gzz.exe

First submission 2024-02-04 18:28:23

File details

File type: PE32+ executable (console) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 327.22 KB (335071 bytes)
Compile time: 2023-08-26 09:11:47
MD5: 7d9c852903de2a824aa3f80dd1ab2b89
SHA1: a2d0096fb101a25ac6ad33f6a303e58dd064541d
SHA256: a777c77555a33b8263f836c5a029047fdeb74fd1f9abb69d0b8f2a2b3d572583
Import Hash : 7aa038e9c65b0fe66bbc2775d7dfe42f
Sections 18 .text .data .rdata .pdata .xdata .bss .idata .CRT .tls .rsrc /4 /19 /31 /45 /57 /70 /81 /92
Directories 3 import resource tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://47.99.151.68:1302/gzz.exe VirusTotal Report 47.99.151.68 VirusTotal Report 2024-02-04 18:28:23

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x21a8 8704 ec22986d0d8be330eac5fa5c469df13219702041 171b08289be471cff0523bbf4a85fc87
.data 0x4000 0xd0 512 375111f1dfdf4a61a3ba4c3227884f52604e193f 983b331e42a22afed7306c8e07214a7b
.rdata 0x5000 0xfa0 4096 28637a55308c455a8a3fad1aa263753ebe396617 fe5caf72c31af9da5d18b775b276be3b
.pdata 0x6000 0x270 1024 1db32ce9745313f37b327383a9e4ab144a2aeb60 80b4fefc0004edb87baf3a2588aa152e
.xdata 0x7000 0x214 1024 94f0fbbf7c3c940f7ae84f6c078450a256f28f8c c96144a8d20b5936ae52358daa67c69b
.bss 0x8000 0x980 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x9000 0x824 2560 c65d2b35a93394f8831844546010569100003776 04ee1796c592a2a31177a9ac9be3a6ed
.CRT 0xa000 0x68 512 369c137ba54b33bd335e2a2f08afe074a9f27b43 82f1ecac35a936e2c05a13a72e2c0085
.tls 0xb000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0xc000 0x4e8 1536 89ae0eacdebfc43deab4cb09c7e84d7f266fdec0 302acf3589069dafe3806c6220e3778b
/4 0xd000 0x4a0 1536 f9ce46c5268f87da0ecc6621095872508bb8fb31 383c011387da0e38684b8a5fca642a1e
/19 0xe000 0x38e9e 233472 1e2060d0e5734c49a4adb23c5d1752e9c0d9485e 8516d50de80ef67dcf8d65713f67a96d
/31 0x47000 0x26e4 10240 a27e24819816568d09802db711fdbb68c31ffcf2 e8f17117d0c4f0b0ae44cd754c4daca2
/45 0x4a000 0x35fb 13824 439a9362c74d4f1e9f315f92eb325f0ae1dd81a6 5bf295fb85c455e7123889fe6f74fbab
/57 0x4e000 0xa38 3072 98adf072754e1965afd92f9e790e092109f1c4cf 79098f94a791dfae2eaf0d33f8e215d4
/70 0x4f000 0x7c1 2048 79e32969713066bc096de77950787470e51f5915 0ad247b5a4c4beb665fd14ebb18bae35
/81 0x50000 0x2fb9 12288 df0f4dacd2544fd53fe476dffa5a2acd8326c4a9 69adc22dff06646c200aaeb554585eba
/92 0x53000 0x4d0 1536 f8f64748bc80082ae7942e7874e676b86124ad6b 3ef820e8da944a9b49034cccc6288d68

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0xc058 1167

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
MSVCRT.dll

Import functions

Name Latest seen MD5
uqc.exe 2024-02-04 18:22:08 19be3a58e362b68ea242f1e57b7dd22c