9f48a667f96c0cd55c6f6acd68976563.exe

First submission 2022-08-04 11:11:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
File type:	172.0 KB (176128 bytes)
Compile time:	2021-05-07 23:17:52
MD5:	9f48a667f96c0cd55c6f6acd68976563
SHA1:	87622ba459b912a040a3919cf5e4d4c6af7ff8dc
SHA256:	d9cd94b48ccedbd006ec0c6c3d24f0fe18fa60d7a20f90408acbc3617d37126b
Import Hash :	f223df6ba3d23a8392f7d42fced67683
Sections 3	.text .data .rsrc
Directories 3	import resource debug
Virus Total:	57/71 VT report date: 2022-08-04 06:22:19

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://193.106.191.168/9f48a667f96c0cd55c6f6acd68976563.exe	193.106.191.168	2022-08-04 11:11:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x204c2	132608	5d8a55116682694ab64d3c01954313aed927a438	531af324d144d368449c138ccb7fc63c
.data	0x22000	0x2083910	11776	2c9d7d2fed787c845faf9b2274c4caf028fdbad6	e66e5b96de18e424c387b0b1b143fe3d
.rsrc	0x20a6000	0x7720	30720	e5eb24cbf61c43b4fb81acfd716205b4bc6d80e6	0fb0fc372e41c18fd6b260a1e679228b

PE Resources 5

Name	Language	Sublanguage	Offset	Size	Data
AFX_DIALOG_LAYOUT	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20ac480	14
RT_ICON	LANG_KANNADA	SUBLANG_DEFAULT	0x20abfb0	1128	PE Resource: RT_ICON - Data ( zQ~NuzeZ{Q~d{yvnVK`}b\|OILVg}XR}[~`Xj~{i}j~\}\|L}FQ{}\|~{QgC~~k}d\|z}~~z^{\|Y}PPzR[T~teirK{~\|O}}\|r{yC{i{~N~~R}qms]ePYz{{Yp~weW{{B}*&8LyGXU~azRO\|U}KtzXMy? zXV{~W\}fbQ=2~dT\|}]~fddZ/j\\|aijHzFNe{}z]z}\|]}zeC.,X~,P{TbPT~d\|]~va\EGzRN"AAAAAAAAAAAAAAAA
RT_STRING	LANG_FRENCH	SUBLANG_FRENCH_SWISS	0x20ad210	1296	PE Resource: RT_STRING - Data TLumezo dus goweh kekenu teruwofivazob fidazuyocuwup lupidabujisuyic bocepih kasazida!Werajudawa tapazaxela hogizumebex$Lajopoxivoce bacaze fezo huk rehiyun-Goxapayevekehad fewomexedecugo goluyapucepaduBodafevicamasiKFal kudulezeza pepalitorulu titedeniguzoda mibotanukuyuku rarera haheniwafeWPimonuveke xuvavei zovom sumipuwipi zicumibayomod ligiw jihifagusivabo citozapo wafibikIRexiyosununuti rihoxorowopal vemerey fawunujokog foco xacovuku luhofaneru3Fucizedusimoma zex pisizasamena tagowowetapu mecawe8Dohawugox lavihitur hubusojifuzi vumebuwazuvey pebaxitisNSezegikacozetec meritujuveri maxaloyivokoz somewopo jahekilojej mimurekamihatu
RT_GROUP_ICON	LANG_KANNADA	SUBLANG_DEFAULT	0x20ac418	104
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20ac490	408

Meta infos 3

FileVersions:	48.90.12.34
Copyrighz:	Copyright (C) 2022, pozkarte
ProjectVersion:	84.64.75.52

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
ADVAPI32.dll
WINHTTP.dll
KERNEL32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

