KRBreq.exe

First submission 2022-08-03 10:22:01

File details

File type: PE32+ executable (console) x86-64, for MS Windows
File type: 141.0 KB (144384 bytes)
Compile time: 2022-07-18 21:18:35
MD5: 7fb6c8ad87732bfef2f07b00c223c88c
SHA1: be842efe8d51e3714ed77cd3a4768fb5e31a17ca
SHA256: d88e0cf3f7bd005e1ca7daaca24862f85ec5dec1f07edf339776a2e53eff4306
Import Hash : e3070524bbbc3ffd8ae9e5fe55c442cd
Sections 7 .text .rdata .data .pdata _RDATA .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total: 4/70 VT report date: 2022-08-03 08:01:21

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://146.70.24.168/load/KRBreq.exe VirusTotal Report 146.70.24.168 VirusTotal Report 2022-08-03 10:22:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x15010 86528 2dbc46e98c0b19ef7a9920fd1f220bcefa4cdc6b 3ca04d637e70ca3acdcf88cecaecfbf9
.rdata 0x17000 0xb0c0 45568 9b6891a4307f31890f365d9b8a6eab3508b45b6b 1e73bc6ea1405b3e2cfdb4b6ba0c28de
.data 0x23000 0x1e50 3072 84a6bc8b770a01055b21e9ddbd750bb9742db9fa dde384d5b15040e5ba125b0cb43a62a3
.pdata 0x25000 0x1374 5120 2c2176a2984282edcfa239bee7c5783abed3ea7f c168453a081436a7c661835623e5b58b
_RDATA 0x27000 0xfc 512 bcd0a27e23d739650d5b557e7fc219443099ec2b 4330de9a653fc4360b25c9b444457319
.rsrc 0x28000 0x1e0 512 2398c871459905345251a8671a5b979e9ae4bb9d d627f7af930e6cd2da2b7ca8805a23d8
.reloc 0x29000 0x690 2048 15fe4ad022fe40db06f52f2c30b02b77279d0c35 033ca48505683339c70ef456bd63b31c

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x28060 381

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
secur32.dll
Crypt32.dll
ADVAPI32.dll
USERENV.dll
KERNEL32.dll

Import functions