171.exe

First submission 2023-09-15 06:52:02 Last sumbission 2023-09-15 11:52:01

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	260.0 KB (266240 bytes)
Compile time:	2023-09-14 11:23:01
MD5:	dc6330aff08812b5dbaf66cf0671cb20
SHA1:	12ce2b2bf8bceb6862db8ae9f8af9e709844d051
SHA256:	3f45f9a83b45320ea3d0350d7d4f221a3a575a42a8e6928ae6cc158ff41256b8
Import Hash :	684442765f785772af3613690dc75401
Sections 6	.text .rdata .data .gfids .rsrc .reloc
Directories 4	import resource debug relocation
Virus Total:	27/71 VT report date: 2023-09-15 00:30:08

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL	Host (FQDN/IP)	Date Added
hXXp://h170700.srv22.test-hf.su/171.exe	h170700.srv22.test-hf.su	2023-09-15 11:52:03
hXXp://h170690.srv22.test-hf.su/171.exe	h170690.srv22.test-hf.su	2023-09-15 06:52:02

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x1431b	82944	b2d57146b9046a5a7e7f05d2577977cb754c10eb	c823f117a5c907f63a5a28a01697e5b9
.rdata	0x16000	0x1eda2	126464	c27fcfe452ed3bf60eccd5b3b279c736a58bb1ad	11141470c008601d84ce268ba1cd1bf5
.data	0x35000	0xcd34	49664	c3daf67b3b2b9035eb54dc6f20958528f305baff	acf4b1c46041fb9605cbc048f71d0493
.gfids	0x42000	0xac	512	ccbf031cecc17ed90b0d3cb6e58bf9d65f52021d	1f30f4f2609ddc341b528c2cbc6aeb38
.rsrc	0x43000	0x1e0	512	2982c636d6d0d71ab7aec53bca63236ba1f6e8af	9866eeb93e80b773405f3d7936b83641
.reloc	0x44000	0x13a4	5120	fe1d26d05d3d6281845f35403a76253f9a655b0f	6520d203367e7cc36ad8c78183f30f69

PE Resources 1

Name	Language	Sublanguage	Offset	Size	Data
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x43060	381	PE Resource: RT_MANIFEST - Data <?xml version='1.0' encoding='UTF-8' standalone='yes'?> <assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level='asInvoker' uiAccess='false' /> </requestedPrivileges> </security> </trustInfo> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_MANIFEST

LANG_ENGLISH

SUBLANG_ENGLISH_US

0x43060

381

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll

Import functions

KERNEL32.dll 74

Function	Address	Souspicious	Anti Debug
EnterCriticalSection	0x416000
LeaveCriticalSection	0x416004
InitializeCriticalSection	0x416008
GetProcessHeap	0x41600c
GetLastError	0x416010
HeapWalk	0x416014
DeleteCriticalSection	0x416018
GetModuleFileNameA	0x41601c
GetModuleHandleA	0x416020
CreateNamedPipeA	0x416024
ConnectNamedPipe	0x416028
ExitProcess	0x41602c
VirtualAlloc	0x416030
CreateMutexA	0x416034
ReleaseMutex	0x416038
SetNamedPipeHandleState	0x41603c
GetSystemTime	0x416040
DecodePointer	0x416044
IsProcessorFeaturePresent	0x416048
IsDebuggerPresent	0x41604c
UnhandledExceptionFilter	0x416050
SetUnhandledExceptionFilter	0x416054
GetCurrentProcess	0x416058
TerminateProcess	0x41605c
SetLastError	0x416060
GetCurrentThreadId	0x416064
RaiseException	0x416068
HeapAlloc	0x41606c
HeapFree	0x416070
GetModuleHandleW	0x416074
GetProcAddress	0x416078
InitializeCriticalSectionAndSpinCount	0x41607c
TlsAlloc	0x416080
TlsGetValue	0x416084
TlsSetValue	0x416088
TlsFree	0x41608c
GetSystemTimeAsFileTime	0x416090
FreeLibrary	0x416094
LoadLibraryExW	0x416098
LCMapStringW	0x41609c
IsValidCodePage	0x4160a0
GetACP	0x4160a4
GetOEMCP	0x4160a8
GetCPInfo	0x4160ac
GetModuleHandleExW	0x4160b0
GetStringTypeW	0x4160b4
MultiByteToWideChar	0x4160b8
WideCharToMultiByte	0x4160bc
HeapSize	0x4160c0
HeapReAlloc	0x4160c4
GetStartupInfoW	0x4160c8
QueryPerformanceCounter	0x4160cc
GetCurrentProcessId	0x4160d0
InitializeSListHead	0x4160d4
RtlUnwind	0x4160d8
GetStdHandle	0x4160dc
WriteFile	0x4160e0
GetModuleFileNameW	0x4160e4
CloseHandle	0x4160e8
FindClose	0x4160ec
FindFirstFileExW	0x4160f0
FindNextFileW	0x4160f4
GetCommandLineA	0x4160f8
GetCommandLineW	0x4160fc
GetEnvironmentStringsW	0x416100
FreeEnvironmentStringsW	0x416104
SetStdHandle	0x416108
GetFileType	0x41610c
FlushFileBuffers	0x416110
GetConsoleCP	0x416114
GetConsoleMode	0x416118
SetFilePointerEx	0x41611c
WriteConsoleW	0x416120
CreateFileW	0x416124