fixHosts.exe
First submission 2024-09-28 17:06:06
Last sumbission 2024-09-28 17:39:05
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
Mime type: | application/x-dosexec |
File size: | 329.89 KB (337807 bytes) |
Compile time: | 2012-02-04 23:43:24 |
MD5: | 754c738f12caa66eae85d417a235908e |
SHA1: | d5f4ce158e7c3ac2f6e10ccee53579ba5609417a |
SHA256: | 222f1e4012fc1b0a47f15b2ff180c60653362a5860f021a001d369a870db3888 |
Import Hash : | 6058ac660564f64af764bdf1e4fe5d2b |
Sections 3 | UPX0 UPX1 .rsrc |
Directories 2 | import resource |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 56/77 VT report date: 2024-09-06 16:38:18 |
Malware Type 1 | trojan |
Threat Type 3 | autoit agentb mfif |
URLs, FQDN and IP indicators 2
PE Sections 2 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0x7c000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
UPX1 | 0x7d000 | 0x4b000 | 305664 | bb1da5ee1c0135b1b885bd00379b23e461f30151 | b49af743872e9cf29c6854b39703ca9c | |
.rsrc | 0xc8000 | 0x8000 | 29696 | a358e94a1accad5d8f1f0984435bd65d5e8e2330 | 3624c2f68ee79828a49d90b8ecbe27ff |
PE Resources 7
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 0xce6f0 | 1128 | |
RT_MENU | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 0xc1b28 | 78 | |
RT_DIALOG | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 0xc1b78 | 240 | |
RT_STRING | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xc2b80 | 132 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 0xcec14 | 20 | |
RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_UK | 0xcec2c | 412 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0xcedcc | 620 |
Meta infos 4
CompiledScript: | AutoIt v3 Script: 3, 3, 9, 0 |
Translation: | 0x0809 0x04b0 |
FileVersion: | 3, 3, 9, 0 |
FileDescription: |
Packers detected 3
UPX v0.80 - v0.84 |
UPX 2.90 (LZMA) |
UPX -> www.upx.sourceforge.net |
Strings analysis - File found
Library |
ADVAPI32.dll |
OLEAUT32.dll |
VERSION.dll |
SHELL32.dll |
PSAPI.DLL |
GDI32.dll |
COMCTL32.dll |
ole32.dll |
USER32.dll |
WSOCK32.dll |
WININET.dll |
USERENV.dll |
WINMM.dll |
KERNEL32.dll |
COMDLG32.dll |
ICMP.DLL |
MPR.dll |
Import functions
Name | Latest seen | MD5 |
---|---|---|
DelHosts.exe | 2024-09-28 17:43:16 | b0283aa6cc06b0880a1681f2c9802f05 |
clear.exe | 2024-09-28 18:39:20 | 954e4290b830ec048c7b700dfedd4df0 |
xunyouup.exe | 2024-09-28 19:21:05 | 9cc3f6bec0f422e8cff29838f66a4b42 |
culclientUp.exe | 2024-09-28 19:27:05 | 915b7366ba2e87a3f5a6810903cbc38a |
vncDbnt.exe | 2024-09-28 19:20:05 | 3597cd93701c4505d035a34271e0b931 |
WezoAutoUP.exe | 2024-09-28 17:05:05 | 46748aff6fcab034d0affddc99c6d876 |
wzoptup.exe | 2024-09-28 17:59:05 | 206c606e09f81262fbc85065ceca4f59 |
Downdd.exe | 2024-09-28 17:41:10 | f6be85b0254a308f77189fc96fa6f38e |
CardPWD.exe | 2024-09-28 19:31:11 | 2ae78305061a7a1491e4371e49f506f8 |
WezoEventUP.exe | 2024-09-28 19:16:09 | 47bfeea9297530e45f26c4877bc078a6 |
pcstoryrestart.exe | 2024-09-28 19:19:05 | b69808cf234575a70239f8cfde03d77d |
huoronguninstall.exe | 2024-09-28 19:02:17 | bede47f1fc4c20a850f70986399419d9 |
huorong.exe | 2024-09-28 18:29:06 | 2b7bff01c4165d267d31d52c15b2d0ec |
DownYGX.exe | 2024-09-28 18:33:10 | 36f62b7cdf6f360b0eec74c5a371a102 |
rootup.exe | 2024-09-28 18:05:19 | 62a18cdbe8e50b650590b503f34fd657 |
wxupup.exe | 2024-09-28 19:01:23 | 5fb6829b52847d878a98f9069e5c5fa4 |
RunGameADD.exe | 2024-09-28 18:28:29 | c2e60013e06179236d27f81811f848df |
uuvipfix.exe | 2024-09-28 19:05:33 | 46be1d2a2de1c43b0169874d14503098 |