MalScore
100/100

aaa.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 23/68
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 732.50 KB (750080 bytes)
Compile time: 2019-05-03 02:17:39
MD5: 5572316b3edf504314d6a52a49be7fe9
SHA1: f759887b8f59222d62eba8544a352908573a62f2
SHA256: 9a69e2af95fd6d1bf5e5374ff676839a1b9b003625cb91bb6625c1a8847943bb
Import hash: 9330fac4fcc8cacb9e9fc9871fc7dc3c
Sections 6 .text .rdata .data .rsrc .reloc .bss
Directories 4 import resource debug relocation
First submission: 2019-05-15 18:54:04
Last submission: 2019-05-15 18:54:04
Filename detected: - aaa.exe (1)
URL file hosting
hXXp://fairyandbeauty.com/aaa.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-05-03 18:53:53 [23/68] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x85177 545280 ecacfbf93d7b455988e1887c7747365f 9bb07528d47dffed7998c72c045fa75020a08dd3
.rdata 0x87000 0x7a4c 31744 0149c8a0917da1b3d377f602d07de8c1 921d7ab34717da0e3ed32e0dec94c5aba5518842
.data 0x8f000 0x5d08 19456 ba5589465287de37d2324c728f3f073f f08426047799f5a026c8372b6f8a195e20d62e47
.rsrc 0x95000 0x42c 1536 c6c5d63ab488792277a592e98aae98f0 d21ed7e7150d57f8b80ab476420090cb1af4de59
.reloc 0x96000 0xb99c 47616 9140c38bc011ca259edb6451e09f30a1 6105b4744ec51f4154342f2c40013f81cb555569
.bss 0xa2000 0x19343 103424 ca21552222b1fbaa5448e3b85e92beb4 47bd31d6d3316528538efa6c2aa2ff00fd5bf71b
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C++ 8
VC8 -> Microsoft Corporation
File found
FIle type: Library
mscoree.dll
WS2_32.DLL
USER32.dll
KERNEL32.dll
IP Found
1.1.1.1
8.8.8.8
URL(s)
https://google.com/
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2019-05-15 18:47:48 2019-05-15 18:50:47 179

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2019-05-15 18:47:48 2019-05-15 18:50:47 179

1 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
kernel32.dll.FlsGetValue
kernel32.dll.LCMapStringEx
kernel32.dll.AreFileApisANSI

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05_64 Seven05_64 VirtualBox 2019-05-15 18:47:48 2019-05-15 18:50:47 179

1 Host(s) detected

IP Address Hostname Reverse DNS
8.8.8.8 United States google-public-dns-a.google.com.

Host(s) by Country

Hosts Country 1
1 United States United States

#infosec #automation

TheSystem Itself @ 2019-05-15 18:54:05