install.exe

First submission 2024-07-08 13:02:04

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows, InstallShield self-extracting archive
Mime type: application/x-dosexec
File size: 7222.74 KB (7396090 bytes)
Compile time: 2023-11-13 23:48:00
MD5: 7524d560b667b8ed62f16bc59772d81f
SHA1: ac9fae264147b07d6306784d6738e768e89ec389
SHA256: e88f233b6925f8bf72e0b89baaa1fc52d5c7fdc52f8018de86af8cb0e902709b
Import Hash : a23b267d3c27d78228e9d8a9833617e0
Sections 9 .text .rdata .data .pdata .didat .wixburn _RDATA .rsrc .reloc
Directories 5 import resource debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 22/78 VT report date: 2024-07-08 12:36:21
Malware Type 1 trojan
Threat Type 1 midie

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://85.209.133.132/file/install.exe VirusTotal Report 85.209.133.132 VirusTotal Report 2024-07-08 13:02:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x7dcf0 515584 37fd7ca7f6ba53c727ced80adadb831818c32d7b d6da294932667974806b659d206789c7
.rdata 0x7f000 0x3617e 221696 0a3d639723fd9552c796259ab3c3ac0024d6fd6f f03bb6269ef1505b2b03f4733b9f4ce8
.data 0xb6000 0x22d0 3072 dc04f34f4643ae2277c27ef93366e9c42738baae ef5cac0d263f81ed7ecd7590cad36fd5
.pdata 0xb9000 0x4548 17920 fdcb794714e3c03c3962fbe4a6580efc089c8c3a 94269b9f888cd07083ea77775ea53638
.didat 0xbe000 0x198 512 d5233e82f816352459848bcddd6f62ba0b516355 b95ee39e651610cc74587fcc9548db12
.wixburn 0xbf000 0x30 512 43b42fc84da4818c4313c990575b8d6049e61d79 9b64cde299df05c7720b7dfd24ff4a1b
_RDATA 0xc0000 0x15c 512 3e080cc53b34a05c27f01fae920d887c531b5bb4 558d283cbc1650a14570174bb1d3febb
.rsrc 0xc1000 0x503c 20992 cfa0635448340ac83ce4ab65bad9910f1b85635e 095d1810c465c0bf9fc9d5034e188022
.reloc 0xc7000 0x788 2048 6a23336d88c50601256f892afcfe9782f008d55c a9faef27a228a8278a59b67812e68a5f

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xc11c0 2216
RT_RCDATA LANG_ENGLISH SUBLANG_ENGLISH_US 0xc1a68 8
RT_MESSAGETABLE LANG_ENGLISH SUBLANG_ENGLISH_US 0xc1a70 15732
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xc57e4 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0xc57f8 732
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xc5ad4 1383

Meta infos 9

LegalCopyright: Copyright (c) Aneuploid. All rights reserved.
InternalName: burn
FileVersion: 9.3.5.0
CompanyName: Aneuploid
ProductVersion: 9.3.5.0
FileDescription: Prolificacy
Translation: 0x0409 0x0000
OriginalFilename: spaceship.exe
ProductName: Prolificacy

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Log
\\.\pipe\%ls.Log
Temporary
.%ls%x.TMP
Cabinet
<the>.cab
XML
BootstrapperApplicationData.xml
BundleExtensionData.xml
Library
api-ms-win-core-path-l1-1-0.dll
Crypt32.dll
msasn1.dll
mscoree.dll
feclient.dll
VERSION.dll
Srclient.dll
Shcore.dll
msi.dll
ntdll.dll
WININET.dll
comres.dll
SHELL32.dll
ADVAPI32.dll
USER32.dll
KERNEL32.dll
cabinet.dll
.kernel32.dll
clbcatq.dll
rpcrt4.dll
Failed to load crypt32.dll
Failed to load Msi.DLL
Failed to load api-ms-win-core-path-l1-1-0.dll
Failed to load ntdll.dll
OLEAUT32.dll
USERENV.dll
Failed to load kernel32.dll
ole32.dll
failed to get handle to kernel32.dll
wintrust.dll
Failed to load advapi32.dll
SHLWAPI.dll
GDI32.dll

Strings analysis - Possible URLs found 3

http://appsyndication.org/2006/appsyn
http://schemas.microsoft.com/SMI/2017/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings

Import functions

Name Latest seen MD5
1.exe 2024-05-28 08:54:03 72ed9abaa34354c10351df66336b49d9