index.php

First submission 2023-09-15 06:56:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	297.5 KB (304640 bytes)
Compile time:	2022-12-19 01:56:42
MD5:	868532d1519c35f5286db7166055711d
SHA1:	ed85a798e92814ce6e1295dddde8fcbda29fea8b
SHA256:	9efbde4de467c8a82b270b40c014c4243284b016bd2788164d85012f36aed0ad
Import Hash :	fb170d2cb5ff517fc5a6b94f9af4be2d
Sections 3	.text .data .rsrc
Directories 2	import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://mindshot.cl/tmp/index.php	mindshot.cl	2023-09-15 06:56:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x1eeee	126976	6b27e3f045025538f778e1e756c17fbb8f6548ac	8e1299831f1aa9ceccd26cd9af27b389
.data	0x20000	0x2e2b4c	91136	630514e07d1683bfcce4644eeea3cc3c5169ef29	2f5bcbd4e8606b3e615a557c4d0f0839
.rsrc	0x303000	0x14c20	85504	4f547c17b54f4670e66786d11f309caa87170e6e	da347d7553eededde0b32061d5453d96

PE Resources 6

Name	Language	Sublanguage	Offset	Size	Data
RT_CURSOR	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x3167f0	2216	PE Resource: RT_CURSOR - Data ( @888AAAJJJMMMTTTppp/-P?pQcv1Qq,/KPhp1Qq/!P7pLcy1Qq/Pp",6@J[1qQq/Pp =1[Qyq/"P0p=LYgx1Qq&/@PZpt1Qq/&PAp[t1Qq/P"p0>M[iy1Qq/Pp >1\Qzq/Pp!+6@IZ1pQq/ P6pLbx1Qq,/KPip1Qq/-P?pRcv1Qq/Pp!&,>X1qQq ?
RT_ICON	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x315028	1128
RT_STRING	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x317758	1224	PE Resource: RT_STRING - Data 4Beketowinefope feme mugaxozad govuve rubeyanopinuvuxGLuhomijiruwaki jenine jidiratako xaba retacototevoh wuro haworaz telavu&Gina dok yunitabapopox yiliverefubizek"Pehuxe diwiyoyizis lepamaxurulunix\Rinisipade varivabusoxa xud peranatasanux kaxiramavuk tata vulom picenanafow tib selulazefinJud vadajuruboneAGov nexemewetupu xaxoxej peru xupitosetejirup nojifuguyimuj pajahXasutete?Yerehezuse fecuwegijusih sejab ruvu mizovapomod xow xofofefudodMWuheluj tijusobocin xuhoni xak banovara wezayatafiyaw webivevamazowu jewaduxePNohitolegar cuzixu suyot xokuyaser hukafifig tipapuxofumoga rivabibixosuzi rihem
RT_GROUP_CURSOR	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x3167c0	48
RT_GROUP_ICON	LANG_SINDHI	SUBLANG_SYS_DEFAULT	0x315490	104
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x3170b0	628	PE Resource: RT_VERSION - Data t4VS_VERSION_INFO)?StringFileInfo029385B3: CompanyNamePhunderstuck< FileDescriptionsAnybodies4 FileVersions42.51.4948InternalNameCascade.exeNLegalCopyrightsChallangers bottle,ProductNameBonni8 ProductVersion57.5.64.0DVarFileInfo$TranslationN

Meta infos 8

InternalName:	Cascade.exe
FileVersions:	42.51.494
LegalCopyrights:	Challangers bottle
CompanyName:	Phunderstuck
ProductVersion:	57.5.64.0
FileDescriptions:	Anybodies
Translation:	0x124e 0x03fe
ProductName:	Bonni

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
SHELL32.dll
WINHTTP.dll
USER32.dll
ole32.dll
GDI32.dll

Import functions

GDI32.dll 3 SHELL32.dll 1 KERNEL32.dll 121 ADVAPI32.dll 1 ole32.dll 1 USER32.dll 2 WINHTTP.dll 1

Function	Address	Souspicious	Anti Debug
SelectPalette	0x401008
GetTextFaceW	0x40100c
GetCharWidthW	0x401010

