77.exe

First submission 2022-08-03 20:13:01

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
File type:	462.5 KB (473600 bytes)
Compile time:	2022-02-09 19:22:02
MD5:	b4c7966345974a5554e5d99fa2800297
SHA1:	933fc5cfd4500f0e755a9e7f5adff60494887abd
SHA256:	4dbc705f8b2459cd330ba96aac1462ffef090bbb55c6305e49397db8caafeff7
Import Hash :	029a987f21e33b48f24d21b6f9ff1129
Sections 7	.text .rdata .data .tls .gfids .rsrc .reloc
Directories 5	import resource debug tls relocation
Virus Total:	56/71 VT report date: 2022-08-03 16:07:25

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://jg.studio/77.exe	jg.studio	2022-08-03 20:13:01

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x52aed	338944	de59e4ca964512050b041a15ae81756d711c8313	22ca55e1b948eef6d8eaa74c178eb61c
.rdata	0x54000	0x16fb4	94208	352f6a2ff2e34506e7d6759af55eaa9aeda3f7b1	58738501e97e6c76ea591261c4b943d8
.data	0x6b000	0x3eec	3584	a069a2cddd54faf4620819c79e6b50ab370798cb	90efd231c85fb53e2e544c3917cc650c
.tls	0x6f000	0x9	512	aa0d33a0c854e073439067876e932688b65cb6a9	1f354d76203061bfdd5a53dae48d5435
.gfids	0x70000	0x230	1024	543908de16087fdc46fd32bba746b043f69effd0	68b4acc15e6a4d63a54be2808ea37520
.rsrc	0x71000	0x4bc4	19456	ec5f35d169351118c971d1981e80f55cef17521c	1c88c0b845bd21b8b5c260eadf5c37d5
.reloc	0x76000	0x3884	14848	3bc93ba4ff3fd609d08cb71ba1f2459349330701	3eea2222f194b26e650b5b689079235b

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ITALIAN	SUBLANG_ITALIAN	0x73024	9640	PE Resource: RT_ICON - Data (0` %zzwwvvuuuurrrrpp}oo\|nnzmmxmmskkvqqs'%%f^^333RRRQQQQQQQQQQQQKMMqqJIIPPPQQQQQQQQQSSSCCCvvvttttttttttttrssrrdccttttttttttttwww"""\\\666lllCCCdddfffdddcccbbb^__jbbwwFGGKKKKKKJJJKKK???vvuyyxxwwxxlccyllrrSQQ{\|\|EFFuuu&&NQ\|}~ 02Cm$ Sb (?V+WTn%5Is' U!I2d3f _ EF< %7;<H25' #d!fL j%Y]^N`Q>]^ TSh ga [9 3bv"-K-,- in$!%x,U - p7)534 L;k!G\|1<j$YO2h"$<h:l!Fm!ep#e & '$ #$!'+/)(0, !#.0132,$-04544>v(Y&() Q/ Vk$7q'~)0u : A>1h".3-7w#5'/#@ 1u%\|)y-j$/Un% D{,k4- h{w'c1\|&\|+S \|,}+c{(3 _6Yv)c!99 )+F,&!!8U75 +!! " '2! ~\|}\|{zxwxvwvtss}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}COMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMOCss[gg[[[
RT_RCDATA	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x755cc	1461	PE Resource: RT_RCDATA - Data CR6)jJ$d{A.b<n"^]{H^n#Eal.<vp]$* OF!4Yy>fdB#"__o, pEruDOGgI<:v5]1kg(SV?: #x?[)M({OY5Q,p3oAk5}sW&LBE(F~"R{v`T(ODE` 5Q1$]`C-LM>JWKXB#\|gm+Hg+{q]Q<OZ.A2'ebn"# bot^Z,~5LSYL5`u_7)(1N.M+NIHVbH32DTZ}]_D:oj ({4X68"U$a1 3=aWJ!&:m{<4 b0#6X2Lha-]$2'is/7%EkCKes_>&WfuE`wmEK2;T^>RZ<'7ho82F:D7 qAzR_uhI9{x{5@("E%VzLf8A_3Qcp56fWv fmW5nDV/`&JmsqAO{[?Rf(3(iz/h1[&4p;els0nJxPu;6U.\YNJb^}"#) .yVj6\)n^Gr`LM sK?REoa\|]3>~.HQ 4:0e` ~i{XY&E8W7Uo/^\{}y*tY}leh21,%ct/A.X,Ms>`zu l+w]Gz(#m}" #Fc=5F4#dc,,a{"vut4:< [a(-v;!XQk9<i($'&!LN[L[e+L>5pY :@m@b4y "MrC `
RT_GROUP_ICON	LANG_ITALIAN	SUBLANG_ITALIAN	0x75b84	62

