9f48a667f96c0cd55c6f6acd68976563.exe

First submission 2022-08-04 11:11:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 172.0 KB (176128 bytes)
Compile time: 2021-05-07 23:17:52
MD5: 9f48a667f96c0cd55c6f6acd68976563
SHA1: 87622ba459b912a040a3919cf5e4d4c6af7ff8dc
SHA256: d9cd94b48ccedbd006ec0c6c3d24f0fe18fa60d7a20f90408acbc3617d37126b
Import Hash : f223df6ba3d23a8392f7d42fced67683
Sections 3 .text .data .rsrc
Directories 3 import resource debug
Virus Total: 57/71 VT report date: 2022-08-04 06:22:19

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.106.191.168/9f48a667f96c0cd55c6f6acd68976563.exe VirusTotal Report 193.106.191.168 VirusTotal Report 2022-08-04 11:11:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x204c2 132608 5d8a55116682694ab64d3c01954313aed927a438 531af324d144d368449c138ccb7fc63c
.data 0x22000 0x2083910 11776 2c9d7d2fed787c845faf9b2274c4caf028fdbad6 e66e5b96de18e424c387b0b1b143fe3d
.rsrc 0x20a6000 0x7720 30720 e5eb24cbf61c43b4fb81acfd716205b4bc6d80e6 0fb0fc372e41c18fd6b260a1e679228b

PE Resources 5

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x20ac480 14
RT_ICON LANG_KANNADA SUBLANG_DEFAULT 0x20abfb0 1128
RT_STRING LANG_FRENCH SUBLANG_FRENCH_SWISS 0x20ad210 1296
RT_GROUP_ICON LANG_KANNADA SUBLANG_DEFAULT 0x20ac418 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x20ac490 408

Meta infos 3

FileVersions: 48.90.12.34
Copyrighz: Copyright (C) 2022, pozkarte
ProjectVersion: 84.64.75.52

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
ADVAPI32.dll
WINHTTP.dll
KERNEL32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

48.90.12.34
84.64.75.52

Import functions