RjXoD.exe

First submission 2022-08-02 21:02:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 273.5 KB (280064 bytes)
Compile time: 2022-03-01 12:50:40
MD5: 8f98297f190db64c6c1bb9b85b78eca5
SHA1: 1bef5e61a3c11a8651870f3ad386f0a09f94de52
SHA256: 3adeefdaffda88ac8183d5c4164c9ad10b63c039c72fac187a596f4fcf906c00
Import Hash : e03c5ea8e25367650e1f4380ec0a6eaf
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total: 50/70 VT report date: 2022-08-02 18:35:46

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 3

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/HkAmK.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:02:01
hXXp://109.206.241.81/htdocs/mTGTn.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:29:06
hXXp://109.206.241.81/htdocs/RjXoD.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:30:06

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x34016 213504 8b11a6a75c0c4afe17527437d4e61daf1550e22a 7a9ddb67ce72e7dd208024ba88169987
.rdata 0x36000 0xc21a 50176 5373541278a7844171c7571155eaa60f5a50d01c 4c609e35f19a5036177e73609e0d0d2c
.data 0x43000 0x83d4 5120 3c8e3c7c0ace2ae991996cc536a89bad149de62e 1c9d521216dda7a411c965e7a6c88f9e
.rsrc 0x4c000 0x1e0 512 ef576397c23665da98fde8f33b2c3dab7de7f27d 62c766a35b447894162bbd059d638ccf
.reloc 0x4d000 0x242c 9728 720ba7ac174ae9d214d23395ebdb9195fcbb6b35 b0d1e45242ac1ae5a2dbb390beb9337a

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x4c060 381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32First
Process32Next
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
SHLWAPI.dll
SHELL32.dll
Crypt32.dll
KERNEL32.dll
WINHTTP.dll
WS2_32.dll
ADVAPI32.dll
USER32.dll
IPHLPAPI.DLL
PSAPI.DLL
%s\Sqlite3\sqlite3.dll
NETAPI32.dll
ole32.dll
GDI32.dll

Strings analysis - Possible IPs found 1

1.1.1.1

Strings analysis - Possible URLs found 1

http://%s%%s%.2d-%.2d-%.4d

Import functions

Name Latest seen MD5
rZDBX.exe 2022-08-02 21:24:01 b701f11ecf355febaa54d234d9b33529