67081de6be937_ParticlerOps.exe

First submission 2024-10-12 07:11:02

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Mime type:	application/x-dosexec
File size:	4506.32 KB (4614469 bytes)
Compile time:	2010-06-27 09:06:38
MD5:	dc724c3aafa18b464c83bd5910407805
SHA1:	f02ea54bb5d8b6b20016cd90892f4b56163d8e6b
SHA256:	0a35146706c4712aea807ce394aab0270d5c115ceb3d0e79695f49f763648a55
Import Hash :	b5a014d7eeb4c2042897567e1288a095
Sections 4	.text .rdata .data .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	16/77 VT report date: 2024-10-11 08:27:36
Malware Type 1	trojan
Threat Type 2	nekark nnehx

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://cache.ussc.org/dist/67081de6be937_ParticlerOps.exe	cache.ussc.org	2024-10-12 07:11:02

PE Sections 0 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x11317	70656	cde6cb8f4d9c69a41fd804a023d7d7eda31c5c70	797279c5ab1a163aed1f2a528f9fe3ce
.rdata	0x13000	0x30ea	12800	b91950cddac9f80cbceac26c930f598527952eda	1359639b02bcb8f0a8743e6ead1c0030
.data	0x17000	0x292c	2048	bfdd94ea30958629cf0db8b738b24afd78faff1b	9415c9c8dea3245d6d73c23393e27d8e
.rsrc	0x1a000	0x18d04	101888	07aca978674316298cc9c197452413b3c29f169b	9dee09854e79aa987e5336a4defda540

