DigitalSide Threat Intel

win.exe

First submission 2023-01-20 20:32:40

File details

File type: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
File type: 1845.5 KB (1889792 bytes)
Compile time: 1970-01-01 01:00:00
MD5: eb61b390ea1d6a48148fc1d368ce0bb4
SHA1: f1554eb9b2d8e1aa8669b906bac0df65637ee8bc
SHA256: b4a6a80062f30f25349c7dc4726d52eccba61de8419836c4e97c95c99a79af15
Import Hash : 6ed4f5f04d62b18d96b26d6db7c18840
Sections 3 UPX0 UPX1 .rsrc
Directories 3 relocation resource import
Virus Total: 37/71 VT report date: 2023-01-20 19:02:43

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://46.3.112.238/win.exe VirusTotal Report 46.3.112.238 VirusTotal Report 2023-01-20 20:32:42

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
UPX0 0x1000 0x39c000 0 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x39d000 0x1cd000 1888256 cc35cc09f9178fbf5449919d0d954c213ca391cb 17769e9836cb7814de42ec5ee552fed5
.rsrc 0x56a000 0x1000 1024 5e1e3521e01e97b5330d8c813b8d5e67a6229ff9 41b7056b593ab6a5a0a3314ef3a47c2c

PE Resources 1

Name Language Sublanguage Offset Size Data
RT_MANIFEST LANG_ENGLISH SUBLANG_ENGLISH_US 0x56a05c 340

Packers detected 3

UPX -> www.upx.sourceforge.net
UPX 2.90 (LZMA)
UPX v0.80 - v0.84

Strings analysis - File found

Library
KERNEL32.dll

Strings analysis - Possible IPs found 1

2.5.4.3

Import functions

Function Address Souspicious Anti Debug
LoadLibraryA 0x96a1d8
ExitProcess 0x96a1dc
GetProcAddress 0x96a1e0
VirtualProtect 0x96a1e4

Related files by ImpHash 7 6ed4f5f04d62b18d96b26d6db7c18840

Name Latest seen MD5
BnWxM.exe 2022-08-02 21:31:02 44e041dc2e445fcd33cc89b8453d0539
FkSyDHJGjzKRHTp.exe 2022-08-28 12:59:02 21f894391eaac76010275132312ac5c8
1533572208.exe 2022-09-26 07:48:02 809b9513cecea98e925419a39a6244a2
smbscanlocal-6e08d39fe99ad508d7e0c7aed19ececd.exe 2022-10-15 05:08:04 6e08d39fe99ad508d7e0c7aed19ececd
softv2.exe 2022-10-21 04:31:04 624d887c50cd38398904002ffcbc732a
chrome10_.eff 2022-11-01 07:56:05 73b9004ff373f3b7b2f595541deb5a02
win8def.exe 2022-11-03 21:45:08 99fa3cf292e4c3534951b6ebd96a6802