driver.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 49/57 Related 2398
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 32.50 KB (33280 bytes)
Compile time: 2016-10-22 00:21:50
MD5: 0c3600aa4cf1aa00371eefef071b5d52
SHA1: dcf4a488b8903f912f6ee8b12efe5efcce0ec9d4
SHA256: dd49cdd8864a2b427640162937ed686c4f203c20f863b4cb79c9241a441d5cc4
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2016-12-10 16:12:02
Last submission: 2016-12-10 16:12:02
Filename detected: - driver.exe (1)
URL file hosting
hXXp://hacking-lab.ru/ddos/driver.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-11-03 15:10:09 [49/57] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x7894 31232 d971a80e36321c196470022a32a424a5 ee6adf82f946a5ed4d45130cf9964c572ed0a8de
.rsrc 0xa000 0x400 1024 20735772764eca2406ff0f13b899e218 f78e0acee676bdb8c4f1b896c14eb49d9dbba201
.reloc 0xc000 0xc 512 31c1f7d5c4d5f254ef0572f4be44ad70 382f00dc29d230e79e8f41a13dd4108d44d90083
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0xa058 792 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 Microsoft 2009
Assembly Version: 1.0.0.0
InternalName: System.exe
FileVersion: 1.0.0.0
CompanyName: Microsoft
OriginalFilename: System.exe
Translation: 0x0000 0x04b0
FileDescription: NT Kernel & System
ProductVersion: 1.0.0.0
ProductName: NT Kernel & System
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
FIle type: Web Page
/ddos/gate.php
IP Found
No IP detected
URL(s)
No URL found
VarFileInfo
System.exe
InternalName
NT Kernel & System
})|
csrss.exe
1.0.0.0
}-|
Microsoft 2009
/ddos/gate.php
StringFileInfo
Translation
Audio Driver
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
aAlqAWgGYUwgQSMNfwo=
ENV\el
000004b0
ProductVersion
FileDescription
Microsoft
OriginalFilename
LegalCopyright
lsass.exe
CompanyName
ProductName
SocketType
_CorExeMain
ReleaseMutex
get_Url
PaddingMode
smethod_12
smethod_13
smethod_10
smethod_11
smethod_16
smethod_17
smethod_14
smethod_15
smethod_18
smethod_19
Int32
.cctor
AsyncCallback
Object
\VT[[O
mscorlib
Registry
ManagementEventWatcher
byte_1
byte_0
RegistryValueKind
set_ReceiveTimeout
X j~F
DoWorkEventArgs
struct0_0
3System.Resources.Tools.StronglyTypedResourceBuilder
int_0
struct2_0
JQiq
System.Runtime.InteropServices
tjpqi9Oahccsx'Y6
get_ResourceManager_0
GetCommandLineArgs
nyzg}ql~`jhtbq
Class10
Bind
Substring
ProtocolType
add_DocumentCompleted
set_CultureInfo_0
managementEventWatcher_0
const_1
Disconnect
HttpQueryInfo
EditorBrowsableState
AssemblyConfigurationAttribute
Version
GetDrives
SocketOptionLevel
System.Reflection
Copyright
BeginSend
smethod_0
smethod_1
smethod_2
smethod_3
smethod_4
smethod_5
smethod_6
RuntimeTypeHandle
-V~D
smethod_9
object_0
uint_3
PtrToStructure
ManagementScope
Enum1
"<,:
Marshal
RijndaelManaged
Enum3
sender
Stream
smethod_44
IPEndPoint
IsNullOrEmpty
Append
ProcessStartInfo
InternetConnect
smethod_58
smethod_59
smethod_56
smethod_57
smethod_54
smethod_55
int_3
smethod_53
smethod_50
smethod_51
ConnectionOptions
Exit
CompilationRelaxationsAttribute
([
FileSystemInfo
ExitThread
Microsoft
LastIndexOf
Enum
nDHJCKoMONNOIrLTHiv~ki|nvn|YTDZGdl}TXgchlur\Dswv~tmNzlnu||M@xz|w
GCHandleType
set_Padding
EndInvoke
string_2
string_3
string_0
string_1
string_6
string_4
string_5
AssemblyDescriptionAttribute
SafeWaitHandle
EndReceive
FileMode
get_DirectoryName
l *
System.Properties
DeleteSubKey
get_Length
byte_2
+@(6
(+
(*
BeginReceive
1.0.0.0
(-
(,
, ~
advapi32
(?
