dw.exe

First submission 2024-09-03 09:19:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 19.48 KB (19945 bytes)
Compile time: 2008-07-05 03:01:01
MD5: ce4c0b76c5f987153e922371109f666a
SHA1: 127a18034bf6cf37f27f638c93c2769bebe7ce40
SHA256: f969cd4245eea84acf50aed6656f4f5df22b94b724130ea196721ef30442e467
Import Hash : 881a59729119c8db81017b4e6573179d
Sections 4 .text .data .bss .idata
Directories 1 import

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://74.208.83.155/dw.exe VirusTotal Report 74.208.83.155 VirusTotal Report 2024-09-03 09:19:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xb68 3072 dfd7b9d6aa26c96a63a340ef378ef2e015631e45 2ea95179806faeb68396d86d5bebd06f
.data 0x2000 0x34 512 6019e890dbe0abd7c284f9bf96902f9957ef136a eca64dd35bdc02c986e2d44f8bba17f8
.bss 0x3000 0x14c560 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x150000 0x4e4 1536 9d83e7f28c599d7b7c08410711e05d4a24e07d50 c24916bac5beea377c416806aa6b3af1

Packers detected 2

MinGW
Dev-C++ v4

Strings analysis - File found

Library
USER32.dll
GDI32.dll
KERNEL32.dll
MSVCRT.dll

Import functions