MalScore
100/100
MalFamily
Malicious

gem.exe

Is DLL Packer Anti Debug Anti VM Signed XOR
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
File size: 4322.50 KB (4426240 bytes)
Compile time: 2021-06-30 09:37:17
MD5: 3a429f1ee9236bd099bdcb816b7105df
SHA1: 3f76e35b5ee17c49ae4eb3cd54aff0517ceeefbd
SHA256: 5b0d1592ba95b95fedeeb0672b167dea792e84395f7e5ba1da7c4ff80104d890
Import hash: 8bec45ba12d4b466f6cf8f30b119fb6f
Sections 5 UPX0 UPX1 0 1 .rsrc
Directories 2 import resource
First submission: 2022-03-01 08:57:13
Last submission: 2022-03-01 08:57:13
Filename detected: - gem.exe (1)
URL file hosting
hXXp://download.xp666.com/xzqswf/app/m/gem.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 4 suspicious
Name VAddress VSize Size MD5 SHA1
UPX0 0x1000 0x7c000 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
UPX1 0x7d000 0x3e000 253952 9d443bf8a0bebe14c93b0acab1f6d36e 7f71e886f2a9a09e935f61a80ac23b74a7888354
0 0xbb000 0x22022b 2229248 30e474c6f8d39e578ab92c9742c17e16 d2d686425f26b72a239f99ba1161cf5c8a02e7d8
1 0x2dc000 0x1d9820 1939968 3482807d7cb1ac0f1d71921688b0fb90 37664de8c5c598c9b8f1131713bb5656dc1be2e2
.rsrc 0x4b6000 0x724 2048 54e9adceb983d674b92b337dff607ca1 5baa7c7f90e3f2559a7676df137474265689a8d5
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
ADVAPI32.dll
-USER32.dll
USER32.dll
$$sbiedll.dll
SHELL32.dll
bVERSION.dll
SHLWAPI.dll
Netapi32.dll
WTSAPI32.dll
ole32.dll
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2022-03-01 08:47:36 2022-03-01 08:50:38 182

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2022-03-01 08:47:36 2022-03-01 08:50:38 182

2 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2022-03-01 08:57:15

Detected family: #Malicious

TheSystem Itself @ 2022-03-01 09:06:01