MalScore
3.5/100

Server.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 63/68 Related 2493
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 23.50 KB (24064 bytes)
Compile time: 2017-12-22 04:00:15
MD5: 62109846d41e8973d7366980a78857ff
SHA1: 156a03f22e52ca8d64bb7e6b1571932f94413d0f
SHA256: 152b1470af902d9e3e1177432a946bf0fde47ff08899b10b815d73257ec30f4c
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2017-12-30 03:33:02
Last submission: 2018-01-14 13:23:49
Filename detected: - Server.exe (2)
URL file hosting
hXXp://121.42.56.8/exe/Server.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-12-30 02:06:56 [63/68] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x5484 22016 67c3e44a29d37ace40344bc7abae926b 384067b9a0d65112c37395e2a44c4f0e51f0c14c
.rsrc 0x8000 0x240 1024 0243c9a7f8755f2c2b18037cdad6cc91 1ffa22fd5de34253aa3b8ffab97ec5c401513128
.reloc 0xa000 0xc 512 bb6b8b1f25ff35bc899d87eb8954f0a6 596f51f26e2855c2dfc46e96bb4249d2d6646cf3
PE Resources
Name Offset Size Language Sublanguage Data
RT_MANIFEST 0x8058 487 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
USER32.dll
AVICAP32.dll
mscoree.dll
IP Found
27.115.99.126
URL(s)
No URL found
String too long
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
|'|'|
ERR
d7089cddb5c8421b544fd111f9cdc4e9
GHPY
SystemDrive
CAP
[TAP]
getvalue
Software\
ind
osk
Executed As
ret
Execute ERROR
MSG
inf
[kl]
SEE_MASK_NOZONECHECKS
TEMP
Updating To
0.7d
off
yy-MM-dd
start
" ENABLE
Execute ERROR
cmd.exe /c ping 0 -n 2 & del "
Software\Microsoft\Windows\CurrentVersion\Run
prof
Software
??-??-??
inv
[ENTER]
Off
x86
44443
Windows
x64
Download ERROR
Win
netsh firewall add allowedprogram "
True
False
Microsoft
" ..
netsh firewall delete allowedprogram "
x86
bla
SGFjS2Vk
Update ERROR
27.115.99.126
Win
clear
xadefg
PLG
" "
svchost.exe
act
Yes
yy/MM/dd
.exe
Update ERROR
processInformation
3)rm
get_UTF8
SystemEvents
get_Width
Int32
.cctor
Object
FileSystemInfo
mscorlib
DeleteSubKey
FileMode
RegistryValueKind
set_ReceiveTimeout
CompareMethod
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly> PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
.s
Socket
Plugin
NtSetInformationProcess
get_Height
GetObjectValue
DateTime
get_OSFullName
.{
BitConverter
o(
LateCall
cbName
lpMaximumComponentLength
System.Reflection
EnvironmentVariableTarget
DebuggerStepThroughAttribute
RuntimeTypeHandle
MaxLength
p.<
FromImage
ChangeType
get_ServicePack
lastKey
user32.dll
.f
op_Explicit
op_Equality
lpVolumeSerialNumber
Exit
get_Keyboard
ToUnicodeEx
Draw
DateAndTime
Enum
GetTypes
q.7
2 l
nFileSystemNameSize
(!
get_Length
get_Chars
t.(
GetEntryAssembly
Contains
EndApp
LastAV
LastAS
OperatingSystem
rC
GetWindowThreadProcessId
DownloadData
ToLower
GetValueNames
System.Threading
CompareString
Environ
capGetDriverDescriptionA
SessionEndingEventArgs
get_Bounds
GetTempFileName
get_Message
!This program cannot be run in DOS mode. $
System.IO.Compression
File
SocketFlags
OpenSubKey
GetForegroundWindow
Dispose
3 r_
SelectMode
CompDir
FromBase64String
Shell
RegistryProxy
Path
main
ToInt32
ToString
LateGet
#Blob
nVolumeNameSize
CompareObjectEqual
avicap32.dll
Cursors
Poll
System.Drawing.Imaging
WinTitle
ClearProjectError
EndsWith
SetProjectError
connect
BSJB
Save
Type
get_CtrlKeyDown
get_UserName
Join
Receive
Keyboard
Cursor
wDriver
Strings
Delete
IntPtr
Point
GetKeyboardLayout
