timeSync.exe

First submission 2023-09-15 00:31:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	246.0 KB (251904 bytes)
Compile time:	2022-05-22 21:32:58
MD5:	8816dec1704461c24f7575c00f7f86d4
SHA1:	fcf92c87351d810816a655946b5541d9aa638788
SHA256:	891daaeaed0ec160ca3c06fd3a5a896b776bc22a7f42cb9cb02afb49b989d4ed
Import Hash :	85f93ec750e6f7137bb7fe5a5261ac14
Sections 4	.text .data .rsrc .reloc
Directories 4	import resource debug relocation
Virus Total:	32/71 VT report date: 2023-09-14 22:15:45

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://171.22.28.221/timeSync.exe	171.22.28.221	2023-09-15 00:31:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x2f776	194560	8a1d756ee446c431c1ac257d95b257f9f48388a0	2b68c9d6dd7ffdd18fcc88a675cfb352
.data	0x31000	0x50410	12800	fa98d93183d95cac16acbdf99e1dba0713262123	fa862a4c8fb5d8ad9748a31a8690135e
.rsrc	0x82000	0x1a76b0	34816	31a5c4cd7a40624fdecc0645772d5aadc3a28589	5afa366a531c750247aa59c37ed17328
.reloc	0x22a000	0x2166	8704	05fcfad695aa7fbcd32ca444eed08e8fe86bbd9b	9e0929cb4bb8a7f2989ae01dc096f4d5

PE Resources 8

Name	Language	Sublanguage	Offset	Size	Data
AFX_DIALOG_LAYOUT	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x85700	14
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x88d50	1384	PE Resource: RT_CURSOR - Data ( """>>>EEEZZZbbbhhhvvv~~~Qcv1Qq,/KPhp1Qq/!P7pLcy1Qq/Pp",6@J[1qQq/Pp =1[Qyq/"P0p=LYgx1Qq&/@PZpt1Qq/&PAp[t1Qq/P"p0>M[iy1Qq/Pp >1\Qzq/Pp!+6@IZ1pQq/ P6pLbx1Qq,/KPip1Qq/-P?pRcv1Qq/Pp!&,>X1qQq
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x851f0	1128	PE Resource: RT_ICON - Data ( {}{~zz\|{{\|~~}{~}\|zz{}}\|~~{\|}}}}}\|}z\|z}\|{~\|}{~\|z\|~\|{{~}{\|~\|{~{~}\|\|}z\|\|~\|~~z{~\|\|}z~{z}}~\|{}~{\|}\|{}~{~}\|}{{~{}{}\|\|~~zz~z}}z}{\|{\|~}\|{z{z{{{{\|{\|{~~}{~~~\|~\|\|~~~}~z\|~\|}~~zz\|\|~z\|\|{\|\|zzz~}{\|~\|{~{~{{{~}{}}z}{zz{}\|~{~~{{}\|}z}~z~\|~~{}~zz\|~}~\|\|}{{}{{{z{}\|\|\|{z~\|~}}z{\|}}}~\|{{\|{}\|{z}z}z~z}\|~\|~{{~}{~}\|}~\|~z\|}z~\|z{{{~}{{AAAAAAAAAAAAAAAA
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x8a190	1310	PE Resource: RT_STRING - Data Begolelemuw comopusaxem Nugil xeboy fuzewilugit nisajoxo4Kofu mefulizu hefip doduge petivobukokay bejuxubibus_Jubapatodahu kunanune rowujegiwuc xamebexurog dixugula xotajobeyuhabik wusedakojeh yanowunovaxo Yuz pivexDWowowi hov levula tokubew texiwufituyupo punomevelugekap fuzokem vakNKuhuzojasi tetuwad tubilasifid kevi waciduvikec xemevisap tubiko fuwurifibedac1Xedemur goteyici gofometuhadiho xuxu tow nuverasi!Wozisi lonohufuvev fitom jopibexuMHunolos dexegu sayaboxuhaw vopag vorij ditagofihivit tipesoj xax sukivejofikobCaxarecudenil nine lovow lobamewodi sumeri zimod falopesopu sacegu durebumewonodul wetavijagafojipMukawod mucipahuw vowomus
RT_ACCELERATOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x856d0	48
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x892b8	48
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x85658	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x892e8	624	PE Resource: RT_VERSION - Data p4VS_VERSION_INFO4aStringFileInfo042231F2: FileDescriptionSilvupleZLegalCopyrightCopyright (C) 2022, Uniqum@OriginalFilenamebetshop.exeB ProductsVersion29.510.12.194 ProductNameKuihmfghiDProductionVersion82.27.62.16DVarFileInfo$Translation

Meta infos 7

LegalCopyright:	Copyright (C) 2022, Uniqum
ProductionVersion:	82.27.62.16
FileDescription:	Silvuple
Translation:	0x08bf 0x0ad5
ProductsVersion:	29.510.12.19
OriginalFilename:	betshop.exe
ProductName:	Kuihmfghi

