def.exe
First submission 2024-10-10 22:55:03
Last sumbission 2024-10-11 09:17:02
File details
| File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 1679.5 KB (1719808 bytes) |
| Compile time: | 2023-10-15 19:58:40 |
| MD5: | 9f875cd80ee26b55a71c2f795eb01c33 |
| SHA1: | e71f7e13477c83c59c50cb975c3d893dae12d2ff |
| SHA256: | a599f8e501bc4a1a7f1ed10b05b5b6fe4c6f13c40c1065af952740880123bfb9 |
| Import Hash : | 2eabe9054cad5152567f0699947a2c5b |
| Sections 7 | � .rsrc��� .idata huqafuoy rjmnixlk .taggant |
| Directories 3 | import resource relocation |
File features detected
Is DLL
Packers
Anti Debug
Signed
XOR
OSINT Enrichments
| Virus Total: | 28/76 VT report date: 2024-10-10 22:41:54 |
| Malware Type 1 | trojan |
| Threat Type 2 | injurer msil |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://185.215.113.205:8080/mark/def.exe  |
185.215.113.205 |
2024-10-11 09:17:05 |
PE Sections 5 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| � | 0x2000 | 0x4000 | 4608 | 7cf1cfb4eae2b3dc573a5e6640537c1b6bc5df53 | 0a1ca7939e22709082187f9fd6837e94 | |
| .rsrc��� | 0x6000 | 0x59c | 1536 | ebfc1855bc74d349f86515d4719f5a5f4ed8c5c2 | aae15e30898a02f09cc86ed48aa06b09 | |
| .idata | 0x8000 | 0x2000 | 512 | 7b48cc29e4dbc70835cbd01039221d3914530958 | ec9cb51e8cb4ea49a56ee3cf434fb69e | |
| 0xa000 | 0x2a2000 | 512 | d9fe39e1157e6dd778a1a59443ca1a4bfea48f84 | 3e3ab49d3ec08ffa79e63a2e051b18cb | ||
| huqafuoy | 0x2ac000 | 0x19e000 | 1694720 | c33c9211685ec3dd030c611598bb55331d8a26ee | 376cc65a963b85de7e99f0718ad91c6f | |
| rjmnixlk | 0x44a000 | 0x2000 | 1024 | 528753873ac2684c634700494d3a06f6a5a1ecda | 98967845dd50d7eb27af355e5c847ca4 | |
| .taggant | 0x44c000 | 0x4000 | 8704 | 9ab270900cb7bde299b557cfd089a9658d093d47 | 509af1350d8477c1aac75b7dca45644c |
PE Resources 2
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x6090 | 780 | |
| RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x63ac | 490 |
Meta infos 12
| LegalCopyright: | Copyright \xa9 2023 |
| Assembly Version: | 1.0.0.0 |
| InternalName: | defOff.exe |
| FileVersion: | 1.0.0.0 |
| CompanyName: | |
| LegalTrademarks: | |
| Comments: | |
| ProductName: | defOff |
| ProductVersion: | 1.0.0.0 |
| FileDescription: | defOff |
| Translation: | 0x0000 0x04b0 |
| OriginalFilename: | defOff.exe |
Anti debug functions 2
| Virtual Box |
| VMware trick |
Strings analysis - File found
| Library |
| mscoree.dll |
| KERNEL32.dll |
Import functions
| Name | Latest seen | MD5 |
|---|---|---|
| builder.exe | 2023-02-01 16:59:03 | 71169e2bb6e19b3c3edcd7d8f3d6d3f1 |
| random.exe | 2024-05-19 20:21:02 | d7153d7505810d7600f9c3d879eb344d |
| random.exe | 2024-05-30 13:39:02 | 5b92f2d747654de7258e0a1b92e8800c |
| random.exe | 2024-05-30 13:40:02 | fcf91c5536050feef02c4f31d2bcadcc |
| sarra.exe | 2024-05-30 13:33:02 | 7768e0cf2b9e571d6da5498bfa81d6fc |
| random.exe | 2024-05-30 17:14:02 | e25317bc8e09044cd19df691f2078316 |
