08-01-022710.exe

First submission 2022-08-01 15:27:03

File details

File type: PE32+ executable (GUI) x86-64, for MS Windows
File type: 771.0 KB (789504 bytes)
Compile time: 2017-12-27 06:47:13
MD5: d557f062295665080e28063b06b35872
SHA1: 277aafd566fbdf31a2398727f80c8e6ba30fcde5
SHA256: 033d94dec0a57e5c3fbd940a059199d3e555996f2d7fcd6f3713b9a3b05a5d6e
Import Hash : 5bc8a0631fa7fd2b752e4b03f17591f9
Sections 6 .text .rdata .data .pdata .rsrc .reloc
Directories 4 import resource tls relocation
Virus Total: 17/71 VT report date: 2022-08-01 00:01:35

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://173.242.115.166/AAAA/1/08-01-022710.exe VirusTotal Report 173.242.115.166 VirusTotal Report 2022-08-01 15:27:03

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x51fd5 335872 47cbd1be3f51acbab5b0d560b785f0176d34513d 74e9361325e0bda3a833b82496c29a1c
.rdata 0x53000 0x2de1c 188416 08f71d8e287b17d205e5315819fff42bf027ac7a 4b59868dc81d8a185a83fa6625479a90
.data 0x81000 0xe438 36864 a5c1af0c1ce21cd844f5d8de2d64e3533be9959f a96694423325ba172550f63356fc758f
.pdata 0x90000 0x1524 5632 81e5937b17758e80ab8720ef972edd23a31d2cbe 4d629b40c80d15b7b3c32a369e45297f
.rsrc 0x92000 0x35fd8 221184 a5d1f0fdecc72c476df2968d280c7197d5e8bb63 43a66207ce59bffebfd0514a29c7a4ce
.reloc 0xc8000 0x38 512 2a45264965614211c44a809455e4e1b68b0383d9 f4d26382f1fcfa3d0b24fb236699ccaf

PE Resources 4

Name Language Sublanguage Offset Size Data
OCX LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x96650 202752
RT_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x961a8 1128
RT_GROUP_ICON LANG_CHINESE SUBLANG_CHINESE_SIMPLIFIED 0x96610 62
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xc7e50 392

Anti debug functions 6

FindWindowW
GetLastError
OutputDebugStringW
Process32First
Process32Next
TerminateProcess

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Library
ntdll.dll
USER32.dll
GDI32.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
08-01-203902.exe 2022-08-01 16:41:03 6ba6939dd3340c258d0bb7e6713f7a8f
07-31-125922.exe 2022-08-01 17:18:03 95a7535e2d9c9476854c21e9d60cda33