RepeatInstallUrl.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 0/56 Related 2388
File details Download PDF Report
File type: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 6.00 KB (6144 bytes)
Compile time: 2013-05-03 04:43:29
MD5: 670590ae2e50c4162396b14a1590c04b
SHA1: d2a3667689a7f1a31afb8193a068c09b0d934ec7
SHA256: f7508f455b3bd305fa52d4b679347ada06df1c7a73cbb05b4c7ac99cb356789c
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2016-12-06 20:24:02
Last submission: 2016-12-06 20:24:02
Filename detected: - RepeatInstallUrl.exe (1)
URL file hosting
hXXp://downloads.dyknow.com/prerequisite/RepeatInstallUrl.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2016-12-06 15:54:01 [0/56] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0xd04 3584 4ca4f1fa934b99c8164865d2d7a173b6 8fe2eaaa7687fba81e5f5208a8f19b17ed68a98f
.rsrc 0x4000 0x580 1536 57397e891b608b03a4a6ebc1ae693b6a 91082365dc3ac21c0185f5247b4351cfe2308f78
.reloc 0x6000 0xc 512 a2ac89218f04526c8f4679b166edbf13 3c9768349251ad8413bbcd5d2eeb4270a0951ea2
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x40a0 752 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x4390 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2013
Assembly Version: 1.0.0.0
InternalName: RepeatInstallUrl.exe
FileVersion: 1.0.0.0
FileDescription: RepeatInstallUrl
OriginalFilename: RepeatInstallUrl.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: RepeatInstallUrl
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
yf$
RepeatInstallUrl.exe
VarFileInfo
RepeatInstallUrl
InternalName
No args were included. Exiting
1.0.0.0
StringFileInfo
Translation
Assembly Version
FileVersion
Copyright
VS_VERSION_INFO
000004b0
ProductVersion
FileDescription
OriginalFilename
LegalCopyright
filesize was incorrect
checksum was incorrect
Need at least file, checksum, filesize, commandline
ProductName
2013
.exe
Console
Dispose
@.reloc
.NET Framework 4.5
get_ExitCode
AssemblyTrademarkAttribute
$120933c4-aa82-4dfd-845f-b81c52be08bb
CompilationRelaxationsAttribute
mscorlib
WebClient
ComVisibleAttribute
System.Runtime.CompilerServices
System.Runtime.Versioning
System.Runtime.InteropServices
/ rE
System.Net
c:\Users\jdart\Documents\Visual Studio 2012\Projects\RepeatInstallUrl\obj\Release\RepeatInstallUrl.pdb
#Blob
Start
`.rsrc
Parse
BitConverter
Guid
AssemblyVersionAttribute
Create
RepeatInstallUrl
AssemblyConfigurationAttribute
CalculateChecksum
BSJB
System.Reflection
_CorExeMain
1.0.0.0
WaitForExit
op_Inequality
Copyright
args
AssemblyTitleAttribute
DebuggingModes
i- r
#Strings
IDisposable
. r
Replace
AssemblyCopyrightAttribute
System.Security.Cryptography
ProcessStartInfo
Object
RepeatInstallUrl.exe
RuntimeCompatibilityAttribute
Program
ToUpperInvariant
HashAlgorithm
AssemblyProductAttribute
byteToCalculate
<Module>
Concat
AssemblyDescriptionAttribute
System
RSDSY=
ComputeHash
TargetFrameworkAttribute
System.Diagnostics
Process
AssemblyFileVersionAttribute
.ctor
ReadAllBytes
2013
AssemblyCompanyAttribute
.NETFramework,Version=v4.5
NewGuid
WriteLine
Main
.text
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
DebuggableAttribute
DownloadFile
GuidAttribute
#GUID
v4.0.30319
ToLower
String
Int32
, r
System.IO
mscoree.dll
!This program cannot be run in DOS mode. $
WrapNonExceptionThrows
AssemblyCultureAttribute
FrameworkDisplayName
File
ToString

#infosec #automation

TheSystem Itself @ 2016-12-06 20:24:02