AdaptorOvernight.exe

First submission 2024-07-08 12:58:05

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 25622.7 KB (26237648 bytes)
Compile time: 2012-02-24 20:19:54
MD5: e0d29de6e2fa7590f857f1ef825c943c
SHA1: 5d4166175a6aeadad97a01f856856cc87a482311
SHA256: 47fa886618e66e730a11f7a37be8ab0371709624a0ad26e7370c0220bdd4786d
Import Hash : be41bf7b8cc010b614bd36bbca606973
Sections 6 .text .rdata .data .ndata .rsrc .reloc
Directories 4 import resource relocation security

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 13/78 VT report date: 2024-07-08 12:37:23
Malware Type 1 trojan
Threat Type 1 autoit

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://raw.githubusercontent.com/jijilovedada/jijilovedada/main/tools/cc/AdaptorOvernight.exe VirusTotal Report raw.githubusercontent.com VirusTotal Report 2024-07-08 12:58:05

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6dae 28160 3f4c995439cec283f1f51d71acb1f25bef740b63 00499a6f70259150109c809d6aa0e6ed
.rdata 0x8000 0x2a62 11264 05985b7f60a664d2595e9406ae3b208c97597bbc 07990aaa54c3bc638bb87a87f3fb13e3
.data 0xb000 0x67ebc 512 92d7e0d8d66861f702d867dac616b7d02bca94ec 014871d9a00f0e0c8c2a7cd25606c453
.ndata 0x73000 0x81000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0xf4000 0x6d00 28160 c0690e1e033cf5cfd94dd7680bccd2a145021dd1 01b11916ca291372ff46521d718ca81d
.reloc 0xfb000 0xf32 4096 c060a266f97aa15a6338aac575d1f5c9a7bd02c8 01effa914a90b27acd314f2e4522e5ab

PE Resources 4

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xfa300 1128
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0xfa988 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0xfa9e8 62
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0xfaa28 726

Packers detected 1

Nullsoft PiMP Stub -> SFX

Anti debug functions 2

FindWindowExW
GetLastError

File signature

MD5 SHA1 Block size Virtual Address
2e8d5ff75b9d5efd1f4f899887e2bfc1 6f2259f7e3abff97ddeeb7e32d3692299018e8a9 11624 26226024

Strings analysis - File found

Log
install.log
Temporary
~nsu.tmp
Library
ADVAPI32.dll
SHELL32.dll
USER32.dll
KERNEL32.dll
VERSION.dll
COMCTL32.dll
PSAPI.DLL
ole32.dll
GDI32.dll

Strings analysis - Possible URLs found 15

http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
http://ocsp.digicert.com0C
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
http://ocsp.digicert.com0A
http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
http://nsis.sf.net/NSIS_Error
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
http://ocsp.digicert.com0\
http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
http://ocsp.digicert.com0X

Import functions

Name Latest seen MD5
HrNQKzxJSJyBHMe.exe 2022-09-11 14:15:10 5fd7895ad8c6f4cbafeb0877637027ad
smartsoftsignew.exe 2024-05-31 21:25:02 66a5a529386533e25316942993772042