pdfreader.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 41/67 Related 4
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 1858.62 KB (1903225 bytes)
Compile time: 2019-04-27 10:22:11
MD5: 29944debca2c9332c29b8994f343a757
SHA1: dc32af16eff2f7bfc6c746fcfb04fdbdad9ef15d
SHA256: 6eb3d7b8bc44b2d366389567974c9d225a998ce9b5ed7a75bcff49cce914601b
Import hash: eb5bc6ff6263b364dfbfb78bdb48ed59
Sections 10 .text .itext .data .bss .idata .didata .edata .tls .rdata .rsrc
Directories 4 import export resource tls
First submission: 2019-12-10 17:27:07
Last submission: 2019-12-10 17:27:07
Filename detected: - pdfreader.exe (1)
URL file hosting
hXXp://pdfaide.com/pdfreader.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-12-09 16:07:56 [41/67] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0xa50e0 676352 d2d65fadb7b1be676e1248ab404382da 53efa4d92796992961bb4a6adab21557aafe9135
.itext 0xa7000 0x1668 6144 73e002411a8e0d309143a3e055e89568 663a016faf2f832ef4bcdca53059b8b2a0c2a0fd
.data 0xa9000 0x37a4 14336 43e7b93b56ed2b1f2c341832da76e1f0 f935030d05c5b262f2db3a83687434bb3ec42296
.bss 0xad000 0x676c 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.idata 0xb4000 0xf1c 4096 daddecfdccd86a491d85012d9e547c63 f367f6a2458e60a453aff3785c35bb7410780012
.didata 0xb5000 0x1a4 512 be0581a07bd7d21a29f93f8752d3e826 eda85c8f9bed972f5b31f8d22c2096155892382c
.edata 0xb6000 0x9a 512 57cd71ca96fdc064696777e5b35cf0bb a82f8ec41683a79a59c24dcae41209a835ed4f3e
.tls 0xb7000 0x18 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rdata 0xb8000 0x5d 512 967e84eb6ac477621cd1643650d7bc91 937a4109f2e23f0e166f6653f0e645744a2deace
.rsrc 0xb9000 0x748c 30208 d1fde4e68facb6c142ea9b55af30505b 18e417af48efeedfab9c1d749ae6787b78ffab8d
  • API Alert
  • Anti Debug
  • PE Exports: pdfreader.exe
    • 0x453abc
      TMethodImplementationIntercept
    • 0x40d3dc
      __dbk_fcall_wrapper
    • 0x4b063c
      dbkFCallWrapperAddr
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Borland Delphi 3.0 (???)
Borland Delphi 4.0
File found
FIle type: Library
USERENV.dll
ntmarta.dll
comres.dll
propsys.dll
KERNEL32.dll
OLEAUT32.dll
cryptbase.dll
UxTheme.dll
OLEACC.dll
profapi.dll
VERSION.dll
dwmapi.dll
apphelp.dll
clbcatq.dll
SHELL32.dll
SETUPAPI.dll
USER32.dll
Netapi32.dll
comctl32.dll
ADVAPI32.dll
IP Found
No IP detected
URL(s)
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline

#infosec #automation

TheSystem Itself @ 2019-12-10 17:27:09