04ad737a...0a07 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 92/100
Dynamic Analysis Report
Classification: Dropper

dokumentacja_92622.vbe

VBScript

Created at 2019-04-30T10:37:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dokumentacja_92622.vbe Sample File Text
Unknown
...
»
Mime Type text/x-vbscript
File Size 7.13 KB
MD5 c0b9640880d94923f8aeb1b7944a4f69 Copy to Clipboard
SHA1 2dddc57a59b07449a052167218bc3a198c8cd82c Copy to Clipboard
SHA256 04ad737a63367cfb492597ba86fd3509eb7340f2b762d830c05dfd9fe9870a07 Copy to Clipboard
SSDeep 96:MvS4P8h6j2Fm1hxe777TTppp7TTCpYhhhhhhhtJ4vB7PkoJeJXJMNMf8AiMHB5Qe:MOo7IH9 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\vThQexNegi.dll Dropped File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 446.50 KB
MD5 8c3639dc20556de6b7c771981a3b9663 Copy to Clipboard
SHA1 7ae8f73544d2a1da6af7d3bc4c5d0102e2568355 Copy to Clipboard
SHA256 9fa1220f50484bdee6fbdb39752240238864bed3e3fb24781957bc9d4a2cdb1e Copy to Clipboard
SSDeep 6144:YalVHbFPrM5XHDFzcPGh5XEb8x+1/yB27cM0CvAQJhX:Y0FjCyuTUgxgKBjo9v Copy to Clipboard
ImpHash 4bf548e17698a2dcfeec59bdfebb2d6f Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
PE Information
»
Image Base 0x400000
Entry Point 0x468528
Size Of Code 0x66c00
Size Of Initialized Data 0x8a00
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-04-29 21:20:52+00:00
Sections (10)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x66208 0x66400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.26
.itext 0x468000 0x7c0 0x800 0x66800 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.85
.data 0x469000 0x2500 0x2600 0x67000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.69
.bss 0x46c000 0x62f8 0x0 0x0 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x473000 0xbe0 0xc00 0x69600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.92
.didata 0x474000 0x1c8 0x200 0x6a200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.02
.edata 0x475000 0x6e 0x200 0x6a400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.28
.rdata 0x476000 0x44 0x200 0x6a600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.17
.reloc 0x477000 0x3d1c 0x3e00 0x6a800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.62
.rsrc 0x47b000 0x1400 0x1400 0x6e600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.65
Imports (10)
»
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x4732a0 0x730dc 0x696dc 0x0
SysReAllocStringLen 0x0 0x4732a4 0x730e0 0x696e0 0x0
SysAllocStringLen 0x0 0x4732a8 0x730e4 0x696e4 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExW 0x0 0x4732b0 0x730ec 0x696ec 0x0
RegOpenKeyExW 0x0 0x4732b4 0x730f0 0x696f0 0x0
RegCloseKey 0x0 0x4732b8 0x730f4 0x696f4 0x0
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharNextW 0x0 0x4732c0 0x730fc 0x696fc 0x0
LoadStringW 0x0 0x4732c4 0x73100 0x69700 0x0
kernel32.dll (40)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x4732cc 0x73108 0x69708 0x0
VirtualFree 0x0 0x4732d0 0x7310c 0x6970c 0x0
VirtualAlloc 0x0 0x4732d4 0x73110 0x69710 0x0
lstrlenW 0x0 0x4732d8 0x73114 0x69714 0x0
VirtualQuery 0x0 0x4732dc 0x73118 0x69718 0x0
GetTickCount 0x0 0x4732e0 0x7311c 0x6971c 0x0
GetSystemInfo 0x0 0x4732e4 0x73120 0x69720 0x0
GetVersion 0x0 0x4732e8 0x73124 0x69724 0x0
CompareStringW 0x0 0x4732ec 0x73128 0x69728 0x0
IsValidLocale 0x0 0x4732f0 0x7312c 0x6972c 0x0
SetThreadLocale 0x0 0x4732f4 0x73130 0x69730 0x0
GetSystemDefaultUILanguage 0x0 0x4732f8 0x73134 0x69734 0x0
GetUserDefaultUILanguage 0x0 0x4732fc 0x73138 0x69738 0x0
GetLocaleInfoW 0x0 0x473300 0x7313c 0x6973c 0x0
WideCharToMultiByte 0x0 0x473304 0x73140 0x69740 0x0
MultiByteToWideChar 0x0 0x473308 0x73144 0x69744 0x0
GetACP 0x0 0x47330c 0x73148 0x69748 0x0
LoadLibraryExW 0x0 0x473310 0x7314c 0x6974c 0x0
GetStartupInfoW 0x0 0x473314 0x73150 0x69750 0x0
GetProcAddress 0x0 0x473318 0x73154 0x69754 0x0
GetModuleHandleW 0x0 0x47331c 0x73158 0x69758 0x0
GetModuleFileNameW 0x0 0x473320 0x7315c 0x6975c 0x0
