SetupMX.exe

First submission 2022-07-31 19:41:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
File type:	284.0 KB (290816 bytes)
Compile time:	2021-10-04 16:21:44
MD5:	a4ca3a1ae74dbf2049cfc1d3c2939ab1
SHA1:	4f11e8e3e6b1a86bdec3b40afb43bb2a677ca60c
SHA256:	88bbeaf715dc2507fd5f1b64504f83bc4d3840e38af9752d79c6a1d6b6d07cf4
Import Hash :	1cdd70d61d54f0746beebda617f37049
Sections 3	.text .data .rsrc
Directories 3	import resource debug
Virus Total:	28/70 VT report date: 2022-07-31 17:22:44

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://193.106.191.165/SetupMX.exe	193.106.191.165	2022-07-31 19:41:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x3a788	239616	27aff20ab1052d51fac6a332a6715b8ef3fb296b	b49dd59026381ddc55ce4a18a484e955
.data	0x3c000	0x2083910	11776	0175a73a686c2a729b1d287c02fd80fbd3a50945	78070b86f6e43332fdebd021a1db2644
.rsrc	0x20c0000	0x9470	38400	92bb934b9f3b9fed5819e6b7fa82e1b5d7685c51	26685529cc19a678026b546d3b609a77

PE Resources 7

Name	Language	Sublanguage	Offset	Size	Data
AFX_DIALOG_LAYOUT	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20c65d0	14
RT_CURSOR	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20c7910	2216	PE Resource: RT_CURSOR - Data ( @ **555MMM[+m<yEN`hmz,/KPhp1Qq/!P7pLcy1Qq/Pp",6@J[1qQq/Pp =1[Qyq/"P0p=LYgx1Qq&/@PZpt1Qq/&PAp[t1Qq/P"p0>M[iy1Qq/Pp >1\Qzq/Pp!+6@IZ1pQq/ P6pLbx1Qq,/KPip1Qq/-P?pRcv1Qq/Pp!&,>X1qQq s$Z!0 ??<Q33????
RT_ICON	LANG_KANNADA	SUBLANG_DEFAULT	0x20c6100	1128
RT_STRING	LANG_FRENCH	SUBLANG_FRENCH_SWISS	0x20c8f60	1296	PE Resource: RT_STRING - Data TLumezo dus goweh kekenu teruwofivazob fidazuyocuwup lupidabujisuyic bocepih kasazida!Werajudawa tapazaxela hogizumebex$Lajopoxivoce bacaze fezo huk rehiyun-Goxapayevekehad fewomexedecugo goluyapucepaduBodafevicamasiKFal kudulezeza pepalitorulu titedeniguzoda mibotanukuyuku rarera haheniwafeWPimonuveke xuvavei zovom sumipuwipi zicumibayomod ligiw jihifagusivabo citozapo wafibikIRexiyosununuti rihoxorowopal vemerey fawunujokog foco xacovuku luhofaneru3Fucizedusimoma zex pisizasamena tagowowetapu mecawe8Dohawugox lavihitur hubusojifuzi vumebuwazuvey pebaxitisNSezegikacozetec meritujuveri maxaloyivokoz somewopo jahekilojej mimurekamihatu
RT_GROUP_CURSOR	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20c81b8	34
RT_GROUP_ICON	LANG_KANNADA	SUBLANG_DEFAULT	0x20c6568	104
RT_VERSION	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x20c81e0	408

Meta infos 3

FileVersions:	48.90.12.34
Copyrighz:	Copyright (C) 2022, pozkarte
ProjectVersion:	84.64.75.52

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
ADVAPI32.dll
WINHTTP.dll
KERNEL32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

