pered.exe

First submission 2024-07-26 01:57:03 Last sumbission 2024-09-01 23:59:02

File details

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Mime type:	application/x-dosexec
File size:	11169.85 KB (11437924 bytes)
Compile time:	2024-07-25 16:00:16
MD5:	faf1270013c6935ae2edaf8e2c2b2c08
SHA1:	d9a44759cd449608589b8f127619d422ccb40afa
SHA256:	1011889e66c56fd137bf85b832c4afc1fd054222b2fcbaae6608836d27e8f840
Import Hash :	a6cec5b1a631d592d80900ab7e1de8df
Sections 7	.text .rdata .data .pdata _RDATA .rsrc .reloc
Directories 4	import resource debug relocation

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

OSINT Enrichments

Virus Total:	8/79 VT report date: 2024-07-25 23:32:31

URLs, FQDN and IP indicators 1

URL	Host (FQDN/IP)	Date Added
hXXps://meticulousfinance.top/inc/pered.exe	meticulousfinance.top	2024-09-01 23:59:04

PE Sections 1 suspicious

Name	VAddress	VSize	Size	SHA1	MD5
.text	0x1000	0x28720	165888	e4a68f1b7a5590eedd6e14edc56806c8fc90ee7e	bde1e371902cf81ea9be7e3f95382cfd
.rdata	0x2a000	0x12a9e	76800	43cd2712d0ff1d0b67c869e4f7f6b98b1f5c2531	7c82554272ff55e21ababb1ca44b86b3
.data	0x3d000	0x103e8	3584	f64ecee3fa8884abfb5989486daed448f331e775	baf7e08c61eeb50b5a3978422561c938
.pdata	0x4e000	0x20c4	8704	df2656553c01f8594fc3f9df7a73d2fcd03fbf72	306be8c7742d2c9622517b124ebf3ac1
_RDATA	0x51000	0x15c	512	f35f173d4274d20980dfef0a6f46ce9064d4cf0e	e9000b5de7c8ee475c9ff9bfd52a2223
.rsrc	0x52000	0xf4a0	62976	5abcc3a42410d482147c92bcfc7dc8128a3a7bd3	2508ecb87b352f8ffb867f41ca7a6464
.reloc	0x62000	0x758	2048	31549301083f61b8fdf8df1671f67eef09df21f7	bc11f54c2d33adf3a95c6af00e70eb22

PE Resources 3

Name	Language	Sublanguage	Offset	Size	Data
RT_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x60a3c	1128	PE Resource: RT_ICON - Data ( X8 a@ZJ6fffXXXCCC///\|bA$ Se i'j{Zp;n9Z&?Zi'l-wZNNq;^ l-o3}NNNo8b&o3s8MNLl4ze+K{FvH}XfsNLKf-ae2o?pGJrvfUI["Hh5E5OULsd\|I/zJ5-D\]WUVf3X#N.HS]ZV~<f3a,h/HR]\U71w1g3/HR]\Z8?3s+k7/HTPQJDq&n:/G]Xqm T ,"@WQih~\'635e2 yM!#j<UndT-AAAAAAAAAAAAAAAA
RT_GROUP_ICON	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x60ea4	104
RT_MANIFEST	LANG_NEUTRAL	SUBLANG_NEUTRAL	0x60f0c	1426	PE Resource: RT_MANIFEST - Data <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity type="win32" name="pered-patched" processorArchitecture="amd64" version="1.0.0.0"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" language="" processorArchitecture="" version="6.0.0.0" publicKeyToken="6595b64144ccf1df"/> </dependentAssembly> </dependency> <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> <application> <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> </application> </compatibility> <application xmlns="urn:schemas-microsoft-com:asm.v3"> <windowsSettings> <longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware> </windowsSettings> </application> </assembly>

Name

Language

Sublanguage

Offset

Size

Data

RT_ICON

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x60a3c

1128

RT_GROUP_ICON

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x60ea4

104

RT_MANIFEST

LANG_NEUTRAL

SUBLANG_NEUTRAL

0x60f0c

1426

Packers detected 1

Microsoft Visual C++ 8.0 (DLL)

Anti debug functions 6

GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
TerminateProcess
UnhandledExceptionFilter

