qcoin139.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 42/70 Related 2252
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size: 296.00 KB (303104 bytes)
Compile time: 2018-03-02 15:49:37
MD5: e9726ea801251c54724da10f656b39cd
SHA1: 8a902336994584ce5b65d8c78814f0a5737d7692
SHA256: 55f9876aeb533dda4c1d115e4edebaeddab0ac4d8c8fa1a391d4f72831a0227c
Import hash: f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3 .text .rsrc .reloc
Directories 3 import resource relocation
First submission: 2019-01-22 09:30:07
Last submission: 2019-01-22 09:30:07
Filename detected: - qcoin139.exe (1)
URL file hosting
hXXp://cdn-10049480.file.myqcloud.com/qcoin/qcoin139.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
2019-01-20 12:45:39 [42/70] VirusTotal
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x2000 0x494e3 300544 07aff52e9a59c9f19b6789e2d5e37ed6 8f74130cefe40dea22d02a7b14371e73fd7e2a78
.rsrc 0x4c000 0x57e 1536 549a1f57d442ec7d4dc65895a0b5e495 82a2de99c227afe759c42409bcc6ed0d50ce3150
.reloc 0x4e000 0xc 512 7b2b23c29fad00eb45df3f667f78ac20 ea54d65219096d811dd904455d667380c36bf90f
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
This file isn't digitally signed
Packer(s)
Microsoft Visual C# / Basic .NET
Microsoft Visual Studio .NET
.NET executable
Microsoft Visual C# v7.0 / Basic .NET
File found
FIle type: Temporary
update.exe.tmp
FIle type: Text
{0}{1:yyyy_MM_dd}.txt
FIle type: Library
mscoree.dll
IP Found
6.10.0.218
URL(s)
https://api.unipay.qq.com/v1/r/1450000238/wechat_query
https://aq.qq.com/cn2/safe_service/my_qbqd_prot
http://rdm.91yunma.cn/api/upgrade/qcoin
https://api.unipay.qq.com/v1/r/
http://huafei.91yunma.cn/home/register
https://localhost.ptlogin2.qq.com:
http://mf.91yunma.cn/api/qcoin/index
https://ssl.ptlogin2.qq.com/login
https://pay.qq.com/ipay/login-proxy.html
http://huafei.91yunma.cn/login/sso?uid=
https://ssl.ptlogin2.qq.com/check
https://pay.qq.com
https://pay.qq.com/midas/minipay_v2/views/public/mb.shtml
https://ssl.ptlogin2.qq.com/jump?clientuin=
https://aq.qq.com/cn2/safe_service/my_game_prot
https://ssl.ptlogin2.qq.com/ptqrshow?appid=11000101&e=2&l=M&s=3&d=72&v=4&t=0.775116815589233&pt_3rd_aid=0
https://ssl.ptlogin2.qq.com/ptqrlogin?
http://huafei.91yunma.cn/home/reset_pwd
https://xui.ptlogin2.qq.com/cgi-bin/xlogin?appid=11000101&target=self&style=40&s_url=https%3A%2F%2Fpay.qq.com%2Fipay%2Flogin-proxy.html

#infosec #automation

TheSystem Itself @ 2019-01-22 09:30:11