o1.exe

First submission 2022-05-10 13:48:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
File type: 375.73 KB (384752 bytes)
Compile time: 2021-09-25 23:56:47
MD5: 8413d6561a7cea036bcb55ce3739c927
SHA1: 08202c401822dee611a59ec94d0951f5810909cc
SHA256: 45657b8e77b893c62e2ea98135ff4e0479e6588337758d88c266d141897dc767
Import Hash : 61259b55b8912888e90f516ca08dc514
Sections 5 .text .rdata .data .ndata .rsrc
Directories 3 import resource security
Virus Total: 3/68 VT report date: 2022-05-10 11:35:18

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://cdn.discordapp.com/attachments/973328545218695221/973331573493608468/o1.exe VirusTotal Report cdn.discordapp.com VirusTotal Report 2022-05-10 13:48:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6676 26624 55517dc6ad93689679677d152abfdd1ce20f1135 6f5abe9eeda26ee84b3c1ed1a6c82001
.rdata 0x8000 0x139a 5120 dc4f14d019cad6646b38852dfb7370532acafebc 8c5edfd8ff9cc0135e197611be38ca18
.data 0xa000 0x20378 1536 f45486287d474fdcafc99c24e37c4eb61bf613b3 4b2421975c21b032f7ea000f5e7f9fbf
.ndata 0x2b000 0x27000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x52000 0x28408 165376 61c6b9f2a3f7f8fb98af2fc4ba3f8f4de576a866 b0247578abeb936dd4ca3cf39f9b5d79

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x79680 1128
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x79d08 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x79d68 118
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x79de0 740
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x7a0c8 830

Meta infos 8

Translation: 0x0409 0x04b0
LegalCopyright: Triad Hospitals Inc
FileDescription: Rohm & Haas Co.
Comments: Tecumseh Products Company
LegalTrademarks: R.J. Reynolds Tobacco Company
FileVersion: 22.18.23
ProductName: Bell Microproducts Inc.
CompanyName: Lawson Software

Anti debug functions 2

FindWindowExW
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
fddae6e3dba50938d0410249c0516acc ab76de18bd4ec43ce487f659d1ee756b4d116e35 6688 378064

Strings analysis - File found

Library
%s%s.dll
ADVAPI32.dll
SHELL32.dll
USER32.dll
COMCTL32.dll
ole32.dll
GDI32.dll
KERNEL32.dll

Strings analysis - Possible URLs found 8

http://ocsp.sectigo.com0
http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://nsis.sf.net/NSIS_Error
http://ocsp.usertrust.com0
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
https://sectigo.com/CPS0D