Strings analysis - File found

Compressed
base_library.zip
xbase_library.zip
Text
xcryptography-42.0.8.dist-info\top_level.txt
Library
mscoree.dll
ADVAPI32.dll
bapi-ms-win-core-file-l1-1-0.dll
bapi-ms-win-crt-math-l1-1-0.dll
ucrtbase.dll
bapi-ms-win-core-libraryloader-l1-1-0.dll
KERNEL32.dll
bapi-ms-win-core-localization-l1-2-0.dll
bapi-ms-win-crt-string-l1-1-0.dll
bapi-ms-win-core-errorhandling-l1-1-0.dll
COMCTL32.dll
bapi-ms-win-core-processthreads-l1-1-0.dll
bapi-ms-win-core-processthreads-l1-1-1.dll
bapi-ms-win-core-interlocked-l1-1-0.dll
bapi-ms-win-core-datetime-l1-1-0.dll
bapi-ms-win-core-profile-l1-1-0.dll
bapi-ms-win-crt-time-l1-1-0.dll
bapi-ms-win-crt-utility-l1-1-0.dll
bapi-ms-win-core-memory-l1-1-0.dll
bapi-ms-win-core-processenvironment-l1-1-0.dll
bapi-ms-win-crt-conio-l1-1-0.dll
bapi-ms-win-core-timezone-l1-1-0.dll
bapi-ms-win-core-synch-l1-1-0.dll
blibssl-1_1.dll
bapi-ms-win-core-debug-l1-1-0.dll
Bapi-ms-win-core-synch-l1-2-0.dll
bapi-ms-win-core-util-l1-1-0.dll
bapi-ms-win-crt-filesystem-l1-1-0.dll
bapi-ms-win-crt-convert-l1-1-0.dll
bapi-ms-win-crt-runtime-l1-1-0.dll
bapi-ms-win-core-rtlsupport-l1-1-0.dll
bucrtbase.dll
bapi-ms-win-crt-process-l1-1-0.dll
bapi-ms-win-core-handle-l1-1-0.dll
bpython310.dll
USER32.dll
b_pytransform.dll
blibcrypto-1_1.dll
bapi-ms-win-crt-stdio-l1-1-0.dll
bapi-ms-win-core-file-l2-1-0.dll
bapi-ms-win-crt-heap-l1-1-0.dll
bpython3.dll
6python310.dll
bapi-ms-win-core-file-l1-2-0.dll
bapi-ms-win-core-console-l1-1-0.dll
bapi-ms-win-core-heap-l1-1-0.dll
bapi-ms-win-core-string-l1-1-0.dll
bapi-ms-win-core-namedpipe-l1-1-0.dll
bapi-ms-win-crt-locale-l1-1-0.dll
bapi-ms-win-core-sysinfo-l1-1-0.dll
bapi-ms-win-crt-environment-l1-1-0.dll
bVCRUNTIME140.dll
GDI32.dll
blibffi-7.dll

Strings analysis - Possible URLs found 1

http://schemas.microsoft.com/SMI/2016/WindowsSettings

Import functions

ADVAPI32.dll 4 KERNEL32.dll 101 GDI32.dll 3 USER32.dll 17 COMCTL32.dll 1

Function	Address	Souspicious	Anti Debug
OpenProcessToken	0x14002a000
GetTokenInformation	0x14002a008
ConvertStringSecurityDescriptorToSecurityDescriptorW	0x14002a010
ConvertSidToStringSidW	0x14002a018

