qcoin131.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 44/72 Related 2135
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 295.00 KB (302080 bytes)
Compile time: 2017-12-19 11:05:51
MD5: 50cb6f081db83490bc2e560326dc04ef
SHA1: 60a45f613a8cbfd9937716960880f3c6f95d8997
SHA256: e80b35b98189a95b4f9dd49f218a85317f8675541856cb780212523a94cfb243
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 08:51:07
Last submission: 2019-01-22 08:51:07
Filename detected: - qcoin131.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/qcoin/qcoin131.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-20 21:06:14 [44/72] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x490ab 299520 04f5082ca17043a252a248605313fd2f 74a6c91317893331f977808346a4f1486903d67a
.rsrc 0x4c000 0x57e 1536 53f645a563b942e674529bbd1f143b62 7951339ed1a50586a5150200d8d3277dbdf45a5a
.reloc 0x4e000 0xc 512 090344e64a14c84a3d17f72bb99e6d6a b79b21c5bf178b1f6f2e708f7a38d882d8d85039
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: Text
(*.txt)|*.txt
{0}{1:yyyy_MM_dd}.txt
FIle type: Library
mscoree.dll
IP Found
6.10.0.218
URL(s)
https://pay.qq.com/midas/minipay_v2/views/public/mb.shtml
http://huafei.91yunma.cn/api/qcoin/index
https://aq.qq.com/cn2/safe_service/my_qbqd_prot
https://ssl.ptlogin2.qq.com/jump?clientuin=
https://my.pay.qq.com/cgi-bin/personal/balance_query_sortflow.cgi?items=qd,qb&_=0.00576352260087587
http://huafei.91yunma.cn/home/register
https://localhost.ptlogin2.qq.com:
https://ssl.ptlogin2.qq.com/ptqrlogin?
https://ssl.ptlogin2.qq.com/login
https://pay.qq.com/ipay/login-proxy.html
http://huafei.91yunma.cn/login/sso?uid=
https://ssl.ptlogin2.qq.com/check
https://api.unipay.qq.com/v1/r/
http://rdm.91yunma.cn/api/upgrade/qcoin
https://aq.qq.com/cn2/safe_service/my_game_prot
https://ssl.ptlogin2.qq.com/ptqrshow?appid=11000101&e=2&l=M&s=3&d=72&v=4&t=0.775116815589233&pt_3rd_aid=0
http://huafei.91yunma.cn/home/reset_pwd
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=11000101&target=self&style=40&s_url=https%3A%2F%2Fpay.qq.com%2Fipay%2Flogin-proxy.html

#infosec #automation

TheSystem Itself @ 2019-01-22 08:51:09