micro.exe

First submission 2024-02-10 15:22:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 2303.0 KB (2358272 bytes)
Compile time: 2024-02-09 08:51:44
MD5: bfcbce795272ae853a343628bd213390
SHA1: 5ff2bd69a546b71b082696aea74ebb842b0ffb5b
SHA256: c8d6c1588291d1c74901758f749a744f9785efabceb77083651aa522cf732e3a
Import Hash : 2eabe9054cad5152567f0699947a2c5b
Sections 7 .rsrc .idata gleeopku ibhjfiix .taggant
Directories 3 import resource relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.215.113.46/night/micro.exe VirusTotal Report 185.215.113.46 VirusTotal Report 2024-02-10 15:22:02

PE Sections 6 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x1000 0x136000 585216 96a9b71f2801c93557997ab0849c565c0625205c 6f8cea02e8006f9dbd74123acc770e23
.rsrc 0x137000 0x110a0 8192 2de188d85f7bc08b811615d2814a135880b93b9b 3ad30479ec67e89325e7b9d63d09d383
.idata 0x149000 0x1000 512 5e2665ef83d53c2c9333b29ae262182f2c55c30c 588e00183b8b4dbb8c7106492f04143d
0x14a000 0x2b3000 512 da964170152efb8004640c701f9dcdc2de1a526f b19398b8b2a45157d2f7a4cdd969141b
gleeopku 0x3fd000 0x1ac000 1750016 2d3c0eb1a9e2917fb4add32cdd41c1eb9928ad74 0ac639c65865f558c59b5569b830a01c
ibhjfiix 0x5a9000 0x1000 1024 d1c9ce7aba9ba9cff84c8546f5373ed2132e4ccc c550525f153a18c4e00360aad6088a02
.taggant 0x5aa000 0x3000 8704 c68ccca0375092ff6cea8e4f05423bce6c2bb052 369cc84b53806b28bdd66b33c072c482

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x5974a8 67624
RT_GROUP_ICON LANG_RUSSIAN SUBLANG_RUSSIAN 0x5a7cd0 20
RT_VERSION LANG_RUSSIAN SUBLANG_RUSSIAN 0x5a7ce4 692
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x5a827e 381

Meta infos 9

LegalCopyright: (c) 1999-2022 Jonathan Bennett
InternalName: Ay3Info.exe
FileVersion: 3.3.16.1
CompanyName: Au3
ProductVersion: 3.3.16.1
FileDescription: Ay3Info
Translation: 0x0409 0x04b0
OriginalFilename: Ay3Info.exe
ProductName: Ay3Info

Strings analysis - File found

Database
ty H.DB
Library
KERNEL32.dll

Strings analysis - Possible IPs found 1

3.3.16.1

Import functions

Name Latest seen MD5
dota.exe 2024-02-06 05:06:03 9e4d39ed30534cc58a95507c99370a47
amert.exe 2024-02-06 06:41:03 a3cd3871ba24037d9aba6b0b053cf34a
rega.exe 2024-02-07 02:02:02 43836f75d5662bc72af946abefe786ce
bucha.exe 2024-02-08 03:22:04 3e9650a7b961e437db222dfb746e2be9
ladas.exe 2024-02-08 07:03:03 2fae8d32357ed07bf6a6b216f376f867
hunta.exe 2024-02-09 12:02:02 094c7deac7308ea0c8e656efae033a64
hunta.exe 2024-02-10 13:41:02 48bd66cb49e7451cbdb078e2698a1290
loster.exe 2024-02-11 00:01:02 62888e93e8a9b835451bd3371d4b5218