8fb5b5f1839e95ac270e08f46846e9cf.exe

First submission 2022-07-30 14:38:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 322.5 KB (330240 bytes)
Compile time: 2021-02-03 09:27:57
MD5: 8fb5b5f1839e95ac270e08f46846e9cf
SHA1: e5ff39565e09bf71c07fc6285bb70599a4f19c19
SHA256: 766fec42cf6394a87446102a6c349c7573bd0f4dbd9661c38ca0331cb1f8f5cc
Import Hash : 73817fdcf5e060754c857c25379aa393
Sections 6 .text .data .jaxede .visazol .kub .rsrc
Directories 3 import resource debug
Virus Total: 50/71 VT report date: 2022-07-30 10:52:52

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://194.180.174.9/8fb5b5f1839e95ac270e08f46846e9cf.exe VirusTotal Report 194.180.174.9 VirusTotal Report 2022-07-30 14:38:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x3133c 201728 9a059ee81e9fd35a64970c354589fb232dc934fe 69e500326f317afca25b7c6f65d9cce3
.data 0x33000 0x19fd4 69632 43049f893ccb9700c251dd4b7ff1e766f8c570ad 2cf0693a90ea555a3dd963c0b88f0b90
.jaxede 0x4d000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.visazol 0x4e000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.kub 0x4f000 0x96 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x50000 0xd780 55296 c862d8fadb7fb2716dc51dd6acdba002e58279df a41a98eb8d71d111d38e36824e190985

PE Resources 8

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_KOREAN SUBLANG_KOREAN 0x5d3f0 2
MIMELA LANG_KOREAN SUBLANG_KOREAN 0x5cfe8 762
RT_ICON LANG_KOREAN SUBLANG_KOREAN 0x5cb08 1128
RT_STRING LANG_KOREAN SUBLANG_KOREAN 0x5d538 582
RT_ACCELERATOR LANG_KOREAN SUBLANG_KOREAN 0x5d2e8 112
RT_GROUP_ICON LANG_KOREAN SUBLANG_KOREAN 0x530e8 76
RT_VERSION LANG_KOREAN SUBLANG_KOREAN 0x5d3f8 316
None LANG_KOREAN SUBLANG_KOREAN 0x5d3c0 10

Meta infos 1

Translations: 0x0353 0x036f

Anti debug functions 7

GetLastError
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
MSPDB80.DLL
USER32.dll
MSIMG32.dll

Strings analysis - Possible IPs found 2

95.77.6.8
68.41.92.92

Import functions