winlog.exe

First submission 2022-05-10 22:58:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 263.5 KB (269824 bytes)
Compile time: 2021-11-10 22:08:04
MD5: 7d864335708caf3622fa3899c12032b4
SHA1: 838e863a6964d75b256364cbedf3f5ff7e657c1f
SHA256: b2c69402bbdd2f0b4cb424472de38ec42f1bebf837f86a71b0e2c82ffe511218
Import Hash : caf905d16ba3d408b273230b90afe9ee
Sections 3 .text .data .rsrc
Directories 3 import resource debug
Virus Total: 35/69 VT report date: 2022-05-10 15:59:48

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://172.245.119.75/365space/winlog.exe VirusTotal Report 172.245.119.75 VirusTotal Report 2022-05-10 22:58:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x26b4a 158720 fb2f6a485857863d4369606bcfffa3d743d47f78 af6a6c5ca6dbacd271c9d15e781c21c8
.data 0x28000 0x4fca8 69120 e065c6d2974118a50681b8cd1aa70bc046492601 54eb6d55e39670d4f1c60296c1866e16
.rsrc 0x78000 0x29ff0 40960 b8ddffdc435cc42f01667c9c6abafcdcd36c4cec 29e84851b87fd2511ba72ce349de39b1

PE Resources 10

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_UZBEK SUBLANG_UZBEK_LATIN 0x7fc98 2
HEPIYIWENIMOMACAMAKA LANG_UZBEK SUBLANG_UZBEK_LATIN 0x7ed10 3816
RIWEZOZAC LANG_UZBEK SUBLANG_UZBEK_LATIN 0x7e7b0 1375
RT_CURSOR LANG_UZBEK SUBLANG_UZBEK_LATIN 0x80fa0 2216
RT_ICON LANG_UZBEK SUBLANG_UZBEK_LATIN 0x7d6e0 4264
RT_STRING LANG_UZBEK SUBLANG_UZBEK_LATIN 0x81fa0 78
RT_ACCELERATOR LANG_UZBEK SUBLANG_UZBEK_LATIN 0x7fbf8 56
RT_GROUP_CURSOR LANG_UZBEK SUBLANG_UZBEK_LATIN 0x81848 20
RT_GROUP_ICON LANG_UZBEK SUBLANG_UZBEK_LATIN 0x7b0e8 76
RT_VERSION LANG_UZBEK SUBLANG_UZBEK_LATIN 0x81860 320

Meta infos 1

Translations: 0x0203 0x02bc

Anti debug functions 8

DebugActiveProcessStop
GetLastError
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
MSPDB80.DLL
USER32.dll

Strings analysis - Possible IPs found 2

42.33.64.69
84.66.77.36

Import functions