joekr1234.exe

First submission 2024-02-11 06:24:03

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 2535.5 KB (2596352 bytes)
Compile time: 2024-02-10 14:11:12
MD5: 8eee0f0bcbb9d63691ac5cda65dfc44c
SHA1: 4951089c091c3f76a34b7c1ca7f2ef11d9c7a272
SHA256: ca7889d0eef0b84b31b707105c710e793aa02f3a1ca8d48294f8a488ef2526fa
Import Hash : 5d68de0544abec4f6be91e05245b348d
Sections 7 .text .rdata .data .pdata .00cfg .tls .reloc
Directories 3 import tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.233.132.167/lend/joekr1234.exe VirusTotal Report 193.233.132.167 VirusTotal Report 2024-02-11 06:24:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x42c6 17408 684120b72778265177af5910217a608a23c0b172 7c8beece6efc5ee7d64b1c2339a3558f
.rdata 0x6000 0x1308 5120 2908139e10d77ad9a417baa3870811ed544868dd cb1c54257994ec4b58baff5a2665c0a5
.data 0x8000 0x274050 2570752 7552782609e59db4acd7a6d9a2a4d5bc34918099 e79cc3d1a8063823813c09077d5d501d
.pdata 0x27d000 0x150 512 6a1d9ef3400719c2587744f0d917b03d42c28aed 9ce9290d2a6663027324a0a7d7ec9746
.00cfg 0x27e000 0x10 512 7c9d8859eadd0c878ef339317f1dd025b88a243c b18c7380298e104adf73576fa46bccc1
.tls 0x27f000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x280000 0x70 512 1aeb21720175892d36fb7ca34987d8910a5cab24 21c7bf501fa711ea026cf9c19cc17ae2

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
KERNEL32.dll
MSVCRT.dll

Import functions

Name Latest seen MD5
goldman1234.exe 2024-02-11 05:23:03 5f4f97f402bcd5935346a94e47299ec1