48.90.12.34
84.64.75.52

Import functions

ADVAPI32.dll 1 KERNEL32.dll 120 USER32.dll 1 GDI32.dll 1 WINHTTP.dll 1

Function	Address	Souspicious	Anti Debug
BackupEventLogA	0x401000

Function	Address	Souspicious	Anti Debug
GetModuleFileNameA	0x401010
GetLocalTime	0x401014
InterlockedDecrement	0x401018
GetLocaleInfoA	0x40101c
InterlockedCompareExchange	0x401020
_hwrite	0x401024
SetWaitableTimer	0x401028
GetSystemDirectoryA	0x40102c
CreateEventA	0x401030
ReadConsoleA	0x401034
BuildCommDCBA	0x401038
GetConsoleAliasExesLengthA	0x40103c
HeapWalk	0x401040
PeekConsoleInputA	0x401044
EnumDateFormatsW	0x401048
CreateFileA	0x40104c
RegisterWaitForSingleObjectEx	0x401050
LoadLibraryW	0x401054
VerifyVersionInfoW	0x401058
WaitNamedPipeA	0x40105c
CreateMutexA	0x401060
FindResourceExA	0x401064
VirtualAlloc	0x401068
GetFirmwareEnvironmentVariableA	0x40106c
BeginUpdateResourceW	0x401070
EnumCalendarInfoExA	0x401074
WriteConsoleOutputCharacterW	0x401078
WriteConsoleW	0x40107c
DeleteFileW	0x401080
GetProcAddress	0x401084
GetUserDefaultLangID	0x401088
FindFirstChangeNotificationW	0x40108c
GetCalendarInfoW	0x401090
SetConsoleTitleW	0x401094
GetBinaryTypeA	0x401098
VirtualProtect	0x40109c
GetSystemDefaultLCID	0x4010a0
GetCurrentProcess	0x4010a4
GetThreadLocale	0x4010a8
GetComputerNameExA	0x4010ac
FindNextFileA	0x4010b0
OpenJobObjectW	0x4010b4
HeapValidate	0x4010b8
_lclose	0x4010bc
FoldStringW	0x4010c0
GetComputerNameW	0x4010c4
SetFileShortNameW	0x4010c8
FillConsoleOutputCharacterW	0x4010cc
GetTimeZoneInformation	0x4010d0
TlsGetValue	0x4010d4
GetCPInfoExW	0x4010d8
GetFileAttributesExA	0x4010dc
SetCalendarInfoA	0x4010e0
SetComputerNameW	0x4010e4
GetFileAttributesW	0x4010e8
CreateDirectoryExA	0x4010ec
DeleteCriticalSection	0x4010f0
GetVolumePathNameA	0x4010f4
LoadLibraryA	0x4010f8
SetSystemTime	0x4010fc
WriteFile	0x401100
GetStringTypeA	0x401104
HeapSize	0x401108
GetDiskFreeSpaceA	0x40110c
CreateFileW	0x401110
LocalAlloc	0x401114
MultiByteToWideChar	0x401118
GetCommandLineA	0x40111c
HeapSetInformation	0x401120
GetStartupInfoW	0x401124
EncodePointer	0x401128
IsProcessorFeaturePresent	0x40112c
GetLastError	0x401130
SetFilePointer	0x401134
EnterCriticalSection	0x401138
LeaveCriticalSection	0x40113c
UnhandledExceptionFilter	0x401140
SetUnhandledExceptionFilter	0x401144
IsDebuggerPresent	0x401148
DecodePointer	0x40114c
TerminateProcess	0x401150
HeapFree	0x401154
GetModuleHandleW	0x401158
ExitProcess	0x40115c
GetCPInfo	0x401160
InterlockedIncrement	0x401164
GetACP	0x401168
GetOEMCP	0x40116c
IsValidCodePage	0x401170
TlsAlloc	0x401174
TlsSetValue	0x401178
TlsFree	0x40117c
SetLastError	0x401180
GetCurrentThreadId	0x401184
HeapAlloc	0x401188
SetHandleCount	0x40118c
GetStdHandle	0x401190
InitializeCriticalSectionAndSpinCount	0x401194
GetFileType	0x401198
ReadFile	0x40119c
GetModuleFileNameW	0x4011a0
FreeEnvironmentStringsW	0x4011a4
WideCharToMultiByte	0x4011a8
GetEnvironmentStringsW	0x4011ac
HeapCreate	0x4011b0
QueryPerformanceCounter	0x4011b4
GetTickCount	0x4011b8
GetCurrentProcessId	0x4011bc
GetSystemTimeAsFileTime	0x4011c0
SetStdHandle	0x4011c4
GetConsoleCP	0x4011c8
GetConsoleMode	0x4011cc
FlushFileBuffers	0x4011d0
Sleep	0x4011d4
RtlUnwind	0x4011d8
LCMapStringW	0x4011dc
GetStringTypeW	0x4011e0
RaiseException	0x4011e4
HeapReAlloc	0x4011e8
CloseHandle	0x4011ec

Function	Address	Souspicious	Anti Debug
ClientToScreen	0x4011f4

Function	Address	Souspicious	Anti Debug
GetBitmapBits	0x401008

Function	Address	Souspicious	Anti Debug
WinHttpReadData	0x4011fc