admin.exe

First submission 2024-02-04 18:25:03

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 17.5 KB (17920 bytes)
Compile time: 2020-06-09 02:17:26
MD5: cf9517248d87d99d6a04d7247c9a96d2
SHA1: 00fde842803488887eeb2ac1f6e9e36b56564b35
SHA256: 63abe27fb9a612a4e34cf1e5859e300a0c71fc599c740b5bf4bc297f216f4b33
Import Hash : 17b461a082950fc6332228572138b80c
Sections 9 .text .data .rdata .pdata .xdata .bss .idata .CRT .tls
Directories 2 import tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://106.55.199.146:8088/admin.exe VirusTotal Report 106.55.199.146 VirusTotal Report 2024-02-04 18:25:03

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x20f0 8704 c5abc2f0da1861b3e5507edde6fc681d22787047 ced42b43d3da4274054c4527d2d55598
.data 0x4000 0x490 1536 1383948b3c8dc928b5dcade3db9b0ed0eb5920f6 de7f75b9bcd0f96be3ec2b517ace30f0
.rdata 0x5000 0x2d0 1024 d5ed2077c056ffc6649233457bbbd316cb43107e ef8446fecde31440a3d5343e87ced8f2
.pdata 0x6000 0x27c 1024 9d6be246531edd848929dbac49e09a5569ac9ce5 dcf4253a23d9298367604691d75f37a8
.xdata 0x7000 0x238 1024 738c83caffc5bb909ed06be3e6a21710649f5f61 95aa1f413e225af0b35a4a6c737bfa5c
.bss 0x8000 0xa30 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x9000 0x958 2560 aae5794c9c7791de82f15c4e0314c53ccf7b8169 5c733ad7c412aabc8ab19cc944c90f76
.CRT 0xa000 0x68 512 a1c70c92f2bd291957c45e1fe9fb7f1cfb09e244 3782ccb1768dffbc081e1009eb3d506d
.tls 0xb000 0x48 512 acaff1bc98ebbb6b0ac15df3fd8f6b7449e455e2 927ed90da850daf02f2a85191e453c7c

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 3

GetLastError
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
MSVCRT.dll
KERNEL32.dll

Import functions