DigitalSide Threat Intel

%E9%AD%94%E6%99%B6.exe

First submission 2024-10-18 07:54:32

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
Mime type: application/x-dosexec
File size: 4586.07 KB (4696137 bytes)
Compile time: 2024-10-16 15:10:57
MD5: ffeb351ebb2c7c0d9733fd597b71c89d
SHA1: 4175db383cc4c6c6961d23d164f07ab5a34e4087
SHA256: 5fbdf7a1ecd981928440e5e288766613a81976dd3b3777fe52605f0a365e4d78
Sections 4 .text .rdata .data .rsrc
Directories 2 import resource

File features detected

Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR

URLs, FQDN and IP indicators 1

URL Host (FQDN/IP) Date Added
hXXp://112.74.185.5/%E9%AD%94%E6%99%B6.exe VirusTotal Report 112.74.185.5 VirusTotal Report 2024-10-18 07:54:32

PE Sections 0 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0xd84ce 888832 b0b5558ac8723da18256329491688ed6500b8938 022b566f34fc4da44baf056f48dbb982
.rdata 0xda000 0x40c818 4247552 6a04d6f0e7f1de31c86bd789ea4832975431d319 7b084332d71345d94619b97b0f5f4f75
.data 0x4e7000 0x69eca 98304 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x551000 0x9254 40960 da39a3ee5e6b4b0d3255bfef95601890afd80709 d41d8cd98f00b204e9800998ecf8427e

Packers detected 3

Microsoft Visual C++ v6.0
Microsoft Visual C++ 5.0
Microsoft Visual C++

Anti debug functions 1

VMCheck.dll

Strings analysis - File found

Text
*.txt
\Script.txt
345.txt
\Script\Script.txt
2.txt
3.txt
Library
SkinH_EL.dll
- Skin.dll
SHLWAPI.dll
OLEAUT32.dll
ADVAPI32.dll
dbghelp.dll
VERSION.dll
GDI32.dll
MPR.dll
WSOCK32.dll
USER32.dll
SHELL32.dll
\dbghelp.dll
WS2_32.dll
ntdll.dll
COMCTL32.dll
MSVCRT.dll
ole32.dll
AuroraGUIBase.dll
WININET.dll
MSIMG32.dll
AuroraWOCore.dll
LogicWorld.dll
KERNEL32.dll
OIS.dll
WINMM.dll
tolua++.dll
IPHLPAPI.DLL
AuroraGUILua.dll
MSVFW32.dll
COMDLG32.dll
AuroraWonderLand.dll
Effect.dll
RASAPI32.dll

Strings analysis - Possible IPs found 9

112.74.185.5
221.228.205.9
58.215.163.8
221.228.205.29
221.228.205.53
221.228.205.195
221.228.205.59
6.7.8.5
221.228.205.10

Strings analysis - Possible URLs found 5

http://www.eyuyan.com)
http://112.74.185.5/%E9%AD%94%E6%99%B6.exe
http://202020.ip138.com/
http://2024.ip138.com/
http://112.74.185.5/