data64_1.exe

First submission 2022-07-31 16:14:03

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
File type: 2548.97 KB (2610141 bytes)
Compile time: 2022-07-31 08:41:54
MD5: a96950e973081e1145547d3c5bcac94f
SHA1: 3d72c767397db4498a4ab7cda505f8a1fcc7ba4b
SHA256: 2ee10299431f2d13208b63912ca6482751c013dc18f0b9245562d758a62af912
Import Hash : 1e33718404ffbe0d91b536c10bf053f8
Sections 16 .text .data .rdata /4 .bss .idata .CRT .tls /14 /29 /41 /55 /67 /80 /91 /102
Directories 3 import tls security
Virus Total: 26/71 VT report date: 2022-07-31 19:08:28

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://malanche.com/10/data64_1.exe VirusTotal Report malanche.com VirusTotal Report 2022-07-31 16:14:03
hXXp://malanche.com/12/data64_1.exe VirusTotal Report malanche.com VirusTotal Report 2022-07-31 21:13:10

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xbd240 775168 dcf2fc21dfd54162fca76dd24bf87c8b29f1be94 3ab21c7b06499bed45833d0a0eacef26
.data 0xbf000 0x1aa3c 109568 e9e3af44dfaadb931e54d98c17652dfb0f061723 af8eb01a9a7869a6efdbb0b5c769222f
.rdata 0xda000 0xea00 59904 4b42193acf347eb350ff78213008a10c6bc7e58b 98451e1e8f5c451a6792ff4e3c83bcbd
/4 0xe9000 0x3c0b8 246272 c8bdcf2174168a4f7fc1bab6ebda7950873b663a 013d696e10b6d20539f07033227106f5
.bss 0x126000 0xf00 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x127000 0xbd0 3072 a0ba7e29fcec7d8f7fdc64eb280afcb04a1d5c8d ce693739d4db6f7ae6aa62579f9f3c0b
.CRT 0x128000 0x34 512 12e67d6a49ed582ad644ebdd6a2826d5b29c4c63 7d7d238609502500249214caca55b698
.tls 0x129000 0x8 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
/14 0x12a000 0x110 512 f9b74a72961af53927da34c65d903d87ce602463 d9c563c6843313a14ea768ab7f9db388
/29 0x12b000 0x2826f 164864 0ebbee359cfb6aa6f3c43a226d2120487b8d5887 510172a4f039abcbf6d8011d9d65f205
/41 0x154000 0x1d59 7680 3da8a3117e4bd6036eebc17fe797e1372df4c3e2 b2193045c3b863b554b65a20724f27cf
/55 0x156000 0x666e 26624 85d8fce16b204ed79d63020913b8130d4caf54e6 5ce6fe3bfc0932dc0b1a14b37c533d52
/67 0x15d000 0x38 512 d9e571f0128f113b414eae67e6e2b16775168a9c e92865a0b3e1ca02fea79b225ba55c7c
/80 0x15e000 0x244 1024 8ac9f86670cf8cbdb376cbd141e080e0c467cf0f c389ff0d278f3df4581a7c305686cf61
/91 0x15f000 0xb3c3 46080 53652efaa71cf02bdfffabd36e6a6260f4bd1aec f56b7cf755b1f30c0575f19f6af1588c
/102 0x16b000 0x12d0 5120 1b09c9ed64a99966ca16210fb16a96cf09a2aab8 018467c6dde03048e6f10c839cb34e4c

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

File signature

MD5 SHA1 Block size Virtual Address
d20ee7b8b51b68f6b7ea0603ff9363e8 b87fefdcf6aa060c22dd7b8a7a1c9a12f8348287 18736 2591405

Strings analysis - File found

Library
MSVCRT.dll
libgcc_s_dw2-1.dll
2.DLL
KERNEL32.dll

Strings analysis - Possible URLs found 23

http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://www.digicert.com/CPS0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://ocsp.comodoca.com0
https://gcc.gnu.org/bugs/):
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
http://crl.comodo.net/AAACertificateServices.crl0
http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
http://ocsp.digicert.com0C
https://sectigo.com/CPS0
http://ocsp.digicert.com0O
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
https://pidgin.im0
http://ocsp.usertrust.com0
http://crl3.digicert.com/sha2-assured-ts.crl02
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://crl4.digicert.com/sha2-assured-ts.crl0
http://ocsp.sectigo.com0
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://crl.comodoca.com/AAACertificateServices.crl06
http://crl.comodoca.com/AAACertificateServices.crl04
https://www.digicert.com/CPS0

Import functions

Name Latest seen MD5
b.exe 2022-07-26 17:27:02 65122666327049e092095330babf99e5
bazzy.exe 2022-07-26 17:51:02 27bb317f9ae7a42119b387daa9ad0993
138.exe 2022-07-26 22:25:03 ebdb1ac576509460b4c71701857acd97
data64_1.exe 2022-07-28 08:52:03 85566e0612996308663b129f5046dad4
141.exe 2022-07-28 08:53:02 d49d26ac3bcbaeeb7947f86020418f2b
file.exe 2022-07-29 07:58:02 5eec1efdb95a96916f96b6c40c7225d2