DigitalSide Threat Intel

d74f5005fa82.exe

First submission 2024-10-15 12:58:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 577.04 KB (590888 bytes)
Compile time: 2024-10-15 12:46:03
MD5: 97205cf6d2ee23dd42eeea47c32edd53
SHA1: 4745a0c8545debf45ad0d6f805ae508f3f1c3f01
SHA256: 6fa9268638e75c526a1fc43ce16201b346c956f16c7676514a500c1aa1792fdc
Import Hash : 5569ec101333623476b6cdb226005b45
Sections 4 .text .rdata .data .reloc
Directories 5 import debug tls relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://assets.gziraq.com/css/d74f5005fa82.exe VirusTotal Report assets.gziraq.com VirusTotal Report 2024-10-15 12:58:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x28799 165888 60899875b8263833b663ab4e8c0b7af3af722aae e3e406e9f18fe6d4141c93714e141fa9
.rdata 0x2a000 0xc3b2 50176 16e3e1c5a5694de31a700e5774cd8465abebf78b 19c92685795aed0b5ca2ea0ea9665f6a
.data 0x37000 0x57738 354304 d55d8987d3d9e103216720b2ef2d8663ca39eccd a4d51d82c5f86f9a6f56e818a932f57d
.reloc 0x8f000 0x2420 9728 adff552f8557fb625d66f4c28754489c98adb06a 1d67c2ffe2de331ca16e9a3e390097e6

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
7cd905d59ba4f31c082c2e2bfd88980f 7f1b1df25765fde2a6305fe2fe1ce76edfbe0529 9768 581120

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Strings analysis - Possible URLs found 15

http://www.entrust.net/rpa03
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://crl.entrust.net/2048ca.crl0
http://www.digicert.com/CPS0
https://www.entrust.net/rpa0
http://ocsp.entrust.net02
http://ocsp.entrust.net03
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl.entrust.net/ts1ca.crl0
http://ocsp.digicert.com0\
http://aia.entrust.net/ts1-chain256.cer01
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

Import functions

Function Address Souspicious Anti Debug
CloseHandle 0x42a000
FreeConsole 0x42a004
ReleaseSRWLockExclusive 0x42a008
AcquireSRWLockExclusive 0x42a00c
WakeAllConditionVariable 0x42a010
SleepConditionVariableSRW 0x42a014
IsProcessorFeaturePresent 0x42a018
IsDebuggerPresent 0x42a01c
UnhandledExceptionFilter 0x42a020
SetUnhandledExceptionFilter 0x42a024
GetStartupInfoW 0x42a028
GetModuleHandleW 0x42a02c
QueryPerformanceCounter 0x42a030
GetCurrentProcessId 0x42a034
GetCurrentThreadId 0x42a038
GetSystemTimeAsFileTime 0x42a03c
InitializeSListHead 0x42a040
GetCurrentProcess 0x42a044
TerminateProcess 0x42a048
WideCharToMultiByte 0x42a04c
GetStringTypeW 0x42a050
MultiByteToWideChar 0x42a054
RaiseException 0x42a058
TryAcquireSRWLockExclusive 0x42a05c
GetLastError 0x42a060
FreeLibraryWhenCallbackReturns 0x42a064
CreateThreadpoolWork 0x42a068
SubmitThreadpoolWork 0x42a06c
CloseThreadpoolWork 0x42a070
GetModuleHandleExW 0x42a074
InitOnceBeginInitialize 0x42a078
InitOnceComplete 0x42a07c
EncodePointer 0x42a080
DecodePointer 0x42a084
EnterCriticalSection 0x42a088
LeaveCriticalSection 0x42a08c
InitializeCriticalSectionEx 0x42a090
DeleteCriticalSection 0x42a094
LCMapStringEx 0x42a098
GetProcAddress 0x42a09c
GetCPInfo 0x42a0a0
CreateFileW 0x42a0a4
RtlUnwind 0x42a0a8
SetLastError 0x42a0ac
InitializeCriticalSectionAndSpinCount 0x42a0b0
TlsAlloc 0x42a0b4
TlsGetValue 0x42a0b8
TlsSetValue 0x42a0bc
TlsFree 0x42a0c0
FreeLibrary 0x42a0c4
LoadLibraryExW 0x42a0c8
ExitProcess 0x42a0cc
GetModuleFileNameW 0x42a0d0
GetStdHandle 0x42a0d4
WriteFile 0x42a0d8
GetCommandLineA 0x42a0dc
GetCommandLineW 0x42a0e0
HeapAlloc 0x42a0e4
HeapFree 0x42a0e8
CompareStringW 0x42a0ec
LCMapStringW 0x42a0f0
GetLocaleInfoW 0x42a0f4
IsValidLocale 0x42a0f8
GetUserDefaultLCID 0x42a0fc
EnumSystemLocalesW 0x42a100
GetFileType 0x42a104
FindClose 0x42a108
FindFirstFileExW 0x42a10c
FindNextFileW 0x42a110
IsValidCodePage 0x42a114
GetACP 0x42a118
GetOEMCP 0x42a11c
GetEnvironmentStringsW 0x42a120
FreeEnvironmentStringsW 0x42a124
SetEnvironmentVariableW 0x42a128
GetProcessHeap 0x42a12c
SetStdHandle 0x42a130
GetFileSizeEx 0x42a134
SetFilePointerEx 0x42a138
FlushFileBuffers 0x42a13c
GetConsoleOutputCP 0x42a140
GetConsoleMode 0x42a144
ReadFile 0x42a148
HeapReAlloc 0x42a14c
HeapSize 0x42a150
ReadConsoleW 0x42a154
WriteConsoleW 0x42a158

Related files by ImpHash 3 5569ec101333623476b6cdb226005b45

Name Latest seen MD5
63e909b3647d.exe 2024-10-15 06:42:02 a3c8303513d8123153c8c368ed72d8ee
f2e7fcb20146.exe 2024-10-15 12:59:02 52d72533b757da622a9d7c76abd8b70d
7f3c2473d1e6.exe 2024-10-15 13:00:02 3d8c2fb9d4272ae0a835faa7715132ef