qcoin138.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 37/69 Related 2238
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 297.50 KB (304640 bytes)
Compile time: 2018-02-01 22:35:45
MD5: b3463dcf1ee4f0ea44e5f2668b413822
SHA1: 24b39496055d6cc6d34c30fdab864b5d8d2df864
SHA256: 4c9ce88c73b764837e11fccde7376bc8c8ae079f0c8fb9144fda52eaa93fb1ce
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 10:00:08
Last submission: 2019-01-22 10:00:08
Filename detected: - qcoin138.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/qcoin/qcoin138.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-20 12:42:24 [37/69] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x49bef 302080 55abf5e6615d28b7fa5dff2172c7d386 6a20b311ec61e46867da400405e4133e5eb1a0dd
.rsrc 0x4c000 0x57e 1536 0b569a5d331427278d0ecfd978471f10 08924db424cf90cf0ea0d382f176e07e3b3655b3
.reloc 0x4e000 0xc 512 03ecc7f568a9edf377df5a86c1f7e303 c81eea12ca7b205a1bd2606a5350a493700d3687
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: Text
{0}{1:yyyy_MM_dd}.txt
(*.txt)|*.txt
FIle type: Library
mscoree.dll
IP Found
6.10.0.218
URL(s)
https://api.unipay.qq.com/v1/r/1450000238/wechat_query
https://aq.qq.com/cn2/safe_service/my_qbqd_prot
http://huafei.91yunma.cn/home/register
https://ssl.ptlogin2.qq.com/jump?clientuin=
https://api.unipay.qq.com/v1/r/
https://pay.qq.com/ipay/login-proxy.html
https://localhost.ptlogin2.qq.com:
https://ssl.ptlogin2.qq.com/ptqrlogin?
https://ssl.ptlogin2.qq.com/login
http://huafei.91yunma.cn/login/sso?uid=
https://ssl.ptlogin2.qq.com/check
https://pay.qq.com/midas/minipay_v2/views/public/mb.shtml
http://rdm.91yunma.cn/api/upgrade/qcoin
https://aq.qq.com/cn2/safe_service/my_game_prot
https://ssl.ptlogin2.qq.com/ptqrshow?appid=11000101&e=2&l=M&s=3&d=72&v=4&t=0.775116815589233&pt_3rd_aid=0
http://mf.91yunma.cn/api/qcoin/index
http://huafei.91yunma.cn/home/reset_pwd
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=11000101&target=self&style=40&s_url=https%3A%2F%2Fpay.qq.com%2Fipay%2Flogin-proxy.html

#infosec #automation

TheSystem Itself @ 2019-01-22 10:00:10