MalScore
100/100

gegrty7.bin

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 45/69
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 172.00 KB (176128 bytes)
Compile time: 2019-10-05 18:47:50
MD5: 6e9e950c42824ef36e0477ab3771d1db
SHA1: 8fc54cd2db1f35615511ca51403f14aa523169a7
SHA256: cfc3debef33aa44f58aa54c692de2a892bfa70954bc790bfa5feb24e6af92304
Import hash: 4aaf0beb2ac3eaecbc7215aae80ced6d
Sections 7 .text xUwGZ .data xUwGZ SM .Pna CODE
Directories 4 import resource debug relocation
First submission: 2019-10-08 08:00:05
Last submission: 2019-10-08 08:00:05
Filename detected: - gegrty7.bin (1)
URL file hosting
hXXps://jaf-iq.com/wp-admin/css/colors/blue/dropbox/y3/login_files/gegrty7.binVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-10-07 23:37:49 [45/69] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x3577 16384 c8f89c1aa6fc89db36e8cf45c91f84aa 08e51d4522d234a08c2a93ee2db0e8d1ebc6e180
xUwGZ 0x5000 0x7de 4096 e55323e95b5e21ff3c6a666d2e05595a 71ae55a0203df23ec4d806dc5ee4cd5e8a52ae06
.data 0x6000 0x18bc 4096 956aadb1612e55625b293763b6dfb7a1 76363fb679c22400f2b5cc71857c865af1b35b76
xUwGZ 0x8000 0x23a 4096 620f0b67a91f7f74151bc5be745b7110 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d
SM 0x9000 0x20001 135168 16dc63384b7f50b8848700cd3a6e3056 8d647ccbef7061adee42b2faeeadf732657d4a94
.Pna 0x2a000 0xea8 4096 b1b2e052fff43934c189fdb93993f2d0 4347d78e591dfb76520aea07b338d9a637578db2
CODE 0x2b000 0x745 4096 c79d9d0c0dde847cc98475a30b30c4e2 12a02bdc29c643bf9d9afc19a7e4e8f7099d1618
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
3dfx32v2.dll
ADVAPI32.dll
SHLWAPI.dll
OLEAUT32.dll
USER32.dll
psapi.dll
MSVCRT.dll
POWRPROF.dll
comdlg32.dll
KERNEL32.dll
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2019-10-08 07:59:11 2019-10-08 08:02:11 180

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01_64 Seven01_64 VirtualBox 2019-10-08 07:59:11 2019-10-08 08:02:11 180

6 Summary items with data

Files

C:\Windows\SysWOW64\kernel32.dll

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\LastID

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\LastID

Write Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\LastID

Delete Keys

Nothing to display

Mutexes

DBWinMutex

Resolved APIs

kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualProtect
kernel32.dll.FreeConsole
kernel32.dll.Sleep
kernel32.dll.OutputDebugStringW

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2019-10-08 08:00:07