imgdisk.exe

First submission 2024-09-28 10:19:03 Last sumbission 2024-09-28 16:26:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
Mime type: application/x-dosexec
File size: 67.36 KB (68976 bytes)
Compile time: 2010-01-14 08:39:11
MD5: 935cd858e1bfa763e24214f64e400a15
SHA1: f8d129e7288a9c41a0bd44521b253a6f708d9684
SHA256: c3c6e841f611923135474590c9c7c770a49f0c87c4e1850e13bb2b48ffdb5104
Import Hash : c8a8ef37698bf1e948c8418dacb0c614
Sections 3 UPX0 UPX1 .rsrc
Directories 3 import resource relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 10/76 VT report date: 2024-09-28 09:48:28
Malware Type 1 worm
Threat Type 1 convagent

URLs, FQDN and IP indicators 4

URL Host (FQDN/IP) Date Added
hXXp://141.147.155.36:8888/imgdisk.exe VirusTotal Report 141.147.155.36 VirusTotal Report 2024-09-28 16:26:05
hXXp://220.201.200.235:8199/IMG%E5%86%99%E7%9B%98%E5%B7%A5%E5%85%B7.exe VirusTotal Report 220.201.200.235 VirusTotal Report 2024-09-28 10:22:04
hXXp://210.76.37.140:8199/IMG%E5%86%99%E7%9B%98%E5%B7%A5%E5%85%B7.exe VirusTotal Report 210.76.37.140 VirusTotal Report 2024-09-28 10:21:05
hXXp://42.185.57.78:8199/IMG%E5%86%99%E7%9B%98%E5%B7%A5%E5%85%B7.exe VirusTotal Report 42.185.57.78 VirusTotal Report 2024-09-28 10:19:03

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0x14000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x15000 0x7000 28672 7d63ebb4f4163b361122c3938234fd9fb3babbbc 8103a77ceaa98114252288777d3b83b9
.rsrc 0x1c000 0x9000 34304 83611e71f1eb4aeb91d1f076397fb90d25c559de 6ce6287f60391820fb974ab915310f48

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_AUS 0x1c284 18280
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_AUS 0x23348 1192
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_AUS 0x23cd8 198
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_AUS 0x23da4 48
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_AUS 0x23dd8 836
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_AUS 0x24120 597

Meta infos 13

LegalCopyright: Copyright \xa9 2009
InternalName: DiskImg
FileVersion: 1, 6, 0, 0
FileDescription: Disk Image
SpecialBuild:
CompanyName: Roadkil.Net
LegalTrademarks:
Comments:
ProductName: Roadkil's DiskImg
ProductVersion: 1, 6, 0, 0
PrivateBuild:
Translation: 0x0c09 0x04b0
OriginalFilename: DiskImg.exe

Packers detected 3

UPX v0.80 - v0.84
UPX 2.90 (LZMA)
UPX -> www.upx.sourceforge.net

Strings analysis - File found

Library
KERNEL32.dll
USER32.dll
SHELL32.dll
COMDLG32.dll
GDI32.dll
ADVAPI32.dll
WS2_32.dll

Strings analysis - Possible URLs found 6

http://www.usertrust.com1
http://ocsp.comodoca.com0
http://crl.usertrust.com/UTN-USERFirst-Object.crl0
http://crl.usertrust.com/UTN-USERFirst-Object.crl04
https://secure.comodo.net/CPS0B
http://crl.usertrust.com/UTN-USERFirst-Object.crl0)

Import functions