up.exe

First submission 2024-02-09 17:25:01

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 666.0 KB (681984 bytes)
Compile time: 2023-03-15 08:37:42
MD5: de838062cd23d4e6330bd8f0320102f5
SHA1: 12477af8541fa6fc795a045978328b42b96e3c89
SHA256: fc8eb10bc048353393d89f1920952a1bf57b5626509410b0a7e9a1e3b586e1a1
Import Hash : e6a462c35d266e63944cf9874893788d
Sections 7 .text .rdata .data .hawa .tls .wupo .rsrc
Directories 3 import resource tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://172.86.76.157/up.exe VirusTotal Report 172.86.76.157 VirusTotal Report 2024-02-09 17:25:01

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x9e6e2 649216 373b24b84afe6890cf85767672e2773a160af702 73fbd7e4c4be79221f63a23666ac0810
.rdata 0xa0000 0x31e0 12800 804b7bd03900008e0c57a80794c32d843b493783 f732200fb0a7cc1d58d4581fc604458e
.data 0xa4000 0x6d60 7680 7457e4fcea1ea528ef2cae5071b266740d7f92b9 adf4dc6a0c7abfcdaadf471d134c7e74
.hawa 0xab000 0x7c 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.tls 0xac000 0x9cd 2560 4358194749214d739152fa635bff9e886e4d692b a371492f16c0940507435909603efe88
.wupo 0xad000 0x400 1024 60cacbf3d72e1e7834203da608037b1bf83b40e8 0f343b0931126a20f133d67c2b018a3b
.rsrc 0xae000 0x1bd0 7168 b3691bf68b4e9b351dec0d8c9dfbdeb7c8dc124f d9b9ed978f6881132662adbb55a81df6

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xae1e0 4264
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0xaf7c0 1034
RT_ACCELERATOR LANG_ENGLISH SUBLANG_ENGLISH_US 0xaf2a0 32
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xaf288 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0xaf2c0 496

Meta infos 6

LegalCopyright: Silent news
InternalName: Stupido
FileVersion: 44.41.89.59
CompanyName: Torque
Translation: 0x179c 0x02fd
ProductVersion: 5.99.76.62

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
ADVAPI32.dll
WUSER32.DLL
KERNEL32.dll
mscoree.dll
USER32.dll

Strings analysis - Possible IPs found 2

5.99.76.62
44.41.89.59

Import functions

Name Latest seen MD5
lumma.exe 2024-02-08 11:24:05 9d6a64c7aa2458129071d1165d98ab2e