data64_5.exe

First submission 2022-07-31 17:19:03

File details

File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File type: 3515.0 KB (3599360 bytes)
Compile time: 2022-07-28 11:50:25
MD5: d15443aa7fd527978c6f3e6f1d0d24e4
SHA1: 91e4ab73be75d974d3ea8110451218a2e7f12929
SHA256: 720b95cb817a2585609607ce6823e37f42ec5233863ed5c4072bc38d8357d7b7
Import Hash : ce8db83db0ed4c1820dd1f6f7bddd863
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
Virus Total: 48/71 VT report date: 2022-07-31 15:01:07

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://malanche.com/10/data64_5.exe VirusTotal Report malanche.com VirusTotal Report 2022-07-31 17:19:03

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x31e000 3266048 09ae3c719519156723c88a404ac9b96312a121b6 9a3d98281c002b855a8651bd672816d9
.rdata 0x31f000 0xb000 44032 4fe23c10e30fa9ad21d75e18fafffa1a9e534df1 e7773f37cc7cb57c096cb9a6d6ac3ce3
.data 0x32a000 0x4b000 287232 43622d503d538b8825b6d66be12f2a6c2676fb47 1e3ebf8a4054897de5c20b07ed0c9d7b
.rsrc 0x375000 0x1000 512 16db7a1c43279dea3dd91d7b08c41edff78d8d7a 76a9eb9b7e7246175ba48a0b44593d25
.reloc 0x376000 0x1000 512 0a6b788cb9e9406351dfc90856d30572e45c09df e0d20c591908915213ea2a0b8d0b2da3

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x375060 381

Anti debug functions 4

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
vcruntime140.dll
api-ms-win-crt-math-l1-1-0.dll

Import functions