xpresszipinstall-4688.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 25/69 Related 41
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 1958.89 KB (2005904 bytes)
Compile time: 1992-06-20 00:22:17
MD5: 46ef675cc45026c8f254863e5f35aa5d
SHA1: 4b55da1df6fff6783dd805396fab8d74dcb5ebeb
SHA256: f5099e9ab456a33781d60d4de8d7addfd4f75acf5261d0f2cf15192871f5c81e
Import hash: 2fb819a19fe4dee5c03e8c6a79342f79
Sections 8 CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 5 import resource tls relocation security
First submission: 2019-09-18 11:15:07
Last submission: 2019-09-18 11:15:07
Filename detected: - xpresszipinstall-4688.exe (1)
URL file hosting
hXXp://down.soft.flyidea.top/xpresszip/xpresszipinstall-4688.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-09-17 20:39:43 [25/69] VirusTotal
PE Sections 5 suspicious
Name VAddress VSize Size MD5 SHA1
CODE 0x1000 0x9fbc 40960 c22219468a4769bcc866134eba9501da e343c1db2c818758bda7865967c8086507685520
DATA 0xb000 0x250 1024 902eb0edfbde7ad686211d2924658a73 437245aea90c292682068dbd12c43f2714d6e47c
BSS 0xc000 0xea0 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.idata 0xd000 0x97c 2560 d75dc4590afa097ee581ca8a14baf735 6161a423ac84353d09240a53f899ec897ec5311a
.tls 0xe000 0x8 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rdata 0xf000 0x18 512 9ba824905bf9c7922b6fc87a38b74366 f43ee83e6afa1c343ff6db68e13efde43471cbb6
.reloc 0x10000 0x920 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rsrc 0x11000 0xb310 46080 1b7e056c05f501ca1b5c2df2476b713e 9eba880f97b6d1d1151fadf75aed69d1f2e70bf3
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: f5d2851ee79862e60881e8cb0b4a36b1
SHA1: 19266bfd2a809d18d5969abaed23d866173a0840
Block Size: 14816
Virtual Address: 1991088
Packer(s)
Borland Delphi 3.0 (???)
Borland Delphi 4.0
File found
FIle type: Library
dwmapi.dll
ntmarta.dll
OLEAUT32.dll
comres.dll
cryptbase.dll
OLEACC.dll
USERENV.dll
profapi.dll
propsys.dll
USER32.dll
UxTheme.dll
comctl32.dll
ADVAPI32.dll
KERNEL32.dll
VERSION.dll
clbcatq.dll
SETUPAPI.dll
apphelp.dll
SHELL32.dll
IP Found
1.0.0.5
URL(s)
http://s.symcb.com/universal-root.crl0
https://www.thawte.com/cps0/
http://crl.thawte.com/ThawtePremiumServerCA.crl0
http://th.symcb.com/th.crt0
http://crl.thawte.com/ThawtePCA.crl0
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://tl.symcb.com/tl.crt0
http://th.symcb.com/th.crl0
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
https://d.symcb.com/cps0%
http://tl.symcd.com0&
http://s.symcd.com06
https://www.thawte.com/repository0W
https://d.symcb.com/rpa0@
http://t2.symcb.com0
http://tl.symcb.com/tl.crl0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://t1.symcb.com/ThawtePCA.crl0
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://th.symcd.com0&
https://d.symcb.com/rpa0.
https://www.thawte.com/cps0
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ocsp.thawte.com0
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
http://ts-ocsp.ws.symantec.com0;
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://ts-ocsp.ws.symantec.com07

#infosec #automation

TheSystem Itself @ 2019-09-18 11:15:09