ZsRSF.exe

First submission 2022-07-23 15:22:03

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 177.0 KB (181248 bytes)
Compile time: 2001-03-28 02:04:44
MD5: 90f6fded7e723bec5f87d99310c4d6c7
SHA1: 45a628682111c4d4e1fc1adcf86abb4f112f6f5a
SHA256: b17e291e0dde8310125a67358658010ed0f6ac6131d8bca2373343405c4e68d7
Sections 1 .text
Virus Total: 57/71 VT report date: 2022-08-01 16:58:36

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 3

URL Host (FQDN/IP) Date Added
hXXp://102.37.220.234/htdocs/EzHfY.exe VirusTotal Report 102.37.220.234 VirusTotal Report 2022-07-23 15:22:03
hXXp://102.37.220.234/htdocs/dQRKC.exe VirusTotal Report 102.37.220.234 VirusTotal Report 2022-07-25 06:52:07
hXXp://109.206.241.81/htdocs/ZsRSF.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:18:06

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x2b1cc 176640 6aec78019e1fe8396233bd8ad8ba2626b29a3dc5 4fd2a66cc34e0683593e1889bf1ac159

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 1

VMCheck.dll