DigitalSide Threat Intel

63e909b3647d.exe

First submission 2024-10-15 06:42:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 570.54 KB (584232 bytes)
Compile time: 2024-10-15 06:31:01
MD5: a3c8303513d8123153c8c368ed72d8ee
SHA1: 4c0c1ec85993f79dfe41b24a3e2c8a0be557507e
SHA256: 2c57550c42e474958fccb2e1540a661e9f4a4fe87e85c7dd3579e8af3916608c
Import Hash : 5569ec101333623476b6cdb226005b45
Sections 4 .text .rdata .data .reloc
Directories 5 import debug tls relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://assets.gziraq.com/css/63e909b3647d.exe VirusTotal Report assets.gziraq.com VirusTotal Report 2024-10-15 06:42:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x28799 165888 74913a32c2e6ca96cb9c344c15798cdcb39e3145 04e73488fc26e9fb9730a8cb5cdf5bbf
.rdata 0x2a000 0xc3b2 50176 7711f69a10b01389a492859c2799a5314e5328e4 2416c540b2b43469f6f93883d6727df1
.data 0x37000 0x55d38 347648 3506e074cc224d99724cec97bd3c7e705656e6bc 2cb3ab9cf840b26099af325207f65063
.reloc 0x8d000 0x2420 9728 20bd8b475fd3420ec44b31a6db6a03113a169a65 a393cb217cbbf292eb5f908d036c072a

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
7cd905d59ba4f31c082c2e2bfd88980f 7f1b1df25765fde2a6305fe2fe1ce76edfbe0529 9768 574464

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Strings analysis - Possible URLs found 15

http://www.entrust.net/rpa03
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://crl.entrust.net/2048ca.crl0
http://www.digicert.com/CPS0
https://www.entrust.net/rpa0
http://ocsp.entrust.net02
http://ocsp.entrust.net03
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl.entrust.net/ts1ca.crl0
http://ocsp.digicert.com0\
http://aia.entrust.net/ts1-chain256.cer01
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

Import functions

Function Address Souspicious Anti Debug
CloseHandle 0x42a000
FreeConsole 0x42a004
ReleaseSRWLockExclusive 0x42a008
AcquireSRWLockExclusive 0x42a00c
WakeAllConditionVariable 0x42a010
SleepConditionVariableSRW 0x42a014
IsProcessorFeaturePresent 0x42a018
IsDebuggerPresent 0x42a01c
UnhandledExceptionFilter 0x42a020
SetUnhandledExceptionFilter 0x42a024
GetStartupInfoW 0x42a028
GetModuleHandleW 0x42a02c
QueryPerformanceCounter 0x42a030
GetCurrentProcessId 0x42a034
GetCurrentThreadId 0x42a038
GetSystemTimeAsFileTime 0x42a03c
InitializeSListHead 0x42a040
GetCurrentProcess 0x42a044
TerminateProcess 0x42a048
WideCharToMultiByte 0x42a04c
GetStringTypeW 0x42a050
MultiByteToWideChar 0x42a054
RaiseException 0x42a058
TryAcquireSRWLockExclusive 0x42a05c
GetLastError 0x42a060
FreeLibraryWhenCallbackReturns 0x42a064
CreateThreadpoolWork 0x42a068
SubmitThreadpoolWork 0x42a06c
CloseThreadpoolWork 0x42a070
GetModuleHandleExW 0x42a074
InitOnceBeginInitialize 0x42a078
InitOnceComplete 0x42a07c
EncodePointer 0x42a080
DecodePointer 0x42a084
EnterCriticalSection 0x42a088
LeaveCriticalSection 0x42a08c
InitializeCriticalSectionEx 0x42a090
DeleteCriticalSection 0x42a094
LCMapStringEx 0x42a098
GetProcAddress 0x42a09c
GetCPInfo 0x42a0a0
CreateFileW 0x42a0a4
RtlUnwind 0x42a0a8
SetLastError 0x42a0ac
InitializeCriticalSectionAndSpinCount 0x42a0b0
TlsAlloc 0x42a0b4
TlsGetValue 0x42a0b8
TlsSetValue 0x42a0bc
TlsFree 0x42a0c0
FreeLibrary 0x42a0c4
LoadLibraryExW 0x42a0c8
ExitProcess 0x42a0cc
GetModuleFileNameW 0x42a0d0
GetStdHandle 0x42a0d4
WriteFile 0x42a0d8
GetCommandLineA 0x42a0dc
GetCommandLineW 0x42a0e0
HeapAlloc 0x42a0e4
HeapFree 0x42a0e8
CompareStringW 0x42a0ec
LCMapStringW 0x42a0f0
GetLocaleInfoW 0x42a0f4
IsValidLocale 0x42a0f8
GetUserDefaultLCID 0x42a0fc
EnumSystemLocalesW 0x42a100
GetFileType 0x42a104
FindClose 0x42a108
FindFirstFileExW 0x42a10c
FindNextFileW 0x42a110
IsValidCodePage 0x42a114
GetACP 0x42a118
GetOEMCP 0x42a11c
GetEnvironmentStringsW 0x42a120
FreeEnvironmentStringsW 0x42a124
SetEnvironmentVariableW 0x42a128
GetProcessHeap 0x42a12c
SetStdHandle 0x42a130
GetFileSizeEx 0x42a134
SetFilePointerEx 0x42a138
FlushFileBuffers 0x42a13c
GetConsoleOutputCP 0x42a140
GetConsoleMode 0x42a144
ReadFile 0x42a148
HeapReAlloc 0x42a14c
HeapSize 0x42a150
ReadConsoleW 0x42a154
WriteConsoleW 0x42a158

Related files by ImpHash 3 5569ec101333623476b6cdb226005b45

Name Latest seen MD5
d74f5005fa82.exe 2024-10-15 12:58:02 97205cf6d2ee23dd42eeea47c32edd53
f2e7fcb20146.exe 2024-10-15 12:59:02 52d72533b757da622a9d7c76abd8b70d
7f3c2473d1e6.exe 2024-10-15 13:00:02 3d8c2fb9d4272ae0a835faa7715132ef