may.exe

First submission 2024-02-07 21:21:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 7253.12 KB (7427193 bytes)
Compile time: 1992-06-20 00:22:17
MD5: c94de80b5d3448c765888974d0e5d78d
SHA1: 78f3be419d66e2ac84d6721c60d9259fd2126028
SHA256: 7745f0a86461b90e7cd33dc0303235714fe069e8b62f9b8687ca04fb906ba3e8
Import Hash : 884310b1928934402ea6fec1dbd3cf5e
Sections 8 CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 3 import resource tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://asx.sunaviat.com/data/pdf/may.exe VirusTotal Report asx.sunaviat.com VirusTotal Report 2024-02-07 21:21:03

PE Sections 4 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
CODE 0x1000 0x9364 37888 fd8d33c64c80f6972b8c5f14890983a8a08fde0e 2c410dfc3efd04d9b69c35c70921424e
DATA 0xb000 0x24c 1024 3011ac05b00055b3cf650fae1b933fe21cff91d0 d5ea23d4ecf110fd2591314cbaa84278
BSS 0xc000 0xe88 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd000 0x950 2560 40a39d9e8c8cecd5356ab96745d82d2ebfe17cfb bb5485bf968b970e5ea81292af2acdba
.tls 0xe000 0x8 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xf000 0x18 512 f43ee83e6afa1c343ff6db68e13efde43471cbb6 9ba824905bf9c7922b6fc87a38b74366
.reloc 0x10000 0x8b4 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x11000 0x2c00 11264 db307fadb0d74cb079ba82ef605c3ea11b88433c e8513770e1e034e589c642edb43563ed

PE Resources 6

Name Language Sublanguage Offset Size Data
RT_ICON LANG_DUTCH SUBLANG_DUTCH 0x11ccc 2216
RT_STRING LANG_NEUTRAL SUBLANG_NEUTRAL 0x12f60 174
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x13010 44
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x1303c 62
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x1307c 1208
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x13534 1376

Meta infos 8

LegalCopyright:
FileVersion:
CompanyName:
ProductVersion: 0.2.0.7
FileDescription: PowerImgDrive Setup
Translation: 0x0000 0x04b0
Comments: This installation was built with Inno Setup.
ProductName: PowerImgDrive

Packers detected 2

Borland Delphi 3.0 (???)
Borland Delphi 4.0

Anti debug functions 2

GetLastError
RaiseException

Strings analysis - File found

Archive Java
5.jaR
Library
COMCTL32.dll
OLEAUT32.dll
USER32.dll
ADVAPI32.dll
KERNEL32.dll
SHELL32.dll

Strings analysis - Possible IPs found 1

0.2.0.7

Strings analysis - Possible URLs found 1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