PE Resources 4

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x21ed0	67624	PE Resource: RT_ICON - Data ( DDD)dddOqqqswwwxxxzzz{{{\|\|\|zzzxxxwwwtttiii]RRR9 LLLAmmm}xxx~~~{{{qqq]]]U# !#%777=mmm\|\|\|~~~tttUUUW%%#! !#%'+-NNN[vvv{{{ddd1+)%#! !#')+/1JJJavvv\|\|\|ccc 5/-+'%! !%'+-13$$$GqqqzzzJJJe51/+)%# !#'+-137]]]}}}oooC51/+'%! !%'+-15AqqqzzzBBB]73/+)%! #')-13;;;Wzzz]]]51/+'#! #'+-1TTTq~~~ppp 5/+'%! !%)-^^^wttt3+'##'fff}xxx-%! cccgwww# aaaWuuu XXX1nnn} 777~~~ZZZE ~~~###% uuu=sss%%%%%%%%%%%##########!!! EEEQ------------------+++))'%#! yyyiwww777777777777775555553311/+)%# UUUTTT}AAAAAAAAA??????????==;9751-)%! {{{urx}AeAeAeAeAeAeAeAeAeAeAeAeAeAeAeAfAfAfBfBfBgCg8XoI=951-'# ;;; nggggggggggggggggggggggf VM=95/)# xxxc^xggggggggggggggggggggggggb&9_A;5/)# }}}pnnnnnoooooooooooooolTrgga MC;5-'! bbb#2gg ElIA;3+% yyyykg[OG?7/'!c___________```````c&\|geSKC;3+#YYYeSSSSSTTTTTTTTTTTTTT{9ggWOG?5-% xxxQpSSSSSSSSSSSSSSSSSSSy8ggYQIA7/' }}}{RRRRRRRRRRRRRRRRRSSy8gg[SKA9/' yib`fsWQQQQQQQQQQRRRRRRRRy8gg[SKA9/' {`POOOOOWs]PPPPQQQQQQQQQQQQQQx8ggYSIA7/' jjj{UNNNNNNNNOodPPPPPPPPPPPPPPPPPPw7ggWOG?7-% yyy?XMMMMMMMMMMPvlOOOOOOOOOOOOOOOOPPw7ggUME=3+# }}}YjLLLLMMMMMMMMYpNNNNNNNNNNOOOOOOOOv7ggOIA91)!~~~cTLLLLLLLLLLLLLtsMMMMNNNNNNNNNNNNNNv7ggKC;5-% ~~~o{KKKKKKKKKKKKKKhuMMMMMMMMMMMMMMMMMMu6ggE=7/)! }}}{vJJJJJJJJJJJJKKcvLLLLLLLLLLLLLLLLMMu6gg=71+#~~~yvIIIIIJJJJJJJJJdvKKKKKKKKKKLLLLLLLLt6gg71+% ~~~k}JIIIIIIIIIIIIIisJJJJKKKKKKKKKKKKKKs4gg/+% ~~~_THHHHHHHHHHHHHwqJJJJJJJJJJJJJJJJJJp3gg)# ~~~SoGGGGGGGGGGGH\nIIIIIIIIIIIIIIIIJJo3gg! }}}1[FFFFGGGGGGMzfHHHHHHHHHHIIIIIIIIm2gg ~VFFFFFFFFKt^GGGGHHHHHHHHHHHHHHj1gg ~eJEEEEFZyUGGGGGGGGGGGGGGGGGGh0gg qgfl{LFFFFFFFFFFFFFFFFGGg0gg wEEEEEEEEEEEFFFFFFFFd/gg ?hEEEEEEEEEEEEEEEEEEEb-ggYDDDDDDDDDDDDDDDEEEEa,ggHCCCCCCCCCDDDDDDDDDD^\|},gg]oBBBBCCCCCCCCCCCCCCCC\yy+gg YBBBBBBBBBBBBBBBBBBBBZuvgg~D@@@@@@@@@@@@@@@@AAAAXqq~ggGg>>>>>>>>>>>??????????Umm)}ggG<<<<<<<<<<<<<<<<<<<<<Qhh'{ggWj::::::::::::::::::::::Mcc&zggF7777777777777777777888J^^%xggGd55555555555556666666666GYY$vgg\|:\|3\|3\|3\|3\|3\|3\|3\|3}3}3}3}3}3}3}3}3}3}3}3}3}3}3}3}BSS"tgg!S\|0x0x1x1x1x1x1x1x1x1x1x1x1x1x1x1x1x1x1x1x1x1x1x1x?NN"tgg_i\|0u/t/t/t/t/t/t/t/t/t/t/t/t/u/u/u/u/u/u/u/u/u0u0u0u<}JJ rggx~5s-q-q-q-q-q-q-q-q-q-q-q-q-q-q-q.q.q.q.q.q.q.q.q.q.q9xEEqgg~@qllllllllll+l+l+l+l+l+l+l+l+l+m+m+m+m+m+m+m4s?{?{nggHq(h(h(h(h(h)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i)i1n:u:ulgg-Pq'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd'd(e(e(e.i5o5okgg;Uq%`%`%`%`%`%`%`%`%`%`%`%a%a%a%a%a%a%a%a%a&a&a&a&a&a&a&a&a&ad/h/higgggg"lu}Argggggggggggggggggggggggggggggggggggggggggguggggkn\|\|8qgggggggggggggggggggggggggggggggggggggggggge? eIggm15et8\|&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{&{kggj cgg1xwwzu]ZZZYXWWWVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVnggggq}\|{z{}ma``_^]]]\[ZZYYXWWVVVVVVVVVVVVVVVVVVVVVVVVVPggggggs~~a`_l~jHAA@?