DigitalSide Threat Intel

data64_1.exe

First submission 2022-07-31 16:14:03

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
File type: 2548.97 KB (2610141 bytes)
Compile time: 2022-07-31 08:41:54
MD5: a96950e973081e1145547d3c5bcac94f
SHA1: 3d72c767397db4498a4ab7cda505f8a1fcc7ba4b
SHA256: 2ee10299431f2d13208b63912ca6482751c013dc18f0b9245562d758a62af912
Import Hash : 1e33718404ffbe0d91b536c10bf053f8
Sections 16 .text .data .rdata /4 .bss .idata .CRT .tls /14 /29 /41 /55 /67 /80 /91 /102
Directories 3 import tls security
Virus Total: 26/71 VT report date: 2022-07-31 19:08:28

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://malanche.com/10/data64_1.exe VirusTotal Report malanche.com VirusTotal Report 2022-07-31 16:14:03
hXXp://malanche.com/12/data64_1.exe VirusTotal Report malanche.com VirusTotal Report 2022-07-31 21:13:10

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xbd240 775168 dcf2fc21dfd54162fca76dd24bf87c8b29f1be94 3ab21c7b06499bed45833d0a0eacef26
.data 0xbf000 0x1aa3c 109568 e9e3af44dfaadb931e54d98c17652dfb0f061723 af8eb01a9a7869a6efdbb0b5c769222f
.rdata 0xda000 0xea00 59904 4b42193acf347eb350ff78213008a10c6bc7e58b 98451e1e8f5c451a6792ff4e3c83bcbd
/4 0xe9000 0x3c0b8 246272 c8bdcf2174168a4f7fc1bab6ebda7950873b663a 013d696e10b6d20539f07033227106f5
.bss 0x126000 0xf00 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x127000 0xbd0 3072 a0ba7e29fcec7d8f7fdc64eb280afcb04a1d5c8d ce693739d4db6f7ae6aa62579f9f3c0b
.CRT 0x128000 0x34 512 12e67d6a49ed582ad644ebdd6a2826d5b29c4c63 7d7d238609502500249214caca55b698
.tls 0x129000 0x8 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
/14 0x12a000 0x110 512 f9b74a72961af53927da34c65d903d87ce602463 d9c563c6843313a14ea768ab7f9db388
/29 0x12b000 0x2826f 164864 0ebbee359cfb6aa6f3c43a226d2120487b8d5887 510172a4f039abcbf6d8011d9d65f205
/41 0x154000 0x1d59 7680 3da8a3117e4bd6036eebc17fe797e1372df4c3e2 b2193045c3b863b554b65a20724f27cf
/55 0x156000 0x666e 26624 85d8fce16b204ed79d63020913b8130d4caf54e6 5ce6fe3bfc0932dc0b1a14b37c533d52
/67 0x15d000 0x38 512 d9e571f0128f113b414eae67e6e2b16775168a9c e92865a0b3e1ca02fea79b225ba55c7c
/80 0x15e000 0x244 1024 8ac9f86670cf8cbdb376cbd141e080e0c467cf0f c389ff0d278f3df4581a7c305686cf61
/91 0x15f000 0xb3c3 46080 53652efaa71cf02bdfffabd36e6a6260f4bd1aec f56b7cf755b1f30c0575f19f6af1588c
/102 0x16b000 0x12d0 5120 1b09c9ed64a99966ca16210fb16a96cf09a2aab8 018467c6dde03048e6f10c839cb34e4c

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

File signature

MD5 SHA1 Block size Virtual Address
d20ee7b8b51b68f6b7ea0603ff9363e8 b87fefdcf6aa060c22dd7b8a7a1c9a12f8348287 18736 2591405

Strings analysis - File found

Library
MSVCRT.dll
libgcc_s_dw2-1.dll
2.DLL
KERNEL32.dll

Strings analysis - Possible URLs found 23

http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://www.digicert.com/CPS0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://ocsp.comodoca.com0
https://gcc.gnu.org/bugs/):
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://crl.comodo.net/AAACertificateServices.crl0
http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
http://ocsp.digicert.com0C
https://sectigo.com/CPS0
http://ocsp.digicert.com0O
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://pidgin.im0
http://ocsp.usertrust.com0
http://crl3.digicert.com/sha2-assured-ts.crl02
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.sectigo.com0
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://crl.comodoca.com/AAACertificateServices.crl06
http://crl.comodoca.com/AAACertificateServices.crl04
https://www.digicert.com/CPS0

