02ae530e...b7df | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Threat Names:
Trojan.MSIL.Injector.MF
Gen:Heur.Ransom.REntS.Gen.1
Gen:Variant.Fugrafa.5911
...

Oxi_Joiner.exe

Windows Exe (x86-32)

Created at 2020-10-05T17:35:00

...

Remarks (1/1)

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Master Boot Record Changes
»
Sector Number Sector Size Actions
0 512 Bytes
...


Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\Oxi_Joiner.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 54.50 KB
MD5 cdb6e431b4eeb2909b1cf198f70ae444 Copy to Clipboard
SHA1 98205803babd17587e99913934eb6975c3dc8779 Copy to Clipboard
SHA256 02ae530ebb33ee8528ac0b9061d41216d3f3d4dcd8e9b0fe7f7cd0511247b7df Copy to Clipboard
SSDeep 1536:z3kmlB4uRNauDuO8lpjv6BbhstsYKwot9t:z0mlMLjystlKwot9t Copy to Clipboard
ImpHash d5d9d937853db8b666bd4b525813d7bd Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401ae1
Size Of Code 0xe00
Size Of Initialized Data 0xc800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2013-06-15 16:44:28+00:00
Version Information (5)
»
CompanyName Inc
FileDescription Oxi_Joiner
FileVersion 1.3.3.4
ProductName Inc Oxi_J
ProductVersion 1.3.3.4
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xc26 0xe00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.15
.rdata 0x402000 0x4c0 0x600 0x1200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.21
.data 0x403000 0xd6f0 0x600 0x1800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.73
.rsrc 0x411000 0xbac0 0xbc00 0x1e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.5
Imports (3)
»
shlwapi.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathFindFileNameA 0x0 0x40207c 0x2188 0x1388 0x2e
kernel32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LockResource 0x0 0x402000 0x210c 0x130c 0x1fd
lstrlenA 0x0 0x402004 0x2110 0x1310 0x31d
CloseHandle 0x0 0x402008 0x2114 0x1314 0x23
CreateFileA 0x0 0x40200c 0x2118 0x1318 0x3d
ExitProcess 0x0 0x402010 0x211c 0x131c 0x9b
FindResourceA 0x0 0x402014 0x2120 0x1320 0xc0
FreeResource 0x0 0x402018 0x2124 0x1324 0xd3
GetCommandLineA 0x0 0x40201c 0x2128 0x1328 0xe6
GetEnvironmentVariableA 0x0 0x402020 0x212c 0x132c 0x113
GetFileSize 0x0 0x402024 0x2130 0x1330 0x11c
GetModuleFileNameA 0x0 0x402028 0x2134 0x1334 0x132
GetModuleHandleA 0x0 0x40202c 0x2138 0x1338 0x134
GetProcAddress 0x0 0x402030 0x213c 0x133c 0x153
GetProcessHeap 0x0 0x402034 0x2140 0x1340 0x156
GetSystemDirectoryA 0x0 0x402038 0x2144 0x1344 0x172
GetTempPathA 0x0 0x40203c 0x2148 0x1348 0x184
GetWindowsDirectoryA 0x0 0x402040 0x214c 0x134c 0x1a0
GlobalAlloc 0x0 0x402044 0x2150 0x1350 0x1a5
GlobalFree 0x0 0x402048 0x2154 0x1354 0x1ac
HeapAlloc 0x0 0x40204c 0x2158 0x1358 0x1bd
HeapFree 0x0 0x402050 0x215c 0x135c 0x1c1
LoadLibraryA 0x0 0x402054 0x2160 0x1360 0x1ea
LoadResource 0x0 0x402058 0x2164 0x1364 0x1ef
lstrcpynA 0x0 0x40205c 0x2168 0x1368 0x31b
RtlMoveMemory 0x0 0x402060 0x216c 0x136c 0x25a
SetFileAttributesA 0x0 0x402064 0x2170 0x1370 0x287
SizeofResource 0x0 0x402068 0x2174 0x1374 0x2ba
