DigitalSide Threat Intel

Tgxt.rar

First submission 2024-10-15 19:37:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 28.0 KB (28672 bytes)
Compile time: 2022-02-24 17:07:06
MD5: 83f227fc58602510015ca917ac955b02
SHA1: f3cd11205302283e219083b9a16bf4bca39e74f6
SHA256: 1466f6305d99a567f760955c563d02cdceb1a5f459f0fb0bb9a68121bcbff08f
Import Hash : ddf855e6d9e711637833d11aa49cde1b
Sections 3 .text .data .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 31/77 VT report date: 2024-10-06 20:44:56
Malware Type 2 trojan pua
Threat Type 2 tedy casdet

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://dow.andylab.cn/Tgxt.rar VirusTotal Report dow.andylab.cn VirusTotal Report 2024-10-15 19:37:04

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x3394 16384 5b1e19d48c31e7a5d44462e75000f230abfd28d3 7bd61302437e201ca5c2e0e549fb040b
.data 0x5000 0xa20 4096 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x6000 0x5dc 4096 7d1645a424bd38ed58e18029f3c091e881b3970a fb08d38ca31093f9efaffb7b9399fe60

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x62f4 744
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x62e0 20
RT_VERSION LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x60f0 496

Meta infos 6

InternalName: \x4e91\x63a8\x5e7f
ProductVersion: 2022.02.0025
Translation: 0x0804 0x04b0
ProductName: MIRFWG\x63a8\x5e7f\x7cfb\x7edf
OriginalFilename: \x4e91\x63a8\x5e7f.exe
FileVersion: 2022.02.0025

Packers detected 2

Microsoft Visual Basic v5.0
Microsoft Visual Basic v5.0 - v6.0

Strings analysis - File found

Autogen
C:\Program Files (x86)\VB6Mini\bin\VB6.OLB
Library
MSVBVM60.DLL
VBA6.DLL
ieframe.dll
VB5!6&vb6chs.dll

Strings analysis - Possible URLs found 1

http:///

Import functions

Function Address Souspicious Anti Debug
EVENT_SINK_GetIDsOfNames 0x401000
_CIcos 0x401004
_adj_fptan 0x401008
__vbaVarMove 0x40100c
__vbaFreeVar 0x401010
__vbaLateIdCall 0x401014
__vbaStrVarMove 0x401018
__vbaEnd 0x40101c
__vbaFreeVarList 0x401020
_adj_fdiv_m64 0x401024
EVENT_SINK_Invoke 0x401028
None 0x40102c
__vbaFreeObjList 0x401030
_adj_fprem1 0x401034
__vbaSetSystemError 0x401038
__vbaHresultCheckObj 0x40103c
_adj_fdiv_m32 0x401040
Zombie_GetTypeInfo 0x401044
__vbaObjSet 0x401048
_adj_fdiv_m16i 0x40104c
_adj_fdivr_m16i 0x401050
__vbaVarIndexLoad 0x401054
_CIsin 0x401058
__vbaChkstk 0x40105c
__vbaFileClose 0x401060
EVENT_SINK_AddRef 0x401064
__vbaStrCmp 0x401068
None 0x40106c
__vbaVarTstEq 0x401070
DllFunctionCall 0x401074
__vbaCastObjVar 0x401078
_adj_fpatan 0x40107c
__vbaR4Var 0x401080
__vbaLateIdCallLd 0x401084
Zombie_GetTypeInfoCount 0x401088
EVENT_SINK_Release 0x40108c
_CIsqrt 0x401090
EVENT_SINK_QueryInterface 0x401094
__vbaVarMul 0x401098
__vbaExceptHandler 0x40109c
None 0x4010a0
_adj_fprem 0x4010a4
_adj_fdivr_m64 0x4010a8
__vbaFPException 0x4010ac
None 0x4010b0
__vbaStrVarVal 0x4010b4
None 0x4010b8
_CIlog 0x4010bc
__vbaFileOpen 0x4010c0
None 0x4010c4
__vbaNew2 0x4010c8
_adj_fdiv_m32i 0x4010cc
_adj_fdivr_m32i 0x4010d0
_adj_fdivr_m32 0x4010d4
_adj_fdiv_r 0x4010d8
None 0x4010dc
None 0x4010e0
__vbaVarDup 0x4010e4
None 0x4010e8
_CIatan 0x4010ec
__vbaStrMove 0x4010f0
_allmul 0x4010f4
__vbaLateIdSt 0x4010f8
_CItan 0x4010fc
_CIexp 0x401100
__vbaFreeStr 0x401104
__vbaFreeObj 0x401108