66ec34ea3a1b3_app3454636138226159146.exe

First submission 2024-09-27 20:36:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 894.66 KB (916130 bytes)
Compile time: 2019-04-27 22:03:27
MD5: 826eb90d730bf03e39d78daa585364bc
SHA1: d139eee9235e1f997ef14f014c7fbc3dd3b36a03
SHA256: 95e3b81574e6cbbd2efa792b1d4aadf9acfd6514e469b1e15eae7988f050cf2e
Import Hash : 00be6e6c4f9e287672c8301b72bdabf3
Sections 6 .text .rdata .data .gfids .rsrc .reloc
Directories 5 import export resource debug relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 59/77 VT report date: 2024-09-20 17:05:53
Malware Type 1 trojan
Threat Type 3 msil stealer fjat

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://147.45.44.104/yuop/66ec34ea3a1b3_app3454636138226159146.exe VirusTotal Report 147.45.44.104 VirusTotal Report 2024-09-27 20:36:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2e854 190976 eff6ef263a889378a149a665a5769daecd29d406 ccad881ef663bb12d11d212ad8d163cf
.rdata 0x30000 0x9a9c 39936 1fe2de2389b7fda808cefda204c13ab0916b3fd8 ebf57dd1488cef86d0b062881c11f0b5
.data 0x3a000 0x213d0 3072 0a2a60deb0420385917fa379095c3e4a20e4c343 5ad01ef583f971c2dd5921663e32ad91
.gfids 0x5c000 0xe8 512 133f96c3fe2baf0a3e5cff20922fd7eb301b9537 c065e0fa9d7cb760ad786f44f86f68e4
.rsrc 0x5d000 0xe034 57856 5aaf16d103efe5f9342d8337506c11cdc33e5f2e d62594e063ef25acc085c21831d77a75
.reloc 0x6c000 0x1fcc 8192 9190e165a6d58a6a50f0bf933fd3712db8066a49 403c5d759dbe4b1bf3c74568f06c1359

PE Resources 6

Name Language Sublanguage Offset Size Data
PNG LANG_RUSSIAN SUBLANG_NEUTRAL 0x5e18c 5545
RT_ICON LANG_RUSSIAN SUBLANG_NEUTRAL 0x64ea8 15729
RT_DIALOG LANG_RUSSIAN SUBLANG_NEUTRAL 0x69558 586
RT_STRING LANG_RUSSIAN SUBLANG_NEUTRAL 0x6a790 230
RT_GROUP_ICON LANG_RUSSIAN SUBLANG_NEUTRAL 0x6a878 104
RT_MANIFEST LANG_RUSSIAN SUBLANG_NEUTRAL 0x6a8e0 1875

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
%s.%d.tmp
winrarsfxmappingfile.tmp
Library
Crypt32.dll
peerdist.dll
msasn1.dll
profapi.dll
RpcRtRemote.dll
sfc_os.dll
XmlLite.dll
USERENV.dll
ntmarta.dll
rasadhlp.dll
mscoree.dll
mlang.dll
cryptsp.dll
linkinfo.dll
UxTheme.dll
imageres.dll
VERSION.dll
cscapi.dll
usp10.dll
wkscli.dll
devrtl.dll
wintrust.dll
atl.dll
WINNSI.DLL
rsaenh.dll
riched20.dll
comres.dll
cryptui.dll
secur32.dll
ntshrui.dll
slc.dll
oleaccrc.dll
PSAPI.DLL
propsys.dll
NETAPI32.dll
aclui.dll
dhcpcsvc6.dll
cryptbase.dll
ws2help.dll
SHELL32.dll
samlib.dll
KERNEL32.dll
shdocvw.dll
dwmapi.dll
cabinet.dll
MPR.dll
WS2_32.dll
WindowsCodecs.dll
dnsapi.dll
SSPICLI.DLL
samcli.dll
apphelp.dll
dfscli.dll
DXGIDebug.dll
dsrole.dll
ieframe.dll
lpk.dll
netutils.dll
clbcatq.dll
dhcpcsvc.dll
IPHLPAPI.DLL
srvcli.dll
browcli.dll
SETUPAPI.dll
SHLWAPI.dll
COMCTL32.dll
ole32.dll
USER32.dll
ADVAPI32.dll
gdiplus.dll
GDI32.dll
COMDLG32.dll

Strings analysis - Possible URLs found 1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

Import functions

Name Latest seen MD5
32.exe 2022-11-16 18:48:09 5b8ab0d0d363095c7b70bb4fd207512a
generateddxgf.exe 2023-01-26 08:55:03 1450546db9a8bb6e52842606f03b4ea4
2.exe 2023-03-28 14:03:05 baf757079b4291ebfe81ced936147a2c
101.exe 2023-03-29 09:45:03 3aaff573f4866483b434e7a4d24f83eb
114.exe 2023-04-15 18:02:03 dd0379a70a71b60b3a81a91d49c88648
127.exe 2023-04-23 08:53:02 75e3b5b17db31f0f3d44131fe28d44ff
bundle.exe 2023-05-08 18:45:05 55c469115eef57026c69978e62171202
bundle.exe 2023-05-08 20:46:09 7325acc8024c8b68dfc0cb2cd97e5a79
43252345.exe 2023-05-13 22:50:05 c39bfc07d939c25d1755c538d2b6f80c
554552.exe 2023-05-19 07:38:02 d935841277b3b4522101cc127c4e2ee1
345534534.exe 2023-05-22 08:04:02 6355c5f8f98ffd7042a07ed616a2bb34
54656464.exe 2023-06-02 07:40:02 312954bec7179f25996a7846ef778bf3
54656464.exe 2023-06-02 07:55:02 23cca2d3be6eb9eb8d67a51a71a747ba
yileyou.exe 2024-06-19 18:52:21 621aff451af46a3e94ede2ebfcb96dc6
yungengxin.exe 2024-06-19 18:54:13 39bd6fd27d2093d5867143d759942251
Bypass.exe 2024-06-03 16:03:02 6e75d28e8c62737302435c206d401ecc
Bypasss.exe 2024-06-03 16:04:02 c313d79bb52d3dc1a0fdd298a6c47810
66e9c0921c144_111.exe 2024-09-27 20:32:02 837bbda2bbdf75c019f3581afb0fc9d4
66e08f13c7a4f_111.exe 2024-09-28 03:08:02 979d8a371c97ed8f2438e6809064dcd9
66e27cc59b93f_111.exe 2024-09-28 05:26:02 24fbb160ccad6b035b0ed7e1070f820f
052b9d39fc2e8571f1b8319a832d3ab9ee066b19c037900d3e1ab29f5616621d.exe.exe 2024-09-30 18:30:05 ab65b7407318c476a31d5204caef97af