setup294.exe

First submission 2024-02-10 06:01:02 Last sumbission 2024-02-10 07:22:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 1994.35 KB (2042214 bytes)
Compile time: 2023-12-12 20:41:06
MD5: cc743af4a12c9e0e2e8acf6799cb7695
SHA1: 70a9e8cb7fca4462471b3a137e98e1e992afa926
SHA256: b86856f49055885308111c59db524bb08202303aa50a3aad4846cd265ff03f1d
Import Hash : 10b73c5f7fc148e21f974da703236659
Sections 6 .text .rdata .data .didat .rsrc .reloc
Directories 6 import export resource debug tls relocation
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXps://294fashionably.sbs/lander/File_294exe/setup294.exe VirusTotal Report 294fashionably.sbs VirusTotal Report 2024-02-10 07:22:04
hXXp://294fashionably.sbs/lander/File_294exe/setup294.exe VirusTotal Report 294fashionably.sbs VirusTotal Report 2024-02-10 06:01:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x301bc 197120 7b862c1276bada0b0cfa74dfb7efe0606103d32e 5f1cdaf955c58e5b7c1c7e18cf71962b
.rdata 0x32000 0xbc34 48640 f9963d62daaf4f025caeda992998527cf8c2e026 48a6966d65639888fae17b6e410660b3
.data 0x3e000 0x1df78 4608 a9a0e7431f728bf9fd55f46c03ba528fd465236b 6a3899245788596a7ede31f0ffdf468b
.didat 0x5c000 0x17c 512 51e0b6327954b4f497fcd8d6a49efe12ec1b4b96 5a48acc3874cb8f094bb469f735d9b83
.rsrc 0x5d000 0xe360 58368 914baf3807c6d8b27579cf075296183d848d3225 7a6b7bfd44ad2f52769a07648c6facb0
.reloc 0x6c000 0x2f3c 12288 1f2329e8f9dd0586883314474c81de37545ec3ed 89980360ef9584b831ffa6f7143071ea

PE Resources 6

Name Language Sublanguage Offset Size Data
PNG LANG_ENGLISH SUBLANG_ENGLISH_US 0x5e1c8 5545
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x64ee8 15729
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x68cc8 594
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x6b110 592
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x68c60 104
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x69840 1875

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Temporary
winrarsfxmappingfile.tmp
Library
Crypt32.dll
peerdist.dll
msasn1.dll
profapi.dll
sfc_os.dll
XmlLite.dll
USERENV.dll
ntmarta.dll
rasadhlp.dll
mscoree.dll
cryptsp.dll
linkinfo.dll
UxTheme.dll
imageres.dll
shdocvw.dll
cscapi.dll
usp10.dll
devrtl.dll
secur32.dll
Eapi-ms-win-core-synch-l1-2-0.dll
wintrust.dll
atl.dll
WINNSI.DLL
rsaenh.dll
riched20.dll
comres.dll
cryptui.dll
ntshrui.dll
slc.dll
oleaccrc.dll
PSAPI.DLL
propsys.dll
KERNEL32.dll
NETAPI32.dll
aclui.dll
dhcpcsvc6.dll
cryptbase.dll
ws2help.dll
SHELL32.dll
wkscli.dll
samlib.dll
RpcRtRemote.dll
VERSION.dll
dwmapi.dll
cabinet.dll
MPR.dll
WS2_32.dll
WindowsCodecs.dll
dnsapi.dll
SSPICLI.DLL
samcli.dll
apphelp.dll
dfscli.dll
dsrole.dll
ieframe.dll
lpk.dll
netutils.dll
mlang.dll
clbcatq.dll
dhcpcsvc.dll
IPHLPAPI.DLL
srvcli.dll
DXGIDebug.dll
browcli.dll
SETUPAPI.dll
ADVAPI32.dll
SHLWAPI.dll
USER32.dll
COMCTL32.dll
gdiplus.dll
OLEAUT32.dll
ole32.dll
GDI32.dll

Strings analysis - Possible URLs found 1

http://schemas.microsoft.com/SMI/2005/WindowsSettings

Import functions