32.exe

First submission 2024-02-04 18:29:07

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 253.5 KB (259584 bytes)
Compile time: 2022-05-02 13:51:30
MD5: 9f0408f176f9f9d3095be30eaf39f08f
SHA1: 0c464c35b780ca914b774d9c98dbb1200bc8c47a
SHA256: 91638e95f0d750b08fe1ddb918ddfc05ec9315b041f3d6f849d1de03687d2f5c
Import Hash : 9d7ac77a44667ba5186f7bb12dfd9d42
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://175.24.197.196/32.exe VirusTotal Report 175.24.197.196 VirusTotal Report 2024-02-04 18:29:07

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x292e6 168960 4a577fc59542a34c6654f2f14c6d1cd240e7eef0 1eafc4753d54461bad142c5864d0ecab
.rdata 0x2b000 0xb028 45568 07064a46e21e88950c57cacae23818e0a05482b1 e77bda15c7c1e264db0eea35982855a0
.data 0x37000 0xa098 20992 7af0f07839d7123aea89c8ae2b76d4839b5abb97 0adfe23164e14c60cc2884e1ba3dd2c2
.rsrc 0x42000 0x1b4 512 6e6ab1ba61890c5eb16207bfa2699ffbd56f8654 131ab96a76e30692c2b8b447f8a78161
.reloc 0x43000 0x57dc 22528 d4b9528b0668d5b24b01734065690a8dbf99046f b69554faf4fbb3d20609286dfa1e3e72

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x42058 346

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

FindWindowA
GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
SHELL32.dll
ntdll.dll
WUSER32.DLL
ADVAPI32.dll
okernel32.dll
KERNEL32.dll
WININET.dll
mscoree.dll
NETAPI32.dll
SHLWAPI.dll
WINMM.dll
OLEAUT32.dll
WS2_32.dll
USER32.dll
DINPUT8.dll
ole32.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Import functions

Name Latest seen MD5
lux32.exe 2024-02-04 18:30:04 2d129049627290cb0ece76e92a8643aa