7120.exe

First submission 2023-09-13 01:51:03

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, RAR self-extracting archive
Mime type:	application/x-dosexec
File size:	254.45 KB (260552 bytes)
Compile time:	2015-02-15 09:00:31
MD5:	a8e200f1e66467d25a0a961fa69f9cbd
SHA1:	d74ca44189fde53b1358977feed32cc1ae50ea79
SHA256:	8d25031c713f945e26935953121ab7db9f3d71b60ce75d2a89284697426fc20a
Import Hash :	4cfda23baf1e2e983ddfeca47a5c755a
Sections 4	.text .rdata .data .rsrc
Directories 5	import export resource debug security
Virus Total:	2/70 VT report date: 2023-06-09 09:53:51

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://184.175.115.10/enzf/7120.exe	184.175.115.10	2023-09-13 01:51:03

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x2878a	165888	ef43287f9744999877f97b0a4d6deae1c45995aa	d06d79869523ea3421d1bec81acb4dd3
.rdata	0x2a000	0x4fd3	20480	7cdb74324a6c4fd72aea036499c57b649fd308bb	ae7c16bd625a124b8fbf6ecc9002c4ff
.data	0x2f000	0x21428	5632	95db54c6548fd28cb2d56c25c6226b18869cfe33	6754819d963e719555064632286f5a0d
.rsrc	0x51000	0x44d8	17920	2cbb082e270d01816951f35f54f151f2cbeb8d10	6aa2cae10e88f53028dea6fff76be49b

PE Resources 6

Name	Language	Sublanguage	Offset	Size	Data
RT_BITMAP	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x5154c	2998	PE Resource: RT_BITMAP - Data (].Nf(f'`]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3]3E3D3C3D3@3 D3?3D3<3D3;3D 383D373D343D 333!D 303%D3/3'D3,3+D3+3-D3(31D3'3D4D3$3D3D3#3D3D3 3D3D3D 3D3D 3D3D 3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D3D!3D3D"3D3D%3DD&3DD)3DD*3DD-3DD.3DD13DD23DD53DD63DD93DD:3DD=3DD>3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3DA3D3=wD3=wD3=wD3=wD3w5wD3w5wD3w$gwD3w"WwuwD3w gwgw` wD3wWwS7'uwD3wgwS37%w` wD3wWwS33r%wPwD3wgwS33r"WvwD3wWwS33r"%wPwD3wgwS3 3r"uwD3wWwS33r"uwD3wgwS3 3r"uwD3wWwS33r"uwD3wgwS33r"uwD3w WwS33r"uwD3wgwS33r"uwD3wgu3r"uwD3wg3r"uwD3wg3r"uwD3wg3r"uwD3wg3r"uwD3wg3r"uwD3wg3r"uwD3wg3r"uwD3wg3r"uwD3wg3r"uwD3wg3r"uwD3wg3WwR"'PwD3wg3Wwgu"'PwD3wg3WwQwR'PwD3wg3WwQWu'PwD3wg3WwQguuwD3wg3WwQWwPwD3wg3WwQguw4D3wg3WwQ Wuw3D3wg 3WwQ WwPw3 D3wg3WwQ WwPw3D3wg3WwQ WwP w3D3Gwpg33WwQWwPw3 D3Gwpg3WwQ WwP w3 D 3DwgWwQWwPw3D 3DwgwQ WwPw 3D 3DwgqWwPw 3D3 Dwg WwPw3D3Dw gQ WwPw3D3 Dw gWwPw 3D4DwgQwuw3DDwgwuw3DDw gwu w3Dwg$w3Dw5w3Dw5w3D3=w3 D3=w3 D3=w3 D3=w3DW3DX3D[3C\3]3]3]3]3]3]3]3]3]3]3]3]3]3
RT_ICON	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x52a7c	2216	PE Resource: RT_ICON - Data ( @5$6# G=N3 p FL_ZW%_p{=l@pccppKKN\Q`Wh[i[l_mUp_p\xcqeqcteugvgwiv`bk{m{+owP^S,}-OOp@ %_[n%1C@_[sOvjj48@Vdijolnqwzstsz{}~xz}Fz JT_r"`cZdddddddddddddddrrrrrrrrrrrrrrdrrrrrrr~vrrrrrvdrrrrrrr~vrrrrs~vdrrrrrrr~vrrrrs~vdrrrrrmmmmrrrrs~~vdrrrr~yrs~~~vdrrrrryrrs~~~\|vrrrrrryrrrs~~~{zrrrrrrryrrrps~~{zzrrrrrrrryrrrpps~{zzzrrrrrrrrrrrrrpppstzzzzkkkkkkkkkkkjhjjjotqmxzzaaaaaaaaaaaaaaaaaaaaf~leQmuxJJJJJJJJJJJJJJJJJJJaieQRamu''''''''''''''''''DaJKHPam"(GLOa 4*-/0V[\)LUa" 358+.2=V[]$CFNa" 369+.2>V\^VELMa&%!36;1.2?V\_V%$BFID%%mw:g@gVTS(FD%35<+.2@\\`Ve}bD57+,2\_VZcaYVXc~c%DYVcnA##ADWS ## VV????c?
RT_DIALOG	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x539bc	462
RT_STRING	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x54250	74
RT_GROUP_ICON	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x5429c	62
RT_MANIFEST	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0x542dc	1738	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" processorArchitecture="" name="WinRAR SFX" type="win32"/> <description>WinRAR SFX module</description> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="" publicKeyToken="6595b64144ccf1df" language="*"/> </dependentAssembly> </dependency> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <!--The ID below indicates application support for Windows Vista --> <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> <!--The ID below indicates application support for Windows 7 --> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> <!--The ID below indicates application support for Windows 8 --> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> <!--The ID below indicates application support for Windows 8.1 --> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> </application> </compatibility> <asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"> <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> <dpiAware>true</dpiAware> </asmv3:windowsSettings> </asmv3:application> </assembly>

