qcoin135.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 36/56 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 295.50 KB (302592 bytes)
Compile time: 2018-01-02 17:46:24
MD5: 17cda33d988a252dc62e7038d774786b
SHA1: ff356c3a8e15a5b9d37a8535729feeb18edc4340
SHA256: 87c2147ce3291448f694540763a18de0e10f3c66af3a121e03dbd0bee870151c
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 07:54:12
Last submission: 2019-01-22 07:54:12
Filename detected: - qcoin135.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/qcoin/qcoin135.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-22 04:41:39 [36/56] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x4924f 300032 912fd670067464726992ea384c662e18 d383d8380f07113f2dc58f3faa817f57681cfc5f
.rsrc 0x4c000 0x57e 1536 9ede1e5f9ce0b1623347fe4093417a96 5fb4c4ed58d4a48c99606894436c0ea775c5b592
.reloc 0x4e000 0xc 512 9cf8654df5c820fccec9d8f398bc18a4 54b6991765e51663ddd9e0f59126d6bdea476daa
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: Text
(*.txt)|*.txt
{0}{1:yyyy_MM_dd}.txt
FIle type: Library
mscoree.dll
IP Found
6.10.0.218
URL(s)
https://pay.qq.com/midas/minipay_v2/views/public/mb.shtml
https://aq.qq.com/cn2/safe_service/my_qbqd_prot
https://ssl.ptlogin2.qq.com/jump?clientuin=
https://my.pay.qq.com/cgi-bin/personal/balance_query_sortflow.cgi?items=qd,qb&_=0.00576352260087587
http://huafei.91yunma.cn/home/register
https://localhost.ptlogin2.qq.com:
http://mf.91yunma.cn/api/qcoin/index
https://ssl.ptlogin2.qq.com/login
https://pay.qq.com/ipay/login-proxy.html
http://huafei.91yunma.cn/login/sso?uid=
https://ssl.ptlogin2.qq.com/check
https://api.unipay.qq.com/v1/r/
http://rdm.91yunma.cn/api/upgrade/qcoin
https://aq.qq.com/cn2/safe_service/my_game_prot
https://ssl.ptlogin2.qq.com/ptqrshow?appid=11000101&e=2&l=M&s=3&d=72&v=4&t=0.775116815589233&pt_3rd_aid=0
https://ssl.ptlogin2.qq.com/ptqrlogin?
http://huafei.91yunma.cn/home/reset_pwd
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=11000101&target=self&style=40&s_url=https%3A%2F%2Fpay.qq.com%2Fipay%2Flogin-proxy.html

#infosec #automation

TheSystem Itself @ 2019-01-22 07:54:14