WriteFile 0x0 0x40206c 0x2178 0x1378 0x2fb
lstrcatA 0x0 0x402070 0x217c 0x137c 0x313
lstrcpyA 0x0 0x402074 0x2180 0x1380 0x319
user32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateWindowExA 0x0 0x402084 0x2190 0x1390 0x56
DefWindowProcA 0x0 0x402088 0x2194 0x1394 0x83
DispatchMessageA 0x0 0x40208c 0x2198 0x1398 0x93
GetMessageA 0x0 0x402090 0x219c 0x139c 0x122
LoadCursorA 0x0 0x402094 0x21a0 0x13a0 0x194
LoadIconA 0x0 0x402098 0x21a4 0x13a4 0x198
MessageBoxA 0x0 0x40209c 0x21a8 0x13a8 0x1b1
PostQuitMessage 0x0 0x4020a0 0x21ac 0x13ac 0x1d5
RegisterClassExA 0x0 0x4020a4 0x21b0 0x13b0 0x1e1
SendMessageA 0x0 0x4020a8 0x21b4 0x13b4 0x1fd
ShowWindow 0x0 0x4020ac 0x21b8 0x13b8 0x248
TranslateMessage 0x0 0x4020b0 0x21bc 0x13bc 0x25e
UpdateWindow 0x0 0x4020b4 0x21c0 0x13c0 0x26a
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
oxi_joiner.exe 1 0x00400000 0x0041CFFF Relevant Image True 32-bit 0x004011D9 True False
...
oxi_joiner.exe 1 0x00400000 0x0041CFFF Process Termination True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.MSIL.Injector.MF
Malicious
C:\Users\FD1HVy\AppData\Local\Temp\EyeCry.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 71.50 KB
MD5 89aa34d7e47e5eaf4fca900c8b512f4f Copy to Clipboard
SHA1 e91e288a5279a981759e1574fbba672c5cd0a6c0 Copy to Clipboard
SHA256 be382041837eb1dfd57227858359a56ecd4be9a5902b399bb684c9c7d9606f15 Copy to Clipboard
SSDeep 768:Uv3mq1oJQpwvZlXhVkcDsaoi9P9TJKvaoStYARRQwfwikdy+4BtIl82+hE8x:YmqMQoXhVN4aooJhDCSGdyJel82WNx Copy to Clipboard
ImpHash c4831ccf6e98eede3bbbee112609ba11 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x407d20
Size Of Code 0x7000
Size Of Initialized Data 0xaa00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x6f84 0x7000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.46
DATA 0x408000 0x83fc 0x8400 0x7400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.44
BSS 0x411000 0x287a9 0x0 0xf800 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x43a000 0x646 0x800 0xf800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.01
.tls 0x43b000 0x8 0x0 0x10000 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x43c000 0x18 0x200 0x10000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 0.21
.reloc 0x43d000 0xb90 0xc00 0x10200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.48
.rsrc 0x43e000 0x1000 0x1000 0x10e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 3.61
Imports (7)
»
kernel32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x43a0a0 0x3a0a0 0xf8a0 0x0
LeaveCriticalSection 0x0 0x43a0a4 0x3a0a4 0xf8a4 0x0
EnterCriticalSection 0x0 0x43a0a8 0x3a0a8 0xf8a8 0x0
InitializeCriticalSection 0x0 0x43a0ac 0x3a0ac 0xf8ac 0x0
VirtualFree 0x0 0x43a0b0 0x3a0b0 0xf8b0 0x0
VirtualAlloc 0x0 0x43a0b4 0x3a0b4 0xf8b4 0x0
LocalFree 0x0 0x43a0b8 0x3a0b8 0xf8b8 0x0
LocalAlloc 0x0 0x43a0bc 0x3a0bc 0xf8bc 0x0
GetVersion 0x0 0x43a0c0 0x3a0c0 0xf8c0 0x0
GetCurrentThreadId 0x0 0x43a0c4 0x3a0c4 0xf8c4 0x0
WideCharToMultiByte 0x0 0x43a0c8 0x3a0c8 0xf8c8 0x0
lstrlenA 0x0 0x43a0cc 0x3a0cc 0xf8cc 0x0
