167.exe

First submission 2023-09-14 12:53:03

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	196.5 KB (201216 bytes)
Compile time:	2022-06-21 06:24:27
MD5:	a8ef33f60772ebeeeeb85eb64403265c
SHA1:	cb166d55759c53538bd4a5a2dfd722ee174fe857
SHA256:	60514c1c51b359839c67819246b09fbd861afa3ff772ad93bf466fc3acab642d
Import Hash :	0da159e8cafbc91f7a91683e99c0a805
Sections 4	.text .data .rsrc .reloc
Directories 4	import resource debug relocation
Virus Total:	28/71 VT report date: 2023-09-14 10:03:42

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://h170690.srv22.test-hf.su/167.exe	h170690.srv22.test-hf.su	2023-09-14 12:53:03

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x23bae	146432	a43f6e003472d4238a42ef679e649bb404baa280	9580583924aa958b0d71869856eb03ce
.data	0x25000	0x4fec8	11776	cc918d742a83add90cf93ed1fdf4cdbcc7ac4d8c	91ec27707a1e4f027731350fc1b993e4
.rsrc	0x75000	0x1b5770	34816	dffa61480e1314799e0a3e9bc14a9bed4604360e	231a530d29c6b57319c5d85c58a3d04d
.reloc	0x22b000	0x1a4e	7168	5be985e22b092dadf3d2753cbef1f4ef8c2e75c9	d18b6d35efd1c2345675b526a374c63c

PE Resources 6

Name	Language	Sublanguage	Offset	Size	Data
RT_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x7bbd8	1384	PE Resource: RT_CURSOR - Data ( """>>>EEEZZZbbbhhhvvv~~~Qcv1Qq,/KPhp1Qq/!P7pLcy1Qq/Pp",6@J[1qQq/Pp =1[Qyq/"P0p=LYgx1Qq&/@PZpt1Qq/&PAp[t1Qq/P"p0>M[iy1Qq/Pp >1\Qzq/Pp!+6@IZ1pQq/ P6pLbx1Qq,/KPip1Qq/-P?pRcv1Qq/Pp!&,>X1qQq
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x78100	1128	PE Resource: RT_ICON - Data ( \|z{}\|\|{~}~\|{\|z{z~}}{{{~\|{~~\|~\|}~{}\|}~}z{~}{{{z{\|~~~}~}z\|}\|}~~~~{~z\|\|~\|\|\|~\|~{~~\|z~\|\|{~\|\|{}{\|{{~~}~}{z{\|{}{\|\|{\|~}}}}~z}\|~~z{z{{{z~}}}}~\|~\|z}\|~{~z~z{}~~~}\|{~\|}\|{}\|}}}}}{\|{}{\|{z\|z}}z~~}~{}}}{}}{{~}}\|~~\|\|~}\|\|{{z~~\|\|}{{~{}z}{\|}{{~{~}~}\|}\|}\|{{\|\|{}}~~\|\|~~{{\|}z{{z~~z~z{{z{}\|\|}\|\|~~~}}}\|{{}\|{~z{~zz~{}\|AAAAAAAAAAAAAAAA
RT_STRING	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x7d130	1596	PE Resource: RT_STRING - Data FFelufihih xicikor gimigegi muyer fejube wabokewepos hefadak sejanununipPozoyarinexefi kozaxilajezuyap kaxokaxubi vovozeyaguba cub tajojasomig suf sixelocodejul pizuyoxezafo poviwasedeDolojohapagotemASusetanorud cafeyonexocejo hulanasoc kukepebipeguyow kadafofetuso*Fufujoyu mosu veruzepobux tura rakak xuvewCKipitusij jobomula yezuyiwokumo gicodixeda calihihuto yunezosodekobFCojilu fudapus yipixohigawi dusuboyuvamuyi wadu hizoha huvurijehanowazFNejixeso bageroho wijofizahon bugu loyolesugi pun mibedusohopon suhude4Sezigu cuditujoje dadoripibacet naz zuyanovuwi denel]Xopenavoxo tofezakuka huyikakimanivu kazuleco liyebuhijabo yoluge wocumolenox lajamakefufemambKot zojuraxisinotod sukasixu pilerufep veyusurow con lawekihadetusa fimamikivaway bikufewexij razuPav logoxuhubu sehohininovit
RT_GROUP_CURSOR	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x7c140	48
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x78568	48
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x7c170	620	PE Resource: RT_VERSION - Data l4VS_VERSION_INFO4aStringFileInfo042231F2: FileDescriptionSilvupleZLegalCopyrightCopyright (C) 2022, Uniqum@OriginalFilenamepetshop.exe< ProductsVersion9.50.2.696ProductNameKuihmfghniDProductionVersion82.67.62.16DVarFileInfo$Translation

