DigitalSide Threat Intel

l.exe

First submission 2024-10-14 18:58:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 519.54 KB (532008 bytes)
Compile time: 2024-10-14 12:28:09
MD5: b96c1cae8e90f64dd0941ee10b0db7ec
SHA1: e03dfcd3c930f031ac83cb5aefb31c4c199dbd46
SHA256: 0a49a4d3b8a5fdfb2d925f6da4c0674ae527b2d51d828e50608cda2dc637bcc7
Import Hash : b7ebfc2ac31d5223dc33b9386c1e726b
Sections 5 .text .rdata .data .bss .reloc
Directories 4 import debug relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 31/77 VT report date: 2024-10-14 18:30:04
Malware Type 1 trojan
Threat Type 1 fragtor

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://94.103.125.119/l.exe VirusTotal Report 94.103.125.119 VirusTotal Report 2024-10-14 18:58:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1f734 129024 93e552bea302416c909863eb4c5a73cd99ef3915 2e0b59b1673f966e09fafd5b665ed194
.rdata 0x21000 0x9e62 40960 2c53338f717019736b7a5f4598268f433db0be45 4296d3ec7eff280e4cd7ecaadf0ea530
.data 0x2b000 0x54d7c 343552 b5f47f8d3c95f12dc9777a2c397cf3090ce08d73 20e836cae00ee7e86ddcbe8fbc824460
.bss 0x80000 0x4 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x81000 0x1aac 7168 15957361b564e4a0af65feddff4f81dd28e5e92b aa49513bdc75bd4fefd279ed2e61d72d

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
7cd905d59ba4f31c082c2e2bfd88980f 7f1b1df25765fde2a6305fe2fe1ce76edfbe0529 9768 522240

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll
USER32.dll

Strings analysis - Possible URLs found 15

http://www.entrust.net/rpa03
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://crl.entrust.net/2048ca.crl0
http://www.digicert.com/CPS0
https://www.entrust.net/rpa0
http://ocsp.entrust.net02
http://ocsp.entrust.net03
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl.entrust.net/ts1ca.crl0
http://ocsp.digicert.com0\
http://aia.entrust.net/ts1-chain256.cer01
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S

Import functions

Function Address Souspicious Anti Debug
GetStartupInfoW 0x421000
CreateFileW 0x421004
CloseHandle 0x421008
GetConsoleWindow 0x42100c
MultiByteToWideChar 0x421010
GetStringTypeW 0x421014
WideCharToMultiByte 0x421018
GetCurrentThreadId 0x42101c
WaitForSingleObjectEx 0x421020
GetExitCodeThread 0x421024
EnterCriticalSection 0x421028
LeaveCriticalSection 0x42102c
InitializeCriticalSectionEx 0x421030
DeleteCriticalSection 0x421034
EncodePointer 0x421038
DecodePointer 0x42103c
LCMapStringEx 0x421040
ReleaseSRWLockExclusive 0x421044
AcquireSRWLockExclusive 0x421048
TryAcquireSRWLockExclusive 0x42104c
WakeAllConditionVariable 0x421050
QueryPerformanceCounter 0x421054
GetSystemTimeAsFileTime 0x421058
GetModuleHandleW 0x42105c
GetProcAddress 0x421060
GetCPInfo 0x421064
IsProcessorFeaturePresent 0x421068
UnhandledExceptionFilter 0x42106c
SetUnhandledExceptionFilter 0x421070
GetCurrentProcess 0x421074
TerminateProcess 0x421078
GetCurrentProcessId 0x42107c
InitializeSListHead 0x421080
IsDebuggerPresent 0x421084
WriteConsoleW 0x421088
HeapSize 0x42108c
RaiseException 0x421090
RtlUnwind 0x421094
GetLastError 0x421098
SetLastError 0x42109c
InitializeCriticalSectionAndSpinCount 0x4210a0
TlsAlloc 0x4210a4
TlsGetValue 0x4210a8
TlsSetValue 0x4210ac
TlsFree 0x4210b0
FreeLibrary 0x4210b4
LoadLibraryExW 0x4210b8
CreateThread 0x4210bc
ExitThread 0x4210c0
FreeLibraryAndExitThread 0x4210c4
GetModuleHandleExW 0x4210c8
GetStdHandle 0x4210cc
WriteFile 0x4210d0
GetModuleFileNameW 0x4210d4
ExitProcess 0x4210d8
HeapAlloc 0x4210dc
HeapFree 0x4210e0
LCMapStringW 0x4210e4
GetLocaleInfoW 0x4210e8
IsValidLocale 0x4210ec
GetUserDefaultLCID 0x4210f0
EnumSystemLocalesW 0x4210f4
GetFileType 0x4210f8
GetFileSizeEx 0x4210fc
SetFilePointerEx 0x421100
FlushFileBuffers 0x421104
GetConsoleOutputCP 0x421108
GetConsoleMode 0x42110c
ReadFile 0x421110
HeapReAlloc 0x421114
FindClose 0x421118
FindFirstFileExW 0x42111c
FindNextFileW 0x421120
IsValidCodePage 0x421124
GetACP 0x421128
GetOEMCP 0x42112c
GetCommandLineA 0x421130
GetCommandLineW 0x421134
GetEnvironmentStringsW 0x421138
FreeEnvironmentStringsW 0x42113c
SetStdHandle 0x421140
GetProcessHeap 0x421144
ReadConsoleW 0x421148
Function Address Souspicious Anti Debug
ShowWindow 0x421150

Related files by ImpHash 1 b7ebfc2ac31d5223dc33b9386c1e726b

Name Latest seen MD5
crypted.exe 2024-10-14 18:53:01 09d0e438a6a8666361559becb0359e5f