MePaxil.exe

First submission 2024-08-25 14:24:02 Last sumbission 2024-09-02 00:41:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Mime type: application/x-dosexec
File size: 1093.56 KB (1119801 bytes)
Compile time: 2010-04-10 14:19:38
MD5: bbe6311c3e2fab459f729dc8cd6e3519
SHA1: b71993aafd6627e55657819826c67f64f764c77f
SHA256: 95fb9ca82017f2a6bc59df0d72fc6f90043e135799d25e9922d4943da4c36874
Import Hash : bf95d1fc1d10de18b32654b123ad5e1f
Sections 5 .text .rdata .data .ndata .rsrc
Directories 3 import resource security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 52/79 VT report date: 2024-08-16 03:14:01
Malware Type 1 trojan
Threat Type 3 autoit amadey mzmdi

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://meticulousfinance.top/inc/MePaxil.exe VirusTotal Report meticulousfinance.top VirusTotal Report 2024-09-02 00:41:04

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x671c 26624 29566473962a5c0015ffc9740b4dbfac232dda24 8bb8f6dca80ad27cbdbce9816ab6ae7c
.rdata 0x8000 0x19d6 6656 e08fa356a7aa0040d1da68b8c9850ce54da2371c 161b329b4c70ce4fbd9c1143e738896b
.data 0xa000 0x7139c 512 a2ea157dd321d7f51b80aba4e82c27755871d6c0 140876ba314e7bc36379ee5c6db80876
.ndata 0x7c000 0x81000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xfd000 0xd0e0 53760 57699bedd1ffc5b941c794f0ff423814e8d1503f 5a30e2b5ab30843695072984bff09353

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x109330 1128
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x1099b8 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x109a18 62
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x109a58 940
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x109e08 726

Meta infos 8

LegalCopyright: Copyright \xa9 ThreatGuard Innovations 2008 All rights reserved.
FileVersion: 2.00.6.922861
CompanyName: ThreatGuard Innovations
Translation: 0x0409 0x04b0
FileDescription: Advanced scanning for threat detection.
LegalTrademarks: ScanGuard is a trademark of ThreatGuard Innovations
Comments: Advanced scanning for threat detection.
ProductName: ScanGuard

Packers detected 1

Nullsoft PiMP Stub -> SFX

Anti debug functions 2

FindWindowExW
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
b5457ff96bc19676bb39b69af56606f5 bc373f1a5705c8bfee628efccb158e6595a20889 8656 1111145

Strings analysis - File found

Temporary
~nsu.tmp
Library
ADVAPI32.dll
VERSION.dll
SHELL32.dll
PSAPI.DLL
COMCTL32.dll
ole32.dll
KERNEL32.dll
USER32.dll
GDI32.dll

Strings analysis - Possible URLs found 11

http://crl.globalsign.com/root-r6.crl0G
https://www.globalsign.com/repository/0
http://www.aimp.ru0
http://crl.globalsign.com/gsgccr45codesignca2020.crl0
http://ocsp2.globalsign.com/rootr606
http://nsis.sf.net/NSIS_Error
http://ocsp.globalsign.com/gsgccr45codesignca20200V
http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0=
http://ocsp.globalsign.com/ca/gstsacasha384g40C
http://crl.globalsign.com/ca/gstsacasha384g4.crl0
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0

Import functions

Name Latest seen MD5
66bf3574eb3f2_FocusesAttempted.exe 2024-08-25 16:40:02 635508b01c2a8f9ceb1ab024c149b020
coreplugin.exe 2024-08-25 17:50:02 9954f7ed32d9a20cda8545c526036143
seo.exe 2024-09-02 04:00:01 6f858c09e6d3b2dbd42adc2fb19b217b
66ca20a26df75_pastacache.exe 2024-08-25 19:59:02 377dcc031a12d3c0189afe684e4ad41e
PctOccurred.exe 2024-08-26 13:42:02 31f04226973fdade2e7232918f11e5da
66cef067bb8bb_CoinAccording.exe 2024-08-30 09:16:01 6cd2eb2553ba19d387c45537a16547f4