MalScore
100/100

iimo3.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 46/70 Related 39
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 1781.00 KB (1823744 bytes)
Compile time: 2018-12-04 12:01:32
MD5: 4f8767983d865a5e706ae3c6aa5ab6c5
SHA1: 535bc0a1cf7140176fd6e6a205f3394d146c2ba3
SHA256: 5ac017285572c24fc8b77324a52ca484e83c3622c61bea80a74a6850f0a16061
Import hash: 2eabe9054cad5152567f0699947a2c5b
Sections 6 .rsrc .idata bneqjlfj venxxuza
Directories 3 import resource relocation
First submission: 2018-12-09 16:36:07
Last submission: 2018-12-09 16:36:07
Filename detected: - iimo3.exe (1)
URL file hosting
hXXp://mmmooma.zz.am/iimo3.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-12-07 18:03:40 [46/70] VirusTotal
PE Sections 5 suspicious
Name VAddress VSize Size MD5 SHA1
0x1000 0x42000 107008 bbb2796b7bac345d59e5af62d90d97b8 27707364817763faf5d8ddcd4169495cee99fb43
.rsrc 0x43000 0xb98 2560 7fbe68cb4dd6860273f03412d3ef3c73 7653a2f82f3d63277e28f43f731add733e07910e
.idata 0x44000 0x1000 512 c4dfadb759e40ef76956eae4addc5c67 7c3ec8f7f7d7cac39c38cba10c08b112dc7940f4
0x45000 0x2a3000 512 7f941339f1da54c92d826ed0c6226dd4 d19fa03a187692fcce0c9d973ebe2a506df9ebcf
bneqjlfj 0x2e8000 0x1a1000 1707520 8c4243bbb6d971a2efe0a218b26c2cfa 3faa708f55f143be94bdf982adec0ffe772abed4
venxxuza 0x489000 0x1000 1536 2b99af464f883ac79fe6e348fa249c63 f4bb25fa866e6dda82d0c411808198d88380f72b
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
WSOCK32.dll
KERNEL32.dll
IP Found
1.0.0.1
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2018-12-09 16:31:47 2018-12-09 16:34:52 185

16 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2018-12-09 16:31:47 2018-12-09 16:34:52 185

9 Summary items with data

Files

\??\SICE
\??\SIWVID
\??\NTICE
C:\Windows\System32\ntdll.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\AppData\Local\Temp\iimo3.exe
C:\Users\Seven01\AppData\Local\Temp\Config.ini

Read Files

\??\SICE
\??\SIWVID
\??\NTICE
C:\Windows\System32\ntdll.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Users\Seven01\AppData\Local\Temp\iimo3.exe
C:\Users\Seven01\AppData\Local\Temp\Config.ini

Write Files

\??\SICE
\??\SIWVID
\??\NTICE
C:\Users\Seven01\AppData\Local\Temp\Config.ini

Delete Files

C:\Users\Seven01\AppData\Local\Temp\Config.ini

Keys

HKEY_CURRENT_USER\Software\Wine
HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
HKEY_LOCAL_MACHINE\Hardware\description\System
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

Read Keys

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CLASS\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000\DriverDesc
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT

Write Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

Delete Keys

Nothing to display

Mutexes

DBWinMutex

Resolved APIs

kernel32.dll.GetNativeSystemInfo
winmm.dll.timeGetTime
ntdll.dll.NtOpenThread
ntdll.dll.NtQuerySystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ntdll.dll.RtlAllocateHeap
kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.IsProcessorFeaturePresent
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptDeriveKey
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptReleaseContext

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2018-12-09 16:31:47 2018-12-09 16:34:52 185

1 Host(s) detected

IP Address Hostname Reverse DNS
210.134.66.83 Japan

Host(s) by Country

Hosts Country 1
1 Japan Japan

#infosec #automation

TheSystem Itself @ 2018-12-09 16:36:10