2.jpg

First submission 2024-10-12 02:13:04

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	629.0 KB (644096 bytes)
Compile time:	2024-04-14 23:32:00
MD5:	9d987b63de67acf038bf01bbcc04b841
SHA1:	698ecd6246528661cc8c165f80ab1683f12a4a82
SHA256:	5933db4a297cbade801e22b01ccc290b279dcc3f69adb7f6898cd5b914553b0e
Import Hash :	237b17b2e4a814f3a0a6b82394c41992
Sections 6	.text .data .vavoy .cog .rsrc .reloc
Directories 4	import resource debug relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	25/77 VT report date: 2024-10-12 01:54:30
Malware Type 1	trojan

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://odoo.kseibitools.com/drhbntdenedrhn/2.jpg	odoo.kseibitools.com	2024-10-12 02:13:04

PE Sections 2 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x7e6dc	518144	9773a256d9ca91ffcd0feff8e8d8d456d610f427	8428052b852ca87d2bd229448c45c35a
.data	0x80000	0x11ab8	25088	5a65b2f980fe938cc359084e207ff4abb675728d	0303ff4e4e7e64761c1910a6d00f8105
.vavoy	0x92000	0x400	1024	60cacbf3d72e1e7834203da608037b1bf83b40e8	0f343b0931126a20f133d67c2b018a3b
.cog	0x93000	0xd6	512	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5	bf619eac0cdf3f68d496ea9344137e8b
.rsrc	0x94000	0x15e60	90112	d5f039d1ed78501156d44ea85603bdac819e6d37	2666adc8437e6a2c786e3cb9c74764bf
.reloc	0xaa000	0x1ebe	8192	1be581089024f55e86a31a19def0659adbdfc562	ff424a81e95314703e2898bd9967ca36

PE Resources 8

Name	Language	Sublanguage	Offset	Size	Data
RT_CURSOR	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xa8c48	1384
RT_ICON	LANG_TAMIL	SUBLANG_DEFAULT	0xa6b48	1128
RT_DIALOG	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xa9448	88
RT_STRING	LANG_TAMIL	SUBLANG_DEFAULT	0xa99b0	1200	PE Resource: RT_STRING - Data Mihezuze kabunenihuwakejGojerisidizawicVetopixacoc hahitajeposa cojiremujucij rotebinahorak tadazesaca yawedavopaya tahoyu fay yerejaxetiljTagosox nocakeg potah serexogewayihur negena hizacomikapuwuk dofenejapuh viruwuriloko rura nojasolofofelamYixehoxukuzaka riharecuverLucadaj xunowisukupewiwLoxunudo goputASugepa wakuvavatoyopam wekopanecuyikit piwijofozip pam tigexifibe DukisifobayajLKevafakoyu bizozog yevazehola foliyumokije dod peci hovizenex yejusaj kocotu%Jemu sihek kihihovipus yixubawecowonePRin cobizunine lulilucibigexid noyurobud lobagowima rodipaf xinezed minupojefukaSikoxop
RT_ACCELERATOR	LANG_TAMIL	SUBLANG_DEFAULT	0xa7028	72
RT_GROUP_CURSOR	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xa91b0	48
RT_GROUP_ICON	LANG_TAMIL	SUBLANG_DEFAULT	0xa6fb0	118
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0xa91e0	612	PE Resource: RT_VERSION - Data d4VS_VERSION_INFOU.Z%StringFileInfo032414E68FileVersions40.57.97.63DInternalNamesPinchesHotLapas>FileDescriptionLocalSnaip\LegalCopyrightCopyright (C) 2023, Pedrajo0ProductNameGelikos>ProductVersions13.5.43.42DVarFileInfo$Translation

Meta infos 7

LegalCopyright:	Copyright (C) 2023, Pedrajo
InternalNames:	PinchesHotLapas
FileVersions:	40.57.97.63
FileDescription:	LocalSnaip
Translation:	0x0209 0x04e4
ProductVersions:	13.5.43.42
ProductName:	Gelikos

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
SHELL32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

