xzx.exe

First submission 2022-08-03 04:11:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
File type: 102.48 KB (104936 bytes)
Compile time: 2021-09-25 23:56:18
MD5: c75cca8ddbbc6c6a4bac9461b2cbcd19
SHA1: 0b776e75fbad781402ae62c2f8d0c0acb3792960
SHA256: c1d412945be7ae627b90fb6fdc3863ab510034e711a0e9309d8b5515d8422cd4
Import Hash : f10e4da994053bf80c20cee985b32e29
Sections 5 .text .rdata .data .ndata .rsrc
Directories 3 import resource security
Virus Total: 26/70 VT report date: 2022-08-03 00:00:30

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://208.67.105.179/xzx.exe VirusTotal Report 208.67.105.179 VirusTotal Report 2022-08-03 04:11:01

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x639f 25600 c2487e135da87afa116124d63f220be073393a04 7224e998fe56f3bd47d63fbbb07b7c8a
.rdata 0x8000 0x1276 5120 925868c6fb415abe0af80be817a7f23b123a19eb f7ab432379f1255f04a3e990ba282ef1
.data 0xa000 0x1a858 1536 3066f9d366c68e4f7b27b803d3cb426553d3e358 8e1e6b6bb7da1113950a0aab31a168c0
.ndata 0x25000 0x16000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x3b000 0x1418 5632 52a2a6760abcb32843c0ef4a133bdd8ef07b1cb1 653e8631ff803b797beb07588bd6d60b

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_BITMAP LANG_ENGLISH SUBLANG_ENGLISH_US 0x3b2b0 872
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x3b618 744
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x3be90 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x3bef0 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x3bf08 464
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x3c0d8 830

Meta infos 4

InternalName: PANDERIZES Sagenesses.exe
Translation: 0x0409 0x04b0
ProductName: Muslingeskals Spekulationsforretning
ProductVersion: 2.3.4.5

Anti debug functions 2

FindWindowExA
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
bbc732e52dbac661f63e90d0c40fc0b3 d3253fe1c7085e1ff21531025cdf5c9847d08f61 1672 103264

Strings analysis - File found

Library
SHELL32.dll
ADVAPI32.dll
USER32.dll
COMCTL32.dll
%s%s.dll
ole32.dll
GDI32.dll
KERNEL32.dll

Strings analysis - Possible IPs found 1

2.3.4.5

Strings analysis - Possible URLs found 1

http://nsis.sf.net/NSIS_Error

Import functions

Name Latest seen MD5
nedold.exe 2022-07-14 14:53:02 4316de279587c88e1e73816003541ada