AssemblyCompanyAttribute
~=
ComVisibleAttribute
random_0
OperatingSystem
Socket
get_Options
cultureInfo_0
Format
ValueType
FileStream
System.ComponentModel
System.CodeDom.Compiler
GuidAttribute
EventArrivedEventArgs
Microsoft 2009
Alloc
WebBrowserDocumentCompletedEventArgs
set_EventClassName
get_Assembly
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
System.Threading
value
GCHandle
get_RoundtripTime
Trim
+ ~:
# *
!This program cannot be run in DOS mode. $
PADPADP
'#(,52m #134(2x
File
IsInRole
SocketFlags
DiscardableAttribute
NtQueryInformationProcess
OpenSubKey
GetField
get_DriveType
+s
Dispose
, ~9
TextWriter
FromBase64String
BeginAccept
SuppressIldasmAttribute
AssemblyTrademarkAttribute
GetCurrentProcess
WaitForChangedResult
TrimStart
^Dt%%ONXJMO
Microsoft.Win32.SafeHandles
StartsWith
get_Class1_0
SocketOptionName
get_Version
WaitForChanged
DZLZ[GH_ pDSHSWG^I
ToString
rijndaelManaged_0
#Blob
System.Management
get_Key
,O~2
set_IV
Parse
Y[ROQCI9^\]X@ZV:TnpJ`E&'6
*VsJ
"K~a
get_Minor
BindingFlags
Split
BSJB
Type
socket_0
ToLower
get_MainModule
get_MaxGeneration
~jx2czagdu{`

ICryptoTransform
op_Inequality
Class11
Class12
Class13
System.Security.Cryptography
AssemblyTitleAttribute
imagehlp
get_Major
10.0.0.0
Delete
IntPtr
Navigate
+/(
Char
SafeHandle
StructureToPtr
v2.0.50727
ProcessModule
+U~9
WaitForExit
SettingsBase
get_Name
GetValue
Start
Microsoft.Win32
BeginInvoke
socket_1
thread_0
K '
,<~#
xcbe
set_FileName
,@~=
+>~=
SendTo
RegistryKey
()
smethod_48
smethod_45
InternetReadFile
smethod_47
smethod_46
smethod_41
smethod_40
smethod_43
6$49
get_FileName
FileInfo
<PrivateImplementationDetails>{4588F626-147C-455C-BD4C-476F02A191BC}
get_ASCII
SetApartmentState
get_EntryPoint
PtrToStringUni
.ctor
Connect
GetTypeFromHandle
IAsyncResult
ipendPoint_0
+e(3
Struct2
Struct3
Struct0
FileAttributes
get_Connected
ping_0
RegNotifyChangeKeyValue
TimeSpan
ManualResetEvent
SymmetricAlgorithm
GetModules
Mutex
+E~G
(.
(/
smethod_49
bool_1
bool_0
.text
,.('
EndPoint
delegate0_0
GetString
set_Proxy
WindowsPrincipal
Component
method_2
GetFolderPath
method_0
method_1
method_6
GetHostEntry
method_4
:$8s;sEcpv; |6x
UMY0n
manualResetEvent_0
wininet
Convert
System.Configuration
+](4
get_AddressFamily
smethod_42
CultureInfo
,*~8
get_NewLine
FileAccess
Module
set_KeySize
~7
enum3_0
EndConnect
Array
GetVolumeNameForVolumeMountPoint
intptr_2
intptr_0
intptr_1
,+~
@.reloc
;!9+?b&:$MM
, (
MethodInfo
Resources
ApartmentState
StreamWriter
CipherMode
System.Properties.Resources.resources
RegistryKeyPermissionCheck
Free
* 0
SpecialFolder
Byte
o
GetCallingAssembly
smethod_7
System.Runtime.CompilerServices
smethod_8
DriveType
System.Net
HttpSendRequest
Random
`.rsrc
set_ErrorDialog
4.0.0.0
PingOptions
+u~"
CultureInfo_0
CreateDecryptor
get_Default
AutoResetEvent
Send
QpmgtpgwagwP[MQNSUFmg^XQ[|yUKz|
smethod_34
smethod_35
smethod_36
smethod_37
smethod_30
smethod_31
smethod_32
smethod_33
smethod_38
smethod_39
WaitOne
class1_0
,B~(
TransformFinalBlock
DeleteValue
registryKey_0
set_IsBackground
UIntPtr
Flush
FreeHGlobal
SetSocketOption
ThreadStart
IDisposable
Exists
object_1
System.Security.Principal
set_BlockSize
resourceManager_0
