DigitalSide Threat Intel

vur.exe

First submission 2023-09-12 21:51:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 276.5 KB (283136 bytes)
Compile time: 2023-09-12 21:50:34
MD5: 73a427553c9c3d8b5f5377630c5d9c61
SHA1: 27ff7774709f7dae0508241527d41b64a462145b
SHA256: 1e645eaf6838de6fd68cf4e293a8fee949512f19aa20d86f29afdf307d16e11f
Import Hash : 29c8b785823d6c11cf3aae5ebbb5f0e6
Sections 6 .text .rdata .data .bsp .rsrc .reloc
Directories 6 import export resource debug tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://77.91.124.231/smo/vur.exe VirusTotal Report 77.91.124.231 VirusTotal Report 2023-09-12 21:51:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2967c 169984 5255d2ee1d0dbf2c6f13603672b31a9eb96a9574 e401759721431b264499436cf2ba1a4f
.rdata 0x2b000 0xefa4 61440 7727ae5fd5b730cab6f41484d613f43c7ffe4d75 862262869583e9218d7e53e838700755
.data 0x3a000 0x2b10 7168 fefb6b70c80057e7f8b64544dd1869073489b200 ed3356dfdf856ccbae026cf6e70449f8
.bsp 0x3d000 0x8290 33792 d3fdd256ce42bada3f4a30b92ef14b2c87dfa344 437a582c75fe22c5fd230285a70e2c38
.rsrc 0x46000 0x1e0 512 0c4cf7ebbc143c7e4d8999528427acfafff801a6 83417fcae73ddfc36ec916d353fad7fd
.reloc 0x47000 0x22f0 9216 da2c82382ea48281c99469408c7451386ce94b6b 7b2f50f4561f7994a8a87fcd061a3525

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x46060 381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
api-ms-win-core-synch-l1-2-0.dll
mscoree.dll
KERNEL32.dll
USER32.dll
ole32.dll

Import functions

Function Address Souspicious Anti Debug
CoGetApartmentType 0x42b198
CoGetObjectContext 0x42b19c
Function Address Souspicious Anti Debug
CreateFileW 0x42b000
HeapSize 0x42b004
ReadConsoleW 0x42b008
SetStdHandle 0x42b00c
GetProcessHeap 0x42b010
GetLastError 0x42b014
RaiseException 0x42b018
GetCurrentThreadId 0x42b01c
IsProcessorFeaturePresent 0x42b020
FreeLibraryWhenCallbackReturns 0x42b024
CreateThreadpoolWork 0x42b028
SubmitThreadpoolWork 0x42b02c
CloseThreadpoolWork 0x42b030
GetModuleHandleExW 0x42b034
MultiByteToWideChar 0x42b038
InitializeConditionVariable 0x42b03c
WakeConditionVariable 0x42b040
WakeAllConditionVariable 0x42b044
SleepConditionVariableSRW 0x42b048
InitOnceComplete 0x42b04c
InitOnceBeginInitialize 0x42b050
GetStringTypeW 0x42b054
InitializeSRWLock 0x42b058
ReleaseSRWLockExclusive 0x42b05c
AcquireSRWLockExclusive 0x42b060
TryAcquireSRWLockExclusive 0x42b064
WideCharToMultiByte 0x42b068
CloseHandle 0x42b06c
WaitForSingleObjectEx 0x42b070
GetExitCodeThread 0x42b074
QueryPerformanceCounter 0x42b078
EnterCriticalSection 0x42b07c
LeaveCriticalSection 0x42b080
InitializeCriticalSectionEx 0x42b084
DeleteCriticalSection 0x42b088
EncodePointer 0x42b08c
DecodePointer 0x42b090
LCMapStringEx 0x42b094
GetSystemTimeAsFileTime 0x42b098
GetModuleHandleW 0x42b09c
GetProcAddress 0x42b0a0
WriteConsoleW 0x42b0a4
GetCPInfo 0x42b0a8
InitializeCriticalSectionAndSpinCount 0x42b0ac
SetEvent 0x42b0b0
ResetEvent 0x42b0b4
CreateEventW 0x42b0b8
UnhandledExceptionFilter 0x42b0bc
SetUnhandledExceptionFilter 0x42b0c0
GetCurrentProcess 0x42b0c4
TerminateProcess 0x42b0c8
IsDebuggerPresent 0x42b0cc
GetStartupInfoW 0x42b0d0
GetCurrentProcessId 0x42b0d4
InitializeSListHead 0x42b0d8
SetEnvironmentVariableW 0x42b0dc
RtlUnwind 0x42b0e0
SetLastError 0x42b0e4
TlsAlloc 0x42b0e8
TlsGetValue 0x42b0ec
TlsSetValue 0x42b0f0
TlsFree 0x42b0f4
FreeLibrary 0x42b0f8
LoadLibraryExW 0x42b0fc
CreateThread 0x42b100
ExitThread 0x42b104
FreeLibraryAndExitThread 0x42b108
ExitProcess 0x42b10c
GetModuleFileNameW 0x42b110
GetStdHandle 0x42b114
WriteFile 0x42b118
GetCommandLineA 0x42b11c
GetCommandLineW 0x42b120
HeapAlloc 0x42b124
HeapFree 0x42b128
CompareStringW 0x42b12c
LCMapStringW 0x42b130
GetLocaleInfoW 0x42b134
IsValidLocale 0x42b138
GetUserDefaultLCID 0x42b13c
EnumSystemLocalesW 0x42b140
GetFileType 0x42b144
GetFileSizeEx 0x42b148
SetFilePointerEx 0x42b14c
FlushFileBuffers 0x42b150
GetConsoleOutputCP 0x42b154
GetConsoleMode 0x42b158
ReadFile 0x42b15c
HeapReAlloc 0x42b160
FindClose 0x42b164
FindFirstFileExW 0x42b168
FindNextFileW 0x42b16c
IsValidCodePage 0x42b170
GetACP 0x42b174
GetOEMCP 0x42b178
GetEnvironmentStringsW 0x42b17c
FreeEnvironmentStringsW 0x42b180
Function Address Souspicious Anti Debug
GetForegroundWindow 0x42b188
CreatePopupMenu 0x42b18c
FlashWindowEx 0x42b190

PE Exports 1 suspicious

Function Address
_jbxjgbguyw3@4 0x405420

Related files by ImpHash 3 29c8b785823d6c11cf3aae5ebbb5f0e6

Name Latest seen MD5
fotod445.exe 2023-09-12 20:11:03 4f125016bafd01db0f30a335c199497c
foto5445.exe 2023-09-13 10:55:03 3ee86d1734ad1891b99c7fdeb5382960
cryptedBB.exe 2023-09-13 15:12:02 3dd01710d9d6f58e5588ad656f0441a1