client.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 52/66 Related 2714
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 349.00 KB (357376 bytes)
Compile time: 2019-10-31 20:04:15
MD5: 38e7599e8b64901bffd7f6553a4a68ee
SHA1: 4c169164ff61b2453f8239a248d5f5b158ebb1bf
SHA256: e807468cbf03c54db4bbddf075ce673d544d760109c678caf8ee9e9d725467e8
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-11-04 23:12:06
Last submission: 2019-11-04 23:12:06
Filename detected: - client.exe (1)
URL file hosting
hXXp://malicious.actor/client.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-11-04 16:06:15 [52/66] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x56774 354304 85a894f59727c64b6c84fb5394757fb9 e981a6adaff824578283b5db9730b75227e191b2
.rsrc 0x5a000 0x800 2048 ef563e9cf0ae4ee43a2bd30422daf865 ed9f5685cb91316ec4be7a505824509449bbfc9e
.reloc 0x5c000 0xc 512 5289a7cf9ec22b994b049a8274e70342 9f73ad0b96826c29b78359a5dbca18904f285344
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: XML
{0}\FileZilla\recentservers.xml
{0}\FileZilla\sitemanager.xml
System.Xml
FIle type: Library
\msvcp120.dll
\msvcr120.dll
\mozglue.dll
\msvcp100.dll
\nss3.dll
\msvcr100.dll
USER32.dll
KERNEL32.dll
ntdll.dll
IPHLPAPI.DLL
mscoree.dll
MSVCRT.dll
GDI32.dll
SHELL32.dll
SHLWAPI.dll
ole32.dll
ADVAPI32.dll
OLEAUT32.dll
IP Found
No IP detected
URL(s)
http://ip-api.com/json/
http://
http://api.ipify.org/
file:///
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://freegeoip.net/xml/

#infosec #automation

TheSystem Itself @ 2019-11-04 23:12:06