vast.exe

First submission 2022-08-03 15:12:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 464.0 KB (475136 bytes)
Compile time: 2022-05-20 18:04:59
MD5: e896c66e66443d92a15a3866f29f99d0
SHA1: 40a8b70e3ccb4ec34136178f3ff81e6e29538cb9
SHA256: af8e775954721201799acaacb6d06d474beff1eec3b8dfd2d1d6c20ddbc30bc9
Import Hash : a7296afab03588778ff3a4f804abab68
Sections 7 .text .rdata .data .tls .gfids .rsrc .reloc
Directories 5 import resource debug tls relocation
Virus Total: 48/71 VT report date: 2022-08-03 12:40:18

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://jg.studio/vast.exe VirusTotal Report jg.studio VirusTotal Report 2022-08-03 15:12:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x52ebd 339968 1d55ddc5f1f9583556e20c90875411370df93dc1 b995649520c85ae9a9af377cafacc12d
.rdata 0x54000 0x17086 94720 4ed820c836eee7791674d551a3766b53bd2fa1da 06804dd1755eec5f08876eca920460cb
.data 0x6c000 0x3fbc 3584 50a146c96317ac8ea2dbe3e9a5aed1110ad1d572 5efecb64d7e39f8a6babfd004f924b54
.tls 0x70000 0x9 512 aa0d33a0c854e073439067876e932688b65cb6a9 1f354d76203061bfdd5a53dae48d5435
.gfids 0x71000 0x230 1024 2558eec229bcb9979a3fb3808d931b3b0f01277b 2201d87bb0078cd63aec6df95ae82258
.rsrc 0x72000 0x4bcc 19456 a2b818bb1db2ed3f377a89745917a37705746690 f81b3dff22ef9502c2526d856b2e3bb6
.reloc 0x77000 0x3898 14848 80894f91c33c3538cd995da19003bafbadd46807 ba4fa7506c7ef42ea4732ffaa2916ca9

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ITALIAN SUBLANG_ITALIAN 0x74024 9640
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x765cc 1471
RT_GROUP_ICON LANG_ITALIAN SUBLANG_ITALIAN 0x76b8c 62

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Database
\key3.db
Text
\sysinfo.txt
license_code.txt
Library
mscoree.dll
KERNEL32.dll
SHLWAPI.dll
WINMM.dll
ntdll.dll
ADVAPI32.dll
USER32.dll
PSAPI.DLL
WININET.dll
SHELL32.dll
Powrprof.dll
gdiplus.dll
urlmon.dll
WS2_32.dll
GDI32.dll

Strings analysis - Possible URLs found 1

http://geoplugin.net/json.gp

Import functions

Name Latest seen MD5
vbc.exe 2022-06-09 12:08:02 76b266d47a00e0c91bfed96dc0d881ec
55555.exe 2022-06-18 08:45:03 edb7d4821efa469977296d4a1e443f9f
HpQzZ.exe 2022-06-24 22:08:03 1babe254a9d587f2449d2e0d564a757c
708.exe 2022-06-30 18:24:02 544952a372b29a3c32b18a2cf4579011
rFMBo.exe 2022-07-06 18:28:02 ae2ede7c8ca2b10dfe8f6285b349d2e3
ledd.exe 2022-08-03 19:46:02 381174065c50d595ce1655c6ff6da73c