Import functions

Function Address Souspicious Anti Debug
___mb_cur_max_func 0x5272a4
__doserrno 0x5272a8
__getmainargs 0x5272ac
__initenv 0x5272b0
__lconv_init 0x5272b4
__p__acmdln 0x5272b8
__p__fmode 0x5272bc
__pioinfo 0x5272c0
__set_app_type 0x5272c4
__setusermatherr 0x5272c8
_amsg_exit 0x5272cc
_cexit 0x5272d0
_errno 0x5272d4
_fdopen 0x5272d8
_filelengthi64 0x5272dc
_fileno 0x5272e0
_fileno 0x5272e4
_fstat64 0x5272e8
_initterm 0x5272ec
_iob 0x5272f0
_lseeki64 0x5272f4
_onexit 0x5272f8
_read 0x5272fc
_strnicmp 0x527300
_write 0x527304
_write 0x527308
abort 0x52730c
atoi 0x527310
calloc 0x527314
exit 0x527318
fclose 0x52731c
fflush 0x527320
fgetpos 0x527324
fopen 0x527328
fprintf 0x52732c
fputc 0x527330
fputs 0x527334
fread 0x527338
free 0x52733c
fsetpos 0x527340
fwrite 0x527344
getc 0x527348
getwc 0x52734c
isspace 0x527350
iswctype 0x527354
localeconv 0x527358
malloc 0x52735c
memchr 0x527360
memcmp 0x527364
memcpy 0x527368
memmove 0x52736c
memset 0x527370
putc 0x527374
putwc 0x527378
realloc 0x52737c
setlocale 0x527380
setvbuf 0x527384
signal 0x527388
sprintf 0x52738c
strchr 0x527390
strcmp 0x527394
strcoll 0x527398
strerror 0x52739c
strftime 0x5273a0
strlen 0x5273a4
strncmp 0x5273a8
strtoul 0x5273ac
strxfrm 0x5273b0
towlower 0x5273b4
towupper 0x5273b8
ungetc 0x5273bc
ungetwc 0x5273c0
vfprintf 0x5273c4
wcscoll 0x5273c8
wcsftime 0x5273cc
wcslen 0x5273d0
wcsxfrm 0x5273d4
Function Address Souspicious Anti Debug
CloseHandle 0x52720c
CreateSemaphoreW 0x527210
CreateThread 0x527214
DeleteCriticalSection 0x527218
EnterCriticalSection 0x52721c
FreeConsole 0x527220
FreeLibrary 0x527224
GetCurrentProcess 0x527228
GetCurrentProcessId 0x52722c
GetCurrentThreadId 0x527230
GetLastError 0x527234
GetModuleHandleA 0x527238
GetModuleHandleW 0x52723c
GetProcAddress 0x527240
GetStartupInfoA 0x527244
GetSystemTimeAsFileTime 0x527248
GetTickCount 0x52724c
InitializeCriticalSection 0x527250
IsDBCSLeadByteEx 0x527254
LeaveCriticalSection 0x527258
LoadLibraryA 0x52725c
MultiByteToWideChar 0x527260
QueryPerformanceCounter 0x527264
ReleaseSemaphore 0x527268
SetLastError 0x52726c
SetUnhandledExceptionFilter 0x527270
Sleep 0x527274
TerminateProcess 0x527278
TlsAlloc 0x52727c
TlsFree 0x527280
TlsGetValue 0x527284
TlsSetValue 0x527288
UnhandledExceptionFilter 0x52728c
VirtualProtect 0x527290
VirtualQuery 0x527294
WaitForSingleObject 0x527298
WideCharToMultiByte 0x52729c

Related files by ImpHash 6 1e33718404ffbe0d91b536c10bf053f8

Name Latest seen MD5
b.exe 2022-07-26 17:27:02 65122666327049e092095330babf99e5
bazzy.exe 2022-07-26 17:51:02 27bb317f9ae7a42119b387daa9ad0993
138.exe 2022-07-26 22:25:03 ebdb1ac576509460b4c71701857acd97
data64_1.exe 2022-07-28 08:52:03 85566e0612996308663b129f5046dad4
141.exe 2022-07-28 08:53:02 d49d26ac3bcbaeeb7947f86020418f2b
file.exe 2022-07-29 07:58:02 5eec1efdb95a96916f96b6c40c7225d2