20a.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 26/57 Related 2600
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 8.00 KB (8192 bytes)
Compile time: 2016-12-08 01:34:30
MD5: 089f6d5057bc6234c94d81142aadf430
SHA1: e7a7e919e5a6d36017fe5b2677a0d1e3d79fee3e
SHA256: 16c26f67e5ced92112f51d7498daef0b6564007330b7e137940a3285aae78f0f
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2016-12-09 17:30:03
Last submission: 2016-12-09 17:30:03
Filename detected: - 20a.exe (1)
URL file hosting
hXXp://doopriv8.info/20a.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-12-09 15:22:15 [26/57] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x1617 6144 3d84b79ea61b339aad356b86ac04026b d9dccec1e7d8dfe9e6139e303707b52fabef09b9
.rsrc 0x4000 0x340 1024 e6a1059f97a6429cbbbba3911c163d5e 03cb691ae4ad50f2c51a21468ab4f26e25a75ce9
.reloc 0x6000 0xc 512 7eacae7091003d7b319b131667e49ffc 99be172b91a9fd0b86a5fb00768bdb9ca292d931
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x4058 744 LANG_ENGLISH SUBLANG_ENGLISH_US
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: (C) 2005 - 2013 eDisplay srl
InternalName: sendblaster3
FileVersion: 3.01.0006
CompanyName: eDisplay srl
ProductVersion: 3.01.0006
FileDescription: SendBlaster 3
Translation: 0x0409 0x04b0
OriginalFilename: sendblaster3.exe
ProductName: SendBlaster
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
6.9.0.114
URL(s)
No URL found
String too long
VGdpcnRpdHN6SGxraGtXOVJsazE=|aHR0cDovL2Rvb3ByaXY4LmluZm8vc21pdC5leGU7O2h0dHA6Ly9kb29wcml2OC5pbmZvL3NtaXQuZXhlOztodHRwOi8vZG9vcHJpdjguaW5mby9zbWl0LmV4ZTs7
L.zk
VarFileInfo
SendBlaster 3
eDisplay srl
InternalName
StringFileInfo
Translation
{00080ed9-95dc-4c78-bb86-aeb6b25af554}
FileVersion
VS_VERSION_INFO
sendblaster3.exe
3.01.0006
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
(C) 2005 - 2013 eDisplay srl
CompanyName
040904B0
sendblaster3
ProductName
SendBlaster
AxsEGfnuOHj
X +1
ToInt32
Dispose
@.reloc
get_UTF8
FromBase64String
set_WindowStyle
.cctor
AttributeUsageAttribute
Object
CompilationRelaxationsAttribute
mscorlib
String
SpecialFolder
Path
Byte
WebClient
checkConnection
, (
{00080ed9-95dc-4c78-bb86-aeb6b25af554}
STAThreadAttribute
aIbBuayaeDaPkvoqrihCepfM
Thread
SmartAssembly.StringsEncoding
DMEThZCChglUBBzxFujJQVYHiMzsPtCi
System.Runtime.CompilerServices
-R~.
Form1
BUYXeYeLuNETcvcDsGqFVsVEfCh
System.Net
UnverifiableCodeAttribute
#Blob
Control
VGdpcnRpdHN6SGxraGtXOVJsazE=|aHR0cDovL2Rvb3ByaXY4LmluZm8vc21pdC5leGU7O2h0dHA6Ly9kb29wcml2OC5pbmZvL3NtaXQuZXhlOztodHRwOi8vZG9vcHJpdjguaW5mby9zbWl0LmV4ZTs7
Start
ZCpkdDplDQcbChIAlRzOXCIgqTfJQQrZraf
Encoding
`.rsrc
System.Security.Permissions.SecurityPermissionAttribute, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
PoweredByAttribute
Substring
eMxcUdsEBQiGHSpqijCcFSugnuiR
DoNotMoveAttribute
cacheStrings
SetAttributes
_-
bytes
AttributeTargets
System
Application
Split
FormWindowState
Ig==
TryGetValue
System.Reflection
Form
get_Location
_CorExeMain
GetTempPath
System.Text
GetManifestResourceStream
MustUseCache
hashtable
offset
LastIndexOf
Strings
#Strings
IDisposable
Exists
QrhdcapKGnPxttiIsPCviKy
get_FriendlyName
Char
Lw==
*BSJB
v2.0.50727
OffsetValue
ProcessStartInfo
bX~
set_ShowInTaskbar
set_FileName
stringID
System.Security
op_Equality
Environment
RuntimeCompatibilityAttribute
Program
Exit
Empty
GetExecutingAssembly
Assembly
hLMgdCuXDVONqlJFaFrdACh
System.Net.NetworkInformation
& ,
<Module>
yJsCXgTjYChbBOZnpslSSqVQmH
Concat
GetFolderPath
System.Collections.Generic
GetIsNetworkAvailable
SuspendLayout
set_WindowState
get_Length
blHOvamHCMcgEhpTirLvhh
System.Diagnostics
Process
Attribute
GetAttributes
.ctor
System.Windows.Forms
NEHFaBIYufKrrdhmlaekpg
Close
GetEntryAssembly
FileAttributes
XFVyeDZLY1A0Mi5sb2c= Y21kLmV4ZQ==@Y21kIC9jIHBpbmcgMS4xLjEuMSAtbiAxIC13IDMwMDAgPiBOdWwgJiBEZWwgIg==
"Powered by SmartAssembly 6.9.0.114
ResumeLayout
Dictionary`2
Mutex
Main
.text
SkipVerification
GetString
Read
20a.exe
DownloadFile
ProcessWindowStyle
SetCompatibleTextRenderingDefault
#GUID
Delete
Stream
Convert
InitializeComponent
X (/
saxcGcDnRHagYIusUuTuQ
AppDomain
System.Threading
NetworkInterface
set_Arguments
DoNotPruneAttribute
get_CurrentDomain
SmartAssembly.Attributes
EnableVisualStyles
System.IO
mscoree.dll
!This program cannot be run in DOS mode. $
WrapNonExceptionThrows
PerformLayout
Intern
Sleep
File
get_StartInfo
AyIUTufHJBGtFoYItkRfH

#infosec #automation

TheSystem Itself @ 2016-12-09 17:30:03