66d5df681876c_file010924.exe#file

First submission 2024-09-03 16:16:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 812.0 KB (831488 bytes)
Compile time: 2024-03-05 01:40:26
MD5: 7972b08246e568495d9d116fc2d0b159
SHA1: 3e12225494f08369858453fd9fc7481b4f788165
SHA256: 2a6c90c8db27e6ac04c7e339dfe4b3c2d47a292bcf6fc1c5b4e0ae62fc81ff84
Import Hash : 00e87a3230db3a6bdb4035240d620685
Sections 3 .text .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 58/79 VT report date: 2024-09-03 15:58:24
Malware Type 2 trojan ransomware
Threat Type 3 chapak zusy stop

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://147.45.44.104/prog/66d5df681876c_file010924.exe#file VirusTotal Report 147.45.44.104 VirusTotal Report 2024-09-03 16:16:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xa0f6a 659456 e8f31e6be7f82900fc0776c930dba656aa9b5536 8e869e41c537fd6818f668f3622b2576
.data 0xa2000 0x1a7328 96256 b8e58d8f7ceed24028f471d638e1d6b59d70451e 05385c9d6b330d1fba3da24534ed356c
.rsrc 0x24a000 0x122d0 74752 006d4bd37f52178c2acb66031809503433b72104 9956e1605deee370ffeb98ebc4d9536b

PE Resources 9

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x256f58 2
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x25a820 1384
RT_ICON LANG_TAMIL SUBLANG_DEFAULT 0x256a38 1128
RT_DIALOG LANG_NEUTRAL SUBLANG_NEUTRAL 0x25b028 88
RT_STRING LANG_TAMIL SUBLANG_DEFAULT 0x25c070 608
RT_ACCELERATOR LANG_TAMIL SUBLANG_DEFAULT 0x256f08 64
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x25ad88 48
RT_GROUP_ICON LANG_TAMIL SUBLANG_DEFAULT 0x256ea0 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x25adb8 620

Meta infos 7

LegalCopyright: Copyright (C) 2023, Imbicilus
InternalName: PinchesAndLabis
FileVersions: 13.28.77.37
FileDescription: Globalys
Translation: 0x2a7f 0x041e
ProductVersions: 60.73.11.13
ProductName: Porezodacotes

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
GDI32.dll
USER32.dll
MSIMG32.dll

Strings analysis - Possible IPs found 2

13.28.77.37
60.73.11.13

Import functions