37dc14eef49eb9822e1e96eba5f2151900d20debd27ea17b7bf57ef9f83a66b5.exe.exe

First submission 2024-09-30 16:09:04

File details

File type: MS-DOS executable, MZ for MS-DOS
Mime type: application/x-dosexec
File size: 741.94 KB (759750 bytes)
Compile time: 2013-04-01 09:08:22
MD5: 778e416a842e89f25666cb5c173b0986
SHA1: 6b077356c06d690ac72c45e2b628f2ac57f5cb05
SHA256: 37dc14eef49eb9822e1e96eba5f2151900d20debd27ea17b7bf57ef9f83a66b5
Import Hash : 5962c6b29ed5e50f362bf7495f752822
Sections 6 .rsrc .data
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 34/77 VT report date: 2024-09-28 23:18:49
Malware Type 3 trojan virus ransomware

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://140.83.50.60:8001/cry/37dc14eef49eb9822e1e96eba5f2151900d20debd27ea17b7bf57ef9f83a66b5.exe.exe VirusTotal Report 140.83.50.60 VirusTotal Report 2024-09-30 16:09:04

PE Sections 5 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x1a000 36864 74c29a43c89b07605d9790b691c5ec48e650db4f 53d694a9daa31ab4f0d517d91f8189e2
0x1b000 0x2000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
0x1d000 0x2000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x1f000 0x2000 8192 dadc74ff903cbc803cf042de8ddf0cbba0cfffaf 4114c78b393d070eb343f5e4c4b3bdbe
0x21000 0x2b8000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.data 0x2d9000 0x99000 626688 5197d89436cc455d9ebae5a95670b798cc8ebb73 8737ac12682537591cf2c128fecc4b90

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x1f130 3280
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x1fe00 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x1fe14 492
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x20000 999

Meta infos 6

InternalName: TJprojMain
ProductVersion: 1.00
Translation: 0x0409 0x04b0
ProductName: Project1
OriginalFilename: TJprojMain.exe
FileVersion: 1.00

Packers detected 6

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Borland Delphi v3.0
Borland Delphi v6.0 - v7.0
BobSoft Mini Delphi -> BoB / BobSoft
Enigma Protector 1.1X-1.3X -> Sukhov Vladimir & Serge N. Markin

Strings analysis - File found

Library
USER32.dll
ADVAPI32.dll
GDI32.dll
MSVBVM60.DLL
OLEAUT32.dll
KERNEL32.dll
SHELL32.dll
VERSION.dll

Import functions

Name Latest seen MD5
63747acb643b84a943895e5f34d34858e4ad9a6e58cdf222e3e703d6666af0e7.exe.exe 2024-09-28 23:09:03 9cfc9f5f8a781cbf07b23cc803b9d098
13123fdce84e5020fb0cae3c641cd6fcb82320b334f6d908ee29fda40270b1c5.exe.exe 2024-09-30 16:21:05 76fef713102a8b0a45e7b1c1137d9538
dd185abc18942717c4a27c59c0eed6713347230ecee9b13085398bdfa64b8479.exe.exe 2024-10-02 01:10:04 35d43833c8e14f030d4ea74eda1b8dd5