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

FindWindowExW
GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5	SHA1	Block size	Virtual Address
46e063ea3fe41395f3b8903716790a99	8515eb98b211169180fe4b52f96f94e80a832ffe	6232	254320

Strings analysis - File found

Temporary
%s.%d.tmp
winrarsfxmappingfile.tmp
Data
version.dat
Library
KERNEL32.dll
Crypt32.dll
riched32.dll
riched20.dll
mscoree.dll
ADVAPI32.dll
SHLWAPI.dll
SHELL32.dll
OLEAUT32.dll
USER32.dll
COMCTL32.dll
COMDLG32.dll
ole32.dll
GDI32.dll

Strings analysis - Possible URLs found 15

http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ts-ocsp.ws.symantec.com07
http://ocsp.digicert.com0C
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ocsp.digicert.com0N
http://crl3.digicert.com/sha2-assured-cs-g1.crl05
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://ocsp.thawte.com0
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
https://www.digicert.com/CPS0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

Import functions

COMDLG32.dll 3 GDI32.dll 9 SHELL32.dll 8 KERNEL32.dll 128 OLEAUT32.dll 1 ADVAPI32.dll 9 ole32.dll 5 SHLWAPI.dll 1 USER32.dll 50 COMCTL32.dll 1

Function	Address	Souspicious	Anti Debug
GetSaveFileNameW	0x42a030
CommDlgExtendedError	0x42a034
GetOpenFileNameW	0x42a038

Function	Address	Souspicious	Anti Debug
GetDeviceCaps	0x42a040
CreateCompatibleDC	0x42a044
CreateCompatibleBitmap	0x42a048
SelectObject	0x42a04c
StretchBlt	0x42a050
DeleteDC	0x42a054
GetObjectW	0x42a058
DeleteObject	0x42a05c
CreateDIBSection	0x42a060

Function	Address	Souspicious	Anti Debug
SHBrowseForFolderW	0x42a274
ShellExecuteExW	0x42a278
SHGetSpecialFolderLocation	0x42a27c
SHFileOperationW	0x42a280
SHGetPathFromIDListW	0x42a284
SHGetMalloc	0x42a288
SHChangeNotify	0x42a28c
SHGetFileInfoW	0x42a290