48.90.12.34
84.64.75.52

Import functions

ADVAPI32.dll 1 KERNEL32.dll 120 USER32.dll 1 GDI32.dll 1 WINHTTP.dll 1

Function	Address	Souspicious	Anti Debug
BackupEventLogA	0x401000

Function	Address	Souspicious	Anti Debug
GetModuleFileNameA	0x401010
GetLocalTime	0x401014
InterlockedIncrement	0x401018
GetLocaleInfoA	0x40101c
InterlockedCompareExchange	0x401020
_hwrite	0x401024
SetWaitableTimer	0x401028
GetSystemDirectoryA	0x40102c
CreateEventA	0x401030
ReadConsoleA	0x401034
BuildCommDCBA	0x401038
GetConsoleAliasExesLengthA	0x40103c
HeapWalk	0x401040
PeekConsoleInputA	0x401044
EnumDateFormatsW	0x401048
CreateFileA	0x40104c
RegisterWaitForSingleObjectEx	0x401050
LoadLibraryW	0x401054
VerifyVersionInfoW	0x401058
WaitNamedPipeA	0x40105c
CreateMutexA	0x401060
FindResourceExA	0x401064
VirtualAlloc	0x401068
GetFirmwareEnvironmentVariableA	0x40106c
BeginUpdateResourceA	0x401070
EnumCalendarInfoExA	0x401074
WriteConsoleOutputCharacterW	0x401078
WriteConsoleW	0x40107c
DeleteFileW	0x401080
GetProcAddress	0x401084
GetUserDefaultLangID	0x401088
FindFirstChangeNotificationW	0x40108c
GetCalendarInfoW	0x401090
SetConsoleTitleW	0x401094
GetBinaryTypeA	0x401098
VirtualProtect	0x40109c
GetSystemDefaultLCID	0x4010a0
GetCurrentProcess	0x4010a4
GetThreadLocale	0x4010a8
GetComputerNameExA	0x4010ac
FindNextFileA	0x4010b0
OpenJobObjectW	0x4010b4
HeapValidate	0x4010b8
_lclose	0x4010bc
FoldStringW	0x4010c0
GetComputerNameW	0x4010c4
SetFileShortNameW	0x4010c8
FillConsoleOutputCharacterW	0x4010cc
GetTimeZoneInformation	0x4010d0
TlsGetValue	0x4010d4
GetCPInfoExW	0x4010d8
GetFileAttributesExA	0x4010dc
SetCalendarInfoA	0x4010e0
SetComputerNameW	0x4010e4
GetFileAttributesW	0x4010e8
CreateDirectoryExA	0x4010ec
DeleteCriticalSection	0x4010f0
GetVolumePathNameA	0x4010f4
LoadLibraryA	0x4010f8
SetSystemTime	0x4010fc
WriteFile	0x401100
GetStringTypeA	0x401104
HeapSize	0x401108
GetDiskFreeSpaceA	0x40110c
CreateFileW	0x401110
LocalAlloc	0x401114
MultiByteToWideChar	0x401118
GetCommandLineA	0x40111c
HeapSetInformation	0x401120
GetStartupInfoW	0x401124
EncodePointer	0x401128
IsProcessorFeaturePresent	0x40112c
GetLastError	0x401130
SetFilePointer	0x401134
EnterCriticalSection	0x401138
LeaveCriticalSection	0x40113c
UnhandledExceptionFilter	0x401140
SetUnhandledExceptionFilter	0x401144
IsDebuggerPresent	0x401148
DecodePointer	0x40114c
TerminateProcess	0x401150
HeapFree	0x401154
GetModuleHandleW	0x401158
ExitProcess	0x40115c
GetCPInfo	0x401160
InterlockedDecrement	0x401164
GetACP	0x401168
GetOEMCP	0x40116c
IsValidCodePage	0x401170
TlsAlloc	0x401174
TlsSetValue	0x401178
TlsFree	0x40117c
SetLastError	0x401180
GetCurrentThreadId	0x401184
HeapAlloc	0x401188
SetHandleCount	0x40118c
GetStdHandle	0x401190
InitializeCriticalSectionAndSpinCount	0x401194
GetFileType	0x401198
ReadFile	0x40119c
GetModuleFileNameW	0x4011a0
FreeEnvironmentStringsW	0x4011a4
WideCharToMultiByte	0x4011a8
GetEnvironmentStringsW	0x4011ac
HeapCreate	0x4011b0
QueryPerformanceCounter	0x4011b4
GetTickCount	0x4011b8
GetCurrentProcessId	0x4011bc
GetSystemTimeAsFileTime	0x4011c0
SetStdHandle	0x4011c4
GetConsoleCP	0x4011c8
GetConsoleMode	0x4011cc
FlushFileBuffers	0x4011d0
Sleep	0x4011d4
RtlUnwind	0x4011d8
LCMapStringW	0x4011dc
GetStringTypeW	0x4011e0
RaiseException	0x4011e4
HeapReAlloc	0x4011e8
CloseHandle	0x4011ec

Function	Address	Souspicious	Anti Debug
ClientToScreen	0x4011f4

Function	Address	Souspicious	Anti Debug
GetCharWidth32A	0x401008

Function	Address	Souspicious	Anti Debug
WinHttpSetTimeouts	0x4011fc