MePaxil.exe
First submission 2024-08-25 14:24:02
Last sumbission 2024-09-02 00:41:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
Mime type: | application/x-dosexec |
File size: | 1093.56 KB (1119801 bytes) |
Compile time: | 2010-04-10 14:19:38 |
MD5: | bbe6311c3e2fab459f729dc8cd6e3519 |
SHA1: | b71993aafd6627e55657819826c67f64f764c77f |
SHA256: | 95fb9ca82017f2a6bc59df0d72fc6f90043e135799d25e9922d4943da4c36874 |
Import Hash : | bf95d1fc1d10de18b32654b123ad5e1f |
Sections 5 | .text .rdata .data .ndata .rsrc |
Directories 3 | import resource security |
File features detected
Anti VM
XOR
OSINT Enrichments
Virus Total: | 52/79 VT report date: 2024-08-16 03:14:01 |
Malware Type 1 | trojan |
Threat Type 3 | autoit amadey mzmdi |
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x671c | 26624 | 29566473962a5c0015ffc9740b4dbfac232dda24 | 8bb8f6dca80ad27cbdbce9816ab6ae7c | |
.rdata | 0x8000 | 0x19d6 | 6656 | e08fa356a7aa0040d1da68b8c9850ce54da2371c | 161b329b4c70ce4fbd9c1143e738896b | |
.data | 0xa000 | 0x7139c | 512 | a2ea157dd321d7f51b80aba4e82c27755871d6c0 | 140876ba314e7bc36379ee5c6db80876 | |
.ndata | 0x7c000 | 0x81000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.rsrc | 0xfd000 | 0xd0e0 | 53760 | 57699bedd1ffc5b941c794f0ff423814e8d1503f | 5a30e2b5ab30843695072984bff09353 |
PE Resources 5
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x109330 | 1128 | |
RT_DIALOG | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x1099b8 | 96 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x109a18 | 62 | |
RT_VERSION | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x109a58 | 940 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x109e08 | 726 |
Meta infos 8
LegalCopyright: | Copyright \xa9 ThreatGuard Innovations 2008 All rights reserved. |
FileVersion: | 2.00.6.922861 |
CompanyName: | ThreatGuard Innovations |
Translation: | 0x0409 0x04b0 |
FileDescription: | Advanced scanning for threat detection. |
LegalTrademarks: | ScanGuard is a trademark of ThreatGuard Innovations |
Comments: | Advanced scanning for threat detection. |
ProductName: | ScanGuard |
Packers detected 1
Nullsoft PiMP Stub -> SFX |
Anti debug functions 2
FindWindowExW |
GetLastError |
File signature
MD5 | SHA1 | Block size | Virtual Address |
---|---|---|---|
b5457ff96bc19676bb39b69af56606f5 | bc373f1a5705c8bfee628efccb158e6595a20889 | 8656 | 1111145 |
Strings analysis - File found
Temporary |
~nsu.tmp |
Library |
ADVAPI32.dll |
VERSION.dll |
SHELL32.dll |
PSAPI.DLL |
COMCTL32.dll |
ole32.dll |
KERNEL32.dll |
USER32.dll |
GDI32.dll |
Strings analysis - Possible URLs found 11
http://crl.globalsign.com/root-r6.crl0G |
https://www.globalsign.com/repository/0 |
http://www.aimp.ru0 |
http://crl.globalsign.com/gsgccr45codesignca2020.crl0 |
http://ocsp2.globalsign.com/rootr606 |
http://nsis.sf.net/NSIS_Error |
http://ocsp.globalsign.com/gsgccr45codesignca20200V |
http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt0= |
http://ocsp.globalsign.com/ca/gstsacasha384g40C |
http://crl.globalsign.com/ca/gstsacasha384g4.crl0 |
http://secure.globalsign.com/cacert/gstsacasha384g4.crt0 |
Import functions
Name | Latest seen | MD5 |
---|---|---|
66bf3574eb3f2_FocusesAttempted.exe | 2024-08-25 16:40:02 | 635508b01c2a8f9ceb1ab024c149b020 |
coreplugin.exe | 2024-08-25 17:50:02 | 9954f7ed32d9a20cda8545c526036143 |
seo.exe | 2024-09-02 04:00:01 | 6f858c09e6d3b2dbd42adc2fb19b217b |
66ca20a26df75_pastacache.exe | 2024-08-25 19:59:02 | 377dcc031a12d3c0189afe684e4ad41e |
PctOccurred.exe | 2024-08-26 13:42:02 | 31f04226973fdade2e7232918f11e5da |
66cef067bb8bb_CoinAccording.exe | 2024-08-30 09:16:01 | 6cd2eb2553ba19d387c45537a16547f4 |