Name

Language

Sublanguage

Offset

Size

Data

RT_ICON

LANG_ITALIAN

SUBLANG_ITALIAN

0x73024

9640

RT_RCDATA

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x755cc

1461

RT_GROUP_ICON

LANG_ITALIAN

SUBLANG_ITALIAN

0x75b84

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Database
\key3.db
Text
\sysinfo.txt
license_code.txt
Library
mscoree.dll
KERNEL32.dll
SHLWAPI.dll
WINMM.dll
ADVAPI32.dll
ntdll.dll
WS2_32.dll
USER32.dll
PSAPI.DLL
SHELL32.dll
Powrprof.dll
gdiplus.dll
urlmon.dll
GDI32.dll

Import functions

SHLWAPI.dll 3 urlmon.dll 2 KERNEL32.dll 155 gdiplus.dll 10 WS2_32.dll 17 ADVAPI32.dll 33 WINMM.dll 10 SHELL32.dll 4 USER32.dll 42 GDI32.dll 9

Function	Address	Souspicious	Anti Debug
PathFileExistsW	0x454334
PathFileExistsA	0x454338
StrToIntA	0x45433c

Function	Address	Souspicious	Anti Debug
URLDownloadToFileW	0x454490
URLOpenBlockingStreamW	0x454494

Function	Address	Souspicious	Anti Debug
GetLocaleInfoA	0x4540b0
CreateToolhelp32Snapshot	0x4540b4
OpenMutexA	0x4540b8
Process32NextW	0x4540bc
LoadLibraryA	0x4540c0
Process32FirstW	0x4540c4
GetProcAddress	0x4540c8
VirtualProtect	0x4540cc
SetLastError	0x4540d0
VirtualFree	0x4540d4
VirtualAlloc	0x4540d8
GetNativeSystemInfo	0x4540dc
HeapAlloc	0x4540e0
GetProcessHeap	0x4540e4
FreeLibrary	0x4540e8
IsBadReadPtr	0x4540ec
GetTempPathW	0x4540f0
OpenProcess	0x4540f4
lstrcatW	0x4540f8
GetCurrentProcessId	0x4540fc
GetTempFileNameW	0x454100
GetCurrentProcess	0x454104
GetSystemDirectoryA	0x454108
GlobalAlloc	0x45410c
GlobalLock	0x454110
GetTickCount	0x454114
GlobalUnlock	0x454118
WriteProcessMemory	0x45411c
ResumeThread	0x454120
GetThreadContext	0x454124
VirtualAllocEx	0x454128
ReadProcessMemory	0x45412c
CreateProcessW	0x454130
SetThreadContext	0x454134
LocalAlloc	0x454138
GlobalFree	0x45413c
MulDiv	0x454140
SizeofResource	0x454144
GetLongPathNameW	0x454148
SetFilePointer	0x45414c
FindResourceA	0x454150
LockResource	0x454154
LoadResource	0x454158
LocalFree	0x45415c
FormatMessageA	0x454160
GetModuleFileNameA	0x454164
lstrcpynA	0x454168
AllocConsole	0x45416c
CreateMutexA	0x454170
QueryPerformanceCounter	0x454174
EnterCriticalSection	0x454178
LeaveCriticalSection	0x45417c
InitializeCriticalSection	0x454180
DeleteCriticalSection	0x454184
HeapSize	0x454188
WriteConsoleW	0x45418c
SetStdHandle	0x454190
SetEnvironmentVariableW	0x454194
SetEnvironmentVariableA	0x454198
