Motocrossbanerne37.pif

First submission 2024-10-15 16:47:07

File details

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Mime type:	application/x-dosexec
File size:	5204.8 KB (5329718 bytes)
Compile time:	2019-12-16 01:50:29
MD5:	f3a3332b13baa50c41644b86efdf0fe4
SHA1:	f3b91aa55b8dce62cb614e2a43d8e3973b1d47b6
SHA256:	7fd5435121f2cb4320b1bc49400152ec3fecce7f5ce0acce56f32c327126c970
Import Hash :	e9c0657252137ac61c1eeeba4c021000
Sections 5	.text .rdata .data .ndata .rsrc
Directories 2	import resource

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	10/77 VT report date: 2024-10-15 16:17:04

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://apslline.com/Motocrossbanerne37.pif	apslline.com	2024-10-15 16:47:07

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x60d8	25088	61e3e4997880ff35c2bd287ee45157005e80b7cc	e59663060e65803bb6474d2af98f8aa9
.rdata	0x8000	0x123e	5120	2a583b50770b09ec923cd9483bbe882a8b38f671	7969015d02b2f673463f43156b28cdb4
.data	0xa000	0x399058	1024	d6d745ab1a69364f028d7950031ae96e350c7caa	2d383339e780dfc9691f30584bbd0766
.ndata	0x3a4000	0x12000	0	da39a3ee5e6b4b0d3255bfef95601890afd80709	d41d8cd98f00b204e9800998ecf8427e
.rsrc	0x3b6000	0x3ad78	241152	ecf1b140fb75a7c969f279e4f266bfe892a892e8	a32d901976697d7bbce42d8596684b1d

PE Resources 5

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3eff90	1128	PE Resource: RT_ICON - Data ( @X4>" +,Q3.XPU604G.)%D3 < b' # iB d }#%' ( 4EAd9F(=#~eoT4I:[K`N@32L Y>Y}Vu^>TCI;XD>0o=x7$tXC~iR9<1J;DL?"7s= U pcI4ZE4M=J:R@XJFM=rv#v(P4zpNYFYFWDSBN>#I5CE2]/H,wfcP_KSBC5N6QKeNu?s!=J1It[eS_LG9K2M4]\xbQo"n/I/ xS9^>+mG5TOUKPAJ:R8D7a^tb.=g .&6^ghpj]iT]SVZyAQyp )#/i<2O?RAJ9X/'# i >} c ?
RT_DIALOG	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3f0760	96
RT_GROUP_ICON	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3f07c0	132
RT_VERSION	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3f0848	496
RT_MANIFEST	LANG_ENGLISH	SUBLANG_ENGLISH_US	0x3f0a38	830	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="*" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v3.05</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/></application></compatibility></assembly>

Meta infos 8

LegalCopyright:
FileVersion:	1.0.0.0
CompanyName:
Translation:	0x0409 0x04e4
FileDescription:
LegalTrademarks:
Comments:
ProductName:

Anti debug functions 2

FindWindowExA
GetLastError

Strings analysis - File found

Library
ADVAPI32.dll
SHELL32.dll
%s%s.dll
USER32.dll
KERNEL32.dll
COMCTL32.dll
ole32.dll
GDI32.dll

Strings analysis - Possible URLs found 1

http://nsis.sf.net/NSIS_Error

Import functions

GDI32.dll 8 ADVAPI32.dll 13 KERNEL32.dll 61 SHELL32.dll 6 ole32.dll 4 USER32.dll 62 COMCTL32.dll 4

Function	Address	Souspicious	Anti Debug
SelectObject	0x40804c
SetTextColor	0x408050
SetBkMode	0x408054
CreateFontIndirectA	0x408058
CreateBrushIndirect	0x40805c
DeleteObject	0x408060
GetDeviceCaps	0x408064
SetBkColor	0x408068

Function	Address	Souspicious	Anti Debug
AdjustTokenPrivileges	0x408000
RegCreateKeyExA	0x408004
RegOpenKeyExA	0x408008
SetFileSecurityA	0x40800c
OpenProcessToken	0x408010
LookupPrivilegeValueA	0x408014
RegEnumValueA	0x408018
RegDeleteKeyA	0x40801c
RegDeleteValueA	0x408020
RegCloseKey	0x408024
RegSetValueExA	0x408028
RegQueryValueExA	0x40802c
RegEnumKeyA	0x408030

