asked2.exe

First submission 2024-10-14 08:03:02

File details

File type:	PE32+ executable (console) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	123.8 KB (126770 bytes)
Compile time:	2024-10-08 16:27:03
MD5:	dc919ce806c9455b396929ad5cf2ab08
SHA1:	c2d799dce2cd69aaf818f6c8376a0f6c33c22162
SHA256:	c2878784d546d6b9214152170c6ff50401e9c3c7433ceb594aa0529dc1ff1819
Import Hash :	1672fb419dd59ba96047af07b255166e
Sections 20	.text .data .rdata /4 .pdata .xdata .bss .idata .CRT .tls .reloc /14 /29 /41 /55 /67 /80 /91 /107 /123
Directories 3	import tls relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	30/77 VT report date: 2024-10-13 21:30:44
Malware Type 1	trojan
Threat Type 3	shellcoderunner redcap vrjun

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXp://107.175.73.38/asked2.exe	107.175.73.38	2024-10-14 08:03:02

PE Sections 3 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x17f8	6144	b3f389b9eb2a3db4def5e4afc1b9b765ad643683	cb9420748c891371e59707b435ee00ce
.data	0x3000	0xa0	512	c54db13d4acb8b0fa94f18aa30ffcde9af0c8d43	42440d408802577567bf98a45888d354
.rdata	0x4000	0x900	2560	1d07d820bfdf73eda7b452ed877a2b94b5dd5435	444947dc5e7f64db72a82cd8d9b0bafc
/4	0x5000	0x4	512	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5	bf619eac0cdf3f68d496ea9344137e8b
.pdata	0x6000	0x228	1024	70bd2950da1224c0ab0bb6510e475b5d495d70a5	ecb06ce831ed02a006e46c7441510bf4
.xdata	0x7000	0x1a8	512	0c28bb341730ba7d87267749f5e38692f0e8f26c	2e62c387b22edfc2a7e64553c988ef6a
.bss	0x8000	0x1e0	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.idata	0x9000	0x5f4	1536	1e9a5fa2cbf19496e1bf7a2fbdece3e5c318f682	358f0a532cc2399e89431fb14beac12e
.CRT	0xa000	0x60	512	aa1ba0520f4303a99455f75a1820d850714d1508	f9a109db8c445ac738ca4bb7ca439ca5
.tls	0xb000	0x10	512	5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5	bf619eac0cdf3f68d496ea9344137e8b
.reloc	0xc000	0x78	512	c0668e60dd78222ddb0f9a66285134016aff6207	64438195d37bc8a3a944c28add55c62e
/14	0xd000	0x460	1536	dbd8c2531c497a4b408c38a720dad31391f732aa	c86aa6e0d27255bb36c4890ac9cfb08e
/29	0xe000	0xaae9	44032	2867aadbe738c2435cf695efb007abfc1fc390d5	c7cbd18ba383553140a909c200d11a76
/41	0x19000	0x1cb8	7680	0bf7cf6312c5764c8b5b6ac52a0668ec760697ff	089bd22e9162cbfa4761dd2e0e909a38
/55	0x1b000	0x1b32	7168	1374829883514e4d85cb0e6787f38a8e26a010fd	a24cdfdc361e427d6d7e250ca2fe9442
/67	0x1d000	0xad0	3072	018d68ef8b99b84daa2375285e677d7b0fb7aace	ebb14ab07659b4b39f9747af56e80c31
/80	0x1e000	0x354	1024	a40def3e59e56c244b7f1ee9e4d2758cc286e7db	a5657ca8b7b4d6587b37b69dca0759a0
/91	0x1f000	0x205b	8704	6a74e6e58cbb49e6a89961f7071d5710271c5c31	9bbe9dd66e6ef5ad08d3fe0304d7e852
/107	0x22000	0x120d	5120	bf3a3c5225d2209fa0d20d8114684a8cd98066a2	665757584accd91c028354c1ab783ffa
/123	0x24000	0x195	512	a2a125cb7390661b9af98659661b28127255ba37	0a478305b637270896b63c2f3a8d9a48

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
libgcc_s_dw2-1.dll
SHELL32.dll
MSVCRT.dll
KERNEL32.dll

Import functions

SHELL32.dll 1 KERNEL32.dll 14 msvcrt.dll 24

Function	Address	Souspicious	Anti Debug
ShellExecuteA	0x1400092e0

Function	Address	Souspicious	Anti Debug
DeleteCriticalSection	0x1400091a0
EnterCriticalSection	0x1400091a8
FreeLibrary	0x1400091b0
GetLastError	0x1400091b8
GetModuleHandleA	0x1400091c0
GetProcAddress	0x1400091c8
InitializeCriticalSection	0x1400091d0
LeaveCriticalSection	0x1400091d8
LoadLibraryA	0x1400091e0
SetUnhandledExceptionFilter	0x1400091e8
Sleep	0x1400091f0
TlsGetValue	0x1400091f8
VirtualProtect	0x140009200
VirtualQuery	0x140009208

Function	Address	Souspicious	Anti Debug
__C_specific_handler	0x140009218
__getmainargs	0x140009220
__initenv	0x140009228
__iob_func	0x140009230
__set_app_type	0x140009238
__setusermatherr	0x140009240
_amsg_exit	0x140009248
_cexit	0x140009250
_commode	0x140009258
_fmode	0x140009260
_initterm	0x140009268
_onexit	0x140009270
abort	0x140009278
calloc	0x140009280
exit	0x140009288
fprintf	0x140009290
free	0x140009298
fwrite	0x1400092a0
malloc	0x1400092a8
memcpy	0x1400092b0
signal	0x1400092b8
strlen	0x1400092c0
strncmp	0x1400092c8
vfprintf	0x1400092d0