spoofer.exe
First submission 2024-10-14 23:36:05
File details
| File type: | PE32 executable (console) Intel 80386, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 2642.5 KB (2705920 bytes) |
| Compile time: | 2024-10-11 12:09:23 |
| MD5: | b1c8ea27ae819eecf5517c6aed222e9d |
| SHA1: | 132c66bab9a1666f49963c3da9b37d73eba4a43b |
| SHA256: | 4f487e7b86b7c1dcf52cb3016dda1c1a13c1489edd6f235836268d61834450d9 |
| Import Hash : | 4cc9f349eed90d5f9ca198839e15d4f9 |
| Sections 9 | .idata�� .rsrc��� .themida .boot��� |
| Directories 2 | import resource |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
OSINT Enrichments
| Virus Total: | 34/77 VT report date: 2024-10-14 10:38:29 |
| Malware Type 1 | trojan |
| Threat Type 2 | daoedqci themida |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://45.141.26.180/spoofer.exe  |
45.141.26.180 |
2024-10-14 23:36:05 |
PE Sections 5 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| 0x1000 | 0x11e3c | 42496 | d50b65792c9fda2643160fe95e823a80daab33be | b26019324d582d2771fff0eb9fad1bd2 | ||
| 0x13000 | 0x6ffc | 12800 | 7185415598a7cfab3b5b669a3bad3b8b4fe5c770 | b2575520ae376ff409a0157c99e92651 | ||
| 0x1a000 | 0x13d4 | 512 | 888b9a23ebf54e286f41e8eab55d0531eda0b8d8 | 8e5119bdd73ad209a20c5f2ab11f9bfd | ||
| 0x1c000 | 0x1e8 | 512 | d1267128e5526d14e06a0cea238b823229ac7654 | 149ca64dc0cadd5b3d3b68ee23e9806c | ||
| 0x1d000 | 0x123c | 4096 | 25cd1fe90c6a302ac82dfd0ac9484bc174446572 | a513bbab7c5b2e3f2f90378259fffaf4 | ||
| .idata�� | 0x1f000 | 0x1000 | 512 | f24137e812e13b675c10fda181b201093766a4a5 | 56c0f90170511d32d6739d07f5eb3db1 | |
| .rsrc��� | 0x20000 | 0x1000 | 512 | 0affa2ece2c55eb54b4e48fed4f4e3d54cec1424 | 02385a24736e5cf4a752feba7100eef9 | |
| .themida | 0x21000 | 0x41a000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .boot��� | 0x43b000 | 0x285600 | 2643456 | e24665f4523dae95dafcc4f47cffa206e8b1dad3 | 6b7c5d7afe3240711ff9d40e930ca6f5 |
PE Resources 1
| Name | Language | Sublanguage | Offset | Size | Data |
|---|---|---|---|---|---|
| RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x20058 | 392 |
Strings analysis - File found
| Library |
| ADVAPI32.dll |
| urlmon.dll |
| KERNEL32.dll |