rZDBX.exe

First submission 2022-08-02 20:00:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 273.5 KB (280064 bytes)
Compile time: 2022-03-01 12:50:40
MD5: b701f11ecf355febaa54d234d9b33529
SHA1: 7e4284a948d832df348de41751a5e4a629f069b8
SHA256: d49ae415cb86861a5dda7254a78dc8a2f68b4976e92cb3c5a62584c33375bdeb
Import Hash : e03c5ea8e25367650e1f4380ec0a6eaf
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total: 46/71 VT report date: 2022-08-02 00:53:35

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/fSYAD.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 20:00:01
hXXp://109.206.241.81/htdocs/rZDBX.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:24:08

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x34016 213504 8b11a6a75c0c4afe17527437d4e61daf1550e22a 7a9ddb67ce72e7dd208024ba88169987
.rdata 0x36000 0xc21a 50176 5373541278a7844171c7571155eaa60f5a50d01c 4c609e35f19a5036177e73609e0d0d2c
.data 0x43000 0x83d4 5120 6fa27fe26a77243bf30c9d07e7e7576bca4cafe6 cb07d46c4eb0b415dd058de585793f51
.rsrc 0x4c000 0x1e0 512 ef576397c23665da98fde8f33b2c3dab7de7f27d 62c766a35b447894162bbd059d638ccf
.reloc 0x4d000 0x242c 9728 720ba7ac174ae9d214d23395ebdb9195fcbb6b35 b0d1e45242ac1ae5a2dbb390beb9337a

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x4c060 381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
OutputDebugStringW
Process32First
Process32Next
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
SHLWAPI.dll
SHELL32.dll
Crypt32.dll
KERNEL32.dll
WINHTTP.dll
WS2_32.dll
ADVAPI32.dll
USER32.dll
IPHLPAPI.DLL
PSAPI.DLL
%s\Sqlite3\sqlite3.dll
NETAPI32.dll
ole32.dll
GDI32.dll

Strings analysis - Possible IPs found 1

1.1.1.1

Strings analysis - Possible URLs found 1

http://%s%%s%.2d-%.2d-%.4d

Import functions

Name Latest seen MD5
RjXoD.exe 2022-08-02 21:30:02 8f98297f190db64c6c1bb9b85b78eca5