plana.exe

First submission 2024-02-04 13:10:04

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1169.0 KB (1197056 bytes)
Compile time: 2024-02-01 12:29:07
MD5: 7b0e45f57d7b98f3f5c0837019e39476
SHA1: 5d109330b1b5bbb53dc0c3599bd14846eae10f74
SHA256: 1452c77fdb3ef05ddea321c86f3e4504dab58d7b31a12068d729daedeb457eab
Import Hash : 5ab723dc8d5af21b79dc301ed6a56a64
Sections 8 .rsrc .dataTh
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.215.113.68/mine/plana.exe VirusTotal Report 185.215.113.68 VirusTotal Report 2024-02-04 13:10:04

PE Sections 7 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x10a000 470528 27a2a16267b56f11a4ef03e5e22821c8753a9e4a 3556c2a6aa71c20d1b913c6aff9e70ee
0x10b000 0x27000 73216 7f7ddab14460fb19d2ea57c7255740532d9810a9 3ea7fba3f7f3e0f787d3b0403df189db
0x132000 0x4000 2048 d54f95fe2bd0f744ac7140111e650d3d982cc16d 812179a57d17e0e880aa33b97b4b7d18
0x136000 0x5000 4096 9ad309ce86d8a07a40cb3a9e89c310c52fa3df92 ded29a81ed2132af090f317d5f46c074
0x13b000 0x9000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x144000 0x1000 1024 1e9e93136abafde048297fe4bf03bd793585dc63 63511f3f9ed645bb7d19fd881a3a25e7
0x145000 0x2fd000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.dataTh 0x442000 0x9e000 645120 df4f79ad410998c80430c2877da6722bcb92ed84 efec41cb4612179a4490c21437e1d131

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x137958 9640
RT_GROUP_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x139f00 48
RT_VERSION LANG_RUSSIAN SUBLANG_RUSSIAN 0x136190 696
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x144190 381

Packers detected 1

ASPack 1.02b or 1.08.03

Anti debug functions 1

Virtual Box

Strings analysis - File found

Library
ole32.dll
ntdll.dll
Crypt32.dll
ADVAPI32.dll
USER32.dll
SETUPAPI.dll
GDI32.dll
OLEAUT32.dll
KERNEL32.dll
gdiplus.dll
SHLWAPI.dll
SHELL32.dll
VERSION.dll
WS2_32.dll

Import functions

Name Latest seen MD5
face.exe 2024-01-22 08:27:02 4b95a8bfbde9941cb0bb3384011d396c
rback.exe 2024-01-23 11:45:02 42224cf9fb760ca693c654ac705044c5
stan.exe 2024-01-24 11:44:02 49329694b17e0ce93181901d839772c8
rave.exe 2024-01-24 11:45:02 baf85abe2541a78fa4522d571481114e
rost.exe 2024-01-26 00:41:02 03135ee6d7c5c029982e63d36d368267
rost.exe 2024-01-26 00:43:02 2f9214f932a930a4cdff2b48a3a8eded
venom.exe 2024-01-27 23:29:02 50d2c23b2246cc8f3d2542e4fa8b2cf9
plata.exe 2024-01-28 05:27:02 44970eb6e354cb8609d7c85cdcbcceb8
vinu.exe 2024-01-28 15:11:02 f305f7b6dea863c2a43178d629db4781
donat.exe 2024-01-28 18:24:02 f4198806e182101396525fd4bc72692e
plaza.exe 2024-02-08 03:43:02 1ff26dda5fc75cd7bc1f05ea538bde0f