readerpdf.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 12/70 Related 4
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 1886.86 KB (1932148 bytes)
Compile time: 2019-04-27 10:22:11
MD5: 6fc9e431ad8bd898a14130ac162d0c34
SHA1: 79527107b6ff4e132dbd7802cd880b2b8ec53376
SHA256: 3f794c9a7eb6b1ca0577abb0b6da12861639d60fef502f3c4e43322801f5c7e5
Import hash: eb5bc6ff6263b364dfbfb78bdb48ed59
Sections 10 .text .itext .data .bss .idata .didata .edata .tls .rdata .rsrc
Directories 4 import export resource tls
First submission: 2019-12-10 23:45:05
Last submission: 2019-12-10 23:45:05
Filename detected: - readerpdf.exe (1)
URL file hosting
hXXp://[www].pdfguidance.com/readerpdf.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-12-10 08:41:11 [12/70] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0xa50e0 676352 d2d65fadb7b1be676e1248ab404382da 53efa4d92796992961bb4a6adab21557aafe9135
.itext 0xa7000 0x1668 6144 73e002411a8e0d309143a3e055e89568 663a016faf2f832ef4bcdca53059b8b2a0c2a0fd
.data 0xa9000 0x37a4 14336 43e7b93b56ed2b1f2c341832da76e1f0 f935030d05c5b262f2db3a83687434bb3ec42296
.bss 0xad000 0x676c 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.idata 0xb4000 0xf1c 4096 daddecfdccd86a491d85012d9e547c63 f367f6a2458e60a453aff3785c35bb7410780012
.didata 0xb5000 0x1a4 512 be0581a07bd7d21a29f93f8752d3e826 eda85c8f9bed972f5b31f8d22c2096155892382c
.edata 0xb6000 0x9a 512 57cd71ca96fdc064696777e5b35cf0bb a82f8ec41683a79a59c24dcae41209a835ed4f3e
.tls 0xb7000 0x18 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rdata 0xb8000 0x5d 512 967e84eb6ac477621cd1643650d7bc91 937a4109f2e23f0e166f6653f0e645744a2deace
.rsrc 0xb9000 0xc70c 51200 1be009e17e0a90051ea1441383a893da e94857c820c4f2aa54734e72f0b29c507212b3e1
  • API Alert
  • Anti Debug
  • PE Exports: readerpdf.exe
    • 0x453abc
      TMethodImplementationIntercept
    • 0x40d3dc
      __dbk_fcall_wrapper
    • 0x4b063c
      dbkFCallWrapperAddr
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Borland Delphi 3.0 (???)
Borland Delphi 4.0
File found
FIle type: Library
USERENV.dll
ntmarta.dll
comres.dll
propsys.dll
KERNEL32.dll
OLEAUT32.dll
cryptbase.dll
UxTheme.dll
OLEACC.dll
profapi.dll
VERSION.dll
dwmapi.dll
apphelp.dll
clbcatq.dll
SHELL32.dll
SETUPAPI.dll
USER32.dll
Netapi32.dll
comctl32.dll
ADVAPI32.dll
IP Found
No IP detected
URL(s)
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline

#infosec #automation

TheSystem Itself @ 2019-12-10 23:45:07