GsLQA.exe

First submission 2022-08-02 20:53:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 136.0 KB (139264 bytes)
Compile time: 2022-08-01 04:03:08
MD5: 97ea1fd26da454e1502d7f4de38a21af
SHA1: 4aa14c0146621373c9e022c626f9e50560947389
SHA256: d5adba5715cd10a3c9dcf11d7ab1e30834050eef7513bda558bfe39a53a364ac
Import Hash : 4f7271df0bf201cf627af3103fba2c2e
Sections 3 .text .data .rsrc
Directories 2 import resource
Virus Total: 48/71 VT report date: 2022-08-02 15:04:57

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/GsLQA.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 20:53:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1e4d0 126976 3cc71aaa760bf235686d0c39f277ae0357e5fff1 03c8f8e948569605f4db7ce59cf1e88b
.data 0x20000 0xbd4 4096 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x21000 0x9bc 4096 b8ea8e435aa5ae5044cfac87dfa242a7f72bf1c7 2a7d8bd60164d5666eef78d95416c78c

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x2147c 296
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x2144c 48
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x21150 764

Meta infos 11

FileDescription: pugging
OriginalFilename: palmful.exe
LegalCopyright: indris 331
Translation: 0x0409 0x04b0
InternalName: palmful
Comments: palosapis
LegalTrademarks: firebreaks
FileVersion: 2.02.0002
ProductName: fireboats
ProductVersion: 2.02.0002
CompanyName: floral

Packers detected 2

Microsoft Visual Basic v5.0
Microsoft Visual Basic v5.0 - v6.0

Strings analysis - File found

Compressed
\CryptoWallets.zip
\Files.zip
Autogen
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Library
KERNEL32.dll
MSVBVM60.DLL
WININET.dll
SHELL32.dll
VBA6.DLL

Strings analysis - Possible URLs found 1

https://api.telegram.org/bot

Import functions

Name Latest seen MD5
xPBAQ.exe 2022-07-06 18:26:01 c7468437984c0dbc9da355e31bc153e7
jHRLw.exe 2022-07-26 20:58:02 bee47439c4960e2728594ece9ad95ba7
NqHNP.exe 2022-07-27 23:06:02 d7b1362070332023e5163fc54bc9decc
LqAST.exe 2022-07-28 14:26:02 a64c16946bf03bfa2c52aba4dd0b55cc
JaYSN.exe 2022-08-02 20:38:02 a3c20b8c564076ca4e520a99c6cd1764
RdSwQ.exe 2022-08-02 20:30:02 6862264bbd7688ac4bd96f16786cd153