yCBAj.exe

First submission 2022-08-02 19:45:02

File details

File type: PE32 executable (GUI) Intel 80386, for MS Windows
File type: 172.0 KB (176128 bytes)
Compile time: 2007-09-22 06:31:11
MD5: eb18fa180802b12133829373f51a2c87
SHA1: 081d3d47afdc7b5c1f51f76ba1cfc5bbbf8e6cd6
SHA256: e200bb133ddcbb758a27f29e77c9d81783b712445692c41c812c98590440e126
Sections 1 .text
Virus Total: 49/71 VT report date: 2022-07-31 01:42:45

File features detected

Is DLL

Packers

Anti Debug

Anti VM

Signed

XOR

URLs, FQDN and IP indicators 2

URL Host (FQDN/IP) Date Added
hXXp://109.206.241.81/htdocs/xEBAi.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 19:45:02
hXXp://109.206.241.81/htdocs/yCBAj.exe VirusTotal Report 109.206.241.81 VirusTotal Report 2022-08-02 21:25:06

PE Sections 1 suspicious

Name VAddress VSize Size SHA1 MD5 Suspicious
.text 0x1000 0x29df8 171520 6d01bf6a351004a3c36a3f10e64ad77aaab74123 da983c5a6b3220ae4ed4cddc0b1d18aa

Packers detected 1

Borland Delphi 3.0 (???)

Anti debug functions 1

VMCheck.dll