msgbox1.file

First submission 2024-02-04 17:32:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 72.5 KB (74240 bytes)
Compile time: 2024-01-15 11:45:57
MD5: ac6132e51eeb91f7d294c448fc2605a0
SHA1: 6fb9c6e9df6913b8c327235fc31821bc1fca0982
SHA256: 49cfbb6f99f899fc4a5f5c18b985f71e54b51778a63f8fa015eb6ff887f401a4
Import Hash : 67b092a69844bee71741beabb06b1afb
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://5.42.65.115/files/msgbox1.file VirusTotal Report 5.42.65.115 VirusTotal Report 2024-02-04 17:32:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xa6e8 43008 2b1264378a880966722ee9a26a34cdf8a5d032b5 969edb1d0722a635df795ccc89b12b50
.rdata 0xc000 0x5a3e 23552 34f644bf0e90bb9c7dfd4b455f9dd936ffb63187 2b490cb8cd61fa373931fc7a6a4cc70e
.data 0x12000 0x12a4 2560 78e7eb77487ec680883f9dac985f42394d1c07bc 37945817b245d8ba509f2c9f50aff8a2
.rsrc 0x14000 0x1e0 512 8089325985b9f78b361d2bef5ce408f2815c083a f1b801d7cee918c8de20c6e09bf27838
.reloc 0x15000 0xdb0 3584 6b1f06a1549aba68f73e52df7e218532920ba5c8 bf81b773ea10e9e8c56088326a36daa3

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x14060 381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
xmscoree.dll
USER32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
msgbox2.file 2024-02-04 17:35:02 65ea5410c5869dd9aa8511bdbeaab5bd