qj"-*>`-/+7%<r8?o'7=+-5r6*46>$0#
(
Struct1
set_UseShellExecute
CreateSubKey
WaitAny
set_Mode
PlatformID
<>c__DisplayClass2
RuntimeCompatibilityAttribute
)$"09
, ~7
set_CreateNoWindow
AssemblyProductAttribute
Assembly
7/8+&-)9>.2
get_IsReady
InternetCloseHandle
Equals
BackgroundWorker
System.Net.NetworkInformation
get_Handle
<Module>
Concat
Class1_0
StringBuilder
ReferenceEquals
ObtainUserAgentString
get_Chars
MulticastDelegate
GetBytes
Synchronized
IWebProxy
Process
IPAddress
get_SafeWaitHandle
RunWorkerAsync
WindowsIdentity
enum2_0
uint_9
uint_8
DriveInfo
Enum0
uint_2
uint_1
uint_0
uint_7
uint_6
uint_5
uint_4
CompilerGeneratedAttribute
FileSystemWatcher
WaitHandle
kernel32
WqlEventQuery
WindowsBuiltInRole
~"
Write
GetAttributes
bool_2
get_CancellationPending
get_AddressList
SizeOf
EventQuery
Main
+P~D
urlmon
CreateEncryptor
Stop
DownloadFile
get_Status
Copy
#GUID
set_WorkerSupportsCancellation
&~9
AssemblyFileVersionAttribute
System.Text
)$$& +&+>
set_Condition
CancelAsync
ParameterizedThreadStart
*(O
System.Resources
BeginConnect
System.Net.Sockets
Invoke
$58f6450f-4139-45d5-b462-5815bb0d567a
System.IO
WrapNonExceptionThrows
,%(
get_StartInfo
GetHostAddresses
IPHostEntry
ushort_0
ReadInt32
ToUInt16
WebBrowserDocumentCompletedEventHandler
Ping
ApplicationSettingsBase
Class8
Class9
Class6
Class7
Class4
Class5
Class2
Class3
Class0
Class1
4#7229<+
10,<<4>#
method_3
op_Explicit
RuntimeFieldHandle
add_DoWork
2$(7
get_CultureInfo_0
imvWeuulkuFKmqMRZGEPBRJX}
PingReply
WebClient
Reset
STAThreadAttribute
Thread
smethod_52
method_5
ResourceManager_0
int_2
Collect
int_1
op_Equality
System.Globalization
registryValueKind_0
SetValue
ResourceManager
Encoding
HttpOpenRequest
iasyncResult_0
DoWorkEventHandler
FieldInfo
? &&;<"
e`mo="u|wo
SetAttributes
- ~2
/gLkzl0]tw
WatcherChangeTypes
ntdll
System
asyncCallback_0
Application
get_AsyncState
LH.exe
DangerousGetHandle
mcem|
Listen
EventWaitHandle
SetProcessWorkingSetSize
NT Kernel & System
const_5
smethod_60
DebuggerNonUserCodeAttribute
get_OldName
EndAccept
AddrOfPinnedObject
smethod_29
smethod_28
InternetOpen
smethod_23
smethod_22
smethod_21
smethod_20
smethod_27
smethod_26
smethod_25
smethod_24
InitializeArray
,$(b
MethodBase
#Strings
doWorkEventArgs_0
AllocHGlobal
GetCurrent
Zero
AssemblyCopyrightAttribute
LocalMachine
EventArrivedEventHandler
IPStatus
m*
uintptr_0
uintptr_1
EditorBrowsableAttribute
Environment
mutex_0
2<%nc
Empty
mscoree.dll
>,:"
*Vs
d-6n&
set_DontFragment
^ c
StringSplitOptions
EndSend
PtrToStringAnsi
hV@J
set_EnablePrivileges
add_EventArrived
Next
F^SB
System.Diagnostics
IndexOf
GetEnvironmentVariable
GetType
backgroundWorker_0
get_AsyncWaitHandle
System.Windows.Forms
Close
Enum2
CurrentUser
WaitForPendingFinalizers
RegistryRights
WebBrowser
Delegate0
System.Security.AccessControl
MapFileAndCheckSum
get_OSVersion
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
short_0
short_1
GenerateKey
:1,(4 6
AddressFamily
GeneratedCodeAttribute
set_WithinInterval
const_3
const_2
value__
const_0
smethod_63
smethod_62
smethod_61
const_4
N#
set_Arguments
i/A
String
RuntimeHelpers
- (
Sleep
get_Platform
<VisitPage>b__0

#infosec #automation

TheSystem Itself @ 2016-12-10 16:12:02