lstrcpynA 0x0 0x43a0d0 0x3a0d0 0xf8d0 0x0
LoadLibraryExA 0x0 0x43a0d4 0x3a0d4 0xf8d4 0x0
GetThreadLocale 0x0 0x43a0d8 0x3a0d8 0xf8d8 0x0
GetStartupInfoA 0x0 0x43a0dc 0x3a0dc 0xf8dc 0x0
GetProcAddress 0x0 0x43a0e0 0x3a0e0 0xf8e0 0x0
GetModuleHandleA 0x0 0x43a0e4 0x3a0e4 0xf8e4 0x0
GetModuleFileNameA 0x0 0x43a0e8 0x3a0e8 0xf8e8 0x0
GetLocaleInfoA 0x0 0x43a0ec 0x3a0ec 0xf8ec 0x0
GetCommandLineA 0x0 0x43a0f0 0x3a0f0 0xf8f0 0x0
FreeLibrary 0x0 0x43a0f4 0x3a0f4 0xf8f4 0x0
FindFirstFileA 0x0 0x43a0f8 0x3a0f8 0xf8f8 0x0
FindClose 0x0 0x43a0fc 0x3a0fc 0xf8fc 0x0
ExitProcess 0x0 0x43a100 0x3a100 0xf900 0x0
WriteFile 0x0 0x43a104 0x3a104 0xf904 0x0
UnhandledExceptionFilter 0x0 0x43a108 0x3a108 0xf908 0x0
RtlUnwind 0x0 0x43a10c 0x3a10c 0xf90c 0x0
RaiseException 0x0 0x43a110 0x3a110 0xf910 0x0
GetStdHandle 0x0 0x43a114 0x3a114 0xf914 0x0
user32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x43a11c 0x3a11c 0xf91c 0x0
LoadStringA 0x0 0x43a120 0x3a120 0xf920 0x0
MessageBoxA 0x0 0x43a124 0x3a124 0xf924 0x0
CharNextA 0x0 0x43a128 0x3a128 0xf928 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x43a130 0x3a130 0xf930 0x0
RegOpenKeyExA 0x0 0x43a134 0x3a134 0xf934 0x0
RegCloseKey 0x0 0x43a138 0x3a138 0xf938 0x0
oleaut32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x43a140 0x3a140 0xf940 0x0
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x43a148 0x3a148 0xf948 0x0
TlsGetValue 0x0 0x43a14c 0x3a14c 0xf94c 0x0
LocalAlloc 0x0 0x43a150 0x3a150 0xf950 0x0
GetModuleHandleA 0x0 0x43a154 0x3a154 0xf954 0x0
kernel32.dll (17)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x43a15c 0x3a15c 0xf95c 0x0
WinExec 0x0 0x43a160 0x3a160 0xf960 0x0
VirtualQuery 0x0 0x43a164 0x3a164 0xf964 0x0
GetVersionExA 0x0 0x43a168 0x3a168 0xf968 0x0
GetThreadLocale 0x0 0x43a16c 0x3a16c 0xf96c 0x0
GetStringTypeExA 0x0 0x43a170 0x3a170 0xf970 0x0
GetStdHandle 0x0 0x43a174 0x3a174 0xf974 0x0
GetProcAddress 0x0 0x43a178 0x3a178 0xf978 0x0
GetModuleHandleA 0x0 0x43a17c 0x3a17c 0xf97c 0x0
GetModuleFileNameA 0x0 0x43a180 0x3a180 0xf980 0x0
GetLocaleInfoA 0x0 0x43a184 0x3a184 0xf984 0x0
GetDiskFreeSpaceA 0x0 0x43a188 0x3a188 0xf988 0x0
GetCPInfo 0x0 0x43a18c 0x3a18c 0xf98c 0x0
GetACP 0x0 0x43a190 0x3a190 0xf990 0x0
EnumCalendarInfoA 0x0 0x43a194 0x3a194 0xf994 0x0
CreateFileA 0x0 0x43a198 0x3a198 0xf998 0x0
CloseHandle 0x0 0x43a19c 0x3a19c 0xf99c 0x0
user32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA 0x0 0x43a1a4 0x3a1a4 0xf9a4 0x0
LoadStringA 0x0 0x43a1a8 0x3a1a8 0xf9a8 0x0
GetSystemMetrics 0x0 0x43a1ac 0x3a1ac 0xf9ac 0x0
CharNextA 0x0 0x43a1b0 0x3a1b0 0xf9b0 0x0
CharToOemA 0x0 0x43a1b4 0x3a1b4 0xf9b4 0x0
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
eyecry.exe 3 0x00400000 0x0043EFFF Relevant Image True 32-bit 0x00403360 True False
...
eyecry.exe 3 0x00400000 0x0043EFFF Final Dump True 32-bit - True False
...
eyecry.exe 3 0x00400000 0x0043EFFF Process Termination True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.REntS.Gen.1
Malicious
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image