ZipnoLocal.exe

First submission 2022-08-03 07:41:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 338.5 KB (346624 bytes)
Compile time: 2021-05-09 14:24:21
MD5: 7906839107827694886393a2b182703f
SHA1: 2c3fd000627ceca97f7efcd6b425ac6a4d3f6111
SHA256: 49c49596991b27938d7eb3d5fef09f50e6c74d978293a49410ff22b38a50d45b
Import Hash : 7b13e4090c99826947262651b64e9d68
Sections 6 .text .data .vahec .mezum .haneruf .rsrc
Directories 3 import resource debug
Virus Total: 38/70 VT report date: 2022-08-03 04:16:12

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.56.146.131/ZipnoLocal.exe VirusTotal Report 193.56.146.131 VirusTotal Report 2022-08-03 07:41:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x32242 205824 052a72faa163bf2dbf64d721f4a1bc816d18cc84 7c08b6a5dbcb0be8421a6ba009894e34
.data 0x34000 0x19ea8 69120 1380054cb5c7373736cc1ae8de24349999615d39 f8ca0e8bad1663d834ee768eb4374ea5
.vahec 0x4e000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.mezum 0x4f000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.haneruf 0x50000 0x96 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x51000 0x108d0 68096 34e13497a4db7815797e455ca26767f48dc1cc98 e198d24d6395dd5f3e860e951d2972f0

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_KOREAN SUBLANG_KOREAN 0x60ee8 1128
RT_STRING LANG_KOREAN SUBLANG_KOREAN 0x61688 582
RT_ACCELERATOR LANG_KOREAN SUBLANG_KOREAN 0x613c8 112
RT_GROUP_ICON LANG_KOREAN SUBLANG_KOREAN 0x540f8 76
RT_VERSION LANG_KOREAN SUBLANG_KOREAN 0x61498 316

Meta infos 1

Translations: 0x0353 0x0366

Anti debug functions 7

GetLastError
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
MSPDB80.DLL
USER32.dll

Strings analysis - Possible IPs found 2

95.77.6.8
68.41.92.92

Import functions