msf.exe

First submission 2024-07-08 18:56:23

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 48.0 KB (49152 bytes)
Compile time: 2018-07-28 08:58:25
MD5: 8777690a74362f7a9b5396377d7296f1
SHA1: 253555d42ebe3b16f156804f28905f77903055bf
SHA256: 5e30e3bba90df2ef88f20ed393b9468b4c1813776a48e9d0b07441cabb7effcf
Import Hash : 533d64189d09ea0939f934719c3357e2
Sections 4 .text .rdata .data .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 11/77 VT report date: 2024-07-08 18:37:39
Malware Type 1 trojan

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://111.230.72.242/msf.exe VirusTotal Report 111.230.72.242 VirusTotal Report 2024-07-08 18:56:23

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2b4c 12288 e2e543fbcbf1a1701d5d4fdcaf3d36c5c2de7e47 736283068ad8d6232c6917389fbbe3b7
.rdata 0x4000 0x786 4096 b828874f75eca9d8828a150b0e06daae5f52b0cd 4ebfad82a74a236902fc2e14c77c25b7
.data 0x5000 0xa5c 4096 853bfa97ae574a105761a90beba6727f0fb7a62a d6a344ea26596e793f007911ffbd68dc
.rsrc 0x6000 0x5928 24576 4a45e34f2bf68d3e28930e0fde87ced153bba669 ab6becc70699bfd33cc26d422c502812

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x9e40 5890
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0xb584 62
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0xb5c4 868

Meta infos 7

LegalCopyright: Rs5n7hO0z5Fp1H1NODp7PeQvZrRoTR5ivkA1qh1IWjJvOsuCRY
ProductVersion: 0.0.1
CompanyName: OyyfYqF8DYnvku5p24mxTIhxjfQ7nxcNgaxRjPAX0kKTJPMcv8
FileVersion: 3.10
FileDescription: CrpVl8os7KgP29RP5zXcvvtFQVnpDCvB7iyMMHKNQggP9l7Zv2
Translation: 0x0409 0x04b0
ProductName: LUFo8MtFcC5oQq13iO7wZNQyWQ0rZAgN9RDOGtQ3tOKFFs47rZ

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 2

TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
USER32.dll
WS2_32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
nc.exe 2024-07-08 18:59:39 9f8e3c7e645be714ad1778e23dff406a