07-31-125922.exe

First submission 2022-08-01 17:18:03

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
File type: 772.0 KB (790528 bytes)
Compile time: 2015-12-24 09:56:02
MD5: 95a7535e2d9c9476854c21e9d60cda33
SHA1: 2ca95876d93d9c51cd450d473a76f19aa10ca3e7
SHA256: 73142c245e43c79909df91cc6713f019b62e0d626f995af47d5dbe2f52c22ebc
Import Hash : 5bc8a0631fa7fd2b752e4b03f17591f9
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 4 import resource tls relocation
Virus Total: 19/71 VT report date: 2022-08-01 15:01:46

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://173.242.115.166/AAAA/1/07-31-125922.exe VirusTotal Report 173.242.115.166 VirusTotal Report 2022-08-01 17:18:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x51f45 335872 23c60d2459eca4aba82a0860856d1333d426ccc4 df40cf9b821c9928ed40ca902171ae31
.rdata 0x53000 0x2e09c 188928 e2d3db6cdce595aec150565372bd0ee125aa7681 da2b7cc3f7b38f9b1eb8b5f79ed456e8
.data 0x82000 0xe598 37376 1f53dbf7a72b11ab0edf0eb3a6c70ca033c579ef 5af370bef3a5f457d3db113a45e6ce1f
.pdata 0x91000 0x1524 5632 a70b616d5d603225e7386f20993fd7ff7acda631 4a1b4258316f667ebfc7f131961870c5
.rsrc 0x93000 0x35fd8 221184 d122b17fe886f57721202e6d2726c6d7d0f195e9 9f558f207a8c070dae23e2c7dd8d39fa
.reloc 0xc9000 0x7c 512 3347d8af2b042f7b16c23c9764a3174dd97c0a82 70cf131f24181025d895f2749e4af158

PE Resources 4

Name Language Sublanguage Offset Size Data
OCX LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x97650 202752
RT_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x971a8 1128
RT_GROUP_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x97610 62
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xc8e50 392

Anti debug functions 6

FindWindowW
GetLastError
OutputDebugStringW
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
ntdll.dll
USER32.dll
GDI32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
08-01-022710.exe 2022-08-01 15:27:03 d557f062295665080e28063b06b35872
08-01-203902.exe 2022-08-01 16:41:03 6ba6939dd3340c258d0bb7e6713f7a8f