node.js.exe

First submission 2024-07-07 18:48:21

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Mime type: application/x-dosexec
File size: 67612.76 KB (69235466 bytes)
Compile time: 2018-12-15 23:26:14
MD5: e4c1f362fc21b6536cd3948f43a765fe
SHA1: eccc892ff0bea809d71f5e1b337beb01a0cf3640
SHA256: 3e8c27bda3844f0d635c13ef44f48ce57d3583c23ba9f1b24db5faca7db30723
Import Hash : b34f154ec913d2d2c435cbd644e91687
Sections 5 .text .rdata .data .ndata .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x6627 26624 0e5e99bb884a9fe9f4dee59b6bf9acf9746f3115 7618d4c0cd8bb67ea9595b4266b3a91f
.rdata 0x8000 0x14a2 5632 0a0c2be86d54840b2eaa4abf2412bb3588e032c4 eecac1fed9cc6b447d50940d178404d8
.data 0xa000 0x70ff8 1536 bdd9e7400edf5b4fddcffb66fcb1d3d83c8901da db8f31a08a2242d80c29e1f9500c6527
.ndata 0x7b000 0x90000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x10b000 0xce0 3584 73699c7c0ad661ab3d5ae0906e233ab819f2c64b b0c375a9cf29c91d35e96893adc0eb6f

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x10b1d8 744
RT_DIALOG LANG_ENGLISH SUBLANG_ENGLISH_US 0x10b6b8 96
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x10b718 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x10b730 620
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x10b9a0 830

Meta infos 7

LegalCopyright: Copyright \xa9 2024 testfr Developers.
ProductVersion: 1.1.5
CompanyName: testfr Developers.
FileVersion: 1.1.5
FileDescription: testfr Enterprise.
Translation: 0x0409 0x04e4
ProductName: testfr

Anti debug functions 2

FindWindowExW
GetLastError

Strings analysis - File found

Database
&Fn=:x.db
.{`.dB
Library
%s%s.dll
ADVAPI32.dll
GDI32.dll
SHELL32.dll
USER32.dll
ole32.dll
KERNEL32.dll
COMCTL32.dll

Strings analysis - Possible URLs found 1

http://nsis.sf.net/NSIS_Error

Import functions

Name Latest seen MD5
vbc.exe 2022-09-02 08:02:02 619477a50eb1e8fedf93c113944763d0
cyyyzx.exe 2022-12-18 07:06:02 ffa7d9fdf7e81851ea4f2bcb490eb18a
Damned-Setup.exe 2023-04-16 12:19:10 f5913abf02f4ed5946813fa3a43ebd67
delta-1683891759612-873837843.exe 2023-05-12 15:37:32 26b177dd363e28b6ddb2d71a251e2030
delta-1683879590321-388561736.exe 2023-05-12 22:37:31 f55742b3d3713138dc24bb27a21b33dc
delta-1683842322418-807128412.exe 2023-05-12 22:52:32 63a15f2d142db04a5dba8bd39cc0db79
delta-1683843393380-489237934.exe 2023-05-12 22:53:32 62df374103c96fd851bd2e62c056dc2f
HBZ.exe 2023-06-15 06:59:01 cc0a1c96c14263e48f82965ff47e0521
LUK.exe 2023-06-15 07:41:02 8f488bf3643183b3e0eddfb0ee888083
EYG.exe 2023-06-19 15:43:02 3d4b36f562038a18fc835188470973c7
updater.exe?ex=665dec8e&is=665c9b0e&hm=e91c7c32352f1ef8db9da88575df7aa54cf0242635e24e888ef0761661d06029& 2024-06-03 08:46:06 dc1985ae4045df7f305918407c5efd08
Snake_IT_Project.exe?ex=66683fa0&is=6666ee20&hm=2cbb91973564d24c1f031ff6fbbd40303b1e76689fa19b4ed1af4f19f3fa4b45& 2024-06-11 08:29:07 252e02142cb04a8f1ed6ff81af37b863
node.js.exe 2024-07-11 11:35:14 9e6ba754b50c865d54a69075a65620ae