twointe

First submission 2024-02-08 14:22:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 259.5 KB (265728 bytes)
Compile time: 2022-11-20 08:42:37
MD5: f59f660af460a7f4605a073fd590c1df
SHA1: 6d6a0c159c463b6d8b5bfbc26158381fc0126bbb
SHA256: 13b1fcef292807ad431b2c2bb229584eca754b1d07444aec59e0a81279af3c96
Import Hash : 493a53875922264da34ad5d518c7fe46
Sections 5 .text .rdata .data .tls .rsrc
Directories 3 import resource tls
Virus Total:

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://94.156.66.186/batushka/twointe VirusTotal Report 94.156.66.186 VirusTotal Report 2024-02-08 14:22:03

PE Sections 2 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x3574f 219136 45958a7289c07e3412d2d024271e8efd28fb9c46 942d44b5f0b4c0bb0be8a06c36e92264
.rdata 0x37000 0x3ff8 16384 4c52cbe480e44f7a515bb254b0ff91cc799256e0 5f13432b22b96a447bf4f56388e4e5db
.data 0x3b000 0x2c1c 4096 d89510a14ad3c4542b4648f54a36630c3e16f1a8 4570bf339725515b051f287b7f4b3af9
.tls 0x3e000 0x9cd 2560 cabc14288ddeba26408cdb14e69f7b9f476565ae b85f229e4962d23b2bc27d3fefa72e8e
.rsrc 0x3f000 0x56c8 22528 c6cb3a8d9bf51ab37a667418c1e50678bb902be6 c3ec53a04a9f6c22f3323b427d22e2e4

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x3f3f0 4264
RT_STRING LANG_ENGLISH SUBLANG_ENGLISH_US 0x444a8 544
RT_ACCELERATOR LANG_ENGLISH SUBLANG_ENGLISH_US 0x404b0 48
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x40498 20
RT_VERSION LANG_ENGLISH SUBLANG_ENGLISH_US 0x404e0 488

Meta infos 6

LegalCopyright: Silent news
InternalName: Gas
FileVersion: 7.59.32.79
CompanyName: Torque
Translation: 0x377b 0x02f9
ProductVersion: 2.25.94.76

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
mscoree.dll
KERNEL32.dll
ADVAPI32.dll
USER32.dll
ole32.dll
GDI32.dll

Strings analysis - Possible IPs found 2

2.25.94.76
7.59.32.79

Import functions