emptyfilename.tmp
First submission 2024-09-28 22:53:02
Last sumbission 2024-10-07 00:33:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 406.0 KB (415744 bytes) |
Compile time: | 2024-02-01 09:55:05 |
MD5: | e2d279a05ab5b654f96fe3d96801b2a4 |
SHA1: | a33b2fc8560ae87aa120fc3a9829f5b28034e70b |
SHA256: | c74bf29a2d3b5c38f824eb82a5c0fde0448d7194c36250e5b2b8ec9663b27526 |
Import Hash : | 09e0349bd7bb61f570cadf30667497e7 |
Sections 4 | .text .rdata .data .rsrc |
Directories 3 | import resource debug |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 35/77 VT report date: 2024-09-28 22:37:50 |
Malware Type 1 | trojan |
Threat Type 2 | fragtor pwsx |
URLs, FQDN and IP indicators 2
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x15cfd | 89600 | 9278d01df4212f064d93db6227edd3ed683a18fd | a592191f34c6c3e56b791a5faff185ae | |
.rdata | 0x17000 | 0x324f4 | 206336 | 0f3a33f4090245319a2a2f40c9435afb1eafa654 | 44f0f1638ff02f127fa84fe68f182f0d | |
.data | 0x4a000 | 0x201b92c | 25600 | 3eaeabc7399a0cb462e7bcc6bd9c3e45b741bc83 | 112e0dd9e0cffbb83c67b3ad0016bf0e | |
.rsrc | 0x2066000 | 0x16a80 | 93184 | 9fc6a72786d3e7ba5cf5563c672064c706a747ae | 3c1a46bedbe24587c43e01ca9feb8e22 |
PE Resources 7
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x207a9e8 | 1384 | |
RT_ICON | LANG_TAMIL | SUBLANG_DEFAULT | 0x2078b78 | 1128 | |
RT_STRING | LANG_TAMIL | SUBLANG_DEFAULT | 0x207c6c0 | 956 | |
RT_ACCELERATOR | LANG_TAMIL | SUBLANG_DEFAULT | 0x2079048 | 72 | |
RT_GROUP_CURSOR | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x207af50 | 48 | |
RT_GROUP_ICON | LANG_TAMIL | SUBLANG_DEFAULT | 0x2072e80 | 104 | |
RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x207af80 | 600 |
Meta infos 7
LegalCopyright: | Copyright (C) 2023, Pedrano |
InternalNames: | PinchesNotLapas |
FileVersions: | 94.55.18.50 |
FileDescription: | GlobalEng |
Translation: | 0x0409 0x04e4 |
ProductVersions: | 5.59.43 |
ProductName: | Pekauf |
Packers detected 2
Microsoft Visual C++ 8 |
VC8 -> Microsoft Corporation |
Anti debug functions 6
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Library |
KERNEL32.dll |
WUSER32.DLL |
mscoree.dll |
MSIMG32.dll |
GDI32.dll |
WINHTTP.dll |
USER32.dll |
Strings analysis - Possible IPs found 1
94.55.18.50 |