build1111.exe

First submission 2024-07-09 06:20:02

File details

File type: PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 1700.0 KB (1740800 bytes)
Compile time: 2024-07-08 22:36:51
MD5: dea351e95b2d5b0a6b3911d531315550
SHA1: 6720ee0a19bc634b1b9f20632b354903788d3a5c
SHA256: b116c1e0f92dca485565d5f7f3b572d7f01724062320597733b9dbf6dd84dee1
Import Hash : a338797fb02813f0ef44a2dae655cd61
Sections 11 .text .data .rdata .pdata .xdata .bss .idata .CRT .tls .rsrc .reloc
Directories 4 import resource tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 17/78 VT report date: 2024-07-09 06:05:30
Malware Type 1 trojan
Threat Type 2 amadey yxegiz

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://185.216.214.217/cdn-directory/build1111.exe VirusTotal Report 185.216.214.217 VirusTotal Report 2024-07-09 06:20:02

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x194158 1655296 d2ff44118b6a174377513ab05fe25d44d2af5542 19a1e6d7db05ecc27fe5d6527e0aec42
.data 0x196000 0x940 2560 9ae6322d5a43ff825c043542bdd47f85a6ecc196 4735dd161d52a82cb49c63db877990c8
.rdata 0x197000 0xaa00 43520 2f64a10c660d32d2343647cf0dbe5a56c7b4b42d 6e0b0e92b6c27669a2d2efb82b8e4fad
.pdata 0x1a2000 0x4674 18432 4603ed25fb1b371f878e3188ea9faca4c283ae10 396200910c4f50f4de0ce1d59a5d16cd
.xdata 0x1a7000 0x3bd4 15360 91d15d889497625da2dfc9d3747eedfc631a3c1f 5483a5452358f0aceed049c65d828ad9
.bss 0x1ab000 0x65ed0 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x211000 0x664 2048 1ad201e8f8b80dd463da7a90db0052a1ecd3386e 5a48e7e4155d7236b0748fd98fe8245e
.CRT 0x212000 0x68 512 f8366756503cab27654158319659acdeb82a652f f9f312b9abf1ae4956c1867f6ecbc54a
.tls 0x213000 0x10 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.rsrc 0x214000 0x138 512 5a62edd762252883f7579bdb99ddd9f5d143e0bb 3c0df8aa156a53af14fb4a7085c4af12
.reloc 0x215000 0x324 1024 ba4498dfc9013b8cd6466092b35fe0a751047f90 e3fea089e1fa8175a23426639011c0be

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x214058 220

Meta infos 1

Translation: 0x0409 0x04e4

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
@USER32.DLL
@ole32.dll
MSVCRT.dll
@winhttp.dll
@psapi.dll
KERNEL32.dll
@shell32.dll
@Advapi32.dll
@kernel32.dll

Import functions

Name Latest seen MD5
build16666.exe 2024-07-12 12:43:03 4640faeafa95ce219c649e9f5cbffd75