script.exe
First submission 2024-09-01 15:21:04
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive |
Mime type: | application/x-dosexec |
File size: | 1657.18 KB (1696950 bytes) |
Compile time: | 2024-03-30 17:55:19 |
MD5: | dc37d19933e5689c25bc6cce8c15d58c |
SHA1: | 5465ed40e9ce77663bcb5213cf7deb6bded25804 |
SHA256: | fabfaa8fe68a80b286ea7291977e73a830320db89c9acdbfc3373884246f6373 |
Import Hash : | 9dda1a1d1f8a1d13ae0297b47046b26e |
Sections 5 | .text .rdata .data .ndata .rsrc |
Directories 2 | import resource |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 47/78 VT report date: 2024-08-27 03:48:29 |
Malware Type 3 | trojan hacktool pua |
Threat Type 3 | meshagent casdet nsis |
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x66d7 | 26624 | 1c105a39879381cee3c1dae45653a966b9d61268 | 4e97e586f167bf2d2eddcdba22e25c0e | |
.rdata | 0x8000 | 0x1358 | 5120 | 8677bad7d268e6798da158299b8cde5996219d6a | bd82d08a08da8783923a22b467699302 | |
.data | 0xa000 | 0x1fb78 | 1536 | 64636f7804874ab0231d3bca77ed62cd293c8879 | e411b225ac3cd03a5dad8143ae82958d | |
.ndata | 0x2a000 | 0x1c000 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
.rsrc | 0x46000 | 0x5810 | 23040 | 43c857e76d0935aefa7d2fb3a23d801d2c03cce7 | 18cdb6cc5cc272f41fe946ef6f377bc0 |
PE Resources 4
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x4ae60 | 296 | |
RT_DIALOG | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x4b288 | 238 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x4b378 | 104 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x4b3e0 | 1070 |
Anti debug functions 2
FindWindowExW |
GetLastError |
Strings analysis - File found
Temporary |
~nsu%X.tmp |
Library |
%s%s.dll |
ADVAPI32.dll |
SHELL32.dll |
USER32.dll |
KERNEL32.dll |
COMCTL32.dll |
ole32.dll |
GDI32.dll |
Strings analysis - Possible URLs found 1
http://nsis.sf.net/NSIS_Error |
Import functions
Name | Latest seen | MD5 |
---|---|---|
vpn-1002.exe | 2024-06-24 17:07:01 | ccb630a81a660920182d1c74b8db7519 |
Setup.exe | 2024-05-27 22:01:09 | ae47c12b9320e702a9ce243193494554 |
loader-1002.exe | 2024-06-05 20:44:02 | 0fec29af2349912ecd5b9a35e682bcec |
djpdpoolinstaller.exe | 2024-08-26 15:22:31 | 1ed40858faf2366621a60205eb0bbfed |