200.exe

First submission 2024-07-10 04:18:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 614.0 KB (628736 bytes)
Compile time: 2023-03-17 18:26:01
MD5: 9fb0eb8e87f78c7f0b31a155a68d9652
SHA1: 0ae972ae22bc83a6a7132f5fe78b21db1757e5b8
SHA256: 912b9aa7875150e7d249f95bdf2710076766aee248cf9765e1506f4cd303c3a6
Import Hash : 5d2c2864321344c11f1d49b7f3118944
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 29/78 VT report date: 2024-07-10 01:56:35
Malware Type 2 trojan pua

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://fookonline.com/tech/200.exe VirusTotal Report fookonline.com VirusTotal Report 2024-07-10 04:18:03

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6701e 422400 1fb3340bb0186544d2161ad504cb415a55472f13 429768ab0369d0334515f5626bee1222
.rdata 0x69000 0x2ffc 12288 44a6f8137cbe9a68dcecc3750fa4c58d2ae8b55b 5a8c1ddc5518cfbfbdc8da730ae5e339
.data 0x6c000 0x24093e4 149504 95a5a7ba1353e92f05a6daca3353f2a374ff3fce d325a4b5adf6de353352f0871d277aec
.rsrc 0x2476000 0xa988 43520 0fa3456660b2905e6f562526a29b8fb747145c52 78b1707a804ecc510043f8d167974f46

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_JAPANESE SUBLANG_DEFAULT 0x247f850 1128
RT_DIALOG LANG_NEUTRAL SUBLANG_NEUTRAL 0x247ffb8 88
RT_STRING LANG_JAPANESE SUBLANG_DEFAULT 0x2480788 508
RT_GROUP_ICON LANG_JAPANESE SUBLANG_DEFAULT 0x247fcb8 118
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x247fd30 648

Meta infos 8

LegalCopyright: Copyrights (C) 2023, Navisradi
InternalName: Lie
FileVersions: 62.76.74.12
FileDescription: FeelsLike
OriginalFilenames: Otlasi
Translation: 0x0f6d 0x041d
ProductVersions: 11.62.63.10
ProductName: Morjezo

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
MSIMG32.dll
WUSER32.DLL
KERNEL32.dll
xKERNEL32.dll
mscoree.dll
ADVAPI32.dll
WINHTTP.dll
ole32.dll
USER32.dll

Strings analysis - Possible IPs found 2

11.62.63.10
62.76.74.12

Import functions