MalScore
100/100
MalFamily
Malicious

mvxnugy0KOfq.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 26/65
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 565.00 KB (578560 bytes)
Compile time: 2019-08-04 00:41:21
MD5: d9b42664353af8c9a0df646be4cabacd
SHA1: e346e734cd4882af8c95f0bfa97630cc12cda48c
SHA256: 05286b539794eaa872059f22703c02118af82f3b0bc5950f768da9c673e2bb2d
Import hash: 0edacedd3b045715c3d04d69d11d7728
Sections 5 .text .rdata .data .rsrc .reloc
Directories 4 import resource debug relocation
First submission: 2019-08-14 08:33:03
Last submission: 2019-08-14 08:33:03
Filename detected: - mvxnugy0KOfq.exe (1)
URL file hosting
hXXp://dhlexpressdeliver.com/mvxnugy0KOfq.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-08-07 13:40:19 [26/65] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0xf787 63488 f6d19f7e56c0b1a4146876517baa7cf0 6958752052a79ddd734a9f305433ed6516eef3e4
.rdata 0x11000 0x7aae 31744 9687b52cf8d5c6694fdbce8003a4918b 078dc9da8500cd59468379690e6f2ec458736de4
.data 0x19000 0x11cc 2048 56ec70f6c0e0970bced89637a11fec62 11342312455706f0d3b29e356ee576645677edc1
.rsrc 0x1b000 0x75000 475648 97c8288c05ad68ea8f6c9c3d3c645389 1548956a3cd4f22201a9b5b34d65a843df167c6e
.reloc 0x90000 0x115c 4608 67bfb13e1662c72252202cde9bfd2139 fac78f1c4b96a7de614b45202c4cafd6ffaa09f9
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C++ 8
VC8 -> Microsoft Corporation
File found
FIle type: Library
mscoree.dll
USER32.dll
KERNEL32.dll
IP Found
No IP detected
URL(s)
No URL found
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2019-08-14 08:16:44 2019-08-14 08:19:47 183

8 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven01b_64 Seven01b_64 VirtualBox 2019-08-14 08:16:44 2019-08-14 08:19:47 183

4 Summary items with data

Files

C:\Users\Seven01\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\wbem\api-ms-win-core-fibers-l1-1-1.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
C:\unrar\api-ms-win-core-fibers-l1-1-1.DLL
C:\Python27\api-ms-win-core-fibers-l1-1-1.DLL
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\system\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\api-ms-win-core-localization-l1-2-1.DLL
C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\wbem\api-ms-win-core-localization-l1-2-1.DLL
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-localization-l1-2-1.DLL
C:\unrar\api-ms-win-core-localization-l1-2-1.DLL
C:\Python27\api-ms-win-core-localization-l1-2-1.DLL
C:\Users\Seven01\AppData\Local\Temp\ccwnjicw.tmp
C:\Windows\System32\ntdll.dll
C:\Windows\System32\kernel32.dll
C:\Windows\System32\kernelbase.dll
C:\Windows\System32\user32.dll
\??\PIPE\StVCbQbd

Read Files

C:\Users\Seven01\AppData\Local\Temp\ccwnjicw.tmp
C:\Windows\System32\ntdll.dll
C:\Windows\System32\kernel32.dll
C:\Windows\System32\kernelbase.dll
C:\Windows\System32\user32.dll
\??\PIPE\StVCbQbd

Write Files

\??\PIPE\StVCbQbd

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.FlsAlloc
kernel32.dll.FlsSetValue
kernel32.dll.FlsGetValue
kernel32.dll.LCMapStringEx
kernel32.dll.GetThreadLocale
kernel32.dll.GetTempPathW
kernel32.dll.CreateFileW
kernel32.dll.GetSystemDirectoryW
kernel32.dll.MultiByteToWideChar
kernel32.dll.LoadLibraryA
kernel32.dll.GetProcAddress
kernel32.dll.LocalFree
kernel32.dll.WideCharToMultiByte
kernel32.dll.GetCommandLineW
kernel32.dll.LeaveCriticalSection
kernel32.dll.GetLastError
kernel32.dll.ReadFile
kernel32.dll.CloseHandle
kernel32.dll.TlsGetValue
kernel32.dll.lstrlenW
kernel32.dll.HeapAlloc
kernel32.dll.GetFileSize
kernel32.dll.GetProcessHeap
kernel32.dll.FreeLibrary
kernel32.dll.VirtualProtect
kernel32.dll.VirtualAlloc
kernel32.dll.WriteProcessMemory
kernel32.dll.VirtualAllocEx
kernel32.dll.VirtualFreeEx
kernel32.dll.WaitForSingleObject
kernel32.dll.Sleep
kernel32.dll.ExitProcess
kernel32.dll.FlushFileBuffers
kernel32.dll.GetEnvironmentStringsW
kernel32.dll.GetCommandLineA
kernel32.dll.GetCPInfo
kernel32.dll.GetOEMCP
kernel32.dll.WriteConsoleW
kernel32.dll.HeapSize
kernel32.dll.SetFilePointerEx
kernel32.dll.GetStringTypeW
kernel32.dll.SetStdHandle
kernel32.dll.HeapFree
kernel32.dll.GetConsoleMode
kernel32.dll.GetConsoleCP
kernel32.dll.WriteFile
kernel32.dll.GetACP
kernel32.dll.IsValidCodePage
kernel32.dll.FindNextFileW
kernel32.dll.FindFirstFileExW
kernel32.dll.FindClose
kernel32.dll.HeapReAlloc
kernel32.dll.GetFileType
kernel32.dll.GetStdHandle
kernel32.dll.UnhandledExceptionFilter
kernel32.dll.SetUnhandledExceptionFilter
kernel32.dll.GetCurrentProcess
kernel32.dll.TerminateProcess
kernel32.dll.IsProcessorFeaturePresent
kernel32.dll.QueryPerformanceCounter
kernel32.dll.GetCurrentProcessId
kernel32.dll.GetCurrentThreadId
kernel32.dll.GetSystemTimeAsFileTime
kernel32.dll.InitializeSListHead
kernel32.dll.IsDebuggerPresent
kernel32.dll.GetStartupInfoW
kernel32.dll.GetModuleHandleW
kernel32.dll.RtlUnwind
kernel32.dll.RaiseException
kernel32.dll.InterlockedFlushSList
kernel32.dll.SetLastError
kernel32.dll.EnterCriticalSection
kernel32.dll.DeleteCriticalSection
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.TlsAlloc
kernel32.dll.TlsSetValue
kernel32.dll.TlsFree
kernel32.dll.LoadLibraryExW
kernel32.dll.GetModuleHandleExW
kernel32.dll.GetModuleFileNameW
kernel32.dll.LCMapStringW
kernel32.dll.FreeEnvironmentStringsW
user32.dll.DrawTextA
user32.dll.CreateMenu
user32.dll.CreateWindowExA
user32.dll.MessageBoxA
user32.dll.DestroyMenu
advapi32.dll.GetUserNameW
ole32.dll.CoUninitialize
ole32.dll.CoCreateInstance
ole32.dll.CoInitializeSecurity
oleaut32.dll.#6
oleaut32.dll.#2
oleaut32.dll.#26
oleaut32.dll.#24
oleaut32.dll.#9
oleaut32.dll.#411
oleaut32.dll.#23
oleaut32.dll.#15
oleaut32.dll.#8
kernel32.dll.AreFileApisANSI

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2019-08-14 08:33:05

Detected family: #Malicious

TheSystem Itself @ 2019-08-14 08:42:02