DigitalSide Threat Intel

33.exe

First submission 2024-10-12 23:11:10

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Mime type: application/x-dosexec
File size: 7677.0 KB (7861248 bytes)
Compile time: 2024-10-12 20:16:36
MD5: e071b6dd90f4c7a9d23632bfb9517925
SHA1: 9ef06985e2f58c3cd0a64780819e7812d6ae849e
SHA256: 70f887fea5277999b9f7c5b725a2601ea42f53c3de6f218867509057021d58be
Import Hash : 41db2083dac89343aef584a51a80b293
Sections 9 .text .data .rdata .eh_fram .bss .idata .CRT .tls .reloc
Directories 3 import tls relocation

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 23/77 VT report date: 2024-10-12 22:53:17
Malware Type 1 trojan
Threat Type 1 cryptbot

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://103.130.147.211/Files/33.exe VirusTotal Report 103.130.147.211 VirusTotal Report 2024-10-12 23:11:10

PE Sections 3 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x4ddd68 5103104 361642efdff9728ccdcb666058b32ba05c917579 1973e4cdb5b0d5ee7c3aa7369d172e58
.data 0x4df000 0x2244c0 2246144 a53498eda55e8a04b895d2b5db51a7c5170c5ce1 d4f4d1fa4c5fea91933a52e4037035b8
.rdata 0x704000 0xe9a4 59904 94fc264ace7f70859a0f986649046e6a5b7cb314 a48a9bd8fc8efae6f6a28862001533b0
.eh_fram 0x713000 0x210c 8704 e73ca8c98d4a08f7c7796cc05084013bd8f74e1d fc1d24259cae7ffcc8382b42fe5a83d6
.bss 0x716000 0xb74 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.idata 0x717000 0xb78 3072 47803c9683adfa9a6a2a4455222fd7beecf7eb4b 3517e096cc113df9aeb0f67ac58c6513
.CRT 0x718000 0x30 512 e49e627b7c6243bf7494f5adc26113ffaa38338d 947565758601e59a9e2e145caaaaefe2
.tls 0x719000 0x8 512 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 bf619eac0cdf3f68d496ea9344137e8b
.reloc 0x71a000 0x6aea8 438272 45c29e54a1f832fb02d32c2626b292a20ecdf50a 8542f2c1d7758025004855081c0a93b3

Anti debug functions 1

GetLastError

Strings analysis - File found

Library
MSVCRT.dll
ADVAPI32.dll
KERNEL32.dll
libgcc_s_dw2-1.dll

Import functions

Function Address Souspicious Anti Debug
CryptAcquireContextA 0xb1721c
CryptGenRandom 0xb17220
CryptReleaseContext 0xb17224
Function Address Souspicious Anti Debug
DeleteCriticalSection 0xb1722c
EnterCriticalSection 0xb17230
FreeLibrary 0xb17234
GetLastError 0xb17238
GetModuleHandleA 0xb1723c
GetModuleHandleW 0xb17240
GetNativeSystemInfo 0xb17244
GetProcAddress 0xb17248
GetProcessHeap 0xb1724c
GetStartupInfoA 0xb17250
GetThreadLocale 0xb17254
HeapAlloc 0xb17258
HeapFree 0xb1725c
InitializeCriticalSection 0xb17260
IsBadReadPtr 0xb17264
IsDBCSLeadByteEx 0xb17268
LeaveCriticalSection 0xb1726c
LoadLibraryA 0xb17270
MultiByteToWideChar 0xb17274
SetLastError 0xb17278
SetUnhandledExceptionFilter 0xb1727c
Sleep 0xb17280
TlsGetValue 0xb17284
VirtualAlloc 0xb17288
VirtualFree 0xb1728c
VirtualProtect 0xb17290
VirtualQuery 0xb17294
WideCharToMultiByte 0xb17298
lstrlenA 0xb1729c
Function Address Souspicious Anti Debug
__getmainargs 0xb172a4
__initenv 0xb172a8
__mb_cur_max 0xb172ac
__p__acmdln 0xb172b0
__p__commode 0xb172b4
__p__fmode 0xb172b8
__set_app_type 0xb172bc
__setusermatherr 0xb172c0
_amsg_exit 0xb172c4
_assert 0xb172c8
_cexit 0xb172cc
_errno 0xb172d0
_chsize 0xb172d4
_exit 0xb172d8
_filelengthi64 0xb172dc
_fileno 0xb172e0
_initterm 0xb172e4
_iob 0xb172e8
_lock 0xb172ec
_onexit 0xb172f0
_unlock 0xb172f4
_wcsnicmp 0xb172f8
abort 0xb172fc
atoi 0xb17300
bsearch 0xb17304
calloc 0xb17308
exit 0xb1730c
fclose 0xb17310
fflush 0xb17314
fgetpos 0xb17318
fopen 0xb1731c
fputc 0xb17320
fread 0xb17324
free 0xb17328
freopen 0xb1732c
fsetpos 0xb17330
fwrite 0xb17334
getc 0xb17338
islower 0xb1733c
isspace 0xb17340
isupper 0xb17344
isxdigit 0xb17348
localeconv 0xb1734c
malloc 0xb17350
mbstowcs 0xb17354
memcmp 0xb17358
memcpy 0xb1735c
memmove 0xb17360
memset 0xb17364
mktime 0xb17368
localtime 0xb1736c
difftime 0xb17370
_mkdir 0xb17374
perror 0xb17378
qsort 0xb1737c
realloc 0xb17380
remove 0xb17384
setlocale 0xb17388
signal 0xb1738c
strchr 0xb17390
strcmp 0xb17394
strerror 0xb17398
strlen 0xb1739c
strncmp 0xb173a0
strncpy 0xb173a4
strtol 0xb173a8
strtoul 0xb173ac
tolower 0xb173b0
ungetc 0xb173b4
vfprintf 0xb173b8
time 0xb173bc
wcslen 0xb173c0
wcstombs 0xb173c4
_stat 0xb173c8
_write 0xb173cc
_utime 0xb173d0
_open 0xb173d4
_fileno 0xb173d8
_close 0xb173dc
_chmod 0xb173e0

Related files by ImpHash 7 41db2083dac89343aef584a51a80b293

Name Latest seen MD5
javumarfirst.exe 2024-10-03 21:30:03 506f20dc6d2d9a4bd2725a726679b74e
3.exe 2024-10-07 02:00:06 4574de6b9f970058f5306aa830f3a132
11.exe 2024-10-07 02:55:06 284c99e2aa6644acd914e7d1a245deed
sadsay.exe 2024-10-10 06:26:03 735bb5f55a17215700840c04a8b40a03
JavUmar.exe 2024-10-10 21:07:03 3394808f2d5c141b86e33a51ace8a577
4.exe 2024-10-12 12:53:04 49d7ba824b7249c26927e8a086eb879b
JavUmar1.exe 2024-10-14 09:37:02 7105a2ba8c897b6c2072a6ab0bdecdf1