MalScore
100/100

Doc20189700.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 25/66 Related 2243
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 545.00 KB (558080 bytes)
Compile time: 2001-08-01 18:58:57
MD5: 7bce7d55931c5f34701501a38aa95cd3
SHA1: 7af77f1afe68b94a6617ac9a1ed5d21b66ca4008
SHA256: 742be802e5d909d41c46fd374e6682f0467003e03f5387f37fe18d407322e5a5
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 d.dWF?p" .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-11-02 09:06:07
Last submission: 2018-11-02 09:06:07
Filename detected: - Doc20189700.exe (1)
URL file hosting
hXXp://mairetazmaop.com/efe/Doc20189700.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-11-01 12:53:29 [25/66] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
d.dWF?p" 0x2000 0x595b8 366080 2bc84b834e873fb2c785c9980a75034f 8037951a1cf7107e64cb025744753a9a163c9355
.text 0x5c000 0x2ddf0 187904 bfa219ee1c6ddc144717cf718e5e93b0 3dccf65d860fc8fb3d68ec35d22f81d8fb806b62
.rsrc 0x8a000 0x640 2048 659102eac96e22929df46baccde5859a 65e40b724e076f49a967143ed34342762c607030
.reloc 0x8c000 0xc 512 a40069bf8b25090b384bf1696beeb86c 2dc8613bed9a09184106f33b56b407e65e6f907e
0x8e000 0x10 512 1f323f7c4192aab8f6353632734c100b a67c2f9f3da78e0582e001909f6f237e43656431
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: XML
System.Xml
FIle type: Library
mscoree.dll
KERNEL32.dll
IP Found
13.8.24.4
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2018-11-02 08:58:21 2018-11-02 08:58:21

16 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2018-11-02 08:58:21 2018-11-02 08:58:21

9 Summary items with data

Files

\??\VBoxGuest
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\lja7shayne10.exe
C:\RECYCLER
C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\
C:\Users\Seven01\AppData\Local\Temp\123Kjddnnsa.exe

Read Files

\??\VBoxGuest
C:\Windows\Globalization\Sorting\sortdefault.nls

Write Files

C:\RECYCLER\S-1-5-21-0243556031-888888379-781862338-196852800\lja7shayne10.exe

Delete Files

C:\Users\Seven01\AppData\Local\Temp\123Kjddnnsa.exe

Keys

HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0
HKEY_LOCAL_MACHINE\HARDWARE\Description\System
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lja7shayne10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\lja7shayne10

Read Keys

HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles

Write Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\lja7shayne10
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\lja7shayne10

Delete Keys

Nothing to display

Mutexes

lja7shayne10

Resolved APIs

kernel32.dll.FlsAlloc
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.FlsFree
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.GetModuleHandleA
kernel32.dll.VirtualAlloc
kernel32.dll.CloseHandle
kernel32.dll.SuspendThread
kernel32.dll.ExitProcess
kernel32.dll.GetCommandLineW
kernel32.dll.GetNativeSystemInfo
kernel32.dll.CreateProcessW
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.CreateDirectoryW
kernel32.dll.CreateRemoteThread
kernel32.dll.OpenProcess
kernel32.dll.Sleep
kernel32.dll.lstrcpynW
kernel32.dll.GetFileAttributesW
kernel32.dll.GetModuleFileNameW
kernel32.dll.GetEnvironmentVariableA
kernel32.dll.lstrlenW
kernel32.dll.GetProcAddress
kernel32.dll.VirtualAllocEx
kernel32.dll.LoadLibraryA
kernel32.dll.LocalAlloc
kernel32.dll.CreateToolhelp32Snapshot
kernel32.dll.lstrcatW
kernel32.dll.OutputDebugStringA
kernel32.dll.GetVersionExA
kernel32.dll.DeleteFileW
kernel32.dll.LocalFree
kernel32.dll.WriteProcessMemory
kernel32.dll.lstrcpyW
kernel32.dll.SetFileAttributesW
kernel32.dll.lstrcpyA
kernel32.dll.GetTickCount
kernel32.dll.GetModuleFileNameA
kernel32.dll.CreateFileW
kernel32.dll.VirtualFreeEx
kernel32.dll.ReadProcessMemory
kernel32.dll.GetSystemWow64DirectoryW
kernel32.dll.VirtualProtectEx
kernel32.dll.GetWindowsDirectoryW
kernel32.dll.ResumeThread
kernel32.dll.GetStartupInfoA
kernel32.dll.Process32Next
kernel32.dll.OpenThread
kernel32.dll.Thread32Next
kernel32.dll.Thread32First
kernel32.dll.Process32First
kernel32.dll.CheckRemoteDebuggerPresent
kernel32.dll.SetEnvironmentVariableA
kernel32.dll.IsDebuggerPresent
user32.dll.GetDesktopWindow
user32.dll.PostMessageW
user32.dll.GetShellWindow
user32.dll.GetWindowThreadProcessId
advapi32.dll.GetUserNameA
advapi32.dll.RegCloseKey
advapi32.dll.RegCreateKeyExW
advapi32.dll.RegQueryValueExA
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegOpenKeyExW
advapi32.dll.RegSetValueExW
shlwapi.dll.PathAppendW
shlwapi.dll.StrStrIW
msvcrt.dll.__getmainargs
msvcrt.dll._controlfp
msvcrt.dll._except_handler3
msvcrt.dll.__set_app_type
msvcrt.dll.tolower
msvcrt.dll.toupper
msvcrt.dll._exit
msvcrt.dll._XcptFilter
msvcrt.dll.exit
msvcrt.dll._acmdln
msvcrt.dll.memset
msvcrt.dll._initterm
msvcrt.dll.__setusermatherr
msvcrt.dll._adjust_fdiv
msvcrt.dll.__p__commode
msvcrt.dll.__p__fmode
ntdll.dll.RtlAdjustPrivilege
kernel32.dll.ExitThread
kernel32.dll.CreateMutexA
kernel32.dll.WaitForSingleObject
kernel32.dll.DeleteFileA
kernel32.dll.SetFileAttributesA
kernel32.dll.CreateThread
kernel32.dll.CreateFileA
kernel32.dll.WriteFile
kernel32.dll.GetTempPathA
kernel32.dll.CreateProcessA
kernel32.dll.lstrlenA
kernel32.dll.lstrcatA
kernel32.dll.LoadLibraryW
kernel32.dll.MoveFileExW
kernel32.dll.CopyFileW
kernel32.dll.GetLastError
user32.dll.MessageBoxA
user32.dll.wsprintfA
ws2_32.dll.WSAStartup
ws2_32.dll.socket
ws2_32.dll.send
ws2_32.dll.recv
ws2_32.dll.closesocket
ws2_32.dll.ioctlsocket
ws2_32.dll.connect
ws2_32.dll.inet_addr
ws2_32.dll.gethostbyname
ws2_32.dll.htons
ws2_32.dll.select
ws2_32.dll.setsockopt
ws2_32.dll.WSAGetLastError
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
ntdll.dll.NtContinue
advapi32.dll.RegDeleteValueW

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2018-11-02 08:58:21 2018-11-02 08:58:21

1 Host(s) detected

IP Address Hostname Reverse DNS
217.23.14.123 Netherlands customer.worldstream.nl.

Host(s) by Country

Hosts Country 1
1 Netherlands Netherlands

#infosec #automation

TheSystem Itself @ 2018-11-02 09:06:24