456.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 25/58 Related 1999
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 148.00 KB (151552 bytes)
Compile time: 2017-01-15 13:23:12
MD5: 7b01f2747310b33963381315d8cc8124
SHA1: 8e4980e508c1eea658918d212e286692ab37b922
SHA256: 99c6db3709680bbe94d460015790f563d6e6119e98f843389c005aecd12e5481
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2017-01-16 17:24:05
Last submission: 2017-01-16 17:24:05
Filename detected: - 456.exe (1)
URL file hosting
hXXp://[www].aussiemuslims.net/templates/456.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2017-01-16 13:41:06 [25/58] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x24474 148992 6c5af6ad51607b9a35f4883c552a53bb bac3dd6ece5ae9ee8d825c4c09e68b6c7f8fa1c4
.rsrc 0x28000 0x5c0 1536 bda6b3ad48d3022d0e26482416897718 066d9eb0ba663ef481972d1960132d81d722f241
.reloc 0x2a000 0xc 512 1a96badb13b73bb38628fdc4537733d8 c2ed935f7cbc349f6e3e887b8991c20ab94c4b94
PE Resources
Name Offset Size Language Sublanguage Data
RT_VERSION 0x280a0 816 LANG_NEUTRAL SUBLANG_NEUTRAL
RT_MANIFEST 0x283d0 490 LANG_NEUTRAL SUBLANG_NEUTRAL
  • API Alert
  • Anti Debug
Meta Info
LegalCopyright: Copyright \xa9 2017
Assembly Version: 1.0.0.0
InternalName: WindowsFormsApplication1.exe
FileVersion: 1.0.0.0
FileDescription: WindowsFormsApplication1
OriginalFilename: WindowsFormsApplication1.exe
Translation: 0x0000 0x04b0
ProductVersion: 1.0.0.0
ProductName: WindowsFormsApplication1
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
No URL found
LegalCopyright
Assembly Version
InternalName
FileVersion
Copyright
WindowsFormsApplication1.Properties.Resources
VarFileInfo
FileDescription
ProductName
1.0.0.0
VS_VERSION_INFO
000004b0
WindowsFormsApplication1
ProductVersion
StringFileInfo
2017
WindowsFormsApplication1.exe
Translation
OriginalFilename
_CorExeMain
@.reloc
ApplicationSettingsBase
'~*n1
MethodInfo
VP![
Resources
ChrW
AssemblyTrademarkAttribute
.cctor
ToByte
Object
CompilationRelaxationsAttribute
mscorlib
':,n1
Byte
ComVisibleAttribute
SettingsBase
'^8\+
System.Runtime.CompilerServices
ToString
System.Runtime.InteropServices
WindowsFormsApplication1.exe
System.Globalization
#Blob
Conversions
ResourceManager
$4193fd19-666f-4868-9826-1673857c242d
'n1<9
`.rsrc
4.0.0.0
'\+:,
WindowsFormsApplication1.Properties.Resources.resources
'<9:,
AssemblyVersionAttribute
get_Default
Decrypt
System
EditorBrowsableState
AssemblyConfigurationAttribute
Split
BSJB
Type
resourceCulture
String
.ctor
'\+\+
Copyright
DebuggerNonUserCodeAttribute
1.0.0.0
RuntimeTypeHandle
[ (
'<9\+
Microsoft.VisualBasic
Settings
set_Culture
get_ResourceManager
AssemblyTitleAttribute
2017
DebuggingModes
'\+<9
Strings
MethodBase
#Strings
Synchronized
'<9~*
'\+n1
Char
System.ComponentModel
Microsoft.VisualBasic.CompilerServices
':,:,
v2.0.50727
RSDS
EditorBrowsableAttribute
RuntimeCompatibilityAttribute
Program
'^8:,
'\+~*
AssemblyProductAttribute
Assembly
10.0.0.0
'\+^8
<Module>
get_EntryPoint
get_Culture
Concat
':,<9
AssemblyDescriptionAttribute
Default
resourceMan
'^8~*
WindowsFormsApplication1
'~*\+
'n1\+
'n1n1
Load
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> <security> <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> <requestedExecutionLevel level="asInvoker" uiAccess="false"/> </requestedPrivileges> </security> </trustInfo> </assembly>
System.Diagnostics
':,^8
value
AssemblyFileVersionAttribute
Culture
GetTypeFromHandle
'~*:,
'^8n1
CompilerGeneratedAttribute
AssemblyCompanyAttribute
'<9n1
AscW
Dqp]
WrapNonExceptionThrows
C:\Users\request\Documents\Visual Studio 2010\Projects\WindowsFormsApplication1\WindowsFormsApplication1\obj\x86\Debug\WindowsFormsApplication1.pdb
':,~*
Main
.text
Invoke
get_Assembly
KMicrosoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator
DebuggableAttribute
System.CodeDom.Compiler
WindowsFormsApplication1.Properties
GuidAttribute
'~*~*
AssemblyCopyrightAttribute
'n1~*
3System.Resources.Tools.StronglyTypedResourceBuilder
#GUID
GeneratedCodeAttribute
'~*^8
Convert
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
'n1^8
mscoree.dll
System.Configuration
defaultInstance
'^8<9
System.Resources
CultureInfo
System.Reflection
'^8^8
Int32
'n1:,
'~*<9
!This program cannot be run in DOS mode. $
PADPADP
AssemblyCultureAttribute
'<9<9
':,\+
'<9^8

#infosec #automation

TheSystem Itself @ 2017-01-16 17:24:05