Import functions

Name Latest seen MD5
vbc.exe 2022-03-22 21:32:04 a7ff9d6ac75f5a8e46de69043e142416
Equivoluminal6.exe 2022-03-27 19:39:02 37ad1e65666e75dbe7235a60e5e2a09a
vbc.exe 2022-04-05 20:36:02 21d9fd5a0644c27d57f9b39cec04d780
Reported.exe 2022-04-22 18:23:02 dd7dc45de8376c2698113dbd4be04871
bena.exe 2022-04-25 17:17:02 03a7feb739f98820f92e25fe8d8d55a9
vgp.exe 2022-04-26 18:33:02 5bc069f8644f6e6ad5a1df00def3ae51
mic.exe 2022-04-26 19:24:02 4a039ccf1c333214953856f96659e016
d1.exe 2022-05-05 08:10:02 2d7346894efa8803eaa27ef2f2f723b9
d2.exe 2022-05-05 08:11:01 eabd968d3bd07d857e816b7e8c4fb006
EF.exe 2022-05-05 08:17:01 e6858850ced6520506513ea119640e65
m3.exe 2022-05-05 08:20:01 8f18bb71f42a1eb3fdb1de3ee5f6d06b
vbc.exe 2022-05-10 13:02:02 643eead21d07a4bb7c11bb4c7459f898
vbc.exe 2022-05-10 13:03:03 54b3f1c51ae8550134a0d40970b455a9
vbc.exe 2022-05-10 14:04:02 33096629a4f1afa66342a3eb9ba3a09e
vbc.exe 2022-05-10 14:09:03 cd3ce7188d4c93259f0524b8087a207d
vbc.exe 2022-05-10 17:34:02 8727321276f756618f961727765b792c
vbc.exe 2022-05-10 17:35:02 9eb9e0b2d312768914016744d9361751
duk.exe 2022-05-10 17:40:03 1fb45ed5a8de2d0818db9cc1051ccaad
vbc.exe 2022-05-10 17:42:03 f35d4b7708578a4ad7f16a1c51d41eda
vbc.exe 2022-05-10 19:58:03 c33d399c78bbc6d5f34b50759ce3deda
vbc.exe 2022-05-10 19:59:02 e854767c8344eb7087eb6fb00e078efc
vbc.exe 2022-05-10 20:28:03 8b9e4e9b0b4d1548e9ea574d984991d4
kotr.exe 2022-05-11 17:04:08 a0f036baaf9746f735f4b256c985515c
nedx.exe 2022-05-12 08:42:02 98a602591bf121ef9282ce623291a941
Scan_load.exe 2022-05-12 09:44:02 b116243ed4215cbcb325a827d11cdc68
vbc.exe 2022-05-12 09:45:02 63024416555335f0668d2450f16fed17
vbc.exe 2022-05-12 09:46:04 b78bacf2638d6457c841f5de45d34f24
vbc.exe 2022-05-12 09:49:02 3f4a3a3a87472b777905e5908b6762a6
vbc.exe 2022-05-12 09:50:02 706a52c35a1c1186de5b098fd6cafd8f
SCAN9.exe 2022-05-12 09:53:02 a1e007787cbe3d27a07fbeb2cb0956ad
scrss.exe 2022-05-12 09:55:03 6cc7f4dc6d60f6b01b7164532f4d4fe6
vbc.exe 2022-05-12 09:58:03 b09f17c52adfbbf6c3e91e84a404b112
sepat.exe 2022-05-12 10:00:04 bd445ce54588f3ea14c6ef52fe6470e7
vbc.exe 2022-05-12 11:21:02 bce919cf4fa0ea578e827b11c9966dad
vbc.exe 2022-05-12 11:23:02 0af7fbb3b5a2a7059555859c4c1db8f9
vbc.exe 2022-05-12 11:25:02 c85a753c46e005748eb59d6d062d596c
vbc.exe 2022-05-12 11:26:02 2c24fa42140a8a16f3777173a2d3f0ab
vbc.exe 2022-05-12 11:27:02 5aced01eb87f9b45da181121f2c5f510
vbc.exe 2022-05-12 12:29:04 d9a63266613ba6cc68ac317ef99f5fdd
vbc.exe 2022-05-12 20:30:02 e647eb555d9cabaf7997da05d2195ad0
vbc.exe 2022-05-12 20:50:02 0eb62853b63f5276c9eb21fff540c8be
vbc.exe 2022-05-12 21:08:02 5d27e82459861cbe558cbe64f1a94b70
vbc.exe 2022-05-12 21:25:03 7d230009eab36798f73226c3adc7ac8e
vbc.exe 2022-05-12 21:26:03 98f9e6fdd56e13f7cedb352712cdcccb
vbc.exe 2022-05-12 21:28:02 4b29dbf34a5049758ec7e986a6a85c7f
vbc.exe 2022-05-12 22:26:03 9c62175af4cb7d4581c22df0555e0c0a
copy_load.exe 2022-05-13 17:15:02 b5691d968eccd79d3b535e2686cb1a03
vbc.exe 2022-05-13 17:25:02 f850bf6bfd9be6aa4d73b6a026986c29
vbc.exe 2022-05-13 17:26:02 21f7996aa488b062d4c0725eb6f23b2c
vbc.exe 2022-05-13 17:28:02 69250f55fbfe48822c838b4eeaf33a0a
BUSY.exe 2022-05-13 17:29:03 029bbe98a216416eb698ca543a5c0830
vbc.exe 2022-05-13 17:30:03 e437b563de87f3d825a87269e16fdd50
vbc.exe 2022-05-13 18:53:04 5af1c7dd89a535dee51c3e28b4a74f8d
vbc.exe 2022-05-14 15:38:02 de76ef6a11a63efc00b0303888bc0b7f
vbc.exe 2022-05-16 00:01:02 3fe3699a62de454defd75c884f72dfee
vbc.exe 2022-05-16 07:43:02 e95ec4d6653fd04defa43e0503d4314a
vbc.exe 2022-05-16 11:33:02 4f2b5d6712ca51ba7619581acc9e6c06
Swift0022.exe 2022-05-16 15:09:02 6b652bdcd4da5e522480b3175938b26c
vbc.exe 2022-05-16 15:10:02 62a3e5d4ed5c3edf4f5b2aa432511a84
vbc.exe 2022-05-16 15:24:01 b6a0b45c78db4ee37368efd93ecfffac
vbc.exe 2022-05-16 15:26:02 2d4739ab2d34eec849d903e05e8e0eb4