emptyfilename.tmp

First submission 2024-09-28 22:53:02 Last sumbission 2024-10-07 00:33:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 406.0 KB (415744 bytes)
Compile time: 2024-02-01 09:55:05
MD5: e2d279a05ab5b654f96fe3d96801b2a4
SHA1: a33b2fc8560ae87aa120fc3a9829f5b28034e70b
SHA256: c74bf29a2d3b5c38f824eb82a5c0fde0448d7194c36250e5b2b8ec9663b27526
Import Hash : 09e0349bd7bb61f570cadf30667497e7
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 35/77 VT report date: 2024-09-28 22:37:50
Malware Type 1 trojan
Threat Type 2 fragtor pwsx

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://147.45.44.104/yuop/66f8672c1ff0d_lyla3334.exe#lyla3334/ VirusTotal Report 147.45.44.104 VirusTotal Report 2024-10-07 00:33:06
hXXp://147.45.44.104/yuop/66f8672c1ff0d_lyla3334.exe VirusTotal Report 147.45.44.104 VirusTotal Report 2024-10-01 07:47:03

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x15cfd 89600 9278d01df4212f064d93db6227edd3ed683a18fd a592191f34c6c3e56b791a5faff185ae
.rdata 0x17000 0x324f4 206336 0f3a33f4090245319a2a2f40c9435afb1eafa654 44f0f1638ff02f127fa84fe68f182f0d
.data 0x4a000 0x201b92c 25600 3eaeabc7399a0cb462e7bcc6bd9c3e45b741bc83 112e0dd9e0cffbb83c67b3ad0016bf0e
.rsrc 0x2066000 0x16a80 93184 9fc6a72786d3e7ba5cf5563c672064c706a747ae 3c1a46bedbe24587c43e01ca9feb8e22

PE Resources 7

Name Language Sublanguage Offset Size Data
RT_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x207a9e8 1384
RT_ICON LANG_TAMIL SUBLANG_DEFAULT 0x2078b78 1128
RT_STRING LANG_TAMIL SUBLANG_DEFAULT 0x207c6c0 956
RT_ACCELERATOR LANG_TAMIL SUBLANG_DEFAULT 0x2079048 72
RT_GROUP_CURSOR LANG_NEUTRAL SUBLANG_NEUTRAL 0x207af50 48
RT_GROUP_ICON LANG_TAMIL SUBLANG_DEFAULT 0x2072e80 104
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x207af80 600

Meta infos 7

LegalCopyright: Copyright (C) 2023, Pedrano
InternalNames: PinchesNotLapas
FileVersions: 94.55.18.50
FileDescription: GlobalEng
Translation: 0x0409 0x04e4
ProductVersions: 5.59.43
ProductName: Pekauf

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
WUSER32.DLL
mscoree.dll
MSIMG32.dll
GDI32.dll
WINHTTP.dll
USER32.dll

Strings analysis - Possible IPs found 1

94.55.18.50

Import functions