Function	Address	Souspicious	Anti Debug
FindClose	0x42a068
FindNextFileW	0x42a06c
FindFirstFileW	0x42a070
GetVersionExW	0x42a074
GetCurrentDirectoryW	0x42a078
GetFullPathNameW	0x42a07c
GetModuleFileNameW	0x42a080
FindResourceW	0x42a084
GetModuleHandleW	0x42a088
FreeLibrary	0x42a08c
GetProcAddress	0x42a090
LoadLibraryW	0x42a094
GetCurrentProcessId	0x42a098
GetLocaleInfoW	0x42a09c
GetNumberFormatW	0x42a0a0
SetEnvironmentVariableW	0x42a0a4
ExpandEnvironmentStringsW	0x42a0a8
WaitForSingleObject	0x42a0ac
GetDateFormatW	0x42a0b0
GetTimeFormatW	0x42a0b4
FileTimeToSystemTime	0x42a0b8
FileTimeToLocalFileTime	0x42a0bc
GetExitCodeProcess	0x42a0c0
GetTempPathW	0x42a0c4
MoveFileExW	0x42a0c8
UnmapViewOfFile	0x42a0cc
Sleep	0x42a0d0
MapViewOfFile	0x42a0d4
GetCommandLineW	0x42a0d8
CreateFileMappingW	0x42a0dc
GetTickCount	0x42a0e0
OpenFileMappingW	0x42a0e4
InitializeCriticalSection	0x42a0e8
DeleteCriticalSection	0x42a0ec
EnterCriticalSection	0x42a0f0
LeaveCriticalSection	0x42a0f4
CreateThread	0x42a0f8
GetProcessAffinityMask	0x42a0fc
CreateEventW	0x42a100
CreateSemaphoreW	0x42a104
ReleaseSemaphore	0x42a108
ResetEvent	0x42a10c
SetEvent	0x42a110
SetThreadPriority	0x42a114
SystemTimeToFileTime	0x42a118
GetSystemTime	0x42a11c
SystemTimeToTzSpecificLocalTime	0x42a120
TzSpecificLocalTimeToSystemTime	0x42a124
LocalFileTimeToFileTime	0x42a128
WideCharToMultiByte	0x42a12c
MultiByteToWideChar	0x42a130
CompareStringW	0x42a134
IsDBCSLeadByte	0x42a138
SetFileTime	0x42a13c
SetFileAttributesW	0x42a140
SetCurrentDirectoryW	0x42a144
WriteConsoleW	0x42a148
GetConsoleOutputCP	0x42a14c
WriteConsoleA	0x42a150
SetStdHandle	0x42a154
GetLocaleInfoA	0x42a158
GetStringTypeW	0x42a15c
GetStringTypeA	0x42a160
LoadLibraryA	0x42a164
GetConsoleMode	0x42a168
GetConsoleCP	0x42a16c
InitializeCriticalSectionAndSpinCount	0x42a170
QueryPerformanceCounter	0x42a174
SetHandleCount	0x42a178
GetEnvironmentStringsW	0x42a17c
FreeEnvironmentStringsW	0x42a180
GetEnvironmentStrings	0x42a184
FreeEnvironmentStringsA	0x42a188
GetModuleHandleA	0x42a18c
LCMapStringW	0x42a190
LCMapStringA	0x42a194
IsValidCodePage	0x42a198
GetOEMCP	0x42a19c
GetACP	0x42a1a0
GetModuleFileNameA	0x42a1a4
ExitProcess	0x42a1a8
HeapSize	0x42a1ac
IsDebuggerPresent	0x42a1b0
SetUnhandledExceptionFilter	0x42a1b4
UnhandledExceptionFilter	0x42a1b8
TerminateProcess	0x42a1bc
VirtualAlloc	0x42a1c0
VirtualFree	0x42a1c4
HeapCreate	0x42a1c8
InterlockedDecrement	0x42a1cc
GetCurrentThreadId	0x42a1d0
InterlockedIncrement	0x42a1d4
TlsFree	0x42a1d8
TlsSetValue	0x42a1dc
TlsAlloc	0x42a1e0
TlsGetValue	0x42a1e4
GetStartupInfoA	0x42a1e8
GetCommandLineA	0x42a1ec
RaiseException	0x42a1f0
GetFileAttributesW	0x42a1f4
FlushFileBuffers	0x42a1f8
ReadFile	0x42a1fc
GetFileType	0x42a200
SetEndOfFile	0x42a204
SetFilePointer	0x42a208
WriteFile	0x42a20c
GetStdHandle	0x42a210
GetLongPathNameW	0x42a214
GetShortPathNameW	0x42a218
GlobalAlloc	0x42a21c
MoveFileW	0x42a220
CreateFileW	0x42a224
CreateDirectoryW	0x42a228
DeviceIoControl	0x42a22c
RemoveDirectoryW	0x42a230
DeleteFileW	0x42a234
CreateHardLinkW	0x42a238
GetCurrentProcess	0x42a23c
CloseHandle	0x42a240
SetLastError	0x42a244
GetLastError	0x42a248
CreateFileA	0x42a24c
GetCPInfo	0x42a250
GetSystemTimeAsFileTime	0x42a254
HeapAlloc	0x42a258
HeapReAlloc	0x42a25c
HeapFree	0x42a260
RtlUnwind	0x42a264

