66e010f468498_otr.exe

First submission 2024-09-28 02:20:02 Last sumbission 2024-10-05 13:55:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 437.5 KB (448000 bytes)
Compile time: 2012-07-14 00:47:16
MD5: faaf13f6a1dd574396fea7e084504150
SHA1: fe3ae0ba88f77c13d1abfe4d4f06af758ea074d8
SHA256: d9ad4db21b4eaf691e7a27bcb995b238cde846ecd4536191fcce303fe76c2bed
Import Hash : bf5a4aa99e5b160f8521cadd6bfe73b8
Sections 4 .text .rdata .data .rsrc
Directories 3 import resource debug

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

OSINT Enrichments

Virus Total: 59/77 VT report date: 2024-09-18 04:34:45
Malware Type 2 trojan spyware
Threat Type 3 redline msil reline

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://males.mugutu.com/lopsa/66e010f468498_otr.exe VirusTotal Report males.mugutu.com VirusTotal Report 2024-10-05 13:55:06

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x19718 104448 633550284fa9888c02b518e35c09cdf0a149c8a8 f592271688c830fa8785494d0fb5f72c
.rdata 0x1b000 0x6db4 28160 ac050a1809ae127615e1683adb73d87013096d10 5826801f33fc1b607aa8e942aa92e9fa
.data 0x22000 0x30c0 5632 c5c9b70d1fbe0cb0f1d48ea41ef1cd0da70d708d 2fe51a72ede820cd7cf55a77ba59b1f4
.rsrc 0x26000 0x4b584 308736 f38d5d84ef43d1cc98cf0bc9ea142ff48b5e7244 73fde6052f6d1da500fc3bcc31db59f7

PE Resources 5

Name Language Sublanguage Offset Size Data
RT_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x4c1e4 1128
RT_RCDATA LANG_NEUTRAL SUBLANG_NEUTRAL 0x70f98 32
RT_GROUP_ICON LANG_NEUTRAL SUBLANG_NEUTRAL 0x70ff8 132
RT_VERSION LANG_NEUTRAL SUBLANG_NEUTRAL 0x7107c 794
RT_MANIFEST LANG_NEUTRAL SUBLANG_NEUTRAL 0x71398 490

Meta infos 11

LegalCopyright: Plectra Corp. 2017
Assembly Version: 28.81.47.0
InternalName: Indexation.exe
FileVersion: 26.60.52
CompanyName: Plectra
Comments: Eyelashes App
ProductName:
ProductVersion: 26.60.52
FileDescription: Plectra
Translation: 0x0000 0x04b0
OriginalFilename: Indexation.exe

Packers detected 2

Microsoft Visual C++ 8
VC8 -> Microsoft Corporation

Anti debug functions 5

GetLastError
IsDebuggerPresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Library
KERNEL32.dll
mscoree.dll
USER32.dll
OLEAUT32.dll
ole32.dll

Import functions

Name Latest seen MD5
notepad.exe 2022-09-09 15:16:02 6bf5488cbc8b5475997c8f9feb9b80f6
microsoft.exe 2022-10-23 20:23:04 9f3c5b6fa2a40d0d97d82d1f509b7168
data64_2.exe 2022-11-20 09:03:03 07b50673f04622d62836838790613452
data64_1.exe 2022-11-20 10:06:02 ebef6f629d4dd92f8c4714b4f9693642
data64_3.exe 2022-11-20 10:09:02 27b8430e57ed40e3c090e662233a10eb
ZydSimple.exe 2023-01-16 18:42:31 207cc906a41b0ac0b673e6b54191dae8
.NetFramework.exe 2023-06-22 19:16:03 b8bee86a938a8b2245aa9343077958a6
fee.exe 2024-05-19 01:25:03 38531b2b0413ec8925c2ab8d9755d24b
MyCheckBack.exe 2024-05-25 17:01:05 58d9da67f31be50170dadd4ff9a837ad
GGWS_UPLOAD.exe 2024-05-27 20:09:08 cbaa1a61c93704f1540e48a8dd9bac14
STHealthClient.exe 2024-05-25 18:28:08 70ab645e72548443cea20ffd8005dc1a
STHealthUp.exe 2024-05-26 00:04:04 e78473bca17b8e1e7353570719b5ad0c
STHealthUpdate.exe 2024-05-27 10:08:06 6f5df1cb4767052b0b77e4e93fdda84d
STHealthUpload.exe 2024-05-27 11:01:05 26c7da49199c31fcfe179cee64b89116
STHealthBQ.exe 2024-05-27 11:02:05 e67f683eac76d370334f3fdf51aa430a
66cf56ae6e345_ColeusesWalkathon.exe 2024-10-04 23:14:02 afed25699b68eb6b0d7fa7fa382c55b7
systems.exe 2024-09-02 00:53:01 454a942056f6d69c4a06ffedffea974a
66e464075714d_otr.exe 2024-10-05 10:54:02 39792b5d0b6a20c9216623181135f397
%E5%9B%9B%E6%96%B9%E5%B9%B3%E5%8F%B0-%E5%8D%A1%E5%95%86%E7%AB%AF.exe 2024-09-23 13:37:05 a30cc69a6a902257d633dba5653ca990
66e463dc5d817_cry.exe#kiscrmega 2024-10-06 09:40:02 338e222dbbbe3d87219fc2ba4e6936da
66e014584fcee_w2.exe#ww2metakis 2024-09-28 02:21:02 d11952cce9c0e9a38a52fbf887e96681
66e014874bec8_w9.exe 2024-10-05 00:24:02 d6c976ddbf72de3a56834b7583f7f7cc
66e805302f63c_otr.exe 2024-10-05 12:19:02 d3d2aafaf86262baa7528e397f1ce761
66e80492300c8_cry.exe 2024-10-05 11:18:02 fef7cb7c3bd0e8204e3e7fecc544e6e6
ped.exe 2024-10-04 19:12:15 101a98643dbcbf0c0c02d45b8126a590