MalScore
83.5/100

ebay.exe

Is DLL Packer Anti Debug Anti VM Signed XOR
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 1007.60 KB (1031784 bytes)
Compile time: 2019-03-15 10:30:48
MD5: 0204a510ed99c7a300e437ab1be667de
SHA1: 3d7e793eadc06a11058a8b02c159b279c9cb8739
SHA256: a5c7cb9055d882d47b52f63494042c2ad6f55c50eb0d3213fdde2c943a106107
Import hash: ce937af336b7b1786f5c98b66482c18c
Sections 5 .text .rdata .data .rsrc .reloc
Directories 6 import resource debug tls relocation security
Anti Virtual Machine 1 VMCheck.dll
First submission: 2019-03-16 00:57:11
Last submission: 2019-03-16 00:57:11
Filename detected: - ebay.exe (1)
URL file hosting
hXXp://[www].clinkupon.com/dewedwad/ebay.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 0 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0xce911 846336 2e9a463f23b7fae9d5d295cbd9f430d1 ca2fc5eeae69eeceaba561dbca5f1d64d25542e1
.rdata 0xd0000 0x1ef54 126976 9d63840edbb8ff49e05ba4204d92cc1c 796bc6240c6bbbd327a4128f1c77a4e8519600c6
.data 0xef000 0x3ddc 8704 74a7de4a2f19ce50b93c4e3871ddced7 9201b7398b94732aba394f2590558ed439187d2a
.rsrc 0xf3000 0x44b0 17920 f8013b5e8bb1081e821b0e94ed564ec8 dac6a8b1afaa169410f13bde470e6725d3d0da3b
.reloc 0xf8000 0x6828 27136 62f7d8b2bc7d2d1101ee7c7a6d873bff edfe27f61b1a2b8c8a72705e2415f43bfd5c0d8a
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 4266c1b697f78548e4181125dcf66eb4
SHA1: 6784bf3231514e4a2157af14c59aa42e47bfe0a4
Block Size: 3688
Virtual Address: 1028096
Packer(s)
Microsoft Visual C++ 8
VC8 -> Microsoft Corporation
File found
FIle type: Log
EasyLog.log
FIle type: Data
http://www.clinkccaddress.com/D/ChromeX86.dat
http://www.clinkccaddress.com/D/ChromeX64.dat
FIle type: Library
ntdll.dll
api-ms-win-core-synch-l1-2-0.dll
\err.dll
mscoree.dll
KERNEL32.dll
\winhttp.dll
WININET.dll
FIle type: Web Page
http://www.clinkccaddress.com/index.php
IP Found
No IP detected
URL(s)
https://www.facebook.com/settings?tab=account&section=email
http://ts-ocsp.ws.symantec.com07
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://www.clinkccaddress.com/D/ChromeX86.dat
http://www.clinkccaddress.com/index.php
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
https://www.facebook.com/payments/settings/payment_methods/?fb_dtsg_ag=
https://www.facebook.com/
https://graph.facebook.com/v3.0/act_
http://www.clinkccaddress.com/D/ChromeX64.dat
https://www.facebook.com/ads/manager/account_settings/account_billing/
https://www.facebook.com/bookmarks/pages?ref_type=logout_gear
https://www.facebook.com/settings
https://www.facebook.com/profile.php?sk=friends
https://www.facebook.com/settings?tab=payments&section=settings
http://ocsp.thawte.com0
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://www.clinkccaddress.com/index.php/Index/installresult
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2019-03-16 00:51:41 2019-03-16 00:54:47 186

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2019-03-16 00:51:41 2019-03-16 00:54:47 186

6 Summary items with data

Files

\??\PhysicalDrive0

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon assistant 1.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amazon assistant 1.0\Amazon assistant 1.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon assistant 2.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amazon assistant 2.0\Amazon assistant 2.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Look Picture Tool
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Look Picture Tool\Look Picture Tool
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\telezilla
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\telezilla\telezilla
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet
HKEY_CLASSES_ROOT\http\shell\open\command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ebayssistant 1.0

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\http\shell\open\command\(Default)