Import functions

Name Latest seen MD5
PEP2.exe 2023-05-25 06:55:01 0b79fbf16b76bd0ff14e9d079e40e889
smss.exe 2023-10-10 16:56:04 12c26ab43202d2ef17553eeb17376c2a
tuc5.exe 2023-11-23 18:11:02 7a8f50b7163492a329d9225bea47a7f6
tuc6.exe 2023-11-30 08:51:12 fdac4b3968ed99e96885423603e33ea5
tuc5.exe 2023-12-08 11:52:03 70e97c44669f9aa0327ec04c1706d7b4
tuc5.exe 2023-12-11 11:32:03 37bc84d82eb0ba875e1ecf055dcbf4b6
tuc4.exe 2023-12-11 11:51:02 381f980448a61fde24044814c08af192
tuc6.exe 2023-12-11 14:50:02 6b0a0f6e8ef045354890657a5de099e0
tuc3.exe 2023-12-11 15:58:04 63d9bf2f3dec2ecd3169024642b5459e
tuc7.exe 2023-12-11 15:59:02 810d7099ef6aed245992a82246588f95
tuc2.exe 2023-12-11 16:00:02 7333e12c42b4f70190a367f6326db044
tuc4.exe 2023-12-11 16:02:16 c22b021349b82aa7a2546ddb47415f5e
tuc7.exe 2023-12-11 16:35:02 a0ab0553527fbfd211bcd7e4defede6a
tuc5.exe 2023-12-11 16:36:03 328fd189dbbf733cac0e900c654a4899
tuc3.exe 2023-12-11 16:38:02 d7af0c603eee002e1b95e54432e6edf5
tuc6.exe 2023-12-11 16:42:03 481f2bfa81740075d1cdf63c305f7795
tuc2.exe 2023-12-11 16:52:02 3712f76ec356f29bf6c765412325ae90
tuc5.exe 2023-12-15 14:32:03 cb08737985c3c42dccf4af94c8bae97b
tuc2.exe 2023-12-15 17:13:02 8a957d498c933339a2ea46e288f5ea24
tuc6.exe 2023-12-15 16:33:02 922887a22021c4cf110b25d434771f17
tuc7.exe 2023-12-15 16:34:02 569969b9d80a9abe859dde8aef0ab343
tuc5.exe 2023-12-15 16:35:02 521ca9596fca5eb3d4da0432088fdd04
tuc3.exe 2023-12-15 16:36:02 1ebfe8169381f4b2e9dc4bfc4b86ef5f
tuc6.exe 2023-12-15 16:40:02 34f4c480243805b89e4fcc0737a468f7
tuc7.exe 2023-12-15 16:41:03 422d8f65a47bbdd7767bdb03dc5dcfd1
tuc4.exe 2023-12-15 16:42:02 946ddea350cb4b2fbcb0603f89f92da8
tuc4.exe 2023-12-15 16:52:03 c3c68d5c6ba8de9b174504fae9a26673
tuc4.exe 2023-12-15 16:54:02 dacc26c7eebbba8613318d336270e647
tuc6.exe 2023-12-15 16:55:03 ce9378299b1b5f3b2e7bec2e47665fc2
tuc5.exe 2023-12-15 16:56:02 d9ef6c98b189b5fac8262f7db2b77f39
tuc6.exe 2023-12-15 16:57:04 73a5adc50501de11b23b741ff964583a
tuc3.exe 2023-12-15 16:58:02 a1f3ad77108653d06aef20bec6476715
tuc7.exe 2023-12-15 17:00:16 b20feea5655bf149d00dda5f130d28b4
tuc6.exe 2023-12-15 17:12:02 665935fa89a65b103a5ace2cfb73ca86
tuc5.exe 2023-12-15 17:14:02 2f134b7f6b2cca638201aa0bf6f53b04
tuc4.exe 2023-12-15 17:16:02 3db0f60331920f66e4e88cffe8a40346
tuc7.exe 2023-12-15 17:17:03 078143a95bde68ace4ab4cb8eef84d12
tuc6.exe 2023-12-15 17:18:02 5968fd9a49796746ad5bca53ac6c4600
tuc3.exe 2023-12-15 17:19:02 7e08d0d22a7270b658a50c5186278961
tuc3.exe 2023-12-15 17:20:03 0dfea2735cea94b155f3b39d90f87488
tuc4.exe 2023-12-15 17:21:02 d8f99031d421b979f860af8011636f0c
tuc7.exe 2023-12-15 17:22:02 6e8775773b89b782175657eed7a719d0
tuc7.exe 2023-12-15 17:23:03 0ac477a6dff069eea157007f36516f66
tuc4.exe 2023-12-15 17:24:02 e46520e77fe2d52d1554ef85a6d0afe6
tuc5.exe 2023-12-15 17:25:02 b377548aa90f7bb09b6db8780399eccf
tuc2.exe 2023-12-15 17:29:02 f88b344865659e2a04027772f9e291bc
tuc5.exe 2023-12-15 17:27:02 6cfaaa568c6f721ca2e8a2a3be5641d0
tuc3.exe 2023-12-15 17:28:02 6eb7bb33a912234aed5c0ee2812743a3
tuc5.exe 2023-12-15 17:30:02 0ce586df68e49b4106cba7948fbb93ad
tuc4.exe 2023-12-15 17:31:02 26a65f25b3b280b92365f0c59f0ef748
tuc3.exe 2023-12-15 17:32:03 7a06bd56b821a81bf19e0d268f25891f
tuc7.exe 2023-12-15 17:34:02 27202d3210a84f2103dbc251f3dbb986
tuc3.exe 2023-12-15 17:51:02 9e730de780099528142ba754c07842e9
tuc5.exe 2023-12-15 17:52:03 38f86fe9bf8374356b29ef6c5855569f
tuc3.exe 2023-12-15 17:53:02 2adb19e7480f889bda8538b5c589fe83
tuc7.exe 2023-12-15 18:31:02 622bc11549a9a4c48b867e1d45e04995
tuc6.exe 2023-12-15 18:32:02 e06766f414b2db4ab1a0cbfc99db889f
tuc6.exe 2024-01-08 02:01:02 958afa1dc891571c16baebe46e8c9845
tuc5.exe 2024-01-08 02:02:02 97e4937529bcb409299b7a9b88292f79
tuc2.exe 2024-01-07 21:40:02 bef4d5e942b468a286013a0bff6979ab
tuc4.exe 2024-01-08 01:58:02 016002481c394f1868f44177de86bd52
tuc2.exe 2024-01-08 01:59:02 646ea558856e2b6ccf6f21215d2412c1
tuc4.exe 2024-01-17 11:31:02 3b28f0993bffc88401414218d443af7c
adobe.exe 2024-01-23 09:24:02 e74e5361a438581e8b5a8c65fa2d02f3
tuc5.exe 2024-01-23 10:22:02 226f4f575dba9760bf1095d0933f3f56
adobe.exe 2024-01-25 09:43:02 d6459f673a135abedae7c1f494f5863a
tuc5.exe 2024-01-25 10:22:02 45f543166ed8cd970a32f6d62ef5f49e
tuc4.exe 2024-01-29 06:05:02 29e3ae47c7df4b865065a3fde56483fd
tuc6.exe 2024-01-30 17:21:02 5e8dbe3403aa3fe779fb5c60b449f159
tuc2.exe 2024-01-30 16:31:03 f920719f5ec1c123d64416cce7f092f9
tuc5.exe 2024-01-30 17:03:02 0fef7a02acf750925c99260e3b53755c
tuc4.exe 2024-01-30 17:06:02 02d4157cb603d38a8f78c9aab6fcedd4
tuc2.exe 2024-01-30 16:34:03 ceda77791302b2ae72fb55b2e1bd9380
tuc2.exe 2024-01-30 16:55:02 8b16358a201b49d1758b407876618722
tuc2.exe 2024-01-30 16:57:02 e6c564f02694e6df448ac5656de9dc10
june.exe 2024-02-02 11:44:02 c40b9ed45b7bdaa0bd9f59d1a50ff467
may.exe 2024-02-02 14:22:02 7c756f603569e8f88375d4e5d860cdb6
may.exe 2024-02-06 02:21:02 a39eec04a9f7f261a941acbd988f51aa
june.exe 2024-02-05 22:27:03 7b7297cd1771d6a30d7b0d0d4475e22c
june.exe 2024-02-08 21:02:02 f30916d07ac75bdf37d604853452aa7d
april.exe 2024-02-10 12:22:02 a2cd62e2e9b56f1c344b2b0934e1b424