FreeEnvironmentStringsW	0x45419c
GetEnvironmentStringsW	0x4541a0
GetCommandLineW	0x4541a4
GetCommandLineA	0x4541a8
GetOEMCP	0x4541ac
IsValidCodePage	0x4541b0
FindFirstFileExA	0x4541b4
ReadConsoleW	0x4541b8
GetConsoleMode	0x4541bc
GetConsoleCP	0x4541c0
FlushFileBuffers	0x4541c4
GetFileType	0x4541c8
GetTimeZoneInformation	0x4541cc
EnumSystemLocalesW	0x4541d0
GetUserDefaultLCID	0x4541d4
IsValidLocale	0x4541d8
GetTimeFormatW	0x4541dc
GetDateFormatW	0x4541e0
HeapReAlloc	0x4541e4
GetACP	0x4541e8
GetStdHandle	0x4541ec
GetModuleHandleExW	0x4541f0
MoveFileExW	0x4541f4
RtlUnwind	0x4541f8
RaiseException	0x4541fc
LoadLibraryExW	0x454200
GetCPInfo	0x454204
GetStringTypeW	0x454208
GetLocaleInfoW	0x45420c
LCMapStringW	0x454210
CompareStringW	0x454214
TlsFree	0x454218
TlsSetValue	0x45421c
CopyFileW	0x454220
DeleteFileA	0x454224
ExpandEnvironmentStringsA	0x454228
FindNextFileA	0x45422c
FindFirstFileA	0x454230
GetFileSize	0x454234
TerminateThread	0x454238
CreateDirectoryW	0x45423c
GetLastError	0x454240
SetFileAttributesW	0x454244
GetModuleHandleA	0x454248
RemoveDirectoryW	0x45424c
MoveFileW	0x454250
SetFilePointerEx	0x454254
GetLogicalDriveStringsA	0x454258
DeleteFileW	0x45425c
GetFileAttributesW	0x454260
FindClose	0x454264
lstrlenA	0x454268
GetDriveTypeA	0x45426c
FindNextFileW	0x454270
GetFileSizeEx	0x454274
FindFirstFileW	0x454278
ExitProcess	0x45427c
CreateProcessA	0x454280
PeekNamedPipe	0x454284
CreatePipe	0x454288
TerminateProcess	0x45428c
ReadFile	0x454290
HeapFree	0x454294
HeapCreate	0x454298
CreateEventA	0x45429c
GetLocalTime	0x4542a0
CreateThread	0x4542a4
SetEvent	0x4542a8
CreateEventW	0x4542ac
WaitForSingleObject	0x4542b0
Sleep	0x4542b4
GetModuleFileNameW	0x4542b8
CloseHandle	0x4542bc
ExitThread	0x4542c0
CreateFileW	0x4542c4
WriteFile	0x4542c8
QueryPerformanceFrequency	0x4542cc
TlsGetValue	0x4542d0
TlsAlloc	0x4542d4
InitializeCriticalSectionAndSpinCount	0x4542d8
MultiByteToWideChar	0x4542dc
DecodePointer	0x4542e0
EncodePointer	0x4542e4
WideCharToMultiByte	0x4542e8
InitializeSListHead	0x4542ec
GetSystemTimeAsFileTime	0x4542f0
GetCurrentThreadId	0x4542f4
IsProcessorFeaturePresent	0x4542f8
GetStartupInfoW	0x4542fc
SetUnhandledExceptionFilter	0x454300
UnhandledExceptionFilter	0x454304
IsDebuggerPresent	0x454308
GetModuleHandleW	0x45430c
WaitForSingleObjectEx	0x454310
ResetEvent	0x454314
SetEndOfFile	0x454318

