output_64.exe

First submission 2024-02-04 18:26:18

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
Mime type: application/x-dosexec
File size: 296.5 KB (303616 bytes)
Compile time: 2022-05-02 13:52:55
MD5: b27c86172b5ae181811cc482e218df58
SHA1: 414a477ccd7c0ac4b51ddc520348e3f248181a7f
SHA256: a3220057977d8f5abb74921b9d93100517544f40994c812ab0124a73d1161f48
Import Hash : 6676d6dfd2063d93860eb7a1ce2bd577
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://175.24.197.196/output_64.exe VirusTotal Report 175.24.197.196 VirusTotal Report 2024-02-04 18:26:19

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2f03f 193024 79c9e36424dd995c020dad13e6f7c754103dc8ad ca980dbea2bc7dd8227d77f4ca81ff35
.rdata 0x31000 0xfec0 65536 31e82af0640c088e6a04b807ed1bab18bdc97a7e 944482dca7121964eb21f1a50a4fbff6
.data 0x41000 0xb990 25600 45dc3997075eb00d4c3b1eb4490d9d564d0e02c9 5eb8143eadad4135c09b202629d77dc4
.pdata 0x4d000 0x2aa8 11264 902a9b8ec613686fae0987f2531a0068551f8643 a0873c39bfcf6de0a9cbcc3353362d2d
.rsrc 0x50000 0x1b4 512 b8ef3454a39fb6d7217ba88766ed65b906f7d02e fe873a7da75e1ecb94b684f88caf6202
.reloc 0x51000 0x1992 6656 60f8545a26cbf6f947df25d52ad20ab420a708f8 be966111fd4d60fbd7785c515ee82633

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x50058 346

Packers detected 2

Microsoft Visual C++ 8.0 (DLL)
Microsoft Visual C++ 8.0

Anti debug functions 8

FindWindowA
GetLastError
IsDebuggerPresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
SHELL32.dll
KERNEL32.dll
ntdll.dll
USER32.dll
ADVAPI32.dll
WININET.dll
mscoree.dll
NETAPI32.dll
SHLWAPI.dll
WINMM.dll
OLEAUT32.dll
WS2_32.dll
DINPUT8.dll
ole32.dll

Strings analysis - Possible IPs found 1

127.0.0.1

Import functions

Name Latest seen MD5
lux64.exe 2024-02-04 18:28:04 6db34be976cf8a343f7bfb01dfa87d70