222.exe

First submission 2024-02-07 11:23:02 Last sumbission 2024-02-08 17:27:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 4119.5 KB (4218368 bytes)
Compile time: 2103-09-28 12:42:49
MD5: dc5432a7f0cb0042e6e3375c8368c441
SHA1: 505c55695c0e433f91ee1481eda85e9fdca858de
SHA256: 90fbebc0c1c6643fb4861477de9dd859fecb47912c5d2ce14dced9ce5bdf7a7c
Import Hash : 4328f7206db519cd4e82283211d98e83
Sections 7 .idata .rsrc .themida .boot
Directories 2 import resource
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXps://predict-expert.pro/222.exe VirusTotal Report predict-expert.pro VirusTotal Report 2024-02-08 17:27:08
hXXps://mahta-netwotk.click/111.exe VirusTotal Report mahta-netwotk.click VirusTotal Report 2024-02-07 11:23:02

PE Sections 4 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
0x2000 0x34000 107520 53a96d4b7ed51c9a993ef202cf2871c49a0950e7 49c79e460cf29ad3eff0715fe498964d
0x36000 0xc5604 276480 618ebccd9834c1b229ba94e8ce6e73f43894043f 576487abb4da778c806ecb380cf5a877
0xfc000 0xc 512 0e9a04bf5e8f208052d6b5f62768e8b9a8a888ab 5e1e5a25db53c8342f2e72cedd636d25
.idata 0xfe000 0x2000 512 e1635fa300ea474d2b14423469e37a3054e8bd85 3f89c68b65e6eb5fe4d965fb62167e0c
.rsrc 0x100000 0x36800 223232 95e7b3585f9d9c4f43883633451917af75127e5f 27faf2ef44e5072d0ee92531073e91c1
.themida 0x138000 0x578000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.boot 0x6b0000 0x371200 3609088 b5d9e362a2223359ba3c2aaab000bb18a4e0c38a dd4b74aa0554e3d6ac25c6b2498ddb29

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x127a40 59012
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x1360d4 132
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x136168 992
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x136558 490

Meta infos 10

InternalName: Hx.ViewModel
FileVersion: 16.0.14326.21798
FileDescription: Hx.ViewModel
CompanyName: ViewModel
LegalTrademarks1: ViewModel is a registered trademark of Apps Corporation.
ProductVersion: 16.0.14326.21798
LegalTrademarks2: ViewModel is a registered trademark of Apps Corporation.
Translation: 0x0409 0x04e4
OriginalFilename: HxOutlook.ViewModel.dll
ProductName: ViewModel

Anti debug functions 1

Virtual Box

Strings analysis - File found

Library
HxOutlook.ViewModel.dll
mscoree.dll
KERNEL32.dll

Import functions

Name Latest seen MD5
YoutubeAdvert.exe 2023-06-14 10:25:02 4509256a05f0d4090c11f2d424a33529
data64_3.exe 2023-06-15 23:17:02 819ebb36bf053ef2d41eec6fc3433e0e
data64_3.exe 2023-06-21 08:49:07 6375b46cec76be55885593736cd40270
yftdgfgjyfdtxfcgvhbjgkjyfhtdcgvhgjyfhtdc.exe 2023-06-24 12:32:03 29d48c1a6adcb603baedeb81ecb746a2
data64_3.exe 2023-06-29 09:12:04 eb7c97847a79c9c91b74da04238cf36b
Update_new.exe 2023-07-03 14:13:11 b7284f4a9502d0d74e77d465f60f78f0
updEdge.exe 2023-07-12 15:45:02 65482e3a11dff25a26f8b9667999ae5f
English.exe 2023-07-12 17:06:03 4559bea53ae91e2268d42570d6f38b69
file.exe 2023-07-15 08:38:02 0644a6d1a7994445f05f3d4e20e82140
zerno_opt.exe 2023-07-20 09:47:03 d2192209d6892b9bf8e6d155a53b69a5
new.exe 2023-07-22 21:14:04 8bb15c76e2d55780ced07a1a2c589486
brg.exe 2023-07-26 06:52:05 e92a55acaae972e262ff0093a604061a
BRA.exe 2023-08-01 06:21:06 d5bddbbbf64a97dc0e98d4db2b675fb3
BRR.exe 2023-08-01 22:57:02 5efbe5d0bcd3b6a78d4ee2b4ea3236e4
BRR.exe 2023-08-04 11:33:04 f290ed868caae994bbfae1b63aca1d28
BRRR.exe 2023-08-04 22:18:04 353479441f9bc398f6fe46feb7740985
BRF.exe 2023-08-05 06:12:03 46a224a0255517d54853616333019069
BR.exe 2023-08-05 09:24:05 c895da0796fc8d1b87c7212ef1e5b0b7
BRR.exe 2023-08-27 11:15:04 0cb74296cc79ff0a20f5046f8e80d7b0
BR.exe 2023-08-27 14:12:09 91519580ba491240ece3cf4daa8f2a79
BRR.exe 2023-09-01 19:51:03 08bdc43521f668dcb513e885229c1882
save.exe 2023-09-29 11:04:04 c6f44e43d575e258ee129e1655355545
Main.exe 2023-10-01 06:52:03 dbcd0bd3d290667882c1ab2dba469f61
201.exe 2023-10-24 11:21:03 6c13146feeabc071309b41335514bf99
software.exe 2023-10-24 14:01:03 863219f7d35d1e33f1b05ddc2bb42faa
Juderk.exe 2023-11-07 05:15:03 3f47913af364115da3a560edb88035ae
Goblin.exe 2023-11-10 05:31:03 25a729e78507df41d3fe6da7aad013fd
Kolodi.exe 2023-11-24 05:13:06 7b0ddbb8af9effda98de6c77e138baf2
Kolodi.exe 2023-12-02 04:53:03 ea1254ee8e517401e19da07de45150d7
Kolodi.exe 2023-12-19 18:08:02 f4cb9c8b7e02e8084008cd61e1899390
Dread498_protected.exe 2024-02-01 12:41:02 b7602315a23d46a720ad7cb8af62c118