Function	Address	Souspicious	Anti Debug
GdiplusStartup	0x454464
GdipGetImageEncoders	0x454468
GdipCloneImage	0x45446c
GdipAlloc	0x454470
GdipDisposeImage	0x454474
GdipFree	0x454478
GdipGetImageEncodersSize	0x45447c
GdipSaveImageToStream	0x454480
GdipSaveImageToFile	0x454484
GdipLoadImageFromStream	0x454488

Function	Address	Souspicious	Anti Debug
send	0x45441c
socket	0x454420
connect	0x454424
recv	0x454428
gethostbyname	0x45442c
WSASetLastError	0x454430
inet_addr	0x454434
gethostbyaddr	0x454438
getservbyport	0x45443c
ntohs	0x454440
getservbyname	0x454444
htonl	0x454448
htons	0x45444c
inet_ntoa	0x454450
closesocket	0x454454
WSAGetLastError	0x454458
WSAStartup	0x45445c

Function	Address	Souspicious	Anti Debug
CryptAcquireContextA	0x454000
CryptGenRandom	0x454004
CryptReleaseContext	0x454008
GetUserNameW	0x45400c
RegEnumKeyExA	0x454010
QueryServiceStatus	0x454014
CloseServiceHandle	0x454018
OpenSCManagerW	0x45401c
OpenSCManagerA	0x454020
ControlService	0x454024
StartServiceW	0x454028
QueryServiceConfigW	0x45402c
ChangeServiceConfigW	0x454030
OpenServiceW	0x454034
EnumServicesStatusW	0x454038
AdjustTokenPrivileges	0x45403c
LookupPrivilegeValueA	0x454040
OpenProcessToken	0x454044
RegCreateKeyA	0x454048
RegCloseKey	0x45404c
RegQueryInfoKeyW	0x454050
RegQueryValueExA	0x454054
RegCreateKeyExW	0x454058
RegEnumKeyExW	0x45405c
RegSetValueExW	0x454060
RegSetValueExA	0x454064
RegOpenKeyExA	0x454068
RegOpenKeyExW	0x45406c
RegCreateKeyW	0x454070
RegDeleteValueW	0x454074
RegEnumValueW	0x454078
RegQueryValueExW	0x45407c
RegDeleteKeyA	0x454080

Function	Address	Souspicious	Anti Debug
PlaySoundW	0x4543f0
mciSendStringA	0x4543f4
mciSendStringW	0x4543f8
waveInClose	0x4543fc
waveInAddBuffer	0x454400
waveInStart	0x454404
waveInOpen	0x454408
waveInUnprepareHeader	0x45440c
waveInPrepareHeader	0x454410
waveInStop	0x454414

Function	Address	Souspicious	Anti Debug
ShellExecuteW	0x454320
ShellExecuteExA	0x454324
Shell_NotifyIconA	0x454328
ExtractIconA	0x45432c

Function	Address	Souspicious	Anti Debug
SetForegroundWindow	0x454344
SetClipboardData	0x454348
EnumWindows	0x45434c
ExitWindowsEx	0x454350
EmptyClipboard	0x454354
ShowWindow	0x454358
SetWindowTextW	0x45435c
MessageBoxW	0x454360
IsWindowVisible	0x454364
TranslateMessage	0x454368
DispatchMessageA	0x45436c
GetMessageA	0x454370
GetWindowTextW	0x454374
wsprintfW	0x454378
GetClipboardData	0x45437c
UnhookWindowsHookEx	0x454380
GetForegroundWindow	0x454384
GetWindowThreadProcessId	0x454388
GetKeyboardLayout	0x45438c
SetWindowsHookExA	0x454390
CloseClipboard	0x454394
OpenClipboard	0x454398
GetKeyboardState	0x45439c
CallNextHookEx	0x4543a0
CloseWindow	0x4543a4
SendInput	0x4543a8
mouse_event	0x4543ac
DrawIcon	0x4543b0
GetSystemMetrics	0x4543b4
GetIconInfo	0x4543b8
SystemParametersInfoW	0x4543bc
GetCursorPos	0x4543c0
RegisterClassExA	0x4543c4
GetKeyboardLayoutNameA	0x4543c8
GetWindowTextLengthW	0x4543cc
GetKeyState	0x4543d0
ToUnicodeEx	0x4543d4
AppendMenuA	0x4543d8
CreateWindowExA	0x4543dc
DefWindowProcA	0x4543e0
TrackPopupMenu	0x4543e4
CreatePopupMenu	0x4543e8

