MalScore
100/100
MalFamily
Malicious

r2.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 12/69 Related 2707
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 492.47 KB (504288 bytes)
Compile time: 2005-09-30 08:18:35
MD5: b44cb04d7b386816db7805acc0d4d07b
SHA1: aa8f9c485ee27871d8596345429d7950a4143169
SHA256: f01d17879df7d40fb98350a5719eae2268f2a17618a83474b39e94a910eef317
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2018-11-28 16:51:06
Last submission: 2018-11-28 16:51:06
Filename detected: - r2.exe (1)
URL file hosting
hXXp://kikidoyoulabme222.ru/zz/r2.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-11-28 14:09:37 [12/69] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x73d74 474624 b108b92c7ea01b5f3ec58e1edc6b6c6f de46179c1d84d70508b857a78f40d6fe919bedcb
.rsrc 0x76000 0x275a 10240 8b572a6ae8c7256df7e9f14f3c0e462f fe253206289c6829760451a21c45260c3eae7b0d
.reloc 0x7a000 0xc 512 4f0592e84c17609161652f9ae7b44638 e878080571bc7cc4523e3e630e2ef408a98265da
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: c8dfb4795de47a2e137375ce7141a22c
SHA1: a7cbaa6cdbe220b6e56dc34445ddd571368ddecf
Block Size: 18400
Virtual Address: 485888
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Library
mscoree.dll
IP Found
9.9.27.2
URL(s)
http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0@
http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
http://crl3.digicert.com/EVCodeSigning-g1.crl03
http://cacerts.digicert.com/DigiCertEVCodeSigningCA.crt0
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://crl4.digicert.com/EVCodeSigning-g1.crl0K
http://ocsp.digicert.com0I
http://ocsp.digicert.com0H
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
https://www.digicert.com/CPS0
http://www.digicert.com/ssl-cps-repository.htm0
http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-11-28 16:42:39 2018-11-28 16:45:43 184

5 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-11-28 16:42:39 2018-11-28 16:45:43 184

0 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven05b_64 Seven05b_64 VirtualBox 2018-11-28 16:42:39 2018-11-28 16:45:43 184

12 HTTP Request(s) detected

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEA3Q4zdKyVvb%2BmtDSypI7AY%3D
  • Hostname: ocsp.digicert.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEA3Q4zdKyVvb%2BmtDSypI7AY%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://ocsp.digicert.com/
  • Hostname: ocsp.digicert.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 4

POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/ocsp-request
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Content-Length: 83
Host: ocsp.digicert.com

http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl
  • Hostname: crl3.digicert.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /DigiCertHighAssuranceEVRootCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl3.digicert.com

http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
  • Hostname: crl4.digicert.com
  • IP Address: 66.225.197.197
  • Port: 80
  • Count: 1

GET /DigiCertHighAssuranceEVRootCA.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl4.digicert.com

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSHRqVSKsocqbcuJkRZwJjSAmttHAQUrWkGcPyAGxazqRiUa5QChl73J4wCEA1JvA1dfDA4tedlKArQG9g%3D
  • Hostname: ocsp.digicert.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSHRqVSKsocqbcuJkRZwJjSAmttHAQUrWkGcPyAGxazqRiUa5QChl73J4wCEA1JvA1dfDA4tedlKArQG9g%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://crl3.digicert.com/EVCodeSigning-g1.crl
  • Hostname: crl3.digicert.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /EVCodeSigning-g1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl3.digicert.com

http://crl4.digicert.com/EVCodeSigning-g1.crl
  • Hostname: crl4.digicert.com
  • IP Address: 66.225.197.197
  • Port: 80
  • Count: 1

GET /EVCodeSigning-g1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl4.digicert.com

http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
  • Hostname: cacerts.digicert.com
  • IP Address: 104.16.238.184
  • Port: 80
  • Count: 1

GET /DigiCertAssuredIDRootCA.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: cacerts.digicert.com

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D
  • Hostname: ocsp.digicert.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEAPxtOFfOoLxFJZ4s9fYR1w%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAMF7BOOlKHbbrfceQUIPwQ%3D
  • Hostname: ocsp.digicert.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBSPwl%2BrBFlJbvzLXU1bGW08VysJ2wQUj%2Bh%2B8G0yagAFI8dwl2o6kP9r6tQCEAMF7BOOlKHbbrfceQUIPwQ%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com

http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl
  • Hostname: crl3.digicert.com
  • IP Address: 93.184.220.29
  • Port: 80
  • Count: 1

GET /EVCodeSigningSHA2-g1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl3.digicert.com

http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl
  • Hostname: crl4.digicert.com
  • IP Address: 66.225.197.197
  • Port: 80
  • Count: 1

GET /EVCodeSigningSHA2-g1.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl4.digicert.com

#infosec #automation

TheSystem Itself @ 2018-11-28 16:51:23

Detected family: #Malicious

TheSystem Itself @ 2018-11-28 17:04:02