appupdui_01.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 43/68 Related 1
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 1306.30 KB (1337656 bytes)
Compile time: 2019-09-20 11:26:26
MD5: 97ee98272dcc403a767d8a149da8e235
SHA1: 541c421f2fea10939f64c00951c4207a25e62b73
SHA256: b99de78da3f69dd83c73c0f9f23f1a9bd65e8f85accf7f3cb703525575814699
Import hash: 97d36e848b34c1f7e34aff5530080969
Sections 7 .text .rdata .data .gfids .tls .rsrc .reloc
Directories 6 import resource debug tls relocation security
Anti Virtual Machine 1 VMCheck.dll
First submission: 2019-10-25 03:30:07
Last submission: 2019-10-25 03:30:07
Filename detected: - appupdui_01.exe (1)
URL file hosting
hXXp://download.zjsyawqj.cn/jjbq/appupdui/v1.0.9.20/appupdui_01.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-10-21 10:05:41 [43/68] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0xe0ab3 920576 130ab101af65724f6262ff57ed496fce 62e3ea91102eb3c1e667a8cdbc500793a51d2590
.rdata 0xe2000 0x31f68 204800 9949811d05f8be42d9bd6ffd457b0744 783ea874ea678482db1e845c836db64d24730f3f
.data 0x114000 0x3c54 9216 8f1c7890d67169837984a3cb2372cc51 1e0937f6c15ae36bc2cdb82fcbbafd19e10d4ffe
.gfids 0x118000 0x1d8 512 386766ac4280f35abd82f5bbefe13b62 0046af42ee5e40ddeaf66ee02664bba21a8ca932
.tls 0x119000 0x9 512 1f354d76203061bfdd5a53dae48d5435 aa0d33a0c854e073439067876e932688b65cb6a9
.rsrc 0x11a000 0x245e8 148992 6742b970dd2db0dd722d845cb20e8345 386920838f00a77a5f1811dcacfdbad72a2c3a32
.reloc 0x13f000 0xbc08 48640 03cb1abbcbbd7a6736c45ed12db59aed 0da1ba308e0331a384255cc139092750a0535884
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 5e30f6aa255e29df559903c9009fd343
SHA1: 297c6c9d71b295edd214914760dc3501b282ffbd
Block Size: 3384
Virtual Address: 1334272
Packer(s)
Microsoft Visual C++ 8
VC8 -> Microsoft Corporation
File found
FIle type: XML
menu_%s.xml
ads.xml
%s.xml
appupdui.xml
FIle type: Library
mscoree.dll
MSIMG32.dll
KERNEL32.dll
USER32.dll
DMsftedit.dll
ADVAPI32.dll
SHLWAPI.dll
OLEAUT32.dll
IMM32.dll
WININET.dll
WS2_32.DLL
WLDAP32.dll
SHELL32.dll
comctl32.dll
ole32.dll
gdiplus.dll
urlmon.dll
GDI32.dll
IP Found
1.0.0.1
127.0.0.1
URL(s)
http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
ftp://%s:%s@%s
https://www.globalsign.com/repository/0
file://
http://myip.ipip.net
http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
http://ocsp2.globalsign.com/rootr306
file://hostname/,
http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
https://curl.haxx.se/docs/http-cookies.html
http://crl.globalsign.com/root-r3.crl0b
ftp://

#infosec #automation

TheSystem Itself @ 2019-10-25 03:30:07