am.exe

First submission 2024-09-30 10:15:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 417.0 KB (427008 bytes)
Compile time: 2024-09-22 19:40:44
MD5: 7a1cee6327c5acf66e2aebb0d7bc25bc
SHA1: 21fd9f492b550168249793c5b93a0be586e96791
SHA256: 83f5e08f80cb28ba3197e06721b05fc1a1018cb7ea908f054aea6a69014e1a13
Import Hash : 9c7c36eb46cc991a5074f8a811c4c46c
Sections 5 .text .rdata .data .rsrc .reloc
Directories 5 import resource debug tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 46/77 VT report date: 2024-09-30 09:50:22
Malware Type 2 trojan downloader
Threat Type 3 doina amadey deyma

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.215.113.103/test/am.exe VirusTotal Report 185.215.113.103 VirusTotal Report 2024-09-30 10:15:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x4e83a 322048 fa23c9f22b447e962b32edcaf64aaad05c0e7432 9502f6c19b4db30880b9787bedd56b4d
.rdata 0x50000 0x11050 70144 050cda43a6df5aa939be5a3329859465b38fd56a ee8ee64287e859422fc204bb3bb043a6
.data 0x62000 0x66ac 13312 7945e975238595bfa9e016c28c83306f5d672d74 f745cc3ed829d843b51492ed9430b269
.rsrc 0x69000 0x1e0 512 26acb84785e1385f17fbf39b38ee67689ff74468 b7d16686b376821266a9345c26b7e6d6
.reloc 0x6a000 0x4c84 19968 5784aa2ec5b25f6f78566c2d106fb9d17f67bca0 fe92b960cfeb65791bbb06956d63fcb7

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x69060 381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
api-ms-win-core-synch-l1-2-0.dll
AKERNEL32.dll
mscoree.dll
ADVAPI32.dll
combase.dll
SHELL32.dll
WININET.dll
WS2_32.dll
ntdll.dll
ole32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
exbuild.exe 2024-08-28 12:36:02 f5d7b79ee6b6da6b50e536030bcc3b59
anon.exe 2024-08-28 16:03:02 897d350557c45f49b9fd780735b218e2
am10.exe 2024-10-07 05:15:02 934310f719707becac6a69b4579f6fd2