Function	Address	Souspicious	Anti Debug
IsValidCodePage	0x14002a058
GetStringTypeW	0x14002a060
GetFileAttributesExW	0x14002a068
HeapReAlloc	0x14002a070
FlushFileBuffers	0x14002a078
GetCurrentDirectoryW	0x14002a080
GetACP	0x14002a088
GetOEMCP	0x14002a090
GetModuleHandleW	0x14002a098
MulDiv	0x14002a0a0
GetLastError	0x14002a0a8
SetDllDirectoryW	0x14002a0b0
GetModuleFileNameW	0x14002a0b8
GetProcAddress	0x14002a0c0
GetCommandLineW	0x14002a0c8
GetEnvironmentVariableW	0x14002a0d0
GetCPInfo	0x14002a0d8
ExpandEnvironmentStringsW	0x14002a0e0
CreateDirectoryW	0x14002a0e8
GetTempPathW	0x14002a0f0
WaitForSingleObject	0x14002a0f8
Sleep	0x14002a100
GetExitCodeProcess	0x14002a108
CreateProcessW	0x14002a110
GetStartupInfoW	0x14002a118
FreeLibrary	0x14002a120
LoadLibraryExW	0x14002a128
SetConsoleCtrlHandler	0x14002a130
FindClose	0x14002a138
FindFirstFileExW	0x14002a140
CloseHandle	0x14002a148
GetCurrentProcess	0x14002a150
LocalFree	0x14002a158
FormatMessageW	0x14002a160
MultiByteToWideChar	0x14002a168
WideCharToMultiByte	0x14002a170
GetEnvironmentStringsW	0x14002a178
FreeEnvironmentStringsW	0x14002a180
GetProcessHeap	0x14002a188
GetTimeZoneInformation	0x14002a190
HeapSize	0x14002a198
WriteConsoleW	0x14002a1a0
SetEndOfFile	0x14002a1a8
SetEnvironmentVariableW	0x14002a1b0
RtlUnwindEx	0x14002a1b8
RtlCaptureContext	0x14002a1c0
RtlLookupFunctionEntry	0x14002a1c8
RtlVirtualUnwind	0x14002a1d0
UnhandledExceptionFilter	0x14002a1d8
SetUnhandledExceptionFilter	0x14002a1e0
TerminateProcess	0x14002a1e8
IsProcessorFeaturePresent	0x14002a1f0
QueryPerformanceCounter	0x14002a1f8
GetCurrentProcessId	0x14002a200
GetCurrentThreadId	0x14002a208
GetSystemTimeAsFileTime	0x14002a210
InitializeSListHead	0x14002a218
IsDebuggerPresent	0x14002a220
SetLastError	0x14002a228
EnterCriticalSection	0x14002a230
LeaveCriticalSection	0x14002a238
DeleteCriticalSection	0x14002a240
InitializeCriticalSectionAndSpinCount	0x14002a248
TlsAlloc	0x14002a250
TlsGetValue	0x14002a258
TlsSetValue	0x14002a260
TlsFree	0x14002a268
EncodePointer	0x14002a270
RaiseException	0x14002a278
RtlPcToFileHeader	0x14002a280
GetCommandLineA	0x14002a288
CreateFileW	0x14002a290
GetDriveTypeW	0x14002a298
GetFileInformationByHandle	0x14002a2a0
GetFileType	0x14002a2a8
PeekNamedPipe	0x14002a2b0
SystemTimeToTzSpecificLocalTime	0x14002a2b8
FileTimeToSystemTime	0x14002a2c0
GetFullPathNameW	0x14002a2c8
RemoveDirectoryW	0x14002a2d0
FindNextFileW	0x14002a2d8
SetStdHandle	0x14002a2e0
DeleteFileW	0x14002a2e8
ReadFile	0x14002a2f0
GetStdHandle	0x14002a2f8
WriteFile	0x14002a300
ExitProcess	0x14002a308
GetModuleHandleExW	0x14002a310
HeapFree	0x14002a318
GetConsoleMode	0x14002a320
ReadConsoleW	0x14002a328
SetFilePointerEx	0x14002a330
GetConsoleOutputCP	0x14002a338
GetFileSizeEx	0x14002a340
HeapAlloc	0x14002a348
FlsAlloc	0x14002a350
FlsGetValue	0x14002a358
FlsSetValue	0x14002a360
FlsFree	0x14002a368
CompareStringW	0x14002a370
LCMapStringW	0x14002a378

Function	Address	Souspicious	Anti Debug
SelectObject	0x14002a038
DeleteObject	0x14002a040
CreateFontIndirectW	0x14002a048

Function	Address	Souspicious	Anti Debug
CreateWindowExW	0x14002a388
MessageBoxW	0x14002a390
MessageBoxA	0x14002a398
SystemParametersInfoW	0x14002a3a0
DestroyIcon	0x14002a3a8
SetWindowLongPtrW	0x14002a3b0
GetWindowLongPtrW	0x14002a3b8
GetClientRect	0x14002a3c0
InvalidateRect	0x14002a3c8
ReleaseDC	0x14002a3d0
GetDC	0x14002a3d8
DrawTextW	0x14002a3e0
GetDialogBaseUnits	0x14002a3e8
EndDialog	0x14002a3f0
DialogBoxIndirectParamW	0x14002a3f8
MoveWindow	0x14002a400
SendMessageW	0x14002a408

Function	Address	Souspicious	Anti Debug
None	0x14002a028

Name	Latest seen	MD5
scrd.exe	2022-09-03 17:52:06	5d827372fe226a2ae4e2ababebaa0221
elevated.exe	2022-09-26 10:44:02	8a32017e36960f365076023db2432821
obf.exe	2022-11-21 23:44:02	def004932329421183edb964d150dc2f
new.exe	2022-11-26 11:07:07	51c6a3db5320bbe73f6c4afc29a7725d
new33.exe	2022-11-26 11:37:03	f41e454bd8f94376f0fe048abfe9b593
ms.exe	2023-01-24 19:38:32	253b78e6b07ba74dd5bab6c546189449
py.exe	2023-01-30 14:09:32	f48085b102f5144a388e08592e673861
testdamned.exe	2023-04-30 07:55:05	6c56c4158826328c3e14422e9e54fbf8
dc.exe	2023-06-19 09:45:05	a1dc3e2f998031a7c96685e6571f4f5f

pered.exe

File details

File features detected

OSINT Enrichments

URLs, FQDN and IP indicators 1

PE Sections 1 suspicious

PE Resources 3

Packers detected 1

Anti debug functions 6

Strings analysis - File found

Strings analysis - Possible URLs found 1

Import functions

Related files by ImpHash 9 a6cec5b1a631d592d80900ab7e1de8df