MalScore
100/100

5d237dba2d036.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 38/56
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 434.50 KB (444928 bytes)
Compile time: 2019-07-08 19:28:52
MD5: 13e7e759433966e18676483e578a7351
SHA1: 05062ae0dc548e944132130d70eb52cca2801b33
SHA256: 1c36dc1d8de77d3309c09ea89cf0422daad3b3425ae79e671e5466832d6919f6
Import hash: 1690ce7b6502a302d03b40866c122225
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2019-08-14 11:24:11
Last submission: 2019-08-14 11:24:11
Filename detected: - 5d237dba2d036.exe (1)
URL file hosting
hXXp://src1.minibai.com/uploads/thirdupload/5d237dba2d036.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-08-10 10:10:35 [38/56] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x154a4 87552 f3f0b7cdd2dca6195257b30203725a42 67c58fcaab4e0696f6fdcda2887b11022ae072de
.rdata 0x17000 0x712e 29184 950edd4145071ded178bb55e53a17cd9 035932a0096c0311b0c5105a2d08db23826ad16e
.data 0x1f000 0x5418c 318976 66efa759704de6baaddaa68f97eb4465 27127359784f15c6378a67ed91b1346e3cdd7672
.rsrc 0x74000 0x568 1536 efe63c027c56b5702bb9b5f87a3d4c22 8daaae70ca2d8bd59048720c819d2b509fd5afa9
.reloc 0x75000 0x18c0 6656 237f800dde10919169bb832a17983610 ea884fa31b2995a502354560df9e5edf34cfe227
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C++ 8
VC8 -> Microsoft Corporation
File found
FIle type: Library
pepflashplayer.dll
mscoree.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
psapi.dll
WININET.dll
crypt32.dll
IP Found
2.5.4.11
29.0.0.171
URL(s)
http://
https://
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2019-08-14 11:16:45 2019-08-14 11:19:40 175

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven02_64 Seven02_64 VirtualBox 2019-08-14 11:16:45 2019-08-14 11:19:40 175

3 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2019-08-14 11:24:12