Char
v2.0.50727
System.Security.Cryptography
TcpClient
get_Name
GetValue
Start
Microsoft.Win32
ToUpper
o5
HashAlgorithm
Screen
_Lambda$__2
_Lambda$__1
RegistryKey
Exception
GetFolderPath
ToBase64String
&(P
Send
FileInfo
get_LocalMachine
get_LastWriteTime
StandardModuleAttribute
.ctor
Connect
WriteByte
GetTypeFromHandle
ConditionalCompareObjectNotEqual
get_Available
mscoree.dll
GetModules
Mutex
.text
get_PrimaryScreen
ToLong
GetString
Graphics
,=~
lpFileSystemNameBuffer
Convert
DrawImage
Enter
1ws
3 r
Module
GetProcessById
PixelFormat
Boolean
get_ProcessName
set_Position
SetEnvironmentVariable
o0
Monitor
ConcatenateObject
@.reloc
VKCodeToUnicode
ServerComputer
set_SendBufferSize
ChrW
Microsoft.VisualBasic.MyServices
3us
RegistryKeyPermissionCheck
CompilationRelaxationsAttribute
SpecialFolder
Byte
o
ComputerInfo
MemoryStream
System.Runtime.CompilerServices
lastcap
SessionEndingEventHandler
s.-
System.Net
Conversions
GetKeyboardState
NewLateBinding
`.rsrc
Sendb
lpVolumeNameBuffer
get_Default
(P
1Ms
get_Location
p ~
?u<Z
DeleteValue
32 (
,9~
get_Client
hProcess
Microsoft.VisualBasic
MapVirtualKey
processInformationClass
Flush
get_CapsLock
GetCurrentProcess
CopyFromScreen
WriteAllBytes
ThreadStart
Logs
Exists
Computer
NetworkStream
CreateSubKey
FileStream
RuntimeCompatibilityAttribute
CompressionMode
set_ReceiveBufferSize
Rectangle
Assembly
set_MinWorkingSet
get_Handle
<Module>
Concat
StringBuilder
r'
get_Date
z.
ComputeHash
GetBytes
Stream
Process
Bitmap
ReadAllBytes
Size
CompilerGeneratedAttribute
lpszVer
kernel32
Write
ImageFormat
GetVolumeInformation
AppWinStyle
.I
get_Assembly
Copy
#GUID
5 3
DoEvents
System.Text
0 3
ParameterizedThreadStart
System.Net.Sockets
System.IO
WrapNonExceptionThrows
get_Now
add_SessionEnding
get_Registry
get_ShiftKeyDown
Conversion
ToInteger
get_Info
.Y
WebClient
GetAsyncKeyState
STAThreadAttribute
Thread
Microsoft.VisualBasic.Devices
GetStream
GetWindowTextLengthA
SetValue
Encoding
hwnd
GZipStream
j.exe
GetWindowTextA
ConditionalCompareObjectEqual
ntdll
System
Application
#3 r'
GetVolumeInformationA
String
_CorExeMain
.Q
ReadByte
user32
get_Jpeg
Interaction
r'
CreateInstance
Command
#Strings
get_Directory
Image
GetWindowTextLength
Replace
GetWindowText
Zero
Microsoft.VisualBasic.CompilerServices
OrObject
ToArray
r.2
get_MachineName
Environment
set_SendTimeout
Keys
Operators
CopyPixelOperation
8 3
lpRootPathName
Load
get_Position
System.Diagnostics
get_CurrentUser
lpFileSystemFlags
System.Drawing
3ys
System.Windows.Forms
Close
get_FullName
Split
Space
hWnd
get_OSVersion
processInformationLength
Read
r'
lpszName
LateSet
Remove
DirectoryInfo
get_MainWindowTitle
ToBoolean
ProjectData
u.#
RuntimeHelpers
j3wr'
get_Parent
MD5CryptoServiceProvider
Sleep
cbVer
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2017-12-30 03:25:29 2017-12-30 03:25:29

2 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2017-12-30 03:25:29 2017-12-30 03:25:29

6 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\TeamViewer6_Hooks.log

Read Files

Nothing to display

Write Files

C:\Users\Seven01\AppData\Local\Temp\TeamViewer6_Hooks.log

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Local\TeamViewer_LogMutex

Resolved APIs

kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.InitializeCriticalSectionAndSpinCount

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2017-12-30 03:33:04