installer.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 44/72 Related 4
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 2216.79 KB (2269992 bytes)
Compile time: 2019-10-12 13:15:57
MD5: be42d144a6de5911dc0944dcb11c0330
SHA1: 5884dbe6093ed49229726c6ee938d4141800cb6f
SHA256: 5add59b523088f4b56a7efbc68baf24c04f7f6933172ed9fd050e7b63f2505cc
Import hash: eb5bc6ff6263b364dfbfb78bdb48ed59
Sections 10 .text .itext .data .bss .idata .didata .edata .tls .rdata .rsrc
Directories 5 import export resource tls security
First submission: 2020-02-13 23:21:07
Last submission: 2020-02-13 23:21:07
Filename detected: - installer.exe (1)
URL file hosting
hXXp://api.googlrapis.com/static/installer.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2020-02-04 16:02:23 [44/72] VirusTotal
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0xa50e8 676352 f082ee6260fd65bd4406603aefa5b38a e0f4b76afa924a8a5b21fe616077583cf84959f6
.itext 0xa7000 0x1668 6144 01fc0e6510748ac1fa24729bd4c8d31d 9da3b9a9415d729576d6cf4eaeb4d2788e04be69
.data 0xa9000 0x37a4 14336 34fa73ad8332bf3785e4314a4334a782 bf2f52bbad084aad108e437a6104d4eaa44a9bb3
.bss 0xad000 0x6778 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.idata 0xb4000 0xf1c 4096 daddecfdccd86a491d85012d9e547c63 f367f6a2458e60a453aff3785c35bb7410780012
.didata 0xb5000 0x1a4 512 be0581a07bd7d21a29f93f8752d3e826 eda85c8f9bed972f5b31f8d22c2096155892382c
.edata 0xb6000 0x9a 512 c7a09d734ff63f677dfd4d18e3440fdf 916cfc535f62b1781b7759d68e5f1f7f5c9e34fa
.tls 0xb7000 0x18 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rdata 0xb8000 0x5d 512 955f17d4899f3cf7664168fa46e1b316 185fa7c540259f3824038cf55115adfcbef64123
.rsrc 0xb9000 0x4600 17920 c11d339a16ff072679584a8352f59138 1858b25301ce10efeb8b92a938abff381286c90e
  • API Alert
  • Anti Debug
  • PE Exports: installer.exe
    • 0x453ac0
      TMethodImplementationIntercept
    • 0x40d3dc
      __dbk_fcall_wrapper
    • 0x4b063c
      dbkFCallWrapperAddr
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 76775bfc8e98969f993d40b495300137
SHA1: 72ab204c60e60f2ce10c51d28e55eeca842d7804
Block Size: 3664
Virtual Address: 2266328
Packer(s)
Borland Delphi 3.0 (???)
Borland Delphi 4.0
File found
FIle type: Library
USERENV.dll
ntmarta.dll
comres.dll
propsys.dll
KERNEL32.dll
OLEAUT32.dll
cryptbase.dll
UxTheme.dll
OLEACC.dll
profapi.dll
VERSION.dll
dwmapi.dll
apphelp.dll
clbcatq.dll
SHELL32.dll
SETUPAPI.dll
Netapi32.dll
USER32.dll
comctl32.dll
ADVAPI32.dll
IP Found
No IP detected
URL(s)
http://ocsp.sectigo.com0
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
https://sectigo.com/CPS0C
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://ocsp.usertrust.com0
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#

#infosec #automation

TheSystem Itself @ 2020-02-13 23:21:08