66e010f468498_otr.exe
First submission 2024-09-28 02:20:02
Last sumbission 2024-10-05 13:55:02
File details
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 437.5 KB (448000 bytes) |
Compile time: | 2012-07-14 00:47:16 |
MD5: | faaf13f6a1dd574396fea7e084504150 |
SHA1: | fe3ae0ba88f77c13d1abfe4d4f06af758ea074d8 |
SHA256: | d9ad4db21b4eaf691e7a27bcb995b238cde846ecd4536191fcce303fe76c2bed |
Import Hash : | bf5a4aa99e5b160f8521cadd6bfe73b8 |
Sections 4 | .text .rdata .data .rsrc |
Directories 3 | import resource debug |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 59/77 VT report date: 2024-09-18 04:34:45 |
Malware Type 2 | trojan spyware |
Threat Type 3 | redline msil reline |
URLs, FQDN and IP indicators 1
PE Sections 1 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x19718 | 104448 | 633550284fa9888c02b518e35c09cdf0a149c8a8 | f592271688c830fa8785494d0fb5f72c | |
.rdata | 0x1b000 | 0x6db4 | 28160 | ac050a1809ae127615e1683adb73d87013096d10 | 5826801f33fc1b607aa8e942aa92e9fa | |
.data | 0x22000 | 0x30c0 | 5632 | c5c9b70d1fbe0cb0f1d48ea41ef1cd0da70d708d | 2fe51a72ede820cd7cf55a77ba59b1f4 | |
.rsrc | 0x26000 | 0x4b584 | 308736 | f38d5d84ef43d1cc98cf0bc9ea142ff48b5e7244 | 73fde6052f6d1da500fc3bcc31db59f7 |
PE Resources 5
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x4c1e4 | 1128 | |
RT_RCDATA | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x70f98 | 32 | |
RT_GROUP_ICON | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x70ff8 | 132 | |
RT_VERSION | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x7107c | 794 | |
RT_MANIFEST | LANG_NEUTRAL | SUBLANG_NEUTRAL | 0x71398 | 490 |
Meta infos 11
LegalCopyright: | Plectra Corp. 2017 |
Assembly Version: | 28.81.47.0 |
InternalName: | Indexation.exe |
FileVersion: | 26.60.52 |
CompanyName: | Plectra |
Comments: | Eyelashes App |
ProductName: | |
ProductVersion: | 26.60.52 |
FileDescription: | Plectra |
Translation: | 0x0000 0x04b0 |
OriginalFilename: | Indexation.exe |
Packers detected 2
Microsoft Visual C++ 8 |
VC8 -> Microsoft Corporation |
Anti debug functions 5
GetLastError |
IsDebuggerPresent |
RaiseException |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Library |
KERNEL32.dll |
mscoree.dll |
USER32.dll |
OLEAUT32.dll |
ole32.dll |
Import functions
Name | Latest seen | MD5 |
---|---|---|
notepad.exe | 2022-09-09 15:16:02 | 6bf5488cbc8b5475997c8f9feb9b80f6 |
microsoft.exe | 2022-10-23 20:23:04 | 9f3c5b6fa2a40d0d97d82d1f509b7168 |
data64_2.exe | 2022-11-20 09:03:03 | 07b50673f04622d62836838790613452 |
data64_1.exe | 2022-11-20 10:06:02 | ebef6f629d4dd92f8c4714b4f9693642 |
data64_3.exe | 2022-11-20 10:09:02 | 27b8430e57ed40e3c090e662233a10eb |
ZydSimple.exe | 2023-01-16 18:42:31 | 207cc906a41b0ac0b673e6b54191dae8 |
.NetFramework.exe | 2023-06-22 19:16:03 | b8bee86a938a8b2245aa9343077958a6 |
fee.exe | 2024-05-19 01:25:03 | 38531b2b0413ec8925c2ab8d9755d24b |
MyCheckBack.exe | 2024-05-25 17:01:05 | 58d9da67f31be50170dadd4ff9a837ad |
GGWS_UPLOAD.exe | 2024-05-27 20:09:08 | cbaa1a61c93704f1540e48a8dd9bac14 |
STHealthClient.exe | 2024-05-25 18:28:08 | 70ab645e72548443cea20ffd8005dc1a |
STHealthUp.exe | 2024-05-26 00:04:04 | e78473bca17b8e1e7353570719b5ad0c |
STHealthUpdate.exe | 2024-05-27 10:08:06 | 6f5df1cb4767052b0b77e4e93fdda84d |
STHealthUpload.exe | 2024-05-27 11:01:05 | 26c7da49199c31fcfe179cee64b89116 |
STHealthBQ.exe | 2024-05-27 11:02:05 | e67f683eac76d370334f3fdf51aa430a |
66cf56ae6e345_ColeusesWalkathon.exe | 2024-10-04 23:14:02 | afed25699b68eb6b0d7fa7fa382c55b7 |
systems.exe | 2024-09-02 00:53:01 | 454a942056f6d69c4a06ffedffea974a |
66e464075714d_otr.exe | 2024-10-05 10:54:02 | 39792b5d0b6a20c9216623181135f397 |
%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe | 2024-09-23 13:37:05 | a30cc69a6a902257d633dba5653ca990 |
66e463dc5d817_cry.exe#kiscrmega | 2024-10-06 09:40:02 | 338e222dbbbe3d87219fc2ba4e6936da |
66e014584fcee_w2.exe#ww2metakis | 2024-09-28 02:21:02 | d11952cce9c0e9a38a52fbf887e96681 |
66e014874bec8_w9.exe | 2024-10-05 00:24:02 | d6c976ddbf72de3a56834b7583f7f7cc |
66e805302f63c_otr.exe | 2024-10-05 12:19:02 | d3d2aafaf86262baa7528e397f1ce761 |
66e80492300c8_cry.exe | 2024-10-05 11:18:02 | fef7cb7c3bd0e8204e3e7fecc544e6e6 |
ped.exe | 2024-10-04 19:12:15 | 101a98643dbcbf0c0c02d45b8126a590 |