Function	Address	Souspicious	Anti Debug
VariantInit	0x42a26c

Function	Address	Souspicious	Anti Debug
RegOpenKeyExW	0x42a000
RegQueryValueExW	0x42a004
RegCreateKeyExW	0x42a008
RegSetValueExW	0x42a00c
RegCloseKey	0x42a010
SetFileSecurityW	0x42a014
OpenProcessToken	0x42a018
LookupPrivilegeValueW	0x42a01c
AdjustTokenPrivileges	0x42a020

Function	Address	Souspicious	Anti Debug
CLSIDFromString	0x42a36c
CoCreateInstance	0x42a370
OleInitialize	0x42a374
OleUninitialize	0x42a378
CreateStreamOnHGlobal	0x42a37c

Function	Address	Souspicious	Anti Debug
SHAutoComplete	0x42a298

Function	Address	Souspicious	Anti Debug
EnableWindow	0x42a2a0
GetDlgItem	0x42a2a4
ShowWindow	0x42a2a8
SetWindowLongW	0x42a2ac
GetDC	0x42a2b0
ReleaseDC	0x42a2b4
FindWindowExW	0x42a2b8
GetParent	0x42a2bc
MapWindowPoints	0x42a2c0
CreateWindowExW	0x42a2c4
UpdateWindow	0x42a2c8
LoadCursorW	0x42a2cc
RegisterClassExW	0x42a2d0
DefWindowProcW	0x42a2d4
DestroyWindow	0x42a2d8
CopyRect	0x42a2dc
IsWindow	0x42a2e0
CharUpperW	0x42a2e4
OemToCharBuffA	0x42a2e8
LoadIconW	0x42a2ec
LoadBitmapW	0x42a2f0
PostMessageW	0x42a2f4
GetSysColor	0x42a2f8
SetForegroundWindow	0x42a2fc
MessageBoxW	0x42a300
WaitForInputIdle	0x42a304
IsWindowVisible	0x42a308
DialogBoxParamW	0x42a30c
DestroyIcon	0x42a310
SetFocus	0x42a314
GetClassNameW	0x42a318
SendDlgItemMessageW	0x42a31c
EndDialog	0x42a320
GetDlgItemTextW	0x42a324
SetDlgItemTextW	0x42a328
wvsprintfW	0x42a32c
SendMessageW	0x42a330
PeekMessageW	0x42a334
GetMessageW	0x42a338
TranslateMessage	0x42a33c
DispatchMessageW	0x42a340
LoadStringW	0x42a344
GetWindowRect	0x42a348
GetClientRect	0x42a34c
SetWindowPos	0x42a350
GetWindowTextW	0x42a354
SetWindowTextW	0x42a358
GetSystemMetrics	0x42a35c
GetWindow	0x42a360
GetWindowLongW	0x42a364

Function	Address	Souspicious	Anti Debug
InitCommonControlsEx	0x42a028