35.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 28/57 Related 2132
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 8.00 KB (8192 bytes)
Compile time: 2016-12-08 01:33:49
MD5: 0208232d13502e68dec5c07d41911c9b
SHA1: 16eb9cd6c5bb66349d539d86cdd3943f5df4d110
SHA256: b5281b50c0df43deba9a1386c17ba80b51a2c36a2850fdb59a2e1b32baa819b4
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2016-12-09 17:36:02
Last submission: 2016-12-09 17:36:02
Filename detected: - 35.exe (1)
URL file hosting
hXXp://doopriv8.info/35.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-12-09 15:22:15 [28/57] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x15ef 5632 8cd19ed435ba12af4d13ec86b02eb8ac c985b330bad4e321f987a19813634a963ab67234
.rsrc 0x4000 0x572 1536 615bb33eaefa30fe219dd2d927bb413b ef0380324747460d1bdebf69c96a7447846581f1
.reloc 0x6000 0xc 512 a2b0e9d6dcfca4780cd892cce3d0934e ba718f2b2cdcb8eb89adccf9f9471e020126be1e
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x40a0 744 LANG_ENGLISH SUBLANG_ENGLISH_US
RT_MANIFEST 0x4388 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: (C) 2005 - 2013 eDisplay srl
InternalName: sendblaster3
FileVersion: 3.01.0006
CompanyName: eDisplay srl
ProductVersion: 3.01.0006
FileDescription: SendBlaster 3
Translation: 0x0409 0x04b0
OriginalFilename: sendblaster3.exe
ProductName: SendBlaster
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
6.9.0.114
URL(s)
No URL found
String too long
VGdpcnRpdHN6SGxraGtXOVJsazE=TaHR0cDovL2Rvb3ByaXY4LmluZm8vc21pdC5leGU7O2h0dHA6Ly9kb29wcml2OC5pbmZvL3NtaXQuZXhlOzs=
L.zk
{814a1c72-2afe-4b6e-9d3e-4b3b45a474ba}
VarFileInfo
SendBlaster 3
eDisplay srl
InternalName
StringFileInfo
Translation
FileVersion
VS_VERSION_INFO
sendblaster3.exe
3.01.0006
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
(C) 2005 - 2013 eDisplay srl
CompanyName
040904B0
sendblaster3
ProductName
SendBlaster
AxsEGfnuOHj
X +1
ToInt32
Dispose
@.reloc
get_UTF8
FromBase64String
set_WindowStyle
.cctor
AttributeUsageAttribute
Object
CompilationRelaxationsAttribute
mscorlib
String
SpecialFolder
Path
Byte
WebClient
checkConnection
, (
STAThreadAttribute
aIbBuayaeDaPkvoqrihCepfM
Thread
SmartAssembly.StringsEncoding
XEdma2J4QUxHMy5sb2c= Y21kLmV4ZQ==@Y21kIC9jIHBpbmcgMS4xLjEuMSAtbiAxIC13IDMwMDAgPiBOdWwgJiBEZWwgIg==
DMEThZCChglUBBzxFujJQVYHiMzsPtCi
System.Runtime.CompilerServices
-R~.
Form1
BUYXeYeLuNETcvcDsGqFVsVEfCh
System.Net
UnverifiableCodeAttribute
#Blob
Control
Start
ZCpkdDplDQcbChIAlRzOXCIgqTfJQQrZraf
Encoding
`.rsrc
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
PoweredByAttribute
Substring
eMxcUdsEBQiGHSpqijCcFSugnuiR
DoNotMoveAttribute
cacheStrings
SetAttributes
_-
bytes
AttributeTargets
System
Application
Split
FormWindowState
Ig==
TryGetValue
System.Reflection
Form
get_Location
_CorExeMain
GetTempPath
System.Text
GetManifestResourceStream
MustUseCache
hashtable
offset
LastIndexOf
Strings
#Strings
IDisposable
Exists
QrhdcapKGnPxttiIsPCviKy
get_FriendlyName
Char
Lw==
*BSJB
v2.0.50727
OffsetValue
ProcessStartInfo
bX~
set_ShowInTaskbar
set_FileName
stringID
System.Security
op_Equality
Environment
RuntimeCompatibilityAttribute
Program
Exit
Empty
GetExecutingAssembly
Assembly
hLMgdCuXDVONqlJFaFrdACh
System.Net.NetworkInformation
& ,
<Module>
yJsCXgTjYChbBOZnpslSSqVQmH
Concat
GetFolderPath
System.Collections.Generic
GetIsNetworkAvailable
35.exe
SuspendLayout
set_WindowState
get_Length
blHOvamHCMcgEhpTirLvhh
System.Diagnostics
Process
Attribute
GetAttributes
.ctor
System.Windows.Forms
NEHFaBIYufKrrdhmlaekpg
Close
GetEntryAssembly
FileAttributes
{814a1c72-2afe-4b6e-9d3e-4b3b45a474ba}
"Powered by SmartAssembly 6.9.0.114
ResumeLayout
Dictionary`2
Mutex
Main
.text
SkipVerification
VGdpcnRpdHN6SGxraGtXOVJsazE=TaHR0cDovL2Rvb3ByaXY4LmluZm8vc21pdC5leGU7O2h0dHA6Ly9kb29wcml2OC5pbmZvL3NtaXQuZXhlOzs=
GetString
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
Read
DownloadFile
ProcessWindowStyle
SetCompatibleTextRenderingDefault
#GUID
Delete
Stream
Convert
InitializeComponent
X (/
saxcGcDnRHagYIusUuTuQ
AppDomain
System.Threading
NetworkInterface
set_Arguments
DoNotPruneAttribute
get_CurrentDomain
SmartAssembly.Attributes
EnableVisualStyles
System.IO
mscoree.dll
!This program cannot be run in DOS mode. $
WrapNonExceptionThrows
PerformLayout
Intern
Sleep
File
get_StartInfo
AyIUTufHJBGtFoYItkRfH

#infosec #automation

TheSystem Itself @ 2016-12-09 17:36:02