>==<<;:99876544321100/..............0RR>gghghggg]\XWVYk}jG87665432110//.-,+*)('&%%$#"! ~ ~}\|\|{zzzzzzz'OO.gg f3g/ggEh^]\\[\l{}jL@?>>=<;:9987654432100/.--,+)(('&%$##"! ~}}\|{1KKuggUgg+tddcba`__fs}r^LHGFEEDCBAA@?>=<<;:987765432210//.-,++)('&&%$#?MMjghggkkjihggfedcbhov\|}vl`SQPONMLLKJIHGGFEDDCBA@??>=<;::987655432100/..-,+)JNEgggmhAUhggooooonmlkjjihgfefjmnnopnkje_[ZYXXWVUTSSRQPOONMLKJJIHGFEEDCBBA@?>==<;:9887654332102PP8gggYgggh gMggSroooooooooonmmlkjihhgfedccba`_^^]\[ZZYXWVVUTSRQQPONMMLKJIHHGFEEDCBA@@?>=<;;:9876?RQggj%gggg f)agg8voooooooooooooooooonmlkkjihgffedcbaa`_^]\\[ZYYXWVUTTSRQPPONMLKKJIHGFFEDCCBA@?>>=HTSsggggggggCfgsyooooooooooooooooooooooooonnmlkjiihgfeddcba`__^]\[ZZYXWWVUTSRRQPONNMLKJIIHGFEEDCQVSjg ggggggg fe gggs}zooooooooooooooooooooooooooooooooonmllkjihggfedcbba`_^]]\[ZZYXWVUUTSRQPPONMLLKJIXXJgggf_fg fgg {ggggfkggYzzpoooooooooooooooooooooooooooooooooooooooonmlkjjihgfeedcba``_^]\[[ZYXXWVUTSSRQPQ[[>mnoM f)gggghhqgg>6 hgggq i3gg>wwqooooooooooooooooooooooooooooooooooooooooooooooonmmlkjihhgfedccba`_^^]\[ZZYXWVY_^9&x'y$yq ogggggffUgg9UDkgggjgg'}uurooooooooooooooooooooooooooooooooooooooooooooooooooooooonmlkkjihgffedcbaa`_^]\`ba;57+zGskgggggf7gg3X\Qpggg(w-ggjprqoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooonnmlkjiihgfeddceebDFG=2&xphl3igg hgg,[_c^ xggo:Gfgg\ppoooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooonmllkjiihbUVVsEk9.~"vo)NFgghUgg%~_bfji-gg.~Qi hQggEooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooonnhdfg?X1MA5{*~O\V?gggsggubfimqu>g uDahg0ooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooosuvt`UI=3Njf_Y7gg iOggmeilptx\|Rm6Z` t'{oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooh]QEMqvoib[.gge+gggelpsw{~f.Lp~7jooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooosdYSsxrkd^%~gg` ggg^osw{~{IbAEFGHIJLMMNPQRSTUVWYZZ\]^_`abdefghiklmmopqrttuvxyzz\|}~`s{tmg`uggfoggVrvy}TxgNOQRSUVWYZ[\^_`acdefhijkmnoprstuwxy{\|}~~}wpjbkgggSggLvy}}viNOQQRSUUVXYYZ\]]_`abcdefghijklmnopqrstuvwxyz{\|}~xvvvvvvvvvvvvvvvvvvvvvvvvyrl]ggg e5ggCx\|]BdBdBdBdBdBdBdAcAcAcAcAcAcAcAcAbAbAbAbAbAbAbAbAb@b@b@b@b@b@b@b@b @a @a @a @a @a @a @a @a ?` ?` ?` ?` ?` ?` ?` ?` ?` ?` ?` ?` ?` ?` ?` ?` ?` ?_ ?_ ?_ ?_ ?_ ?_ ?_ ?