Function	Address	Souspicious	Anti Debug
DragFinish	0x401200

Function	Address	Souspicious	Anti Debug
EnumCalendarInfoA	0x401018
GetConsoleAliasesLengthW	0x40101c
GetNumaProcessorNode	0x401020
MoveFileExA	0x401024
BuildCommDCBAndTimeoutsA	0x401028
SystemTimeToTzSpecificLocalTime	0x40102c
InterlockedIncrement	0x401030
InterlockedDecrement	0x401034
SetDefaultCommConfigW	0x401038
GetEnvironmentStringsW	0x40103c
AddConsoleAliasW	0x401040
GetModuleHandleW	0x401044
GenerateConsoleCtrlEvent	0x401048
GetNumberFormatA	0x40104c
SetFileTime	0x401050
GetConsoleAliasExesW	0x401054
EnumTimeFormatsA	0x401058
GetCommandLineA	0x40105c
GetDriveTypeA	0x401060
GetConsoleCP	0x401064
LoadLibraryW	0x401068
TerminateThread	0x40106c
FatalAppExitW	0x401070
CopyFileW	0x401074
SetVolumeMountPointA	0x401078
SetConsoleCursorPosition	0x40107c
GetStartupInfoW	0x401080
CreateMailslotW	0x401084
CreateJobObjectA	0x401088
GetPrivateProfileIntW	0x40108c
InterlockedExchange	0x401090
SetThreadLocale	0x401094
SetLocaleInfoA	0x401098
GetHandleInformation	0x40109c
GetLastError	0x4010a0
GetCurrentDirectoryW	0x4010a4
SetLastError	0x4010a8
BackupRead	0x4010ac
EnumSystemCodePagesW	0x4010b0
LoadLibraryA	0x4010b4
GetProcessId	0x4010b8
InterlockedExchangeAdd	0x4010bc
LocalAlloc	0x4010c0
RemoveDirectoryW	0x4010c4
GetProfileStringA	0x4010c8
FindNextChangeNotification	0x4010cc
GlobalWire	0x4010d0
EnumDateFormatsA	0x4010d4
GetModuleHandleA	0x4010d8
FreeEnvironmentStringsW	0x4010dc
FindNextFileW	0x4010e0
VirtualProtect	0x4010e4
GetCurrentDirectoryA	0x4010e8
PeekConsoleInputA	0x4010ec
GetShortPathNameW	0x4010f0
OpenSemaphoreW	0x4010f4
FindAtomW	0x4010f8
GetWindowsDirectoryW	0x4010fc
FindFirstVolumeW	0x401100
GetVolumeNameForVolumeMountPointW	0x401104
DeleteFileW	0x401108
CreateFileW	0x40110c
FindFirstFileW	0x401110
GetFileSize	0x401114
GetCommandLineW	0x401118
EnumResourceNamesW	0x40111c
GetComputerNameA	0x401120
OpenMutexW	0x401124
ReadFile	0x401128
GetStringTypeW	0x40112c
LCMapStringW	0x401130
WriteConsoleW	0x401134
HeapAlloc	0x401138
GetProcAddress	0x40113c
ExitProcess	0x401140
DecodePointer	0x401144
DeleteFileA	0x401148
EncodePointer	0x40114c
HeapReAlloc	0x401150
HeapSetInformation	0x401154
RaiseException	0x401158
UnhandledExceptionFilter	0x40115c
SetUnhandledExceptionFilter	0x401160
IsDebuggerPresent	0x401164
TerminateProcess	0x401168
GetCurrentProcess	0x40116c
HeapFree	0x401170
IsProcessorFeaturePresent	0x401174
WriteFile	0x401178
GetStdHandle	0x40117c
GetModuleFileNameW	0x401180
HeapCreate	0x401184
EnterCriticalSection	0x401188
LeaveCriticalSection	0x40118c
SetFilePointer	0x401190
SetHandleCount	0x401194
InitializeCriticalSectionAndSpinCount	0x401198
GetFileType	0x40119c
DeleteCriticalSection	0x4011a0
TlsAlloc	0x4011a4
TlsGetValue	0x4011a8
TlsSetValue	0x4011ac
TlsFree	0x4011b0
GetCurrentThreadId	0x4011b4
Sleep	0x4011b8
HeapSize	0x4011bc
QueryPerformanceCounter	0x4011c0
GetTickCount	0x4011c4
GetCurrentProcessId	0x4011c8
GetSystemTimeAsFileTime	0x4011cc
WideCharToMultiByte	0x4011d0
GetConsoleMode	0x4011d4
GetCPInfo	0x4011d8
GetACP	0x4011dc
GetOEMCP	0x4011e0
IsValidCodePage	0x4011e4
SetStdHandle	0x4011e8
FlushFileBuffers	0x4011ec
RtlUnwind	0x4011f0
MultiByteToWideChar	0x4011f4
CloseHandle	0x4011f8

Function	Address	Souspicious	Anti Debug
LookupAccountSidW	0x401000

Function	Address	Souspicious	Anti Debug
CoGetInstanceFromFile	0x40121c

Function	Address	Souspicious	Anti Debug
GetListBoxInfo	0x401208
CharUpperW	0x40120c

Function	Address	Souspicious	Anti Debug
WinHttpSetOption	0x401214

Name	Latest seen	MD5
167.exe	2023-09-15 11:53:02	ed40d082ca526399d0b7a93d74ef974c

index.php

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 6

Meta infos 8

Packers detected 2

Anti debug functions 6

Strings analysis - File found

Import functions

Related files by ImpHash 1 fb170d2cb5ff517fc5a6b94f9af4be2d