TEST3.exe

First submission 2024-02-10 18:22:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 4423.41 KB (4529568 bytes)
Compile time: 2019-07-23 14:14:26
MD5: a4e34a3d653476366df0f8e59c83acaa
SHA1: 159d8a9f20bfac2587d4d3287fe09a23496c6deb
SHA256: ceb547850a21f7a3343d7cae804718829875626d8dede2fa3258f3f45b3a5dbe
Import Hash : bc64b07c39ebf919067d5970f78f9cab
Sections 7 .text .rdata .data .gfids .giats .tls .rsrc
Directories 6 import resource debug tls relocation security
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://transfer.sh/get/YAkpdUtMyY/TEST3.exe VirusTotal Report transfer.sh VirusTotal Report 2024-02-10 18:22:02

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1a1000 1707520 373f62d74a1bb9306f3fcc925fa4c41c6445281b 948d2df69e6ce20ea245543241dfabc4
.rdata 0x1a2000 0x5b000 371712 7d53cadcc71745d36b68960ccdbd416e255df6c4 419df1efc90c2c8594085cf40b9037f4
.data 0x1fd000 0xd000 26624 5a449f7ffb9d47fe238f00e374b3a9c64d7da921 f29cbe65b7d93437a9e5061819b45a24
.gfids 0x20a000 0x1b000 109568 82b4c852dafe0c10398e4ca356d8706582a043b0 e609da2b2b7839368196f909ee8e63d5
.giats 0x225000 0x1000 512 79fc36945529581dc959999c408f8da25900ec9b 7bfd3da0db2ba24f0ab307a26fcaefb1
.tls 0x226000 0x1000 512 aa0d33a0c854e073439067876e932688b65cb6a9 1f354d76203061bfdd5a53dae48d5435
.rsrc 0x227000 0x231dbc 2301440 7fb5b2b366e5d0543e015ae31fa179e534ef0520 7ee28d2ed4fe8257549f8b241ba92173

PE Resources 16

Name Language Sublanguage Offset Size Data
AFX_DIALOG_LAYOUT LANG_CHINESE SUBLANG_NEUTRAL 0x23b684 2
KEY LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x23b688 258
PNG LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x33581c 5384
STYLE_XML LANG_ENGLISH SUBLANG_ENGLISH_US 0x349af4 6485
RT_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x34d448 308
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0x373f6c 324
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x3bf178 296
RT_MENU LANG_ENGLISH SUBLANG_ENGLISH_US 0x3bf2a0 284
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x3c1e24 52
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x3c4af4 1342
RT_GROUP_CURSOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x3c524c 20
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x3c5398 34
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x3c53bc 912
RT_ANIICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x3f3434 415286
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x458a6c 796
None LANG_ENGLISH SUBLANG_ENGLISH_US 0x458da4 24

Meta infos 11

LegalCopyright: TODO: (c) <Company name>. All rights reserved.
InternalName: TP3Helper.exe
FileVersion: 1, 0, 8, 32261
SpecialBuild: All
CompanyName: TODO: <Company name>
Comments: 2019-07-23
ProductName: TODO: <Product name>
ProductVersion: 1, 0, 8, 32261
FileDescription: TP3Helper
Translation: 0x0409 0x04b0
OriginalFilename: TP3Helper.exe

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 11

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringA
OutputDebugStringW
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

File signature

MD5 SHA1 Block size Virtual Address
c6c6cce0b4a27d76c4339c6ee152faa2 5c3297adfcff346b5fbc8bd4e822a672d4e329e0 10656 4518912

Strings analysis - File found

Object
hhctrl.ocx
Library
USER32.dll
%Ts%Ts.dll
COMCTL32.dll
KERNEL32.dll
UxTheme.dll
dwmapi.dll
BugTrace.dll
ADVAPI32.dll
DWrite.dll
ZComdlg32.dll
d2d1.dll
mscoree.dll
Zkernel32.dll
PMSFTEDIT.DLL
SHELL32.dll
ole32.dll
@start\TenProtect\BugTrace.dll
MSIMG32.dll
WINMM.dll
COMDLG32.dll
SHLWAPI.dll
gdiplus.dll
OLEAUT32.dll
IMM32.dll
OLEACC.dll
GDI32.dll

Strings analysis - Possible URLs found 19

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ns.adobe.com/xap/1.0/mm/
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://ocsp.digicert.com0\
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://ns.adobe.com/xap/1.0/
http://ocsp.digicert.com0X

Import functions