DigitalSide Threat Intel

670937a58778f_LisioFirendes.exe

First submission 2024-10-12 07:16:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 569.89 KB (583568 bytes)
Compile time: 2024-10-11 16:33:19
MD5: de14925632f91bdb33ca3333a51c20c0
SHA1: 24524657bb7edb00152a178b928b3d607e51ac9c
SHA256: e872fb46fab0d28820724db2eeb713034898a37fd329c864c3ce6d81bc9f5a77
Import Hash : 123e239a3e28f0916ec222eaf58ca968
Sections 5 .text .rdata .data .reloc .rsrc
Directories 5 import resource debug relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 42/77 VT report date: 2024-10-12 04:01:38
Malware Type 1 trojan
Threat Type 3 fragtor gzald hcom

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://web.johnmccrea.com/player/670937a58778f_LisioFirendes.exe VirusTotal Report web.johnmccrea.com VirusTotal Report 2024-10-12 07:16:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x219a8 137728 6827d7f541101209febdf837bf0ae3019d669f1f de76c42a9d25aa7a5344975436469f14
.rdata 0x23000 0xa0aa 41472 996d60a72a6b7f194aa38f229040d13c0c744d39 3a6c769b5ab627ce9a15935f137c4ba2
.data 0x2e000 0x578ec 354816 48256358efa950a7ca1b6b5e1be40ecbd23da5fe 9535765b44bbf11d9966d7eec7f21573
.reloc 0x86000 0x1c10 7680 54963e51f3be63306b0ef46514784642220caa2e 0b4e7235fc76222b5b11cf18cc5740c3
.rsrc 0x88000 0x128 512 e5f0fe48eb072a6b36f75500d71a99b84aa32f5e 239a18c31ff02bce8aaacba8dc7cd677

PE Resources 1

Name Language Sublanguage Offset Size Data
MUI LANG_ENGLISH SUBLANG_ENGLISH_US 0x88060 200

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

File signature

MD5 SHA1 Block size Virtual Address
5e5176873ccfe2eac091c89f1f4d84bf 17cddeb5c426cd6a3a50e937bd0f5d487308bf31 20168 563400

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll
USER32.dll

Strings analysis - Possible URLs found 14

http://crl.microsoft.com/pki/crl/products/MicCodSigPCA_2010-07-06.crl0Z
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z
http://office.microsoft.com
http://www.microsoft.com/pkiops/docs/primarycps.htm0@
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt0
http://www.microsoft.com/pkiops/Docs/Repository.htm0
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl0
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt0
http://www.microsoft.com/PKI/docs/CPS/default.htm0@
http://www.microsoft.com/pki/certs/MicCodSigPCA_2010-07-06.crt0
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl0l
http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt0
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl0a

Import functions

Function Address Souspicious Anti Debug
LoadLibraryExW 0x423000
CreateFileW 0x423004
GetConsoleWindow 0x423008
TlsGetValue 0x42300c
MultiByteToWideChar 0x423010
GetStringTypeW 0x423014
WideCharToMultiByte 0x423018
EnterCriticalSection 0x42301c
LeaveCriticalSection 0x423020
InitializeCriticalSectionEx 0x423024
DeleteCriticalSection 0x423028
EncodePointer 0x42302c
DecodePointer 0x423030
LCMapStringEx 0x423034
GetCPInfo 0x423038
IsProcessorFeaturePresent 0x42303c
UnhandledExceptionFilter 0x423040
SetUnhandledExceptionFilter 0x423044
GetCurrentProcess 0x423048
TerminateProcess 0x42304c
QueryPerformanceCounter 0x423050
GetCurrentProcessId 0x423054
GetCurrentThreadId 0x423058
GetSystemTimeAsFileTime 0x42305c
InitializeSListHead 0x423060
IsDebuggerPresent 0x423064
GetStartupInfoW 0x423068
GetModuleHandleW 0x42306c
HeapSize 0x423070
RaiseException 0x423074
RtlUnwind 0x423078
GetLastError 0x42307c
SetLastError 0x423080
InitializeCriticalSectionAndSpinCount 0x423084
TlsAlloc 0x423088
TlsSetValue 0x42308c
TlsFree 0x423090
FreeLibrary 0x423094
GetProcAddress 0x423098
WriteConsoleW 0x42309c
GetStdHandle 0x4230a0
WriteFile 0x4230a4
GetModuleFileNameW 0x4230a8
ExitProcess 0x4230ac
GetModuleHandleExW 0x4230b0
HeapAlloc 0x4230b4
HeapFree 0x4230b8
LCMapStringW 0x4230bc
GetLocaleInfoW 0x4230c0
IsValidLocale 0x4230c4
GetUserDefaultLCID 0x4230c8
EnumSystemLocalesW 0x4230cc
GetFileType 0x4230d0
CloseHandle 0x4230d4
FlushFileBuffers 0x4230d8
GetConsoleOutputCP 0x4230dc
GetConsoleMode 0x4230e0
ReadFile 0x4230e4
GetFileSizeEx 0x4230e8
SetFilePointerEx 0x4230ec
ReadConsoleW 0x4230f0
HeapReAlloc 0x4230f4
FindClose 0x4230f8
FindFirstFileExW 0x4230fc
FindNextFileW 0x423100
IsValidCodePage 0x423104
GetACP 0x423108
GetOEMCP 0x42310c
GetCommandLineA 0x423110
GetCommandLineW 0x423114
GetEnvironmentStringsW 0x423118
FreeEnvironmentStringsW 0x42311c
SetStdHandle 0x423120
GetProcessHeap 0x423124
Function Address Souspicious Anti Debug
ShowWindow 0x42312c

Related files by ImpHash 1 123e239a3e28f0916ec222eaf58ca968

Name Latest seen MD5
0a839761915d.exe 2024-10-11 09:39:02 397ccf85427fe1a0523697e7f77f57a6