JaYSN.exe

First submission 2022-08-02 20:02:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 132.0 KB (135168 bytes)
Compile time: 2022-07-31 18:04:17
MD5: a3c20b8c564076ca4e520a99c6cd1764
SHA1: 74700468ca8ef36b4111230b786bbab78c410468
SHA256: d178525a986175d484866facf95baa1573a63a1060e5a06346ee4da4932df656
Import Hash : 4f7271df0bf201cf627af3103fba2c2e
Sections 3 .text .data .rsrc
Directories 2 import resource
Virus Total: 35/71 VT report date: 2022-08-01 12:41:10

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/JxRQX.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 20:02:01
hXXp://109.206.241.81/htdocs/JaYSN.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 20:38:07

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1dff0 122880 c8fdfdeb1fb4d06e238ca325b7ddeb115268b3c2 131ccd8bec12b7c9a42ecbb1ae7ed9d2
.data 0x1f000 0xbd4 4096 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x20000 0x9d0 4096 67accd71d6e95b5f1f50d131e3310823d607b6b0 c60e6e6d378907f86f9e06610873804b

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x20490 296
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x20460 48
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x20150 784

Meta infos 11

FileDescription: indols
OriginalFilename: flatlets.exe
LegalCopyright: indogaea 24222
Translation: 0x0409 0x04b0
InternalName: flatlets
Comments: firebases
LegalTrademarks: puffingly
FileVersion: 4.01.0002
ProductName: fireball
ProductVersion: 4.01.0002
CompanyName: abacterial

Packers detected 2

Microsoft Visual Basic v5.0
Microsoft Visual Basic v5.0 - v6.0

Strings analysis - File found

Compressed
\CryptoWallets.zip
\Files.zip
Autogen
C:\Program Files (x86)\Microsoft Visual Studio\VB98\VB6.OLB
Library
KERNEL32.dll
MSVBVM60.DLL
WININET.dll
SHELL32.dll
VBA6.DLL

Strings analysis - Possible URLs found 1

https://api.telegram.org/bot

Import functions

Name Latest seen MD5
xPBAQ.exe 2022-07-06 18:26:01 c7468437984c0dbc9da355e31bc153e7
jHRLw.exe 2022-07-26 20:58:02 bee47439c4960e2728594ece9ad95ba7
NqHNP.exe 2022-07-27 23:06:02 d7b1362070332023e5163fc54bc9decc
LqAST.exe 2022-07-28 14:26:02 a64c16946bf03bfa2c52aba4dd0b55cc
RdSwQ.exe 2022-08-02 20:30:02 6862264bbd7688ac4bd96f16786cd153
GsLQA.exe 2022-08-02 20:53:02 97ea1fd26da454e1502d7f4de38a21af