payload.exe

First submission 2024-09-03 12:23:02 Last sumbission 2024-10-14 17:48:02

File details

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	7.0 KB (7168 bytes)
Compile time:	2010-04-15 00:06:53
MD5:	ca6ae34bf2b35aacb25a27f94fb1f7d5
SHA1:	267e8948660634859cd6cd021df6be33f3713e8a
SHA256:	fc69cdadc5ef79a1ba2b40189ecd6af230b7d9e8076f98f9fbb7a880b2b1b236
Import Hash :	b4c6fff030479aa3b12625be67bf4914
Sections 3	.text .rdata .lhjl
Directories 2	import relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	55/79 VT report date: 2024-09-03 12:02:25
Malware Type 2	trojan hacktool
Threat Type 3	metasploit rozena meterpreter

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://fish.hackbiji.cc/payload.exe	fish.hackbiji.cc	2024-10-14 17:48:04

PE Sections 2 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x104e	4608	e66374a7f405687da2de82ab3fbcad13858fa6b2	a4a5deae25708a9e05f50bcad7075c86
.rdata	0x3000	0x84	512	6e8bd5fcd12f00f6bc118dc171f42f9c8eb2740c	253b88122c36b6951090c6288183e4ae
.lhjl	0x4000	0x278	1024	3264c026546c61337188fb558757d80f289c0d1e	f106c0d1604419675666f27c42a339d1

Strings analysis - File found

Library
KERNEL32.dll

Import functions

KERNEL32.dll 2

Function	Address	Souspicious	Anti Debug
VirtualAlloc	0x140003000
ExitProcess	0x140003008

Name	Latest seen	MD5
bad.exe	2022-10-30 08:35:02	fc29a78b088f4f8763b539951c0224be
danger.exe	2022-10-30 08:39:01	84e3dd5b7aa0d74884c87cce88d44424
laliga.exe	2022-10-30 08:46:01	b233e282903a8868b63d0b1ca8f99388
hello1.exe	2022-11-12 10:39:07	a25b1023588ff9f60c9f077225e87dd3
NetSySCLI.exe	2023-03-23 07:17:03	367030209dfe9a7f1631b8edad37cfa3
payload.exe	2023-03-24 13:51:04	67e524e151efc62a8f5d3bbf8531e70a
reverse.exe	2023-04-25 11:13:01	d32a31a376731f31251a2d17ea3828bf
reverse.exe	2024-05-16 09:55:03	a82bf5b8bd59d570d8731e1a3d79051f
64.exe	2024-05-20 07:17:02	e1517885f6c71f7b3dafa6d4610c4762
win-test.exe	2024-05-24 09:32:02	eb5d27678207ba63921c0b18a655bf3f
reverse.exe	2024-05-29 10:51:02	4d26ca2043c4603d6c5b6f235811b779
rev.exe	2024-05-29 10:52:02	b3e1688a68a66cf3844242de091a1dde
rev5555.exe	2024-05-29 10:53:01	f75045a4f4bcd1bc4bb24e2e284e9c68
4441.exe	2024-05-29 10:54:02	50a2e65a4d576d9aeb3b0b396ae3e898
itit.exe	2024-05-29 10:55:02	a63b46b7836c6c260dc4b37d7c640d3f
rev5757.exe	2024-05-29 10:56:01	da7b09c790012d9eb2bcddf7ea88a2cd
rev1.exe	2024-05-29 10:58:01	286a3f0b531a16a03b70c53a85df0e2a
rev5656.exe	2024-05-29 10:59:02	6a9cbc059911a2dc01fbdb901a0107e8
dmshell.exe	2024-06-28 09:27:01	a62abdeb777a8c23ca724e7a2af2dbaa
reverse.exe	2024-06-27 18:32:02	8d4d8e821af9e7bdcdaa505c7234fa25
ssdfsa	2024-07-02 08:57:02	079141b41d33eb41162ccea4de999d02
zdalne	2024-07-02 08:58:02	51cb8a1abde68de1732d00a5edd0b09c
tv2.exe	2024-07-16 07:52:02	108f1fb53a61d46e8df4331ed0724c9d
prompt.exe	2024-09-03 08:36:02	26ea34638c9aab0fb5411b9944f50404
rev.exe	2024-09-03 08:39:01	c457b64b8faf93fb23adb3d3b6a6cb78
1_encoded.exe	2024-10-14 23:32:02	6c098287139a5808d04237dd4cdaec3f
msf4448.exe	2024-09-24 05:50:05	aa752f99b9bfd2ebbb36acdfdf2fa2b8
mvchost.exe	2024-09-28 15:23:03	4f121ea16b6d93625750722b82b68566
payload.exe	2024-09-28 23:04:03	84645e696ff3763e398258c36c38643b
met.exe	2024-10-06 04:12:02	fa6b37cebbbfc8d88e026cc7667498e4

payload.exe

File details

File features detected

OSINT Enrichments

URLs, FQDN and IP indicators 1

PE Sections 2 suspicious

Strings analysis - File found

Import functions

Related files by ImpHash 30 b4c6fff030479aa3b12625be67bf4914