DigitalSide Threat Intel

stail.exe

First submission 2024-10-14 22:08:03 Last sumbission 2024-10-14 22:11:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 4052.99 KB (4150258 bytes)
Compile time: 1992-06-20 00:22:17
MD5: c098830ac7a7e0ea481dba5c2d7e4f92
SHA1: 8503f89c175563f4d931c760b2a7f6197247d1f8
SHA256: b41a9ce2a1df8b96a0f1cbd95a54f55e6820867141df087c50e4d745e8b8f051
Import Hash : 80417b621299e3e1de617305557a3c68
Sections 8 CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 3 import resource tls

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 19/77 VT report date: 2024-10-14 11:25:20
Malware Type 1 trojan
Threat Type 1 munp

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://46.8.229.59/thebig/stail.exe VirusTotal Report 46.8.229.59 VirusTotal Report 2024-10-14 22:11:04
hXXp://176.113.115.95/thebig/stail.exe VirusTotal Report 176.113.115.95 VirusTotal Report 2024-10-14 22:08:03

PE Sections 4 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
CODE 0x1000 0x8f14 36864 4f5b247972a78bd5a57be3e743ef1e17a3a05ab0 19aec1c1a4ef2fb9fe30b219ab07ddb2
DATA 0xa000 0x248 1024 f910df09aeda22168281b3c43481dfacba38b824 6344b5e22b5b2675be150744885e2671
BSS 0xb000 0xe34 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0xc000 0x942 2560 e5bbfd028c58ac5bdb96dbb382d9a9202288a6c7 563cb4ae07a81b0403d850851e368293
.tls 0xd000 0x8 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xe000 0x18 512 217e47adc0fbd0a02677f10d9af22bb5dc7739cf d293bf8d4ebe9826d58e1d27c25fe4b6
.reloc 0xf000 0x880 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x10000 0x3000 10240 cd77c947a05f1e596b0a07f06a8d3fadb55a6d90 4d9b9a70a3cc86d5519de5d2ce781741

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_ICON LANG_DUTCH SUBLANG_DUTCH 0x10ccc 2216
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x11f60 174
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x12010 44
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x1203c 62
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x1207c 1020
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x12478 887

Meta infos 6

LegalCopyright:
FileVersion:
CompanyName:
Translation: 0x0409 0x04e4
FileDescription: Glass Video Converter Setup
Comments: This installation was built with Inno Setup: http://www.innosetup.com

Packers detected 4

Borland Delphi 3.0 (???)
Borland Delphi 4.0
Inno Installer v5.1.2] ;collides with: Borland Delphi 2.0 [Overlay
Inno Setup Module v5

Anti debug functions 2

GetLastError
RaiseException

Strings analysis - File found

Library
OLEAUT32.dll
USER32.dll
COMCTL32.dll
ADVAPI32.dll
KERNEL32.dll
SHELL32.dll

Strings analysis - Possible URLs found 1

http://www.innosetup.com

Import functions

Function Address Souspicious Anti Debug
RegQueryValueExA 0x40c148
RegOpenKeyExA 0x40c14c
RegCloseKey 0x40c150
OpenProcessToken 0x40c154
LookupPrivilegeValueA 0x40c158
AdjustTokenPrivileges 0x40c248
Function Address Souspicious Anti Debug
DeleteCriticalSection 0x40c0b4
LeaveCriticalSection 0x40c0b8
EnterCriticalSection 0x40c0bc
InitializeCriticalSection 0x40c0c0
VirtualFree 0x40c0c4
VirtualAlloc 0x40c0c8
LocalFree 0x40c0cc
LocalAlloc 0x40c0d0
WideCharToMultiByte 0x40c0d4
TlsSetValue 0x40c0d8
TlsGetValue 0x40c0dc
MultiByteToWideChar 0x40c0e0
GetModuleHandleA 0x40c0e4
GetLastError 0x40c0e8
GetCommandLineA 0x40c0ec
WriteFile 0x40c0f0
SetFilePointer 0x40c0f4
SetEndOfFile 0x40c0f8
RtlUnwind 0x40c0fc
ReadFile 0x40c100
RaiseException 0x40c104
GetStdHandle 0x40c108
GetFileSize 0x40c10c
GetSystemTime 0x40c110
GetFileType 0x40c114
ExitProcess 0x40c118
CreateFileA 0x40c11c
CloseHandle 0x40c120
WriteFile 0x40c160
VirtualQuery 0x40c164
VirtualProtect 0x40c168
VirtualFree 0x40c16c
VirtualAlloc 0x40c170
Sleep 0x40c174
SizeofResource 0x40c178
SetLastError 0x40c17c
SetFilePointer 0x40c180
SetErrorMode 0x40c184
SetEndOfFile 0x40c188
RemoveDirectoryA 0x40c18c
ReadFile 0x40c190
LockResource 0x40c194
LoadResource 0x40c198
LoadLibraryA 0x40c19c
IsDBCSLeadByte 0x40c1a0
GetWindowsDirectoryA 0x40c1a4
GetVersionExA 0x40c1a8
GetUserDefaultLangID 0x40c1ac
GetSystemInfo 0x40c1b0
GetSystemDefaultLCID 0x40c1b4
GetProcAddress 0x40c1b8
GetModuleHandleA 0x40c1bc
GetModuleFileNameA 0x40c1c0
GetLocaleInfoA 0x40c1c4
GetLastError 0x40c1c8
GetFullPathNameA 0x40c1cc
GetFileSize 0x40c1d0
GetFileAttributesA 0x40c1d4
GetExitCodeProcess 0x40c1d8
GetEnvironmentVariableA 0x40c1dc
GetCurrentProcess 0x40c1e0
GetCommandLineA 0x40c1e4
InterlockedExchange 0x40c1e8
FormatMessageA 0x40c1ec
FindResourceA 0x40c1f0
DeleteFileA 0x40c1f4
CreateProcessA 0x40c1f8
CreateFileA 0x40c1fc
CreateDirectoryA 0x40c200
CloseHandle 0x40c204
Function Address Souspicious Anti Debug
VariantChangeTypeEx 0x40c130
VariantCopyInd 0x40c134
VariantClear 0x40c138
SysStringLen 0x40c13c
SysAllocStringLen 0x40c140
Function Address Souspicious Anti Debug
MessageBoxA 0x40c128
TranslateMessage 0x40c20c
SetWindowLongA 0x40c210
PeekMessageA 0x40c214
MsgWaitForMultipleObjects 0x40c218
MessageBoxA 0x40c21c
LoadStringA 0x40c220
ExitWindowsEx 0x40c224
DispatchMessageA 0x40c228
DestroyWindow 0x40c22c
CreateWindowExA 0x40c230
CallWindowProcA 0x40c234
CharPrevA 0x40c238
Function Address Souspicious Anti Debug
InitCommonControls 0x40c240

Related files by ImpHash 3 80417b621299e3e1de617305557a3c68

Name Latest seen MD5
stail.exe 2024-10-08 22:56:03 bb3c2f437debeebefdc3fe010643b86f
getlab.exe 2024-10-10 01:15:02 22b5039fd243d842d12ac0cde7cc2beb
stories.exe 2024-10-14 22:12:03 b00c9bc606824dc90058f5ce00313ff6