EXACT_ITEM.exe

First submission 2024-07-08 20:46:09

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 15623.5 KB (15998464 bytes)
Compile time: 1970-01-01 01:00:00
MD5: 9babf09115135e3726636ed32790bd36
SHA1: f97bdffbfcdfabb593c55c2a5a7d571472d0260e
SHA256: c3892920df52a2b4ba986c2eafeb5c2481a419c32fad3307f20ff03548542247
Import Hash : f0ea7b7844bbc5bfa9bb32efdcea957c
Sections 6 .text .rdata .data .idata .reloc .symtab
Directories 2 import relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 34/78 VT report date: 2024-07-08 20:38:28
Malware Type 2 trojan hacktool
Threat Type 3 dump marte tango

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.216.68.62/EXACT_ITEM.exe VirusTotal Report 185.216.68.62 VirusTotal Report 2024-07-08 20:46:09

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x94e17d 9757184 d49be397a229e649d60becace2260b714d3c2418 86b8abf4d9487b0ac147b1f7279cde05
.rdata 0x950000 0x589868 5806592 b3d356e4453cd8dff2cafd4f961ad3e6c5753f03 940e7dda208acc8f5124fa03f8aff3b6
.data 0xeda000 0xaf3f0 266752 a4f90afb6aafb2d95c63278bc606aff48d484af0 4f2d8eb62397947503476fe43e7246b7
.idata 0xf8a000 0x490 1536 835e50526b00902dbcac559495d3bb5a13d6c8b0 c7f76d57da7ab15d31eb73d41ddcc606
.reloc 0xf8b000 0x2800a 164352 449c35587e44a2efb525c541eddc812ff115c7bd 9551edc721316abc3da45113b3fb4cb9
.symtab 0xfb4000 0x4 512 943ae54f4818e52409fbbaf60ffd71318d966b0d 07b5472d347d42780469fb2654b7fc54

Strings analysis - File found

Log
ENlDerU.(*WbZZGITLJn).Log
Library
_32.dll
rof.dll
KERNEL32.dll
L32.DLL
i32.dll

Strings analysis - Possible IPs found 3

5.4.52.5
72.5.4.82
4.62.5.4

Strings analysis - Possible URLs found 1

http://invalidkpasswdlookup

Import functions

Name Latest seen MD5
test1.exe 2023-04-17 11:53:05 eae20dc5eacb216a11b23d6a8c0e33d7
torbrowser-install-win64-12.0.7_ALL.exe 2023-06-19 06:03:03 92c0b25164e3d01e24e33a18ec2c901c
BLONDE_BURN-OUT.exe 2024-05-30 14:49:03 9cfae68caf4b61735e80d67f0d40783a
BEWILDERED_PERFORMANCE.exe 2024-05-30 14:50:03 8a507369e99f1dfd5e592ef24ce405d7
PAYABLE_USER.exe 2024-05-30 14:51:03 ea33b7eb965d8b552a75349946963151
my.exe 2024-07-07 16:54:27 6470b936622d9502880cae6452d1bb48