setup.exe

Is DLL Packer Anti Debug Anti VM Signed XOR Related 2772
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 665622.55 KB (681597496 bytes)
Compile time: 2019-12-05 20:53:18
MD5: d0b1e68ee54a2b285224c95bf628f641
SHA1: 0d7c3e4826a89dcd3995e0594fb6c65411414d94
SHA256: 46b2f0fb75b346dc7e4de935a1185a4f6fcbc63da40f4e9049fe7caffa854a9f
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 4 import resource relocation security
First submission: 2019-12-17 00:42:12
Last submission: 2019-12-17 00:42:12
Filename detected: - setup.exe (1)
URL file hosting
hXXps://polez.su/setup.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 2 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x29474 169472 5d3bdc68eac0d628d84537047bcb6012 479786e11f7ff907d3bb5f4dc2d14038d76390a7
.rsrc 0x2c000 0x14483a 1329664 da958281a1df3c22adc79d54ad1d37e1 251f37d03e7bdf837a2a36efb40c0cfd0bf82270
.reloc 0x172000 0xc 512 0429d7db6a5617cc4a9263224f160201 105de873c2fafa93b67194feef9b353c69dacb53
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 8db13eba501c6bd76ec9f0921a8c6ffa
SHA1: 91c7930df7df3d98fb86ab2b04adcac0e5c398a6
Block Size: 23096
Virtual Address: 681574400
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Text
Text Files (*.txt)|*.txt
FIle type: Library
mscoree.dll
IP Found
No IP detected
URL(s)
https://www.thawte.com/cps0/
http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
http://th.symcb.com/th.crt0
http://crl.thawte.com/ThawtePCA.crl0
http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
http://crl3.digicert.com/sha2-assured-cs-g1.crl05
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://th.symcb.com/th.crl0
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
https://www.thawte.com/repository0W
http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
http://ocsp.digicert.com0C
http://ocsp.digicert.com0A
http://ocsp.digicert.com0O
http://ocsp.digicert.com0N
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
http://ocsp.thawte.com0
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
http://crl3.digicert.com/sha2-assured-ts.crl02
http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
http://crl4.digicert.com/sha2-assured-ts.crl0
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
http://th.symcd.com0&
https://www.digicert.com/CPS0
http://www.digicert.com/ssl-cps-repository.htm0
http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08

#infosec #automation

TheSystem Itself @ 2019-12-17 00:42:57