protect_distribution.exe
First submission 2024-10-14 12:44:31
File details
| File type: | PE32+ executable (GUI) x86-64, for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 554.04 KB (567335 bytes) |
| Compile time: | 2024-08-22 08:49:04 |
| MD5: | d6007e25ba92a4bb781ed4beb34ffa8f |
| SHA1: | b1ae59310b82802cc7b0e3a8b5be71453acd395a |
| SHA256: | 039e1db18c9383d1e1432d0076d9d9f5109698a9fce06e192134647611ee1e5b |
| Sections 9 | .text��� .rdata�� .data��� .pdata�� .data��� .text��� .data��� .reloc�� .rsrc��� |
| Directories 4 | import resource debug relocation |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://117.72.70.169/protect_distribution.exe  |
117.72.70.169 |
2024-10-14 12:44:31 |
PE Sections 1 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x29f00 | 172032 | 46eb4289642bddf417f486c9e3b67d0bfa3301fa | 9b3176f739b33206e45a84d232c8adcd | |
| .rdata�� | 0x2b000 | 0x12a50 | 76800 | 77211d5f66f39c8e24048184cc27572d9c09d489 | 3f1a1721d605a8cee94b0556584d2fd9 | |
| .data��� | 0x3e000 | 0x53f8 | 3584 | 069fd3959f91e690643115a296bf21044144de01 | dba0caeecab624a0ccc0d577241601d1 | |
| .pdata�� | 0x44000 | 0x2250 | 9216 | 09c2a6d5404bc19e11f7eddad07a164b42b01ee6 | 181312260a85d10a1454ba38901c499b | |
| .data��� | 0x47000 | 0x11000 | 69632 | 569a56c4e70b7120d128b89a683f6754cde7b5c5 | e033defec470b9ce6e057b3370ac2783 | |
| .text��� | 0x58000 | 0xfc908 | 1034752 | f68ce24ce4fe82bac1326de4ff9f14f5a0913633 | b3f7d309b35c63815730305fa3163877 | |
| .data��� | 0x155000 | 0x9a68 | 39936 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .reloc�� | 0x15f000 | 0xd98 | 3584 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .rsrc��� | 0x160000 | 0x10e34 | 69632 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e |
Strings analysis - File found
| Compressed |
| base_library.zip |
| Library |
| mscoree.dll |
| vcruntime140.dll |
| ucrtbase.dll |
Strings analysis - Possible URLs found 1
| http://schemas.microsoft.com/SMI/2016/WindowsSettings |