_ >^ >^ >^ >^ >^ >^ >^ >^ >^ >^ >^ >^ >^ >^x\|uoSgg gwdgg8\|\EhEhEhDhDhDhDhDhDhDhDhDgDgDgDgDgDgDgDgDgCfCfCfCfCfCfCfCfCfCfCfCfCfCfCfCfCeCeCeCeCeCeCeCeBdBdBdBdBdBdBdBdBdBdBdBdBdBdBdBdBdAcAcAcAcAcAcAcAcAbAbAbAbAbAbAbAb@b@bx~xqGgghSgg-}ZGlGlGlGlGlGlGlGlGlGlGlGlGlGlGlGlFkFkFkFkFkFkFkFkFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjFjEiEiEiEiEiEiEiEiEiEhEhEhEhEhEhEhEhDhDhDhDhDhDhDhDhDgDgDgDgDgDgDgDgCfCfCfCfCfCfxzs;ggi/gg"x\|YJqJqJqJpJpJpJpJpJpJpJpJpIoIoIoIoIoIoIoIoIoIoIoIoIoIoIoIoInInInInInInInInHmHmHmHmHmHmHmHmHmHmHmHmHmHmHmHmHmGlGlGlGlGlGlGlGlGlGlGlGlGlGlGlGlFkFkFkFkFkFkFkFkFkFjx}v/ggj hgm~XMuMuMuMuMuMuMuLtLtLtLtLtLtLtLtLtLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsLsKrKrKrKrKrKrKrKrKqKqKqKqKqKqKqKqKqJqJqJqJqJqJqJqJqJpJpJpJpJpJpJpJpIoIoIoIoIoIoIoIoIoIoIoIoIoIoxx!xgggggWWPyPyPyOyOyOyOyOyOyOyOyOyOxOxOxOxOxOxOxOxOwOwOwOwOwOwOwOwNwNwNwNwNwNwNwNwNvNvNvNvNvNvNvNvNvMuMuMuMuMuMuMuMuMuMuMuMuMuMuMuMuLtLtLtLtLtLtLtLtLsLsLsLsLsLsLsLsLsLsxmggg gcgggBXR}R}R}R}R}R}R}R}R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|Q{Q{Q{Q{Q{Q{Q{Q{Q{Q{Q{Q{Q{Q{Q{Q{Q{PzPzPzPzPzPzPzPzPyPyPyPyPyPyPyPyOyOyOyOyOyOyOyOyOxOxOxOxOxOxOxOxOxOwOwOwOwOwxZlggggsggg+~UUUUUUUUUUUUUUUUUUUUUTTTTTTTTTTTTTTTTTS~S~S~S~S~S~S~S~S~S~S~S~S~S~S~S~R}R}R}R}R}R}R}R}R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|R\|Q{x>gggh`e?gggq}SXXXXXXXXXXXXXXXXWWWWWWWWWWWWWWWWWVVVVVVVVVVVVVVVVUUUUUUUUUUUUUUUUUUUUUUUUUTTTTTx"wgggfU hgggidP[[[[[[[[[[[[ZZZZZZZZZZZZZZZZYYYYYYYYYYYYYYYYYXXXXXXXXXXXXXXXXXXXXXXXXXWWWWWWWWWxekggg i=mggggEN^^^^^^^^]]]]]]]]]]]]]]]]\\\\\\\\\\\\\\\\\[[[[[[[[[[[[[[[[[[[[[[[[[ZZZZZZZZZZZZZx?gggg k hcggg+\|Laaaa````````````````_________________^^^^^^^^^^^^^^^^^^^^^^^^^]]]]]]]]]]]]]]]]\x$wgggfk i3gggoThhhhhhhhhhhhhhiihhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhiiiiiiiiiiihhhhhhhhhhhhhh h h g g g g g\|wr hggi/ fhgghQZ!umggfUggghht)zrjhYhSggmKZ\\]]]^^___``aaabbcccjmmnnoooppqrrrrstttuuvvwwwxxyzzzz{\|\|}}}~~cl%xpd! f)hggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggl"ufmgggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggjsh! hQfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUfUgIb
RT_GROUP_ICON	LANG_RUSSIAN	SUBLANG_RUSSIAN	0x326f8	76
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x32744	848	PE Resource: RT_VERSION - Data P4VS_VERSION_INFO?StringFileInfo000004b0FCompanyNameOleg N. ScherbakovNFileDescription7z Setup SFX (x86)6FileVersion1.4.0.17952 InternalName7ZSfxModv)LegalCopyrightCopyright 2005-2010 Oleg N. ScherbakovJOriginalFilename7ZSfxMod_x86.exe<PrivateBuildJune 27, 20104 ProductName7-Zip SFX:ProductVersion1.4.0.1795DVarFileInfo$Translation
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x32a94	624	PE Resource: RT_MANIFEST - Data <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.4.0.1794" name="7-Zip.SfxMod" type="win32"></assemblyIdentity><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>

