MalScore
100/100

jlsb7ez.zip

Is DLL Packer Anti Debug Anti VM Signed XOR
File details Download PDF Report
File type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
File size: 392.84 KB (402264 bytes)
Compile time: 2020-10-06 05:52:45
MD5: b251618e473b04ec4dd58d8bbf975c2a
SHA1: fb3f3e8c8a0b0077aaff175f7d777533ae88a22c
SHA256: adf6d91922505e07b840cdd9f74d33d6c7872bc6534a9be6b27b5d03470c835b
Import hash: f973b752dc5ac349369486fc7f90c6b1
Sections 6 .text .rdata .data2 .data .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2022-04-05 08:57:09
Last submission: 2022-04-05 08:57:09
Filename detected: - jlsb7ez.zip (1)
URL file hosting
hXXp://tanushthakor.com/jlsb7ez.zipVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 0 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x2318 9216 b05fb0f3453af49f785b5d05d49f4b91 6c44804945317eacf44e383e9530c1c8a0316920
.rdata 0x4000 0xc8 512 bf619eac0cdf3f68d496ea9344137e8b 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
.data2 0x5000 0xc8 512 bf619eac0cdf3f68d496ea9344137e8b 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5
.data 0x6000 0x511dc 332288 11abb667836148efc041aa010ba4828d bdccc0843c3234cae8cddd253ace7adbdeaa7032
.rsrc 0x58000 0xc788 51200 801170cc9fc9369bdc747144cb54abf4 17219630c67a5ed8384cfbf2b9eb77ce2a2d99c0
.reloc 0x65000 0x694 2048 58fb577b18ff007765ba4ff977017874 d8cc57bf154ae976687c8cdd6cd925c2e0cc8765
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: c9e02cc0eec7d92386cbcc693c0b967c
SHA1: 3be181397b0f3f5c5148698585ba54c6f77d3946
Block Size: 5464
Virtual Address: 396800
Packer(s)
Borland Delphi 3.0 (???)
File found
FIle type: Library
ADVAPI32.dll
USER32.dll
GDI32.dll
KERNEL32.dll
IP Found
No IP detected
URL(s)
http://ocsp.sectigo.com0
http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://ocsp.usertrust.com0
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
https://sectigo.com/CPS0D
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2022-04-05 08:47:10 2022-04-05 08:50:15 185

6 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2022-04-05 08:47:10 2022-04-05 08:50:15 185

5 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\jlsb7ez.zip.dll
C:\Users\Seven01\AppData\Local\Temp\jlsb7ez.zip.dll.123.Manifest
C:\Users\Seven01\AppData\Local\Temp\jlsb7ez.zip.dll.124.Manifest
C:\Users\Seven01\AppData\Local\Temp\jlsb7ez.zip.dll.2.Manifest
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Seven01\AppData\Local\Temp\fftGVYCAdu
C:\Windows\SysWOW64\ADybyrVYnk
C:\Users\Seven01\AppData\Local\Temp\ADybyrVYnk
C:\Windows\System32\ADybyrVYnk
C:\Windows\system\ADybyrVYnk
C:\Windows\ADybyrVYnk
C:\ProgramData\Oracle\Java\javapath\ADybyrVYnk
C:\Windows\System32\wbem\ADybyrVYnk
C:\Windows\System32\WindowsPowerShell\v1.0\ADybyrVYnk
C:\Windows\SysWOW64\J KntzRqUJ
C:\Users\Seven01\AppData\Local\Temp\J KntzRqUJ
C:\Windows\System32\J KntzRqUJ
C:\Windows\system\J KntzRqUJ
C:\Windows\J KntzRqUJ
C:\ProgramData\Oracle\Java\javapath\J KntzRqUJ
C:\Windows\System32\wbem\J KntzRqUJ
C:\Windows\System32\WindowsPowerShell\v1.0\J KntzRqUJ
C:\Users\Seven01\AppData\Local\Temp\hWylsvFluF
C:\Windows\Fonts\uHridnYsCY
C:\Windows\SysWOW64\uHridnYsCY
C:\Users\Seven01\AppData\Local\Temp\uHridnYsCY
C:\Windows\System32\uHridnYsCY
C:\Windows\system\uHridnYsCY
C:\Windows\uHridnYsCY
C:\ProgramData\Oracle\Java\javapath\uHridnYsCY
C:\Windows\System32\wbem\uHridnYsCY
C:\Windows\System32\WindowsPowerShell\v1.0\uHridnYsCY
C:\Windows\SysWOW64\UbKmfWTHPO
C:\Users\Seven01\AppData\Local\Temp\UbKmfWTHPO
C:\Windows\System32\UbKmfWTHPO
C:\Windows\system\UbKmfWTHPO
C:\Windows\UbKmfWTHPO
C:\ProgramData\Oracle\Java\javapath\UbKmfWTHPO
C:\Windows\System32\wbem\UbKmfWTHPO
C:\Windows\System32\WindowsPowerShell\v1.0\UbKmfWTHPO
C:\Windows\Fonts\vwEJIFOeDp
C:\Windows\SysWOW64\vwEJIFOeDp
C:\Users\Seven01\AppData\Local\Temp\vwEJIFOeDp
C:\Windows\System32\vwEJIFOeDp
C:\Windows\system\vwEJIFOeDp
C:\Windows\vwEJIFOeDp
C:\ProgramData\Oracle\Java\javapath\vwEJIFOeDp
C:\Windows\System32\wbem\vwEJIFOeDp
C:\Windows\System32\WindowsPowerShell\v1.0\vwEJIFOeDp
C:\Users\Seven01\AppData\Local\Temp\asEHouVxmj
C:\Windows\SysWOW64\34gggg
C:\Users\Seven01\AppData\Local\Temp\34gggg
C:\Windows\System32\34gggg
C:\Windows\system\34gggg
C:\Windows\34gggg
C:\ProgramData\Oracle\Java\javapath\34gggg
C:\Windows\System32\wbem\34gggg
C:\Windows\System32\WindowsPowerShell\v1.0\34gggg
C:\Users\Seven01\AppData\Local\Temp\RwOjJtnFlR
C:\Windows\SysWOW64\QfEQqJdxZP
C:\Users\Seven01\AppData\Local\Temp\QfEQqJdxZP
C:\Windows\System32\QfEQqJdxZP
C:\Windows\system\QfEQqJdxZP
C:\Windows\QfEQqJdxZP
C:\ProgramData\Oracle\Java\javapath\QfEQqJdxZP
C:\Windows\System32\wbem\QfEQqJdxZP
C:\Windows\System32\WindowsPowerShell\v1.0\QfEQqJdxZP
C:\Users\Seven01\AppData\Local\Temp\XCXPKxvgUt
C:\Windows\SysWOW64\opengl32.dll
C:\Windows\SysWOW64\glu32.dll
C:\Windows\SysWOW64\ddraw.dll
C:\Windows\SysWOW64\dciman32.dll
C:\Windows\SysWOW64\dwmapi.dll
C:\Windows\SysWOW64\it-IT\SETUPAPI.dll.mui
C:\Users\Seven01\AppData\Local\Temp\mG fXCuLfv

