MalScore
76/100

tsbrowser_769_4.0.7.20.exe

Is DLL Packer Anti Debug Anti VM Signed XOR
File details Download PDF Report
File type: PE32 executable (GUI) Intel 80386, for MS Windows
File size: 6626.55 KB (6785586 bytes)
Compile time: 2020-05-08 07:59:10
MD5: fc2267d5b44910aa8c50faefe415e244
SHA1: 7d47040055dd6579f5552feb7713151a8e9f675a
SHA256: 13b3798881670fb1a04fbc55df95446f8fb3d664f7f6eda6205a37204201bee6
Import hash: ed4a66b129676b1a0c22955a7549924c
Sections 5 .text .rdata .data .rsrc .reloc
Directories 6 import resource debug tls relocation security
Anti Virtual Machine 2 VMCheck.dll Bochs & QEmu CPUID Trick
First submission: 2020-10-11 06:30:13
Last submission: 2020-10-11 06:30:13
Filename detected: - tsbrowser_769_4.0.7.20.exe (1)
URL file hosting
hXXp://file.cdn.xiangtatech.com/file/tsbrowser_769_4.0.7.20.exeVirusTotal
Antivirus Report
Report Date Detection Ratio Permalink Update
No report available
PE Sections 1 suspicious
Name VAddress VSize Size MD5 SHA1
.text 0x1000 0x8bf07 573440 82bdb2281461fd44dac667e2b370af49 e542a9217250326c99c808621e16a57103e112b7
.rdata 0x8d000 0x23228 144384 0b92c049bdb5389ef83ea955519dfc79 ba98b761bb6af7f4f88f2963a60e34ec896d137a
.data 0xb1000 0x4e60 7680 5eb6ad781b3f2bcf22df4d4666bada5f b04f4b450212d437f359c8e60e99dbcc16f0d32f
.rsrc 0xb6000 0x4216740 69298176 13a5b19ff6fa193af4e04f8ebf963459 238cf6200663d07b52210fb9605409982759bb07
.reloc 0x42cd000 0x6674 26624 d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709
Meta Info
No Meta found in this file
XOR
No XOR informations found in this file.
Signature
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
Block Size: 6144
Virtual Address: 70051328
Packer(s)
Microsoft Visual C++ 8
VC8 -> Microsoft Corporation
File found
FIle type: Binary
snapshot_blob.bin
natives_blob.bin
FIle type: Data
icudtl.dat
FIle type: XML
LAYOUT.XML
FIle type: Linker File
%s\%s.lnk
%s\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\%s.lnk
%s\%s\%s.lnk
%s\Microsoft\Internet Explorer\Quick Launch\%s.lnk
%s\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\%s.lnk
%s.lnk
FIle type: Library
mscoree.dll
KERNEL32.dll
Kapi-ms-win-core-synch-l1-2-0.dll
Wadvapi32.dll
ntdll.dll
SRICHED20.DLL
ADVAPI32.dll
SHELL32.dll
MSIMG32.dll
!\?.dll;!\loadall.dll;.\?.dll
chrome.dll
atlthunk.dll
comctl32.dll
D3DCompiler_47.dll
\pcid.dll
psapi.dll
\substat.dll
WININET.dll
chrome_watcher.dll
chrome_child.dll
IMM32.dll
ole32.dll
pcid.dll
func_helper.dll
SHLWAPI.dll
libegl.dll
USER32.dll
VERSION.dll
libglesv2.dll
chrome_elf.dll
Netapi32.dll
OLEAUT32.dll
BrowserMsg.dll
\uninstall.dll
GDI32.dll
gdiplus.dll
IP Found
1.0.0.4
4.0.7.20
URL(s)
http://tsbrowser.xiangtatech.com/licence.html
http://servicefc.xiangtatech.com/Client/unInstall.aspx
http://servicefc.xiangtatech.com/Client/Install.aspx
http://www.w3.org/1999/02/22-rdf-syntax-ns#
http://ns.adobe.com/xap/1.0/mm/
https://shang.qq.com/wpa/qunwpa?idkey=b64120d74834b09744f15a5b2d4a4c64ce57d7ca3e9bb0b5831da5716aa82c95
http://feedback.tsbrowser.xiangtatech.com/feed?ruleShow=true
http://uninstall.xiangtatech.com/api/UninstallReport
http://ns.adobe.com/xap/1.0/sType/ResourceRef#
http://ns.adobe.com/xap/1.0/
Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2020-10-11 06:25:43 2020-10-11 06:26:10 27

3 Behaviors detected by system signatures

Behavior analysis details
Machine name Machine label Machine manager Started Ended Duration
Seven04_64 Seven04_64 VirtualBox 2020-10-11 06:25:43 2020-10-11 06:26:10 27

0 Summary items with data

Files

Nothing to display

Read Files

Nothing to display

Write Files

Nothing to display

Delete Files

Nothing to display

Keys

Nothing to display

Read Keys

Nothing to display

Write Keys

Nothing to display

Delete Keys

Nothing to display

Mutexes

Resolved APIs

Nothing to display

Execute Commands

Nothing to display

Started Services

Nothing to display

Created Services

Nothing to display

#infosec #automation

TheSystem Itself @ 2020-10-11 06:30:15