Meta infos 10

LegalCopyright:	Copyright \xa9 2005-2010 Oleg N. Scherbakov
InternalName:	7ZSfxMod
FileVersion:	1.4.0.1795
FileDescription:	7z Setup SFX (x86)
PrivateBuild:	June 27, 2010
ProductVersion:	1.4.0.1795
CompanyName:	Oleg N. Scherbakov
Translation:	0x0000 0x04b0
OriginalFilename:	7ZSfxMod_x86.exe
ProductName:	7-Zip SFX

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 1

GetLastError

Anti debug functions 1

Bochs & QEmu CPUID Trick

Strings analysis - File found

Executable
`8.sO
Library
SHELL32.dll
USER32.dll
ole32.dll
KERNEL32.dll
COMCTL32.dll
MSVCRT.dll
OLEAUT32.dll
GDI32.dll

Import functions

GDI32.dll 11 KERNEL32.dll 82 MSVCRT.dll 31 OLEAUT32.dll 3 SHELL32.dll 7 ole32.dll 3 USER32.dll 50 COMCTL32.dll 1

Function	Address	Souspicious	Anti Debug
GetCurrentObject	0x413008
StretchBlt	0x41300c
SetStretchBltMode	0x413010
CreateCompatibleBitmap	0x413014
SelectObject	0x413018
CreateCompatibleDC	0x41301c
GetObjectW	0x413020
GetDeviceCaps	0x413024
DeleteObject	0x413028
CreateFontIndirectW	0x41302c
DeleteDC	0x413030

Function	Address	Souspicious	Anti Debug
GetFileAttributesW	0x413038
CreateDirectoryW	0x41303c
WriteFile	0x413040
GetStdHandle	0x413044
VirtualFree	0x413048
GetModuleHandleW	0x41304c
GetProcAddress	0x413050
LoadLibraryA	0x413054
LockResource	0x413058
LoadResource	0x41305c
SizeofResource	0x413060
FindResourceExA	0x413064
MulDiv	0x413068
GlobalFree	0x41306c
GlobalAlloc	0x413070
lstrcmpiA	0x413074
GetSystemDefaultLCID	0x413078
GetSystemDefaultUILanguage	0x41307c
GetUserDefaultUILanguage	0x413080
MultiByteToWideChar	0x413084
GetLocaleInfoW	0x413088
lstrlenA	0x41308c
lstrcmpiW	0x413090
GetEnvironmentVariableW	0x413094
lstrcmpW	0x413098
GlobalMemoryStatusEx	0x41309c
VirtualAlloc	0x4130a0
WideCharToMultiByte	0x4130a4
ExpandEnvironmentStringsW	0x4130a8
RemoveDirectoryW	0x4130ac
FindClose	0x4130b0
FindNextFileW	0x4130b4
DeleteFileW	0x4130b8
FindFirstFileW	0x4130bc
SetThreadLocale	0x4130c0
GetLocalTime	0x4130c4
GetSystemTimeAsFileTime	0x4130c8
lstrlenW	0x4130cc
GetTempPathW	0x4130d0
SetEnvironmentVariableW	0x4130d4
CloseHandle	0x4130d8
CreateFileW	0x4130dc
GetDriveTypeW	0x4130e0
SetCurrentDirectoryW	0x4130e4
GetModuleFileNameW	0x4130e8
GetCommandLineW	0x4130ec
GetVersionExW	0x4130f0
CreateEventW	0x4130f4
SetEvent	0x4130f8
ResetEvent	0x4130fc
InitializeCriticalSection	0x413100
TerminateThread	0x413104
ResumeThread	0x413108
SuspendThread	0x41310c
IsBadReadPtr	0x413110
LocalFree	0x413114
lstrcpyW	0x413118
FormatMessageW	0x41311c
GetSystemDirectoryW	0x413120
DeleteCriticalSection	0x413124
GetFileSize	0x413128
SetFilePointer	0x41312c
ReadFile	0x413130
SetFileTime	0x413134
SetEndOfFile	0x413138
EnterCriticalSection	0x41313c
LeaveCriticalSection	0x413140
WaitForMultipleObjects	0x413144
GetModuleHandleA	0x413148
SystemTimeToFileTime	0x41314c
GetLastError	0x413150
CreateThread	0x413154
WaitForSingleObject	0x413158
GetExitCodeThread	0x41315c
Sleep	0x413160
SetLastError	0x413164
SetFileAttributesW	0x413168
GetDiskFreeSpaceExW	0x41316c
lstrcatW	0x413170
ExitProcess	0x413174
CompareFileTime	0x413178
GetStartupInfoA	0x41317c

