SetupMX.exe

First submission 2022-07-31 19:41:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 284.0 KB (290816 bytes)
Compile time: 2021-10-04 16:21:44
MD5: a4ca3a1ae74dbf2049cfc1d3c2939ab1
SHA1: 4f11e8e3e6b1a86bdec3b40afb43bb2a677ca60c
SHA256: 88bbeaf715dc2507fd5f1b64504f83bc4d3840e38af9752d79c6a1d6b6d07cf4
Import Hash : 1cdd70d61d54f0746beebda617f37049
Sections 3 .text .data .rsrc
Directories 3 import resource debug
Virus Total: 28/70 VT report date: 2022-07-31 17:22:44

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://193.106.191.165/SetupMX.exe VirusTotal Report 193.106.191.165 VirusTotal Report 2022-07-31 19:41:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x3a788 239616 27aff20ab1052d51fac6a332a6715b8ef3fb296b b49dd59026381ddc55ce4a18a484e955
.data 0x3c000 0x2083910 11776 0175a73a686c2a729b1d287c02fd80fbd3a50945 78070b86f6e43332fdebd021a1db2644
.rsrc 0x20c0000 0x9470 38400 92bb934b9f3b9fed5819e6b7fa82e1b5d7685c51 26685529cc19a678026b546d3b609a77

PE Resources 7

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_NEUTRAL SUBLANG_NEUTRAL 0x20c65d0 14
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x20c7910 2216
RT_ICON LANG_KANNADA SUBLANG_DEFAULT 0x20c6100 1128
RT_STRING LANG_FRENCH SUBLANG_FRENCH_SWISS 0x20c8f60 1296
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x20c81b8 34
RT_GROUP_ICON LANG_KANNADA SUBLANG_DEFAULT 0x20c6568 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x20c81e0 408

Meta infos 3

FileVersions: 48.90.12.34
Copyrighz: Copyright (C) 2022, pozkarte
ProjectVersion: 84.64.75.52

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
nKERNEL32.DLL
mscoree.dll
ADVAPI32.dll
WINHTTP.dll
KERNEL32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

48.90.12.34
84.64.75.52

Import functions