CnBAH.exe
First submission 2022-07-21 13:03:03
File details
| File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| File type: | 177.0 KB (181248 bytes) |
| Compile time: | 2008-06-09 10:00:19 |
| MD5: | 5c8b8e9691cdb1a51d97eccfd325159b |
| SHA1: | 948250ffc348261bf6680937c9cd7eb8ab49e986 |
| SHA256: | 9fad4236f797adede7588c51a5d90dc7df99cea0bc590adfa29eef48d652d905 |
| Sections 1 | .text��� |
| Virus Total: | 54/71 VT report date: 2022-08-01 13:28:44 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 2
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://102.37.220.234/htdocs/NpMJC.exe  |
102.37.220.234 |
2022-07-21 13:03:03 |
| hXXp://109.206.241.81/htdocs/CnBAH.exe |
109.206.241.81 |
2022-08-02 21:08:05 |
PE Sections 1 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x2b03c | 176640 | b23d2841533c757f5b6f13ef210dcdfefa4552de | 4bf4bccfccf7c73520c625d04f6d3ec6 |
Packers detected 1
| Borland Delphi 3.0 (???) |
Anti debug functions 1
| VMCheck.dll |