GetCommandLineW 0x0 0x473324 0x73160 0x69760 0x0
FreeLibrary 0x0 0x473328 0x73164 0x69764 0x0
GetLastError 0x0 0x47332c 0x73168 0x69768 0x0
UnhandledExceptionFilter 0x0 0x473330 0x7316c 0x6976c 0x0
RtlUnwind 0x0 0x473334 0x73170 0x69770 0x0
RaiseException 0x0 0x473338 0x73174 0x69774 0x0
ExitProcess 0x0 0x47333c 0x73178 0x69778 0x0
SwitchToThread 0x0 0x473340 0x7317c 0x6977c 0x0
GetCurrentThreadId 0x0 0x473344 0x73180 0x69780 0x0
DeleteCriticalSection 0x0 0x473348 0x73184 0x69784 0x0
LeaveCriticalSection 0x0 0x47334c 0x73188 0x69788 0x0
EnterCriticalSection 0x0 0x473350 0x7318c 0x6978c 0x0
InitializeCriticalSection 0x0 0x473354 0x73190 0x69790 0x0
FindFirstFileW 0x0 0x473358 0x73194 0x69794 0x0
FindClose 0x0 0x47335c 0x73198 0x69798 0x0
WriteFile 0x0 0x473360 0x7319c 0x6979c 0x0
GetStdHandle 0x0 0x473364 0x731a0 0x697a0 0x0
CloseHandle 0x0 0x473368 0x731a4 0x697a4 0x0
kernel32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress 0x0 0x473370 0x731ac 0x697ac 0x0
RaiseException 0x0 0x473374 0x731b0 0x697b0 0x0
LoadLibraryA 0x0 0x473378 0x731b4 0x697b4 0x0
GetLastError 0x0 0x47337c 0x731b8 0x697b8 0x0
TlsSetValue 0x0 0x473380 0x731bc 0x697bc 0x0
TlsGetValue 0x0 0x473384 0x731c0 0x697c0 0x0
TlsFree 0x0 0x473388 0x731c4 0x697c4 0x0
TlsAlloc 0x0 0x47338c 0x731c8 0x697c8 0x0
LocalFree 0x0 0x473390 0x731cc 0x697cc 0x0
LocalAlloc 0x0 0x473394 0x731d0 0x697d0 0x0
FreeLibrary 0x0 0x473398 0x731d4 0x697d4 0x0
user32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW 0x0 0x4733a0 0x731dc 0x697dc 0x0
LoadStringW 0x0 0x4733a4 0x731e0 0x697e0 0x0
GetSystemMetrics 0x0 0x4733a8 0x731e4 0x697e4 0x0
CharUpperBuffW 0x0 0x4733ac 0x731e8 0x697e8 0x0
CharUpperW 0x0 0x4733b0 0x731ec 0x697ec 0x0
CharLowerBuffW 0x0 0x4733b4 0x731f0 0x697f0 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x4733bc 0x731f8 0x697f8 0x0
GetFileVersionInfoSizeW 0x0 0x4733c0 0x731fc 0x697fc 0x0
GetFileVersionInfoW 0x0 0x4733c4 0x73200 0x69800 0x0
kernel32.dll (32)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x4733cc 0x73208 0x69808 0x0
WideCharToMultiByte 0x0 0x4733d0 0x7320c 0x6980c 0x0
WaitForSingleObject 0x0 0x4733d4 0x73210 0x69810 0x0
VirtualQuery 0x0 0x4733d8 0x73214 0x69814 0x0
VirtualProtect 0x0 0x4733dc 0x73218 0x69818 0x0
VerSetConditionMask 0x0 0x4733e0 0x7321c 0x6981c 0x0
VerifyVersionInfoW 0x0 0x4733e4 0x73220 0x69820 0x0
TerminateProcess 0x0 0x4733e8 0x73224 0x69824 0x0
SetEvent 0x0 0x4733ec 0x73228 0x69828 0x0
ResetEvent 0x0 0x4733f0 0x7322c 0x6982c 0x0
IsDebuggerPresent 0x0 0x4733f4 0x73230 0x69830 0x0
LoadLibraryW 0x0 0x4733f8 0x73234 0x69834 0x0
IsValidLocale 0x0 0x4733fc 0x73238 0x69838 0x0
IsBadReadPtr 0x0 0x473400 0x7323c 0x6983c 0x0
HeapFree 0x0 0x473404 0x73240 0x69840 0x0
GetVersionExW 0x0 0x473408 0x73244 0x69844 0x0
GetThreadLocale 0x0 0x47340c 0x73248 0x69848 0x0
GetStdHandle 0x0 0x473410 0x7324c 0x6984c 0x0
GetProcessHeap 0x0 0x473414 0x73250 0x69850 0x0
GetProcAddress 0x0 0x473418 0x73254 0x69854 0x0
GetModuleHandleW 0x0 0x47341c 0x73258 0x69858 0x0
GetModuleFileNameW 0x0 0x473420 0x7325c 0x6985c 0x0
GetLocaleInfoW 0x0 0x473424 0x73260 0x69860 0x0
GetLocalTime 0x0 0x473428 0x73264 0x69864 0x0
GetDiskFreeSpaceW 0x0 0x47342c 0x73268 0x69868 0x0
GetCPInfo 0x0 0x473430 0x7326c 0x6986c 0x0
FreeLibrary 0x0 0x473434 0x73270 0x69870 0x0
EnumSystemLocalesW 0x0 0x473438 0x73274 0x69874 0x0
EnumCalendarInfoW 0x0 0x47343c 0x73278 0x69878 0x0
CreateEventW 0x0 0x473440 0x7327c 0x6987c 0x0
CompareStringW 0x0 0x473444 0x73280 0x69880 0x0
CloseHandle 0x0 0x473448 0x73284 0x69884 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x473450 0x7328c 0x6988c 0x0
netapi32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetApiBufferFree 0x0 0x473458 0x73294 0x69894 0x0
NetWkstaGetInfo 0x0 0x47345c 0x73298 0x69898 0x0
Exports (2)
»
Api name EAT Address Ordinal
__dbk_fcall_wrapper 0xb7ac 0x2
dbkFCallWrapperAddr 0x6f62c 0x1
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image