qcoin142.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 38/72 Related 2600
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 296.50 KB (303616 bytes)
Compile time: 2018-04-11 12:35:43
MD5: 1d5ba6bd6feb0456ade6b15113f53847
SHA1: 8028af96ae65b5ced430a5b0ef2facce56685042
SHA256: 52803e20675f8a827d186b55a0bdd4cbdf2031d30e89e99e16a2422b84f9add4
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 08:21:08
Last submission: 2019-01-22 08:21:08
Filename detected: - qcoin142.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/qcoin/qcoin142.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-20 21:06:26 [38/72] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x497b3 301056 8cb2a882758f64f612b6cf80eec01557 3eb29d6f51130afce64155158cbf06a0e40535f9
.rsrc 0x4c000 0x57e 1536 c195f675ee1ee7dea6c0098bbd70c534 b73bb88d084e3048d0f51c5a251e731689d73cd4
.reloc 0x4e000 0xc 512 907f78d8d383f9ce16f660b2b19ac480 bd2a45bbf9128b133c6064f04ae536e13d574cb0
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: Text
{0}{1:yyyy_MM_dd}.txt
FIle type: Library
mscoree.dll
IP Found
6.10.0.218
URL(s)
https://api.unipay.qq.com/v1/r/1450000238/wechat_query
https://aq.qq.com/cn2/safe_service/my_qbqd_prot
http://huafei.91yunma.cn/home/register
https://ssl.ptlogin2.qq.com/jump?clientuin=
https://api.unipay.qq.com/v1/r/
https://pay.qq.com/ipay/login-proxy.html
https://localhost.ptlogin2.qq.com:
https://ssl.ptlogin2.qq.com/ptqrlogin?
https://ssl.ptlogin2.qq.com/login
http://huafei.91yunma.cn/login/sso?uid=
https://ssl.ptlogin2.qq.com/check
https://pay.qq.com
https://pay.qq.com/midas/minipay_v2/views/public/mb.shtml
http://rdm.91yunma.cn/api/upgrade/qcoin
https://aq.qq.com/cn2/safe_service/my_game_prot
https://ssl.ptlogin2.qq.com/ptqrshow?appid=11000101&e=2&l=M&s=3&d=72&v=4&t=0.775116815589233&pt_3rd_aid=0
http://mf1.91yunma.cn/api/qcoin/index
http://huafei.91yunma.cn/home/reset_pwd
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=11000101&target=self&style=40&s_url=https%3A%2F%2Fpay.qq.com%2Fipay%2Flogin-proxy.html

#infosec #automation

TheSystem Itself @ 2019-01-22 08:21:10