yCBAj.exe
First submission 2022-08-02 19:45:02
File details
| File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
| File type: | 172.0 KB (176128 bytes) |
| Compile time: | 2007-09-22 06:31:11 |
| MD5: | eb18fa180802b12133829373f51a2c87 |
| SHA1: | 081d3d47afdc7b5c1f51f76ba1cfc5bbbf8e6cd6 |
| SHA256: | e200bb133ddcbb758a27f29e77c9d81783b712445692c41c812c98590440e126 |
| Sections 1 | .text��� |
| Virus Total: | 49/71 VT report date: 2022-07-31 01:42:45 |
File features detected
Is DLL
Packers
Anti Debug
Anti VM
Signed
XOR
URLs, FQDN and IP indicators 2
| URL | Host (FQDN/IP) | Date Added |
|---|---|---|
hXXp://109.206.241.81/htdocs/xEBAi.exe  |
109.206.241.81 |
2022-08-02 19:45:02 |
| hXXp://109.206.241.81/htdocs/yCBAj.exe |
109.206.241.81 |
2022-08-02 21:25:06 |
PE Sections 1 suspicious
| Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
|---|---|---|---|---|---|---|
| .text��� | 0x1000 | 0x29df8 | 171520 | 6d01bf6a351004a3c36a3f10e64ad77aaab74123 | da983c5a6b3220ae4ed4cddc0b1d18aa |
Packers detected 1
| Borland Delphi 3.0 (???) |
Anti debug functions 1
| VMCheck.dll |