MalScore
30/100

cr7.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 25/66 Related 2501
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 696.50 KB (713216 bytes)
Compile time: 1981-02-20 03:50:53
MD5: bc11c61f38f6675747542128d04d953f
SHA1: ab85c392b1daa9a25dd5a84ee2024b1725bc7751
SHA256: d732680c6c2e4a5ce7f0dab07582f7846981090eacd36abc491b722c293bd0c9
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 5 zebCeSv .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2018-11-01 09:18:10
Last submission: 2018-11-01 09:18:10
Filename detected: - cr7.exe (1)
URL file hosting
hXXp://linetrepanier.com/wp-data/cr7.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2018-10-31 04:08:52 [25/66] VirusTotal
PE Sections 3 suspicious
Name VAddress VSize Size MD5 SHA1
zebCeSv 0x2000 0xb564 46592 77e1664285cae560defb14a9ad017533 1991bf2509cae79893d0e2676700fbc221c43bbc
.text 0xe000 0xa1a48 662528 3d69e38ce94651c892d902550c4e3d8b 3dfb07a469aec394e0fc497b3d0d6965d64aa80b
.rsrc 0xb0000 0x618 2048 0dab9d6de45af03231d33a723201503f c36d1c832ca6b762c4469393a19f706863c3d7c9
.reloc 0xb2000 0xc 512 49ba7a9e1e9d0fde8dd025f5fdb99dfe 6ba531f2c60ccb944421e122ee014a896fbd01a4
0xb4000 0x10 512 faf3f4eeda7f55a8f4331afbd3243591 50e245cd36820d200620753579c19fe543cba8f8
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
No packers found for this file
File found
FIle type: Library
KERNEL32.dll
mscoree.dll
IP Found
7.2.12.2
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2018-11-01 09:10:25 2018-11-01 09:10:25

4 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
2018-11-01 09:10:25 2018-11-01 09:10:25

2 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\wbem\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\system\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\api-ms-win-core-localization-l1-2-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\wbem\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-localization-l1-2-1.DLL

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
advapi32.dll.EventRegister
kernel32.dll.FlsGetValue
kernel32.dll.LCMapStringEx
kernel32.dll.VirtualProtect
kernel32.dll.GetModuleHandleA
kernel32.dll.ExitProcess
kernel32.dll.GetLastError
kernel32.dll.lstrcpyW
kernel32.dll.CreateFileMappingW
kernel32.dll.HeapCreate
kernel32.dll.GetCurrentThread
kernel32.dll.UnmapViewOfFile
kernel32.dll.HeapAlloc
kernel32.dll.lstrlenW
kernel32.dll.HeapFree
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetCurrentProcessId
kernel32.dll.HeapDestroy
kernel32.dll.GetCommandLineW
kernel32.dll.MapViewOfFile
kernel32.dll.WaitForSingleObject
kernel32.dll.lstrcmpA
kernel32.dll.CreateFileA
kernel32.dll.lstrcmpiA
kernel32.dll.SetLastError
kernel32.dll.GetModuleFileNameA
kernel32.dll.GetModuleFileNameW
kernel32.dll.ReadFile
kernel32.dll.lstrlenA
kernel32.dll.OpenProcess
kernel32.dll.GetProcAddress
kernel32.dll.CloseHandle
kernel32.dll.GetLongPathNameW
kernel32.dll.GetVersion
kernel32.dll.CreateEventA
kernel32.dll.VirtualAlloc
kernel32.dll.lstrcpynA
kernel32.dll.VirtualFree
kernel32.dll.SetFilePointer
user32.dll.wsprintfW
user32.dll.GetCursorPos
ntdll.dll.NtMapViewOfSection
ntdll.dll.NtUnmapViewOfSection
ntdll.dll.RtlNtStatusToDosError
ntdll.dll.NtCreateSection
ntdll.dll.memset
ntdll.dll.memcpy
ntdll.dll.ZwClose
ntdll.dll.RtlUnwind
ntdll.dll.NtQueryVirtualMemory
shlwapi.dll.StrRChrA
shlwapi.dll.StrChrA

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2018-11-01 09:18:27