLibraryA 0xab6270
MultiByteToWideChar 0xab6274
SetLastError 0xab6278
SetUnhandledExceptionFilter 0xab627c
Sleep 0xab6280
TlsGetValue 0xab6284
VirtualAlloc 0xab6288
VirtualFree 0xab628c
VirtualProtect 0xab6290
VirtualQuery 0xab6294
WideCharToMultiByte 0xab6298
lstrlenA 0xab629c
Function Address Souspicious Anti Debug
__getmainargs 0xab62a4
__initenv 0xab62a8
__mb_cur_max 0xab62ac
__p__acmdln 0xab62b0
__p__commode 0xab62b4
__p__fmode 0xab62b8
__set_app_type 0xab62bc
__setusermatherr 0xab62c0
_amsg_exit 0xab62c4
_assert 0xab62c8
_cexit 0xab62cc
_errno 0xab62d0
_chsize 0xab62d4
_exit 0xab62d8
_filelengthi64 0xab62dc
_fileno 0xab62e0
_initterm 0xab62e4
_iob 0xab62e8
_lock 0xab62ec
_onexit 0xab62f0
_unlock 0xab62f4
_wcsnicmp 0xab62f8
abort 0xab62fc
atoi 0xab6300
bsearch 0xab6304
calloc 0xab6308
exit 0xab630c
fclose 0xab6310
fflush 0xab6314
fgetpos 0xab6318
fopen 0xab631c
fputc 0xab6320
fread 0xab6324
free 0xab6328
freopen 0xab632c
fsetpos 0xab6330
fwrite 0xab6334
getc 0xab6338
islower 0xab633c
isspace 0xab6340
isupper 0xab6344
isxdigit 0xab6348
localeconv 0xab634c
malloc 0xab6350
mbstowcs 0xab6354
memcmp 0xab6358
memcpy 0xab635c
memmove 0xab6360
memset 0xab6364
mktime 0xab6368
localtime 0xab636c
difftime 0xab6370
_mkdir 0xab6374
perror 0xab6378
qsort 0xab637c
realloc 0xab6380
remove 0xab6384
setlocale 0xab6388
signal 0xab638c
strchr 0xab6390
strcmp 0xab6394
strerror 0xab6398
strlen 0xab639c
strncmp 0xab63a0
strncpy 0xab63a4
strtol 0xab63a8
strtoul 0xab63ac
tolower 0xab63b0
ungetc 0xab63b4
vfprintf 0xab63b8
time 0xab63bc
wcslen 0xab63c0
wcstombs 0xab63c4
_stat 0xab63c8
_write 0xab63cc
_utime 0xab63d0
_open 0xab63d4
_fileno 0xab63d8
_close 0xab63dc
_chmod 0xab63e0

Related files by ImpHash 7 41db2083dac89343aef584a51a80b293

Name Latest seen MD5
javumarfirst.exe 2024-10-03 21:30:03 506f20dc6d2d9a4bd2725a726679b74e
3.exe 2024-10-07 02:00:06 4574de6b9f970058f5306aa830f3a132
11.exe 2024-10-07 02:55:06 284c99e2aa6644acd914e7d1a245deed
sadsay.exe 2024-10-10 06:26:03 735bb5f55a17215700840c04a8b40a03
JavUmar.exe 2024-10-10 21:07:03 3394808f2d5c141b86e33a51ace8a577
4.exe 2024-10-12 12:53:04 49d7ba824b7249c26927e8a086eb879b
33.exe 2024-10-12 23:11:10 e071b6dd90f4c7a9d23632bfb9517925