gggggg.exe

First submission 2022-08-03 20:11:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 456.0 KB (466944 bytes)
Compile time: 2021-06-17 14:47:50
MD5: f61c74deae0ce023bf2231e030edb7ab
SHA1: 895d1f61c833447a0db9769679e05594b766fa1a
SHA256: bc6f494da47a6a0d914d0accb1e3297610a32feae6927160a0997434f75d637c
Import Hash : 409f5d6d64eccf1b9873a7c796c3f1ad
Sections 7 .text .rdata .data .tls .gfids .rsrc .reloc
Directories 5 import resource debug tls relocation
Virus Total: 52/71 VT report date: 2022-08-03 16:06:58

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXps://jg.studio/gggggg.exe VirusTotal Report jg.studio VirusTotal Report 2022-08-03 20:11:02

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x511cc 332288 167dc18bcf3ffcda9e22fe5e6052b69abced4738 722381e679bb1ddb97c2d07b4958b44e
.rdata 0x53000 0x16f22 94208 f8f28e83a845c64aec58ab6dab345299f538dff8 447b6b218f686df4db2cd5ef417cddc4
.data 0x6a000 0x3d44 3584 e6275f8be29b60f37b1bf1ea9893984972a95b11 08aabee4c7c1a225b65f6841c6214873
.tls 0x6e000 0x9 512 aa0d33a0c854e073439067876e932688b65cb6a9 1f354d76203061bfdd5a53dae48d5435
.gfids 0x6f000 0x230 1024 aed548cb6e1f9d978e19cf9baafaf4430ca470b3 d5e2b33bf09b6cca8a373ecc18cc22af
.rsrc 0x70000 0x4b38 19456 42c1e660c1b529205f58b92e2d1bd0c208adce49 66c2247e2475e54600a405cd8f2367fb
.reloc 0x75000 0x382c 14848 2e105a8fdac2b6bca5b18f310282ecc064abf26b eaffa515443d7e9a0d23e99dbe48290d

PE Resources 3

Name Language Sublanguage Offset Size Data
RT_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x72024 9640
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x745cc 1324
RT_GROUP_ICON LANG_ENGLISH SUBLANG_ENGLISH_US 0x74af8 62

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 9

GetLastError
GetWindowThreadProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
Process32FirstW
Process32NextW
RaiseException
TerminateProcess
UnhandledExceptionFilter

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Database
\key3.db
Text
\sysinfo.txt
licence_code.txt
Library
mscoree.dll
KERNEL32.dll
SHELL32.dll
WINMM.dll
ADVAPI32.dll
WS2_32.dll
USER32.dll
SHLWAPI.dll
Powrprof.dll
PSAPI.DLL
gdiplus.dll
ntdll.dll
urlmon.dll
GDI32.dll

Import functions

Name Latest seen MD5
00000003.exe 2022-08-03 14:14:02 a35383f9431d405cd1164a1ba5c93a2a