index.php

First submission 2023-09-15 14:11:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 273.0 KB (279552 bytes)
Compile time: 2023-01-18 05:24:13
MD5: 9dfb568692c3817a381c171965d30e1c
SHA1: e847116021531b7c6698d0139a71df35063a4f44
SHA256: df00495c90fb232caa1ae4a5cbaf9ab7460f8bc05fe56286eaa89e82500f0d05
Import Hash : ed59ec9c2e7c8ef8d97dbc8b84b56759
Sections 3 .text .data .rsrc
Directories 2 import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://ig-alajman.com/tmp/index.php VirusTotal Report ig-alajman.com VirusTotal Report 2023-09-15 14:11:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1eec2 126976 d4786202216b62d3d2a6492fdd239d181e3a18ae a535581d6266b26143b5f464e7ac25f3
.data 0x20000 0x2e29ac 91136 5108794fb38a8c1c328b14aede9fdfabc5f07f35 5f19d4d3dfaaecba852a05c244b91579
.rsrc 0x303000 0xeb28 60416 bd0f021bc8ab9265fcfdbf736dcfe9e81bb2cccb b17cc778acb0ef1a06f725a751576cf0

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x3106f0 2216
RT_ICON LANG_SINDHI SUBLANG_SYS_DEFAULT 0x30ef18 1128
RT_STRING LANG_SINDHI SUBLANG_SYS_DEFAULT 0x311660 1224
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x3106c0 48
RT_GROUP_ICON LANG_SINDHI SUBLANG_SYS_DEFAULT 0x308b60 90
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x310fb0 640

Meta infos 8

InternalName: Cascader.exe
FileVersions: 49.51.44.114
LegalCopyrights: Challangers bottle
CompanyName: Phunderstuck
ProductVersion: 57.5.64.0
FileDescriptions: Anybodies
Translation: 0x124e 0x03fe
ProductName: Bonni

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
SHELL32.dll
WINHTTP.dll
USER32.dll
ole32.dll
GDI32.dll

Strings analysis - Possible IPs found 1

49.51.44.114

Import functions

Name Latest seen MD5
index.php 2023-09-15 14:34:02 cb77680df3b88a997837d29478d8a9fa