Session-https.exe
First submission 2024-10-13 01:42:02
File details
| File type: | PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows |
| Mime type: | application/x-dosexec |
| File size: | 321.0 KB (328704 bytes) |
| Compile time: | 1970-01-01 01:00:00 |
| MD5: | f05982b55c7a85b9e71a941fe2295848 |
| SHA1: | b0df24778218a422f7a88083c9fb591f0499c36f |
| SHA256: | 5462b422de6d759e45cc0269d564acbf0805c4441aba38bd28133c98d1187888 |
| Import Hash : | 147442e63270e287ed57d33257638324 |
| Sections 9 | .text��� .data��� .rdata�� .pdata�� .xdata�� .bss���� .idata�� .CRT���� .tls���� |
| Directories 2 | import tls |
URLs, FQDN and IP indicators 1
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://89.197.154.116/Session-hXXps.exe  |
89.197.154.116 |
2024-10-13 01:42:02 |
PE Sections 3 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x20a8 | 8704 | 9977ab2ec10e333fd1b0f33a64acbe7991100bc1 | ba98beafce4128c14539a20f3e854b25 | |
| .data��� | 0x4000 | 0x4bcf0 | 310784 | 5d52d0ffd89687973243fa7346f9abea312f0c30 | 07413092d6d99f07613d3dc3053a5c91 | |
| .rdata�� | 0x50000 | 0x910 | 2560 | c2d1af5b1937da901ea82341a66ed618f29a12df | 5fcc7830b4dcd602b35eeb7f1712e8fa | |
| .pdata�� | 0x51000 | 0x2b8 | 1024 | 803ff539afa8f6692b3e9b53c89dddde86533d09 | f88aef14dea168f37249daf0dce04c78 | |
| .xdata�� | 0x52000 | 0x238 | 1024 | 2714d9e2c3d1b1fd1575c12a5f1babce8e222944 | 6ce9e303fb86766d702ecb2b174cf348 | |
| .bss���� | 0x53000 | 0x9d0 | 0 | da39a3ee5e6b4b0d3255bfef95601890afd80709 | d41d8cd98f00b204e9800998ecf8427e | |
| .idata�� | 0x54000 | 0x8d8 | 2560 | 0cbaa3a0ed03d5451dc4f2bef7f00687999500e9 | 3aae8d98b4d34bad008e73a14573bffd | |
| .CRT���� | 0x55000 | 0x68 | 512 | 48e7f86626e0f41a8a0ee900c304c59e0f7d25f7 | 52d79e9aecf5d5c3145d3ec54aa197a8 | |
| .tls���� | 0x56000 | 0x10 | 512 | 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 | bf619eac0cdf3f68d496ea9344137e8b |
Packers detected 1
| Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 3
| GetLastError |
| TerminateProcess |
| UnhandledExceptionFilter |
Strings analysis - File found
| Library |
| MSVCRT.dll |
| KERNEL32.dll |
Import functions
| Name | Latest seen | MD5 |
|---|---|---|
| gotomeeting.exe | 2024-05-16 10:19:04 | 877187ad95d25a0e3582331588ac8892 |
| beacon.exe | 2024-05-25 14:10:04 | 927ee11071594552182a02d7b0b971fa |
| abc.exe | 2024-06-01 11:06:03 | 0423137cc78e3e3d7af3ecb534847d1b |
| h.exe | 2024-07-04 10:40:04 | b958d6940edc44e8d99a9e5c074acd5a |
| Utility.exe | 2024-08-30 16:42:03 | 3cd08960d873ee9bbe2bc64e4a5460ef |
| Journal.exe | 2024-09-22 15:09:01 | 59fc81032d61afec30ba06c776f7f3cd |
| Charter.exe | 2024-09-22 15:26:01 | 03487ec0103b22c20bcc2f6864a705e7 |
| Utility2.exe | 2024-09-22 16:01:02 | 4bd25a55bcb6aec078ab1d909cfabe64 |
| service.exe | 2024-09-22 16:04:01 | 4b6b4048c597d60f54030b1d4fb3f376 |
| Utility3.exe | 2024-09-22 16:08:02 | 0b86a1aad0c4a168bfffbe1da6cdd45e |
| Monitor.exe | 2024-09-22 16:09:02 | 20cfd4b4f12dc4aae8971d7b95b870e2 |
| update.exe | 2024-09-28 15:22:02 | dc66a0481a259a5c8820880822ff0b3a |
| system.exe | 2024-10-06 04:17:03 | 24a4b0bab13585fcd3dbb00e8de9e78f |
| a.exe | 2024-10-15 07:39:02 | a3eb49b7dce841199a2882b7d1c27a57 |
| qz1.exe | 2024-10-18 07:22:08 | d4aa29575d62a2b48767b576f43e071b |