EU.file

First submission 2024-02-04 17:31:02

File details

File type: PE32 executable (console) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 303.5 KB (310784 bytes)
Compile time: 2024-02-04 16:51:36
MD5: c1d361844740dd2caefe62dc78193a21
SHA1: eb0eaca6314a0ced3c8dfe3594cad3fa00850fe7
SHA256: 9563049118d61a4e55b54ee7fc0f4c0984063598ec030c3ff6bc080e5320a4f2
Import Hash : 382a4d7b99200ee7e9686d1f1cde0258
Sections 5 .text .07q6I .rdata .data .reloc
Directories 3 import debug relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://5.42.65.115/files/EU.file VirusTotal Report 5.42.65.115 VirusTotal Report 2024-02-04 17:31:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x10053 66048 be7bd12b648c5e4e4cc4592cb38012fa7425fd75 6d72b53b241ab5c245de09ff45026cb0
.07q6I 0x12000 0x54b 1536 fc1b04cf2412af5160ebca7bf468972d43945a9f 7749d7e94a4d0e2ba100b6c77d2ddb22
.rdata 0x13000 0x393e2 234496 368a83a1c997b56d7c75fa738f212b3d727e7b86 bcd18322006993f3688ca05ffbc1e932
.data 0x4d000 0x146c 3072 6eacb9a43b7138189359a400c6ae0a4a5b6a9c95 77922c09dbdfaa82b7c9ecca5aa0b736
.reloc 0x4f000 0x1034 4608 56759b806c4d0698ceb438b9f48c86f37f9b8c1a 987d0b2f5be302263f22add803bd21c2

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
putklamu_crypted.exe 2024-02-04 19:22:02 0fb1f243d0254aec7a1f00afa1be6154