Read Files

C:\Users\Seven01\AppData\Local\Temp\jlsb7ez.zip.dll
C:\Users\Seven01\AppData\Local\Temp\jlsb7ez.zip.dll.123.Manifest
C:\Users\Seven01\AppData\Local\Temp\jlsb7ez.zip.dll.124.Manifest
C:\Users\Seven01\AppData\Local\Temp\jlsb7ez.zip.dll.2.Manifest
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Seven01\AppData\Local\Temp\fftGVYCAdu
C:\Users\Seven01\AppData\Local\Temp\hWylsvFluF
C:\Users\Seven01\AppData\Local\Temp\asEHouVxmj
C:\Users\Seven01\AppData\Local\Temp\RwOjJtnFlR
C:\Users\Seven01\AppData\Local\Temp\XCXPKxvgUt
C:\Windows\SysWOW64\opengl32.dll
C:\Windows\SysWOW64\glu32.dll
C:\Windows\SysWOW64\ddraw.dll
C:\Windows\SysWOW64\dciman32.dll
C:\Windows\SysWOW64\dwmapi.dll
C:\Windows\SysWOW64\it-IT\SETUPAPI.dll.mui
C:\Users\Seven01\AppData\Local\Temp\mG fXCuLfv

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\jlsb7ez.zip.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_CLASSES_ROOT\iNTerface\{b196b287-bab4-101a-b69c-00aa00341d07}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\(Default)

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\UseFilter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\jlsb7ez.zip.dll
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B196B287-BAB4-101A-B69C-00AA00341D07}\(Default)

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.RegQueryValueExW
gdi32.dll.GdiAddGlsRecord
gdi32.dll.GdiAddGlsBounds
gdi32.dll.GdiIsMetaPrintDC
opengl32.dll.wglSwapBuffers
kernel32.dll.VirtualAllocEx
kernelbase.dll.LoadLibraryExA
kernel32.dll.GetProcAddress
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualFree
kernel32.dll.UnmapViewOfFile
kernel32.dll.VirtualProtect
kernel32.dll.LoadLibraryExA
kernel32.dll.GetModuleHandleA
kernel32.dll.CreateFileA
kernel32.dll.SetFilePointer
kernel32.dll.WriteFile
kernel32.dll.CloseHandle
kernel32.dll.GetTempPathA
kernel32.dll.lstrlenA
kernel32.dll.lstrcatA
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetModuleFileNameW
kernelbase.dll.VirtualAlloc
kernel32.dll.OutputDebugStringA
kernel32.dll.Sleep
ntdll.dll.NtSetInformationProcess

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven06_64 Seven06_64 VirtualBox 2022-04-05 08:47:10 2022-04-05 08:50:15 185

1 HTTP Request(s) detected

http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt
  • Hostname: crt.usertrust.com
  • IP Address: 91.199.212.52
  • Port: 80
  • Count: 1

GET /USERTrustRSAAddTrustCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crt.usertrust.com

#infosec #automation

TheSystem Itself @ 2022-04-05 08:57:11