MalScore
40/100

WindBot.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 25/66 Related 2235
File details Download PDF Report
File type: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 644.50 KB (659968 bytes)
Compile time: 2018-08-25 22:56:15
MD5: 0d003c5e2db9135c384ccefb782a5cf4
SHA1: 5755b35eef270f37faff5f09ce9b47944d891295
SHA256: 506c5a1f52f824bfcda22ab8e3aa01269a8e9709b147eb29caa24e3acf620490
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-10-29 03:18:12
Last submission: 2018-10-29 03:18:12
Filename detected: - WindBot.exe (1)
URL file hosting
hXXp://ygosvrjp.ddns.net/update/WindBot/WindBot.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-10-28 08:56:52 [25/66] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x5e474 386560 8d90b92a56d1e265952a38fef89268b0 8753a27420c9be18c5f0d8195c15bc1d14fc8fe2
.rsrc 0x62000 0x426b4 272384 92049280123526873d49c256e5b433a9 540ff8b9ec325b6691fb399ddab25e3abcc0f0e8
.reloc 0xa6000 0xc 512 24d379eab7563d0d766df868d0a2f3cd 2e62c15940e001178977fcae36472d2f2623fcc5
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
mscoree.dll
IP Found
127.0.0.1
URL(s)
http://127.0.0.1:
http://+:
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2018-10-29 03:10:32 2018-10-29 03:10:32

0 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-10-29 03:18:14