| random.exe | 2024-05-30 17:12:02 | 3eaecc080bd77a152119127af73707b3 |
| sarra.exe | 2024-05-30 17:13:02 | c11d2e44aa3ffef22a3f41ac3432a4a3 |
| random.exe | 2024-06-04 22:58:02 | 713a645c9524d137db3c5547b12708f7 |
| sarra.exe | 2024-06-04 23:00:03 | 10813bac0740848c94f38a687efafd03 |
| random.exe | 2024-06-04 23:19:03 | 4be144e00cac43d4f322b6a9baca9dad |
| lenin.exe | 2024-06-06 05:44:02 | 9af8f8becc44507318bc70e70a898488 |
| kenzo.exe | 2024-06-11 16:51:03 | 8d9501061e3c3a3255f1643685a45b87 |
| random.exe | 2024-06-14 16:08:08 | 562aebb8c1532478b331ab682d6cfefe |
| num.exe | 2024-06-24 12:29:02 | bd034ca154769f1df2a8ceb60c204380 |
| amadka.exe | 2024-06-28 21:43:19 | 48748ca4d44fb37a2bae87561b9c9628 |
| random.exe | 2024-07-26 01:56:02 | 353a5658d91ce23243d408d8f0d21340 |
| enter.exe | 2024-07-26 09:25:02 | 6f59ce88b52487bba7eb59e81525c4f5 |
| enter.exe | 2024-07-26 13:32:02 | 33a84ea233fe9fe1b4c85e533a228bbd |
| random.exe | 2024-07-26 14:42:02 | 2f8340243dafb72a273d5afe0bc4bb5c |
| enter.exe | 2024-07-26 17:01:02 | 44653b124b4a62d8fd4bb6fc5f48be05 |
| random.exe | 2024-07-27 16:19:02 | 246a2188eb95e0eda77ad4891c4dc765 |
| random.exe? | 2024-08-26 11:18:02 | 2f403e10e45293e1bcb5253aa422dffb |
| leto.exe | 2024-08-26 12:59:02 | 2c828ff1d5f16164afe4f5428420d66f |
| random.exe | 2024-08-28 02:41:02 | 6e5042ff1ec6df9aee18f4eea7864524 |
| emptyfilename.tmp | 2024-08-28 12:37:02 | 8a88665eb48a805506f8c70dc2471c16 |
| random.exe | 2024-09-01 21:56:21 | b95bace368ebdca478fcaf4279b38399 |
| zuda.exe | 2024-09-27 16:26:02 | 5f608251065b3a8efb3d707df00ffede |
| random.exe | 2024-09-02 06:58:02 | 457d9a15d305df62fe34c5076f3cad9d |
| lamp.exe | 2024-09-03 16:12:02 | 68542ccb1dbce6ed08f452a53d9d08c0 |
| game.exe | 2024-09-20 16:40:03 | 5cc096530102c7d6b7487331032fd529 |
| random.exe | 2024-09-20 17:02:02 | 661578839914816ee6bc37ca25418501 |
| random.exe | 2024-09-20 17:04:02 | a5c8bd36e8b539c6ff0236ddc2474e10 |
| random.exe | 2024-09-21 10:43:02 | a5b724154ef3434013666c4f5ab0ac17 |
| game.exe | 2024-09-21 00:58:02 | eaea249d30a8871d042df4798f1f6e50 |
| random.exe | 2024-09-21 01:50:02 | cb218d4896ba79bb9d4527b1a69602e0 |
| random.exe | 2024-09-21 02:25:02 | 6daa440752eea065bbfd1f6c1cd37ed0 |
| random.exe | 2024-09-21 10:44:02 | c60f6a4625bacae646aa045b2ebb8453 |
| nate.exe | 2024-09-21 17:16:04 | 19e296b30d0f108bfcb92830c3618657 |
| 66f6b6b7f2ec8_intro.exe | 2024-09-27 17:32:02 | 73ce03e3c27ea3475814c6dbad0cdccb |
| sera.exe | 2024-09-28 05:30:02 | c9b922ad4cd81d079feea7f168fda043 |
| random.exe | 2024-09-28 07:25:02 | 780720dd7e3b1cec8e5da391c946b80f |
| doza.exe | 2024-09-28 10:31:02 | 2f5fc49be8f91e8e9a7cf6677220703a |
| kora.exe | 2024-09-30 01:14:02 | 60375a948ebc79b2d5294025491394c3 |
| niko.exe | 2024-10-03 03:53:02 | 32533c2b9cc9015b81db22713868ec75 |
| random.exe | 2024-10-06 01:19:03 | 9cde111c189462fa282112ec4aa2e051 |