PoRZQ.exe

First submission 2022-08-02 19:52:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 113.0 KB (115712 bytes)
Compile time: 2020-08-29 08:54:20
MD5: e2beefa8a1b15424661216d91f306b8d
SHA1: fa3ed82def41201625814b452e6810d710db4714
SHA256: 9961d435083015d3e079af0431f6e2dad0ac60a85541891ee67f366a5ade38c8
Import Hash : 51a1d638436da72d7fa5fb524e02d427
Sections 6 .text .rdata .data .rsrc .reloc .bss
Directories 4 import resource debug relocation
Virus Total: 59/71 VT report date: 2022-08-01 18:43:41

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/PoRZQ.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 19:52:02

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x12eab 77824 7dbf751a5a00ac84ae1fc0c5ad26154c2aab2c78 6dbe7c9f7981297db465fd69821e1c4b
.rdata 0x14000 0x49ce 18944 6acfa20b7ae4a749e66a0c6332d2f2d5e6bc4004 1271925bf242f5dd778122d822dac6d9
.data 0x19000 0x1350d8 1536 f9506537e8a22c2e00b554ac719b4b918be43450 0e383bc5047fd3f1a7a5e78591f96b14
.rsrc 0x14f000 0x2c70 11776 52e5b1c4d939b10ac7de4810fb56390ff0434d24 cdd112e1df434d31179f9eee936b7ff7
.reloc 0x152000 0xfa8 4096 0441dbebd2baa1cd80fdd6e53190a76bad472a3a d7f0f9f1a21533bcdc70c4c071cede21
.bss 0x153000 0x1000 512 f184cb89cf3facf1101e2f36f2fd52bee812ef5b dc45e444efc2e366ca97d63a4ebf781b

PE Resources 1

Name Language Sublanguage Offset Size Data
WM_DSP LANG_ENGLISH SUBLANG_ARABIC_QATAR 0x14f070 11264

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 6

GetLastError
Process32First
Process32FirstW
Process32Next
Process32NextW
TerminateProcess

Strings analysis - File found

Database
Asend.db
find.db
XML
ellocnak.xml
/n:%temp%\ellocnak.xml
Library
Duser32.dll
vcruntime140.dll
\sqlmap.dll
nss3.dll
ntdll.dll
msvcr120.dll
freebl3.dll
dismcore.dll
msvcp120.dll
mozglue.dll
msvcp140.dll
\rfxvmt.dll
softokn3.dll
USER32.dll
ADVAPI32.dll
ole32.dll
SHLWAPI.dll
SHELL32.dll
bcrypt.dll
Crypt32.dll
vaultcli.dll
PSAPI.DLL
C:\Windows\System32\USER32.dll
NETAPI32.dll
OLEAUT32.dll
KERNEL32.dll
urlmon.dll
WS2_32.dll

Strings analysis - Possible IPs found 3

1.2.3.4
127.0.0.2
6.0.1.1

Strings analysis - Possible URLs found 1

https://github.com/syohex/java-simple-mine-sweeper

Import functions

Name Latest seen MD5
a1.exe 2021-12-08 11:18:08 485aa72d1122385d41fdefb74722a5e0
coo.exe 2022-01-05 19:01:01 e400649bd2020d87ed05e5d863949546
files.exe 2022-01-07 16:01:03 d629825af74644d518bd2aa80c1030d7
5755_1641595330_3394.exe 2022-01-08 06:42:03 495587163ddf94aaceb6a5e68af05f7a
Lion2.exe 2022-01-11 19:20:01 91a75581a2d902f52d5965157fce495f
New_RAW.exe 2022-05-29 22:45:01 230ba9735b656ab22cc089ecb30c1648
ZdNRJ.exe 2022-06-24 22:03:02 ce49d7b247e770f39b6d8eac10fa5403
qWDXb.exe 2022-07-08 14:26:03 0b756fd941b8e7bb06b00769a7ea11ea
JeQSQ.exe 2022-07-14 08:21:02 9e3206fa9eaf7993d1347e4916855b71
BcHxN.exe 2022-07-25 18:53:03 7d2787b309fc3755d14c56931ae9625e
1.exe 2022-08-03 14:41:02 24124eba208a4cbfb5fd03185c7b130d