Function	Address	Souspicious	Anti Debug
__set_app_type	0x413184
__p__fmode	0x413188
__p__commode	0x41318c
_adjust_fdiv	0x413190
__setusermatherr	0x413194
_initterm	0x413198
__getmainargs	0x41319c
_acmdln	0x4131a0
exit	0x4131a4
_XcptFilter	0x4131a8
_exit	0x4131ac
??1type_info@@UAE@XZ	0x4131b0
_onexit	0x4131b4
__dllonexit	0x4131b8
_CxxThrowException	0x4131bc
_beginthreadex	0x4131c0
_EH_prolog	0x4131c4
memset	0x4131c8
_wcsnicmp	0x4131cc
strncmp	0x4131d0
malloc	0x4131d4
memmove	0x4131d8
_wtol	0x4131dc
memcpy	0x4131e0
free	0x4131e4
memcmp	0x4131e8
_purecall	0x4131ec
??2@YAPAXI@Z	0x4131f0
??3@YAXPAX@Z	0x4131f4
_except_handler3	0x4131f8
_controlfp	0x4131fc

Function	Address	Souspicious	Anti Debug
VariantClear	0x413204
OleLoadPicture	0x413208
SysAllocString	0x41320c

Function	Address	Souspicious	Anti Debug
SHGetFileInfoW	0x413214
SHBrowseForFolderW	0x413218
SHGetPathFromIDListW	0x41321c
SHGetMalloc	0x413220
ShellExecuteExW	0x413224
SHGetSpecialFolderPathW	0x413228
ShellExecuteW	0x41322c

Function	Address	Souspicious	Anti Debug
CoInitialize	0x413300
CreateStreamOnHGlobal	0x413304
CoCreateInstance	0x413308

Function	Address	Souspicious	Anti Debug
CharUpperW	0x413234
EndDialog	0x413238
DestroyWindow	0x41323c
KillTimer	0x413240
ReleaseDC	0x413244
DispatchMessageW	0x413248
GetMessageW	0x41324c
SetTimer	0x413250
CreateWindowExW	0x413254
ScreenToClient	0x413258
GetWindowRect	0x41325c
wsprintfW	0x413260
GetParent	0x413264
GetSystemMenu	0x413268
EnableMenuItem	0x41326c
EnableWindow	0x413270
MessageBeep	0x413274
LoadIconW	0x413278
LoadImageW	0x41327c
wvsprintfW	0x413280
IsWindow	0x413284
DefWindowProcW	0x413288
CallWindowProcW	0x41328c
DrawIconEx	0x413290
DialogBoxIndirectParamW	0x413294
GetWindow	0x413298
ClientToScreen	0x41329c
GetDC	0x4132a0
DrawTextW	0x4132a4
ShowWindow	0x4132a8
SystemParametersInfoW	0x4132ac
SetFocus	0x4132b0
SetWindowLongW	0x4132b4
GetSystemMetrics	0x4132b8
GetClientRect	0x4132bc
GetDlgItem	0x4132c0
GetKeyState	0x4132c4
MessageBoxA	0x4132c8
wsprintfA	0x4132cc
SetWindowTextW	0x4132d0
GetSysColor	0x4132d4
GetWindowTextLengthW	0x4132d8
GetWindowTextW	0x4132dc
GetClassNameA	0x4132e0
GetWindowLongW	0x4132e4
GetMenu	0x4132e8
SetWindowPos	0x4132ec
CopyImage	0x4132f0
SendMessageW	0x4132f4
GetWindowDC	0x4132f8

Function	Address	Souspicious	Anti Debug
None	0x413000

Name	Latest seen	MD5
IHBHXXQF.exe	2024-07-01 14:59:02	5f4de1a8ed39bdcaf3e4c6d5fa547fc2
PENDXGKW.exe	2024-08-27 18:36:01	61d31fb13c1dd46fcb03caf7f648508c
msconfig32.exe#pend	2024-08-30 22:08:02	c09d528d8d3bb7a36febd2767c0cc83c
AUGUST.exe	2024-09-25 20:58:03	25860926414bf43383246f7c773a8d6c
orderconfirmation.exe	2024-09-26 16:35:03	1dfda6fc13c7efab9f6148e7339ab80c
66b72acef0ad2_7ainstall.exe	2024-10-09 16:39:02	c096091896176545bc3aac5adb5f7aad

67081de6be937_ParticlerOps.exe

File details

File features detected

OSINT Enrichments

URLs, FQDN and IP indicators 1

PE Sections 0 suspicious

PE Resources 4

Meta infos 10

Packers detected 3

Anti debug functions 1

Anti debug functions 1

Strings analysis - File found

Import functions

Related files by ImpHash 6 b5a014d7eeb4c2042897567e1288a095