Meta infos 7

LegalCopyright:	Copyright (C) 2022, Uniqum
ProductionVersion:	82.67.62.16
FileDescription:	Silvuple
Translation:	0x08bf 0x0ad5
ProductsVersion:	9.50.2.69
OriginalFilename:	petshop.exe
ProductName:	Kuihmfghni

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
USER32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

82.67.62.16
9.50.2.69

Import functions

KERNEL32.dll 94 GDI32.dll 1 USER32.dll 11

Function	Address	Souspicious	Anti Debug
SetThreadContext	0x401008
FindFirstChangeNotificationW	0x40100c
PeekNamedPipe	0x401010
SetEndOfFile	0x401014
LoadResource	0x401018
SetConsoleTextAttribute	0x40101c
GetLogicalDriveStringsW	0x401020
CreateHardLinkA	0x401024
FreeEnvironmentStringsA	0x401028
GetModuleHandleW	0x40102c
GetTickCount	0x401030
GetDateFormatA	0x401034
LoadLibraryW	0x401038
IsValidLocale	0x40103c
ReadConsoleInputA	0x401040
GetFileAttributesA	0x401044
FileTimeToSystemTime	0x401048
GlobalUnlock	0x40104c
GetShortPathNameA	0x401050
GetLastError	0x401054
GetProcAddress	0x401058
VirtualAlloc	0x40105c
CreateFileA	0x401060
BackupWrite	0x401064
GetTempFileNameA	0x401068
OpenJobObjectW	0x40106c
FoldStringA	0x401070
GetModuleHandleA	0x401074
FindNextFileW	0x401078
FindFirstVolumeA	0x40107c
ReadConsoleOutputCharacterW	0x401080
CloseHandle	0x401084
HeapSize	0x401088
WriteConsoleW	0x40108c
GetConsoleOutputCP	0x401090
WriteConsoleA	0x401094
RaiseException	0x401098
LoadLibraryA	0x40109c
BeginUpdateResourceW	0x4010a0
HeapFree	0x4010a4
MultiByteToWideChar	0x4010a8
GetStartupInfoW	0x4010ac
TerminateProcess	0x4010b0
GetCurrentProcess	0x4010b4
UnhandledExceptionFilter	0x4010b8
SetUnhandledExceptionFilter	0x4010bc
IsDebuggerPresent	0x4010c0
HeapAlloc	0x4010c4
HeapCreate	0x4010c8
VirtualFree	0x4010cc
DeleteCriticalSection	0x4010d0
LeaveCriticalSection	0x4010d4
EnterCriticalSection	0x4010d8
HeapReAlloc	0x4010dc
GetCPInfo	0x4010e0
InterlockedIncrement	0x4010e4
InterlockedDecrement	0x4010e8
GetACP	0x4010ec
GetOEMCP	0x4010f0
IsValidCodePage	0x4010f4
TlsGetValue	0x4010f8
TlsAlloc	0x4010fc
TlsSetValue	0x401100
TlsFree	0x401104
SetLastError	0x401108
GetCurrentThreadId	0x40110c
SetFilePointer	0x401110
Sleep	0x401114
ExitProcess	0x401118
WriteFile	0x40111c
GetStdHandle	0x401120
GetModuleFileNameA	0x401124
GetModuleFileNameW	0x401128
FreeEnvironmentStringsW	0x40112c
GetEnvironmentStringsW	0x401130
GetCommandLineW	0x401134
SetHandleCount	0x401138
GetFileType	0x40113c
GetStartupInfoA	0x401140
QueryPerformanceCounter	0x401144
GetCurrentProcessId	0x401148
GetSystemTimeAsFileTime	0x40114c
InitializeCriticalSectionAndSpinCount	0x401150
RtlUnwind	0x401154
LCMapStringA	0x401158
WideCharToMultiByte	0x40115c
LCMapStringW	0x401160
GetStringTypeA	0x401164
GetStringTypeW	0x401168
GetLocaleInfoA	0x40116c
SetStdHandle	0x401170
GetConsoleCP	0x401174
GetConsoleMode	0x401178
FlushFileBuffers	0x40117c

Function	Address	Souspicious	Anti Debug
GetCharWidthI	0x401000

Function	Address	Souspicious	Anti Debug
CharToOemBuffA	0x401184
GetKeyNameTextA	0x401188
GetClassInfoExA	0x40118c
GetMessageExtraInfo	0x401190
ChangeMenuA	0x401194
GetParent	0x401198
LoadMenuA	0x40119c
CopyIcon	0x4011a0
LoadBitmapW	0x4011a4
DdeQueryStringA	0x4011a8
CloseWindow	0x4011ac