45.exe

First submission 2023-01-22 12:04:10

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
File type: 2605.21 KB (2667736 bytes)
Compile time: 1970-01-01 01:00:00
MD5: d4c1aa3204a0a20362be094af647d35c
SHA1: f4078cff90e96e64477c3a5ecf9f7b4c5f41a888
SHA256: 6b17273197480205ca53e9cca4298dc16346b65ac29d5ca883690ab1ff1b4183
Import Hash : 0e504ec9659601103bf3eb149ebb6cf2
Sections 9 .text .data .rdata .bss .idata .CRT .tls .rsrc .reloc
Directories 5 security relocation tls resource import
Virus Total: 43/71 VT report date: 2023-01-21 04:23:17

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://h166794.srv12.test-hf.su/45.exe VirusTotal Report h166794.srv12.test-hf.su VirusTotal Report 2023-01-22 12:04:15

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x25ec5c 2485760 be2d7d9c23ddff6fb8a4918ab289043f13cb4ab4 73f77c10c2e58959da9469f394cd97a0
.data 0x260000 0x37ec 14336 02999fec701c4f1461a2cd5e268c0f980607a9a7 66e7cc7b5dc0fa720d0bdf92dacada5d
.rdata 0x264000 0x19e08 106496 b10d79c03cfc413b7b6c360d2623ea546d3e20f8 ba491f8cf2ec31ce754202224049343a
.bss 0x27e000 0x10f8 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x280000 0x18b4 6656 2972e85388e359caa6e4d715b84fb0292548030d 22f74d4197220333b08456ba6906f02b
.CRT 0x282000 0x38 512 ae6dbf182ea9532a7110880bf0771bbb8eda646b d5a29bc7eada47b988385b6374808243
.tls 0x283000 0x8 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x284000 0x4e8 1536 b671fbe837607621efe976c0818374dd789108c7 9c48bce3c3c0341f0d3de6f2df96dca0
.reloc 0x285000 0xaef4 45056 0df22b68ceb3112cf006745e1e3c7c1db1a82071 03d3821b468c7b567549b4c3e8964c5d

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x284058 1167

Anti debug functions 5

GetLastError
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
RaiseException

Anti debug functions 1

VMCheck.dll

File signature

MD5 SHA1 Block size Virtual Address
a50335659ae3bf9a172aecabc0a64f0a 4b216584e61478b592335da3e381cbd30d81dc7d 5848 2661888

Strings analysis - File found

Library
bcrypt.dll
Crypt32.dll
KERNEL32.dll
WINHTTP.dll
MSVCRT.dll
ADVAPI32.dll

Strings analysis - Possible URLs found 9

https://gcc.gnu.org/bugs/):
http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://ocsp.usertrust.com0
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
https://studio.youtube.com
https://sectigo.com/CPS0
http://ocsp.sectigo.com0

Import functions

Name Latest seen MD5
777.exe 2023-01-22 08:48:09 590fc96081d6f6f939b5959880610d00
47.exe 2023-01-22 20:50:11 d253e2c40881972952a5acd8a42de333