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 1

82.27.62.16

Import functions

KERNEL32.dll 103 GDI32.dll 1 USER32.dll 12

Function	Address	Souspicious	Anti Debug
EnumResourceNamesW	0x401008
CreateFileA	0x40100c
SetThreadContext	0x401010
PeekNamedPipe	0x401014
VirtualQuery	0x401018
SetEndOfFile	0x40101c
LoadResource	0x401020
SetConsoleTextAttribute	0x401024
OpenJobObjectA	0x401028
GetLogicalDriveStringsW	0x40102c
GlobalLock	0x401030
WriteConsoleInputA	0x401034
CreateHardLinkA	0x401038
FreeEnvironmentStringsA	0x40103c
GetModuleHandleW	0x401040
GetTickCount	0x401044
GetDateFormatA	0x401048
LoadLibraryW	0x40104c
IsValidLocale	0x401050
GetFileAttributesA	0x401054
FindNextVolumeW	0x401058
ReplaceFileW	0x40105c
FileTimeToSystemTime	0x401060
IsDBCSLeadByte	0x401064
GetShortPathNameA	0x401068
GetTempFileNameW	0x40106c
ReadConsoleOutputCharacterA	0x401070
GetProcAddress	0x401074
VirtualAlloc	0x401078
BackupWrite	0x40107c
BeginUpdateResourceA	0x401080
FoldStringW	0x401084
GetModuleHandleA	0x401088
FindFirstChangeNotificationA	0x40108c
FindNextFileW	0x401090
FindFirstVolumeA	0x401094
CloseHandle	0x401098
WriteConsoleW	0x40109c
GetConsoleOutputCP	0x4010a0
WriteConsoleA	0x4010a4
GetLocaleInfoW	0x4010a8
LoadLibraryA	0x4010ac
FlushFileBuffers	0x4010b0
GetConsoleMode	0x4010b4
GetConsoleCP	0x4010b8
GetLastError	0x4010bc
InterlockedIncrement	0x4010c0
InterlockedDecrement	0x4010c4
Sleep	0x4010c8
InitializeCriticalSection	0x4010cc
DeleteCriticalSection	0x4010d0
EnterCriticalSection	0x4010d4
LeaveCriticalSection	0x4010d8
HeapFree	0x4010dc
TerminateProcess	0x4010e0
GetCurrentProcess	0x4010e4
UnhandledExceptionFilter	0x4010e8
SetUnhandledExceptionFilter	0x4010ec
IsDebuggerPresent	0x4010f0
MultiByteToWideChar	0x4010f4
GetStartupInfoW	0x4010f8
RtlUnwind	0x4010fc
RaiseException	0x401100
LCMapStringA	0x401104
WideCharToMultiByte	0x401108
LCMapStringW	0x40110c
GetCPInfo	0x401110
HeapAlloc	0x401114
HeapCreate	0x401118
VirtualFree	0x40111c
HeapReAlloc	0x401120
TlsGetValue	0x401124
TlsAlloc	0x401128
TlsSetValue	0x40112c
TlsFree	0x401130
SetLastError	0x401134
GetCurrentThreadId	0x401138
GetACP	0x40113c
GetOEMCP	0x401140
IsValidCodePage	0x401144
SetFilePointer	0x401148
ExitProcess	0x40114c
WriteFile	0x401150
GetStdHandle	0x401154
GetModuleFileNameA	0x401158
GetModuleFileNameW	0x40115c
FreeEnvironmentStringsW	0x401160
GetEnvironmentStringsW	0x401164
GetCommandLineW	0x401168
SetHandleCount	0x40116c
GetFileType	0x401170
GetStartupInfoA	0x401174
QueryPerformanceCounter	0x401178
GetCurrentProcessId	0x40117c
GetSystemTimeAsFileTime	0x401180
HeapSize	0x401184
GetUserDefaultLCID	0x401188
GetLocaleInfoA	0x40118c
EnumSystemLocalesA	0x401190
GetStringTypeA	0x401194
GetStringTypeW	0x401198
InitializeCriticalSectionAndSpinCount	0x40119c
SetStdHandle	0x4011a0

Function	Address	Souspicious	Anti Debug
GetCharWidthI	0x401000

Function	Address	Souspicious	Anti Debug
CharToOemBuffA	0x4011a8
GetMenuItemID	0x4011ac
GetKeyNameTextA	0x4011b0
GetMessageExtraInfo	0x4011b4
ChangeMenuA	0x4011b8
GetParent	0x4011bc
LoadMenuA	0x4011c0
GetClassInfoExW	0x4011c4
CopyIcon	0x4011c8
LoadBitmapW	0x4011cc
DdeQueryStringA	0x4011d0
CloseWindow	0x4011d4

Name	Latest seen	MD5
s1.exe	2023-09-14 23:51:02	1d6a742534494f66081d5b70f44f6695

timeSync.exe

File details

File features detected

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 8

Meta infos 7

Packers detected 2

Anti debug functions 5

Strings analysis - File found

Strings analysis - Possible IPs found 1

Import functions

Related files by ImpHash 1 85f93ec750e6f7137bb7fe5a5261ac14