DigitalSide Threat Intel

pub1.exe

First submission 2023-09-13 12:12:03 Last sumbission 2023-09-13 12:13:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 298.5 KB (305664 bytes)
Compile time: 2022-08-19 10:29:38
MD5: b54e64a6057aebaffb2329e0f8e5bc85
SHA1: 51a101d7b31a8718968280b50aca05b597fb2fa9
SHA256: a2260ac65c2814e6a0e7b839474a298333f2a4a7ac60af12861dcc9edf5a6019
Import Hash : 6d41cb748e4d1fea5be7cc98b4681858
Sections 3 .text .data .rsrc
Directories 2 import resource
Virus Total: 32/71 VT report date: 2023-09-13 10:06:58

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://login-sofi.4dq.com/tmp/tmp/pub1.exe VirusTotal Report login-sofi.4dq.com VirusTotal Report 2023-09-13 12:12:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2015c 131584 bd2b1fa9082f7fadd759b6fa90d907bf62c6bcaf b7abafd03c58873d3739deb30842a34d
.data 0x22000 0x1ebbd2c 92160 648574c740047532060b0e4ac3944443fb1683c3 e0a3e17c00499adf63b6a1fbc72e44c2
.rsrc 0x1ede000 0x13b58 80896 b341dcc3c8970d66e95678b20e7b0cfb21b2978d 5f63e41df90bbf3457207af689d4754e

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x1ef0468 2216
RT_ICON LANG_SINDHI SUBLANG_SYS_DEFAULT 0x1eeff98 1128
RT_STRING LANG_SINDHI SUBLANG_SYS_DEFAULT 0x1ef1958 512
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x1ef0d10 20
RT_GROUP_ICON LANG_SINDHI SUBLANG_SYS_DEFAULT 0x1ef0400 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x1ef0d28 632

Meta infos 8

InternalName: Superior.exe
FileVersions: 42.51.49
LegalCopyrights: Challangers bojala
CompanyName: Thunderstuck
ProductVersion: 57.5.34.0
FileDescriptions: Anybodies
Translation: 0x124e 0x043a
ProductName: Bonni

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
WUSER32.DLL
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
SHELL32.dll
USER32.dll
GDI32.dll

Import functions

Function Address Souspicious Anti Debug
LookupAccountSidW 0x401000
Function Address Souspicious Anti Debug
DragFinish 0x401208
Function Address Souspicious Anti Debug
EnumCalendarInfoA 0x401018
GetConsoleAliasesLengthW 0x40101c
GetNumaProcessorNode 0x401020
GetDriveTypeW 0x401024
BuildCommDCBAndTimeoutsA 0x401028
SystemTimeToTzSpecificLocalTime 0x40102c
InterlockedIncrement 0x401030
MoveFileExW 0x401034
InterlockedDecrement 0x401038
CreateJobObjectW 0x40103c
SetHandleInformation 0x401040
GetProfileStringW 0x401044
AddConsoleAliasW 0x401048
SetVolumeMountPointW 0x40104c
FreeEnvironmentStringsA 0x401050
GetModuleHandleW 0x401054
GenerateConsoleCtrlEvent 0x401058
GetConsoleAliasExesW 0x40105c
EnumTimeFormatsA 0x401060
EnumTimeFormatsW 0x401064
GetEnvironmentStrings 0x401068
GetConsoleCP 0x40106c
LoadLibraryW 0x401070
TerminateThread 0x401074
FatalAppExitW 0x401078
GetCalendarInfoW 0x40107c
GetStartupInfoW 0x401080
CreateMailslotW 0x401084
RaiseException 0x401088
GetPrivateProfileIntW 0x40108c
InterlockedExchange 0x401090
SetLocaleInfoA 0x401094
SetThreadLocale 0x401098
GetLastError 0x40109c
GetCurrentDirectoryW 0x4010a0
BackupRead 0x4010a4
MoveFileW 0x4010a8
RemoveDirectoryA 0x4010ac
EnumSystemCodePagesW 0x4010b0
LoadLibraryA 0x4010b4
OpenMutexA 0x4010b8
GetProcessId 0x4010bc
LocalAlloc 0x4010c0
GetNumberFormatW 0x4010c4
GlobalGetAtomNameW 0x4010c8
EnumDateFormatsA 0x4010cc
GlobalUnWire 0x4010d0
GetModuleHandleA 0x4010d4
EnumResourceNamesA 0x4010d8
FindNextFileW 0x4010dc
VirtualProtect 0x4010e0
EnumDateFormatsW 0x4010e4
PeekConsoleInputA 0x4010e8
GetShortPathNameW 0x4010ec
OpenSemaphoreW 0x4010f0
FindFirstVolumeA 0x4010f4
FindAtomW 0x4010f8
FindFirstVolumeW 0x4010fc
GetVolumeNameForVolumeMountPointW 0x401100
DeleteFileW 0x401104
CreateFileW 0x401108
ReadFile 0x40110c
FlushFileBuffers 0x401110
FindFirstFileW 0x401114
GetCommandLineW 0x401118
SetDefaultCommConfigA 0x40111c
GetFileSize 0x401120
GetComputerNameA 0x401124
GetStartupInfoA 0x401128
WriteConsoleW 0x40112c
SetStdHandle 0x401130
Sleep 0x401134
InitializeCriticalSection 0x401138
DeleteCriticalSection 0x40113c
EnterCriticalSection 0x401140
LeaveCriticalSection 0x401144
EncodePointer 0x401148
DecodePointer 0x40114c
HeapFree 0x401150
HeapAlloc 0x401154
GetProcAddress 0x401158
ExitProcess 0x40115c
DeleteFileA 0x401160
HeapSetInformation 0x401164
RtlUnwind 0x401168
UnhandledExceptionFilter 0x40116c
SetUnhandledExceptionFilter 0x401170
IsDebuggerPresent 0x401174
TerminateProcess 0x401178
GetCurrentProcess 0x40117c
IsProcessorFeaturePresent 0x401180
HeapCreate 0x401184
WriteFile 0x401188
GetStdHandle 0x40118c
GetModuleFileNameW 0x401190
InitializeCriticalSectionAndSpinCount 0x401194
TlsAlloc 0x401198
TlsGetValue 0x40119c
TlsSetValue 0x4011a0
TlsFree 0x4011a4
SetLastError 0x4011a8
GetCurrentThreadId 0x4011ac
HeapSize 0x4011b0
FreeEnvironmentStringsW 0x4011b4
GetEnvironmentStringsW 0x4011b8
SetHandleCount 0x4011bc
GetFileType 0x4011c0
QueryPerformanceCounter 0x4011c4
GetTickCount 0x4011c8
GetCurrentProcessId 0x4011cc
GetSystemTimeAsFileTime 0x4011d0
GetCPInfo 0x4011d4
GetACP 0x4011d8
GetOEMCP 0x4011dc
IsValidCodePage 0x4011e0
GetStringTypeW 0x4011e4
MultiByteToWideChar 0x4011e8
SetFilePointer 0x4011ec
WideCharToMultiByte 0x4011f0
GetConsoleMode 0x4011f4
HeapReAlloc 0x4011f8
LCMapStringW 0x4011fc
CloseHandle 0x401200
Function Address Souspicious Anti Debug
GetBoundsRect 0x401008
GetTextFaceW 0x40100c
SelectPalette 0x401010
Function Address Souspicious Anti Debug
GetComboBoxInfo 0x401210
CharUpperW 0x401214