Function	Address	Souspicious	Anti Debug
GetTempPathA	0x408070
GetFileSize	0x408074
GetModuleFileNameA	0x408078
GetCurrentProcess	0x40807c
CopyFileA	0x408080
ExitProcess	0x408084
SetEnvironmentVariableA	0x408088
Sleep	0x40808c
GetTickCount	0x408090
GetCommandLineA	0x408094
lstrlenA	0x408098
GetVersion	0x40809c
SetErrorMode	0x4080a0
lstrcpynA	0x4080a4
GetDiskFreeSpaceA	0x4080a8
GlobalUnlock	0x4080ac
GetWindowsDirectoryA	0x4080b0
SetFileAttributesA	0x4080b4
GetLastError	0x4080b8
CreateDirectoryA	0x4080bc
CreateProcessA	0x4080c0
RemoveDirectoryA	0x4080c4
CreateFileA	0x4080c8
GetTempFileNameA	0x4080cc
ReadFile	0x4080d0
WriteFile	0x4080d4
lstrcpyA	0x4080d8
MoveFileExA	0x4080dc
lstrcatA	0x4080e0
GetSystemDirectoryA	0x4080e4
GetProcAddress	0x4080e8
GetExitCodeProcess	0x4080ec
WaitForSingleObject	0x4080f0
CompareFileTime	0x4080f4
SetFileTime	0x4080f8
GetFileAttributesA	0x4080fc
SetCurrentDirectoryA	0x408100
MoveFileA	0x408104
GetFullPathNameA	0x408108
GetShortPathNameA	0x40810c
SearchPathA	0x408110
CloseHandle	0x408114
lstrcmpiA	0x408118
CreateThread	0x40811c
GlobalLock	0x408120
lstrcmpA	0x408124
DeleteFileA	0x408128
FindFirstFileA	0x40812c
FindNextFileA	0x408130
FindClose	0x408134
SetFilePointer	0x408138
GetPrivateProfileStringA	0x40813c
WritePrivateProfileStringA	0x408140
MulDiv	0x408144
MultiByteToWideChar	0x408148
FreeLibrary	0x40814c
LoadLibraryExA	0x408150
GetModuleHandleA	0x408154
GlobalAlloc	0x408158
GlobalFree	0x40815c
ExpandEnvironmentStringsA	0x408160

Function	Address	Souspicious	Anti Debug
SHGetSpecialFolderLocation	0x408168
ShellExecuteExA	0x40816c
SHGetPathFromIDListA	0x408170
SHBrowseForFolderA	0x408174
SHGetFileInfoA	0x408178
SHFileOperationA	0x40817c

Function	Address	Souspicious	Anti Debug
OleUninitialize	0x408280
OleInitialize	0x408284
CoTaskMemFree	0x408288
CoCreateInstance	0x40828c

Function	Address	Souspicious	Anti Debug
GetSystemMenu	0x408184
SetClassLongA	0x408188
EnableMenuItem	0x40818c
IsWindowEnabled	0x408190
SetWindowPos	0x408194
GetSysColor	0x408198
GetWindowLongA	0x40819c
SetCursor	0x4081a0
LoadCursorA	0x4081a4
CheckDlgButton	0x4081a8
GetMessagePos	0x4081ac
CallWindowProcA	0x4081b0
IsWindowVisible	0x4081b4
CloseClipboard	0x4081b8
SetClipboardData	0x4081bc
EmptyClipboard	0x4081c0
OpenClipboard	0x4081c4
ScreenToClient	0x4081c8
GetWindowRect	0x4081cc
GetDlgItem	0x4081d0
GetSystemMetrics	0x4081d4
SetDlgItemTextA	0x4081d8
GetDlgItemTextA	0x4081dc
MessageBoxIndirectA	0x4081e0
CharPrevA	0x4081e4
DispatchMessageA	0x4081e8
PeekMessageA	0x4081ec
GetDC	0x4081f0
ReleaseDC	0x4081f4
EnableWindow	0x4081f8
InvalidateRect	0x4081fc
SendMessageA	0x408200
DefWindowProcA	0x408204
BeginPaint	0x408208
GetClientRect	0x40820c
FillRect	0x408210
EndDialog	0x408214
RegisterClassA	0x408218
SystemParametersInfoA	0x40821c
CreateWindowExA	0x408220
GetClassInfoA	0x408224
DialogBoxParamA	0x408228
CharNextA	0x40822c
ExitWindowsEx	0x408230
LoadImageA	0x408234
CreateDialogParamA	0x408238
SetTimer	0x40823c
SetWindowTextA	0x408240
SetForegroundWindow	0x408244
ShowWindow	0x408248
SetWindowLongA	0x40824c
SendMessageTimeoutA	0x408250
FindWindowExA	0x408254
IsWindow	0x408258
AppendMenuA	0x40825c
TrackPopupMenu	0x408260
CreatePopupMenu	0x408264
DrawTextA	0x408268
EndPaint	0x40826c
DestroyWindow	0x408270
wsprintfA	0x408274
PostQuitMessage	0x408278

Function	Address	Souspicious	Anti Debug
ImageList_Create	0x408038
ImageList_AddMasked	0x40803c
None	0x408040
ImageList_Destroy	0x408044

Name	Latest seen	MD5
wininit.exe	2023-06-06 11:26:02	7339f323191432260e5a33cfd681adec
hkcmd.exe	2023-06-08 06:53:02	c6d2ae33edf3d67a0c2abe42836c2874
hkcmd.exe	2023-06-08 08:30:02	bb82589608f2312e9bf9d0c63c8a3d68
hkcmd.exe	2023-06-08 10:02:02	a413d04a39c86bd0b4ca116227d20a30
hkcmd.exe	2023-06-08 14:09:02	d2a06a7386680bc248d79c2974f9b0cf
cleanmgr.exe	2023-06-12 03:26:08	21d050c21197079204d5b24526522bb2

Motocrossbanerne37.pif

File details

File features detected

OSINT Enrichments

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 5

Meta infos 8

Anti debug functions 2

Strings analysis - File found

Strings analysis - Possible URLs found 1

Import functions

Related files by ImpHash 6 e9c0657252137ac61c1eeeba4c021000