Client042.exe

First submission 2022-08-03 17:11:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 132.0 KB (135168 bytes)
Compile time: 2022-07-21 09:34:06
MD5: d2702e0821b92a20fe68000f0e7edf64
SHA1: 319d36fa208df9cdfecef58fad872e1bdbe7b81c
SHA256: a4269c2ac4bf7b186b55d8a750db6ae386026d8e51d1f2d21995260a05e26024
Import Hash : 56fc94e02d7bc310030753938e49a91a
Sections 6 .text .rdata .data .rsrc .reloc .bss
Directories 4 import resource debug relocation
Virus Total: 53/71 VT report date: 2022-08-03 15:00:14

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.225.73.174/Client042.exe VirusTotal Report 185.225.73.174 VirusTotal Report 2022-08-03 17:11:01

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x1718e 94720 5d6ec7ff621190234966cedb1712979d4a9e0357 22139f3b20c410d99d843e1979500646
.rdata 0x19000 0x4f9a 20480 0826990a48b69ea17dd39b60da17d2dbd5e97b9f 32a440e7ba810807a935fc0554a944b4
.data 0x1e000 0x135108 1536 7fc86972ac97c00e7873a327c100ef64b393b233 5e9543fde4eeeb7cb73e3c7b927a3e0a
.rsrc 0x154000 0x2c70 11776 70d36ea0a9cb2fabffb3ea9cafc0380a2df10dc2 b9d2241bba0c6a4d4b24b4ce5022af60
.reloc 0x157000 0x12c4 5120 b5b0feff45323538845ea75905ac2ac33015d806 b44ec35255f8022b380efa68db9406e1
.bss 0x159000 0x1000 512 6598778794d25b958a014eba1232c5c83b410b63 b7cadb79fc0ff41639f645a864eb25b4

PE Resources 1

Name Language Sublanguage Offset Size Data
WM_DSP LANG_ENGLISH SUBLANG_ARABIC_QATAR 0x154070 11264

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 6

GetLastError
Process32First
Process32FirstW
Process32Next
Process32NextW
TerminateProcess

Strings analysis - File found

Database
Asend.db
find.db
XML
/n:%temp%\ellocnak.xml
ellocnak.xml
Library
Duser32.dll
vcruntime140.dll
\sqlmap.dll
nss3.dll
ntdll.dll
msvcr120.dll
freebl3.dll
dismcore.dll
msvcp120.dll
mozglue.dll
msvcp140.dll
\rfxvmt.dll
softokn3.dll
%SystemRoot%\System32\termsrv.dll
WS2_32.dll
ADVAPI32.dll
ole32.dll
SHLWAPI.dll
USER32.dll
SHELL32.dll
WININET.dll
bcrypt.dll
Crypt32.dll
vaultcli.dll
C:\Windows\System32\USER32.dll
NETAPI32.dll
OLEAUT32.dll
KERNEL32.dll
urlmon.dll
webservices.dll

Strings analysis - Possible IPs found 4

1.2.3.4
127.0.0.2
127.0.0.1
6.0.1.1

Strings analysis - Possible URLs found 2

http://microsoft.com/
https://github.com/syohex/java-simple-mine-sweeper

Import functions

Name Latest seen MD5
cKKPf.exe 2022-07-26 20:18:02 b8c557eeca1424f542bb24a9db909f0c
qCXSc.exe 2022-07-26 20:20:03 9368bed5d269fd7bf83d85a75427fed4