66d5df681876c_file010924.exe#file
First submission 2024-09-03 16:16:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 812.0 KB (831488 bytes) |
Compile time: | 2024-03-05 01:40:26 |
MD5: | 7972b08246e568495d9d116fc2d0b159 |
SHA1: | 3e12225494f08369858453fd9fc7481b4f788165 |
SHA256: | 2a6c90c8db27e6ac04c7e339dfe4b3c2d47a292bcf6fc1c5b4e0ae62fc81ff84 |
Import Hash : | 00e87a3230db3a6bdb4035240d620685 |
Sections 3 | .text .data .rsrc |
Directories 3 | import resource debug |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 58/79 VT report date: 2024-09-03 15:58:24 |
Malware Type 2 | trojan ransomware |
Threat Type 3 | chapak zusy stop |
URLs, FQDN and IP indicators 1
PE Sections 2 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0xa0f6a | 659456 | e8f31e6be7f82900fc0776c930dba656aa9b5536 | 8e869e41c537fd6818f668f3622b2576 | |
.data | 0xa2000 | 0x1a7328 | 96256 | b8e58d8f7ceed24028f471d638e1d6b59d70451e | 05385c9d6b330d1fba3da24534ed356c | |
.rsrc | 0x24a000 | 0x122d0 | 74752 | 006d4bd37f52178c2acb66031809503433b72104 | 9956e1605deee370ffeb98ebc4d9536b |
PE Resources 9
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
AFX_DIALOG_LAYOUT | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x256f58 | 2 | |
RT_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x25a820 | 1384 | |
RT_ICON | LANG_TAMIL | SUBLANG_DEFAULT | 0x256a38 | 1128 | |
RT_DIALOG | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x25b028 | 88 | |
RT_STRING | LANG_TAMIL | SUBLANG_DEFAULT | 0x25c070 | 608 | |
RT_ACCELERATOR | LANG_TAMIL | SUBLANG_DEFAULT | 0x256f08 | 64 | |
RT_GROUP_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x25ad88 | 48 | |
RT_GROUP_ICON | LANG_TAMIL | SUBLANG_DEFAULT | 0x256ea0 | 104 | |
RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x25adb8 | 620 |
Meta infos 7
LegalCopyright: | Copyright (C) 2023, Imbicilus |
InternalName: | PinchesAndLabis |
FileVersions: | 13.28.77.37 |
FileDescription: | Globalys |
Translation: | 0x2a7f 0x041e |
ProductVersions: | 60.73.11.13 |
ProductName: | Porezodacotes |
Packers detected 2
Microsoft Visual C++ 8 |
VC8 -> Microsoft Corporation |
Anti debug functions 6
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Library |
KERNEL32.dll |
WUSER32.DLL |
nKERNEL32.DLL |
mscoree.dll |
GDI32.dll |
USER32.dll |
MSIMG32.dll |
Strings analysis - Possible IPs found 2
13.28.77.37 |
60.73.11.13 |