am.exe
First submission 2024-09-30 10:15:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 417.0 KB (427008 bytes) |
Compile time: | 2024-09-22 19:40:44 |
MD5: | 7a1cee6327c5acf66e2aebb0d7bc25bc |
SHA1: | 21fd9f492b550168249793c5b93a0be586e96791 |
SHA256: | 83f5e08f80cb28ba3197e06721b05fc1a1018cb7ea908f054aea6a69014e1a13 |
Import Hash : | 9c7c36eb46cc991a5074f8a811c4c46c |
Sections 5 | .text .rdata .data .rsrc .reloc |
Directories 5 | import resource debug tls relocation |
File features detected
Signed
XOR
OSINT Enrichments
Virus Total: | 46/77 VT report date: 2024-09-30 09:50:22 |
Malware Type 2 | trojan downloader |
Threat Type 3 | doina amadey deyma |
URLs, FQDN and IP indicators 1
PE Sections 0 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x4e83a | 322048 | fa23c9f22b447e962b32edcaf64aaad05c0e7432 | 9502f6c19b4db30880b9787bedd56b4d | |
.rdata | 0x50000 | 0x11050 | 70144 | 050cda43a6df5aa939be5a3329859465b38fd56a | ee8ee64287e859422fc204bb3bb043a6 | |
.data | 0x62000 | 0x66ac | 13312 | 7945e975238595bfa9e016c28c83306f5d672d74 | f745cc3ed829d843b51492ed9430b269 | |
.rsrc | 0x69000 | 0x1e0 | 512 | 26acb84785e1385f17fbf39b38ee67689ff74468 | b7d16686b376821266a9345c26b7e6d6 | |
.reloc | 0x6a000 | 0x4c84 | 19968 | 5784aa2ec5b25f6f78566c2d106fb9d17f67bca0 | fe92b960cfeb65791bbb06956d63fcb7 |
PE Resources 1
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x69060 | 381 |
Packers detected 2
Microsoft Visual C++ 8 |
VC8 -> Microsoft Corporation |
Anti debug functions 6
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Anti debug functions 1
VMCheck.dll |
Strings analysis - File found
Library |
api-ms-win-core-synch-l1-2-0.dll |
AKERNEL32.dll |
mscoree.dll |
ADVAPI32.dll |
combase.dll |
SHELL32.dll |
WININET.dll |
WS2_32.dll |
ntdll.dll |
ole32.dll |
KERNEL32.dll |
Import functions
Name | Latest seen | MD5 |
---|---|---|
exbuild.exe | 2024-08-28 12:36:02 | f5d7b79ee6b6da6b50e536030bcc3b59 |
anon.exe | 2024-08-28 16:03:02 | 897d350557c45f49b9fd780735b218e2 |
am10.exe | 2024-10-07 05:15:02 | 934310f719707becac6a69b4579f6fd2 |