jpotato.exe

First submission 2022-08-04 11:13:02

File details

File type: PE32+ executable (console) x86-64, for MS Windows
File type: 339.5 KB (347648 bytes)
Compile time: 2018-08-10 11:52:35
MD5: 808502752ca0492aca995e9b620d507b
SHA1: 668c40bb6c792b3502b4eefd0916febc8dbd5182
SHA256: 0f56c703e9b7ddeb90646927bac05a5c6d95308c8e13b88e5d4f4b572423e036
Import Hash : 23867a89c2b8fc733be6cf5ef902f2d1
Sections 7 .text .rdata .data .pdata .gfids .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total: 57/70 VT report date: 2022-08-04 06:47:00

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.149.176.134:8000/jpotato.exe VirusTotal Report 193.149.176.134 VirusTotal Report 2022-08-04 11:13:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x36b86 224256 dd6709f197af7772ed987111a7caf52dfe33a94b f4fe5d44736cc4f936c8f0eb18cbf8ee
.rdata 0x38000 0x1637e 91136 459cd3fbde7d4dd819ca3fcaddf4a04b68c2e7f7 06e16cf7c0daa8eddea0c1bb43e220ee
.data 0x4f000 0x39d0 9216 09e1ab7e930c725a425be4cb3bcaf7b2f5e40e1a b4eda35077e4ff5ea69a723680e450ed
.pdata 0x53000 0x3b64 15360 471a6144616f1558fd1392fe767e093f7c9e226a 824e421bf7240f1dcfd9e3183b6e05e2
.gfids 0x57000 0x9e4 2560 62ba0a3bf64ea9fa3a91fd314e34b882d92a0b7c 74b10d4caf69f312680431cb7ab06387
.rsrc 0x58000 0x1e0 512 7b54673d3e76b82aa7657e922e02474a088851a2 1050e7d9a93f65f94665bc6dfb5445a5
.reloc 0x59000 0xcac 3584 5a5f094d65b4631c4171b35626ae5297e0bc8a59 783ab4bc1b006c9d7229127a2316c75a

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x58060 381

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Library
mscoree.dll
combase.dll
ADVAPI32.dll
KERNEL32.dll
WS2_32.dll
secur32.dll
ole32.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Import functions