agent_140020000.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 46/70 Related 41
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 459.16 KB (470176 bytes)
Compile time: 1992-06-20 00:22:17
MD5: d87306e7e817a9205ed15147fe024c21
SHA1: 5ca28c428b24cc5993255648c0213bf0e8f3a838
SHA256: 49a39ff9c221553cb50fb941526efb11ba37c7232d533badc00360f13e595c02
Import hash: 2fb819a19fe4dee5c03e8c6a79342f79
Sections 8 CODE DATA BSS .idata .tls .rdata .reloc .rsrc
Directories 4 import resource tls security
First submission: 2019-11-19 22:39:07
Last submission: 2019-11-19 22:39:07
Filename detected: - agent_140020000.exe (1)
URL file hosting
hXXp://agent-14.s3.us-east-2.amazonaws.com/agent_140020000.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-08-18 23:42:11 [46/70] VirusTotal
PE Sections 4 suspicious
Name VAddress VSize Size MD5 SHA1
CODE 0x1000 0xa1d0 41472 b7ea439d9c6d5ec722056c9243fb3054 448f38293276fdd5721deb66e9aab64e7eb86e6d
DATA 0xc000 0x250 1024 9b2268ed5360951559d8041925d025fb 92b3d0f7133ed41638b2883a6d2532b467edd641
BSS 0xd000 0xe94 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.idata 0xe000 0x97c 2560 df5f31e62e05c787fd29eed7071bf556 3cfc95ebff0ce7dd7301eecc34bb84ee23beede8
.tls 0xf000 0x8 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rdata 0x10000 0x18 512 14dfa4128117e7f94fe2f8d7dea374a0 2b87a504cb33a3fbd0e12d47b5e2e300f8257779
.reloc 0x11000 0x91c 0 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
.rsrc 0x12000 0x2c00 11264 8127703d4652590fcacb4be61d7ac283 11a39b08f642190f8dfc713785b0e361aaa2433b
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: 33db6abf81ae0c79a710131e71c547c3
SHA1: 2dc03826900a38b98c05e3d8db7df1557aa1818f
Block Size: 9808
Virtual Address: 460368
Packer(s)
Borland Delphi 3.0 (???)
Borland Delphi 4.0
File found
FIle type: Library
cryptbase.dll
clbcatq.dll
propsys.dll
USER32.dll
UxTheme.dll
comctl32.dll
OLEACC.dll
SETUPAPI.dll
ADVAPI32.dll
USERENV.dll
OLEAUT32.dll
profapi.dll
dwmapi.dll
KERNEL32.dll
apphelp.dll
SHELL32.dll
comres.dll
VERSION.dll
IP Found
No IP detected
URL(s)
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
http://ocsp.sectigo.com0
http://crl.thawte.com/ThawteTimestampingCA.crl0
http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
http://ocsp.thawte.com0
http://ocsp.usertrust.com0
http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://ts-ocsp.ws.symantec.com07
https://sectigo.com/CPS0D
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<

#infosec #automation

TheSystem Itself @ 2019-11-19 22:40:09