1388.exe
First submission 2024-09-03 18:05:31
File details
File type: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
Mime type: | application/x-dosexec |
File size: | 6.79 KB (6948 bytes) |
Compile time: | 2020-06-09 02:17:28 |
MD5: | d9f5d8802636874638c47c78685bc0b3 |
SHA1: | 0d7d4ca23316f0bc81a2d3194d9ddfdf759d1b89 |
SHA256: | 724e0e87bcb35b5c955331c7bf57e4d85ddff785e4d876d3e77f22ead70b1438 |
Sections 9 | .text .data .rdata .pdata .xdata .bss .idata .CRT .tls |
Directories 2 | import tls |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x20f0 | 8704 | 4744f3548b1dfd799ac6e663de19a72c0104d0d2 | 657f6f8593f1a5b291884e2bddcbeffc | |
.data | 0x4000 | 0x42490 | 271872 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.rdata | 0x47000 | 0x2d0 | 1024 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.pdata | 0x48000 | 0x27c | 1024 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.xdata | 0x49000 | 0x238 | 1024 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.bss | 0x4a000 | 0xa30 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.idata | 0x4b000 | 0x958 | 2560 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.CRT | 0x4c000 | 0x68 | 512 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.tls | 0x4d000 | 0x48 | 512 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e |