Write Keys

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon assistant 1.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amazon assistant 1.0\Amazon assistant 1.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon assistant 2.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Amazon assistant 2.0\Amazon assistant 2.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Look Picture Tool
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Look Picture Tool\Look Picture Tool
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\telezilla
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\telezilla\telezilla

Delete Keys

Nothing to display

Mutexes

yesterday

Resolved APIs

kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
kernel32.dll.FlsGetValue
kernel32.dll.LCMapStringEx
api-ms-win-core-synch-l1-2-0.dll.InitializeConditionVariable
api-ms-win-core-synch-l1-2-0.dll.SleepConditionVariableCS
api-ms-win-core-synch-l1-2-0.dll.WakeAllConditionVariable
kernel32.dll.FlsFree
kernel32.dll.InitOnceExecuteOnce
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.GetTickCount64
kernel32.dll.GetFileInformationByHandleEx
kernel32.dll.SetFileInformationByHandle
kernel32.dll.InitializeConditionVariable
kernel32.dll.WakeConditionVariable
kernel32.dll.WakeAllConditionVariable
kernel32.dll.SleepConditionVariableCS
kernel32.dll.InitializeSRWLock
kernel32.dll.AcquireSRWLockExclusive
kernel32.dll.TryAcquireSRWLockExclusive
kernel32.dll.ReleaseSRWLockExclusive
kernel32.dll.SleepConditionVariableSRW
kernel32.dll.CreateThreadpoolWork
kernel32.dll.SubmitThreadpoolWork
kernel32.dll.CloseThreadpoolWork
kernel32.dll.CompareStringEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetModuleFileNameW
kernel32.dll.FreeLibrary
kernel32.dll.CloseHandle
kernel32.dll.GetCommandLineW
kernel32.dll.GetTempPathA
kernel32.dll.GetTempPathW
kernel32.dll.GetTempFileNameA
kernel32.dll.WaitForSingleObject
kernel32.dll.Sleep
kernel32.dll.GetFileAttributesW
kernel32.dll.CreateDirectoryW
kernel32.dll.CreateMutexW
kernel32.dll.GetLastError
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Process32FirstW
kernel32.dll.OpenProcess
kernel32.dll.TerminateProcess
kernel32.dll.Process32NextW
kernel32.dll.CreateFileA
kernel32.dll.DeviceIoControl
kernel32.dll.CreateWaitableTimerW
kernel32.dll.SetWaitableTimer
kernel32.dll.GetNativeSystemInfo
kernel32.dll.GetVersionExW
kernel32.dll.GetSystemInfo
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.GetTickCount
kernel32.dll.DeleteFileA
kernel32.dll.DeleteFileW
kernel32.dll.CopyFileA
user32.dll.PeekMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
user32.dll.PostThreadMessageW
user32.dll.GetMessageW
user32.dll.GetInputState
user32.dll.GetSystemMetrics
user32.dll.GetWindowThreadProcessId
shell32.dll.SHGetSpecialFolderPathW
shell32.dll.ShellExecuteExW
shell32.dll.SHGetPathFromIDListA
shell32.dll.SHGetSpecialFolderLocation
urlmon.dll.URLDownloadToFileW
shlwapi.dll.PathFileExistsW
shlwapi.dll.SHGetValueW
shlwapi.dll.SHSetValueW
shlwapi.dll.PathFileExistsA
advapi32.dll.RegOpenKeyW
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegQueryValueExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExA
crypt32.dll.CryptUnprotectData
wininet.dll.InternetCloseHandle
wininet.dll.InternetSetOptionW
wininet.dll.InternetConnectA
wininet.dll.HttpSendRequestA
wininet.dll.InternetOpenA
wininet.dll.InternetReadFile
wininet.dll.InternetSetOptionA
wininet.dll.InternetCrackUrlA
wininet.dll.HttpOpenRequestA
wininet.dll.InternetQueryDataAvailable
wininet.dll.HttpQueryInfoA
wininet.dll.HttpAddRequestHeadersA
wininet.dll.InternetGetCookieA
ntdll.dll.RtlGetNtVersionNumbers

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display