CnBAH.exe

First submission 2022-07-21 13:03:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 177.0 KB (181248 bytes)
Compile time: 2008-06-09 10:00:19
MD5: 5c8b8e9691cdb1a51d97eccfd325159b
SHA1: 948250ffc348261bf6680937c9cd7eb8ab49e986
SHA256: 9fad4236f797adede7588c51a5d90dc7df99cea0bc590adfa29eef48d652d905
Sections 1 .text
Virus Total: 54/71 VT report date: 2022-08-01 13:28:44

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://102.37.220.234/htdocs/NpMJC.exe VirusTotal Report 102.37.220.234 VirusTotal Report 2022-07-21 13:03:03
hXXp://109.206.241.81/htdocs/CnBAH.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:08:05

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2b03c 176640 b23d2841533c757f5b6f13ef210dcdfefa4552de 4bf4bccfccf7c73520c625d04f6d3ec6

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 1

VMCheck.dll