xox.exe

First submission 2022-08-02 07:18:31

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 750.47 KB (768478 bytes)
Compile time: 2094-09-05 17:45:37
MD5: b83a31018538c495db038023c78e8192
SHA1: 99a8af73c9311d55f21f1ffeb81e4f5720bb79dd
SHA256: 9df740d3b8c486d0daded4e4faa3cb45d714ef5c199d4470331b67afe35d5d50
Import Hash : 646167cce332c1c252cdcb1839e0cf48
Sections 5 .text .data .idata .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://files.ddrive.online/xox.exe VirusTotal Report files.ddrive.online VirusTotal Report 2022-08-02 07:18:31

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x662c 26624 44d9f12222610a4616e0e22570a0a62a72002728 35fbf8310571ce438935bcf4d3fd9873
.data 0x8000 0x1aa0 512 9c268b36dcf88164c756c6557ee5339ddd593e21 7b9890a93c0516bb070e1170cfde54d5
.idata 0xa000 0x1052 4608 63dbfb7c8c29383e4f0127ce47cafe03f7ef9d49 b7bf851563e418553720f7553afd3b3a
.rsrc 0xc000 0x139c0a 1285632 e404111d02d7724665593e74bca5a7ab379c2b70 6e5e1ad828508cd72a1e8e5aad206b69
.reloc 0x146000 0x888 2560 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e

PE Resources 8

Name Language Sublanguage Offset Size Data
AVI LANG_ENGLISH SUBLANG_ENGLISH_US 0xcb18 11802
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x1c248 1128
RT_DIALOG LANG_FRENCH SUBLANG_FRENCH 0x1da44 302
RT_STRING LANG_FRENCH SUBLANG_FRENCH 0x20c4c 1044
RT_RCDATA LANG_ENGLISH SUBLANG_ENGLISH_US 0x144ffc 7
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x145004 188
RT_VERSION LANG_FRENCH SUBLANG_FRENCH 0x1450c0 872
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x145428 2018

Packers detected 1

Microsoft Visual C++ 8

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
msdownld.tmp
TMP4351$.TMP
IXP%03d.TMP
Library
KERNEL32.dll
ADVAPI32.dll
VERSION.dll
setupx.dll
SHELL32.dll
MSVCRT.dll
COMCTL32.dll
SETUPAPI.dll
advpack.dll
USER32.dll
GDI32.dll
cabinet.dll

Import functions