40.57.97.63
13.5.43.42

Import functions

SHELL32.dll 1 KERNEL32.dll 116 GDI32.dll 3

Function	Address	Souspicious	Anti Debug
FindExecutableA	0x4011e4

Function	Address	Souspicious	Anti Debug
ClearCommError	0x401010
EnumCalendarInfoW	0x401014
InterlockedDecrement	0x401018
GetCurrentProcess	0x40101c
GetLogicalDriveStringsW	0x401020
SetComputerNameW	0x401024
GetTimeFormatA	0x401028
GetTickCount	0x40102c
CreateNamedPipeW	0x401030
GetNumberFormatA	0x401034
GetConsoleAliasExesW	0x401038
TlsSetValue	0x40103c
GetEnvironmentStrings	0x401040
LoadLibraryW	0x401044
GetLocaleInfoW	0x401048
_hread	0x40104c
GetCalendarInfoW	0x401050
SetVolumeMountPointA	0x401054
CreateSemaphoreA	0x401058
GetFileAttributesW	0x40105c
CreateActCtxA	0x401060
CreateJobObjectA	0x401064
VerifyVersionInfoW	0x401068
InterlockedExchange	0x40106c
GetLastError	0x401070
GetCurrentDirectoryW	0x401074
CreateProcessW	0x401078
EnumSystemCodePagesW	0x40107c
SetFileAttributesA	0x401080
DefineDosDeviceA	0x401084
GlobalFree	0x401088
FindClose	0x40108c
LoadLibraryA	0x401090
LocalAlloc	0x401094
CreateHardLinkW	0x401098
GetNumberFormatW	0x40109c
FoldStringW	0x4010a0
SetEnvironmentVariableA	0x4010a4
GetModuleFileNameA	0x4010a8
EnumDateFormatsA	0x4010ac
GlobalUnWire	0x4010b0
WaitForDebugEvent	0x4010b4
OpenEventW	0x4010b8
GetShortPathNameW	0x4010bc
SetFileShortNameA	0x4010c0
GetDiskFreeSpaceExA	0x4010c4
GetVersionExA	0x4010c8
ReadConsoleInputW	0x4010cc
GetTempPathA	0x4010d0
LocalFree	0x4010d4
LCMapStringW	0x4010d8
CommConfigDialogW	0x4010dc
SetFilePointer	0x4010e0
EnumCalendarInfoA	0x4010e4
GetProcAddress	0x4010e8
GetComputerNameA	0x4010ec
CloseHandle	0x4010f0
MultiByteToWideChar	0x4010f4
HeapFree	0x4010f8
UnhandledExceptionFilter	0x4010fc
SetUnhandledExceptionFilter	0x401100
HeapReAlloc	0x401104
HeapAlloc	0x401108
GetStartupInfoW	0x40110c
RaiseException	0x401110
RtlUnwind	0x401114
TerminateProcess	0x401118
IsDebuggerPresent	0x40111c
GetCPInfo	0x401120
InterlockedIncrement	0x401124
GetACP	0x401128
GetOEMCP	0x40112c
IsValidCodePage	0x401130
GetModuleHandleW	0x401134
TlsGetValue	0x401138
TlsAlloc	0x40113c
TlsFree	0x401140
SetLastError	0x401144
GetCurrentThreadId	0x401148
HeapCreate	0x40114c
VirtualFree	0x401150
DeleteCriticalSection	0x401154
LeaveCriticalSection	0x401158
EnterCriticalSection	0x40115c
VirtualAlloc	0x401160
Sleep	0x401164
HeapSize	0x401168
ExitProcess	0x40116c
WriteFile	0x401170
GetStdHandle	0x401174
GetModuleFileNameW	0x401178
FreeEnvironmentStringsW	0x40117c
GetEnvironmentStringsW	0x401180
GetCommandLineW	0x401184
SetHandleCount	0x401188
GetFileType	0x40118c
GetStartupInfoA	0x401190
QueryPerformanceCounter	0x401194
GetCurrentProcessId	0x401198
GetSystemTimeAsFileTime	0x40119c
LCMapStringA	0x4011a0
WideCharToMultiByte	0x4011a4
GetStringTypeA	0x4011a8
GetStringTypeW	0x4011ac
GetLocaleInfoA	0x4011b0
InitializeCriticalSectionAndSpinCount	0x4011b4
ReadFile	0x4011b8
SetStdHandle	0x4011bc
GetConsoleCP	0x4011c0
GetConsoleMode	0x4011c4
FlushFileBuffers	0x4011c8
GetModuleHandleA	0x4011cc
WriteConsoleA	0x4011d0
GetConsoleOutputCP	0x4011d4
WriteConsoleW	0x4011d8
CreateFileA	0x4011dc

Function	Address	Souspicious	Anti Debug
CreateDCA	0x401000
GetCharWidth32A	0x401004
GetCharWidthI	0x401008