Function	Address	Souspicious	Anti Debug
CreateCompatibleBitmap	0x454088
CreateCompatibleDC	0x45408c
StretchBlt	0x454090
GetDIBits	0x454094
DeleteDC	0x454098
DeleteObject	0x45409c
CreateDCA	0x4540a0
GetObjectA	0x4540a4
SelectObject	0x4540a8

Name	Latest seen	MD5
Kante98.exe	2022-03-02 10:55:02	97f29f1582b5af3a48c557ac0d83bec3
hh.exe	2022-03-17 19:02:01	44ae6be8ffaa6f53c990c3e58a482971
regg.exe	2022-03-22 01:38:01	427f1494e1a52d28b862510add64ed15
DHLL.exe	2022-03-24 15:51:02	8245b52e309dea8c63cd26155647298b
99.exe	2022-03-24 23:43:02	def5e965c4a177ef419a5382ed0f45d5
harvey.exe	2022-03-26 10:49:01	ca27d1e84e00b7a1d86d784c9516a41f
33.exe	2022-03-28 21:02:02	64d7045bb593fcb01e73d22c1cfcc38c
STC.exe	2022-03-30 01:34:02	b933b611ce9fad4e6ea2a50a45388039
SAS.exe	2022-04-05 03:10:02	7d800b2a825316b0b0457eb8e47142ee
BADDEST.exe	2022-04-05 20:45:03	91a143928b17958a04875a7bc322bc48
8888.exe	2022-04-05 22:03:01	2c528cc769588b0e27903bc6cea1b32a
7777.exe	2022-04-06 18:19:02	af55f4f0ffbbf50f4307021641f33678
hart.exe	2022-04-08 04:09:02	b1c9f2fc6258a5d92275772d639d8a3d
har.exe	2022-04-08 23:21:02	f81dbefe25f9ce6113ca870505cc0810
Turk.exe	2022-04-16 05:41:01	40d82a004c7e5b07a82fea2037f97cb3
a1wr.exe	2022-04-23 18:41:02	a76746acdd25c4f0800a64847962282a
1.exe	2022-06-18 08:16:03	b88d08039e00b7f812f00612bdacd07c
4.exe	2022-06-18 08:30:03	1b0fcb758db13bbc5233239bae1de2b9
s.exe	2022-06-18 08:31:03	f1b55410ed2dbb79bc832cc8dcafd047
z.exe	2022-06-18 08:44:03	28afb35b42a002ef55e554c060e730cd
6.exe	2022-06-18 08:46:03	e37ca9486ea18cef00f0322d2385c2ac
41.exe	2022-06-18 08:47:03	dac30ffff266ed8b7aaaadde0dd0df1c
8.exe	2022-06-30 19:23:02	3d88a2651713a9cf1b8eca4a6a3783fe
1.exe	2022-06-30 19:25:02	504bba9f6bd183e67b7cb0dfb8766f63
2.exe	2022-06-30 19:51:02	ff972845d37e50804e2c4cb86f3f743a
mMLBa.exe	2022-07-26 20:01:03	096492414fe97b8cc2740ef65e909f54
remcos_agent.exe	2022-07-28 16:51:02	335b1296fa572b01158f7e8ef89c7064
8.exe	2022-08-03 14:42:01	dee8aee08099b043b5de884349a31792
c.exe	2022-08-03 14:43:02	5594e0ca7eaa0ae566ff83214c547e78
b.exe	2022-08-03 15:19:02	2a2ee40a729b9e1dcf30327a115b9652
504.exe	2022-08-03 20:12:02	04f5b2bd193cfbc571ebb0aac306ccb3