qcoin128.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 33/71 Related 2257
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 287.00 KB (293888 bytes)
Compile time: 2017-12-06 22:51:57
MD5: c17eca0060a35299ba10f48ab4dcfe61
SHA1: d1ece8a2f6060314de6f9acc70e8a4fc5f7c0ae5
SHA256: 2a7b6d4238382c015fcb7e292f4f6b9c8569a49a74b793930b83d0b6c4aea279
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 08:00:06
Last submission: 2019-01-22 08:00:06
Filename detected: - qcoin128.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/qcoin/qcoin128.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-20 12:43:43 [33/71] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x470e7 291328 6cbf7ac87d1b3600c3fed4377da2fd62 86315d84aed58f2b01ead8ad315fe0d21aada682
.rsrc 0x4a000 0x57e 1536 af3f90edb7af3f9f93a07df02b266a70 d4d6f814c64713fc3d4541d9af5e8bfef6e1701a
.reloc 0x4c000 0xc 512 aa073f4aefc3447367794a7f9331ca7c 6c60ff624c49ed1616f78aeddd7a06feb9062bfa
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: Text
(*.txt)|*.txt
FIle type: Library
mscoree.dll
IP Found
6.10.0.218
URL(s)
https://pay.qq.com/midas/minipay_v2/views/public/mb.shtml
http://huafei.91yunma.cn/api/qcoin/index
https://aq.qq.com/cn2/safe_service/my_qbqd_prot
http://rdm.91yunma.cn/api/upgrade/qcoin
https://my.pay.qq.com/cgi-bin/personal/balance_query_sortflow.cgi?items=qd,qb&_=0.00576352260087587
http://huafei.91yunma.cn/home/register
https://localhost.ptlogin2.qq.com:
https://ssl.ptlogin2.qq.com/login
https://pay.qq.com/ipay/login-proxy.html
http://huafei.91yunma.cn/login/sso?uid=
https://ssl.ptlogin2.qq.com/check
https://api.unipay.qq.com/v1/r/
https://ssl.ptlogin2.qq.com/jump?clientuin=
https://aq.qq.com/cn2/safe_service/my_game_prot
http://huafei.91yunma.cn/home/reset_pwd
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=11000101&target=self&style=40&s_url=https%3A%2F%2Fpay.qq.com%2Fipay%2Flogin-proxy.html

#infosec #automation

TheSystem Itself @ 2019-01-22 08:00:08