0b86159d...818c | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Wiper
Threat Names:
Trojan.GenericKD.43441079
Mal/Generic-S

IT.exe

Windows Exe (x86-32)

Created at 2020-07-05T07:45:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\IT.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 206.00 KB
MD5 4431fb78737232abbb23324ec36f459e Copy to Clipboard
SHA1 4bb935791365ab23ac98628663a98d57df635451 Copy to Clipboard
SHA256 0b86159d631072ea71c923b2e889cb462d93227c18c4fab7a9e5ee8cb98d818c Copy to Clipboard
SSDeep 3072:HmzEE9Ti9phF/lyscmWKy3txP5oxPf4qqu939cGVh9K370CGSq9ePPVvn:6Ti9phF9CmjOz+KqqOSGZwse1v Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x434c82
Size Of Code 0x32e00
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2095-06-21 11:31:30+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription IT
FileVersion 1.0.0.0
InternalName IT.exe
LegalCopyright Copyright © 2020
LegalTrademarks -
OriginalFilename IT.exe
ProductName IT
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x32c88 0x32e00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.86
.rsrc 0x436000 0x57c 0x600 0x33000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.99
.reloc 0x438000 0xc 0x200 0x33600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x34c55 0x32e55 0x0
Memory Dumps (34)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
it.exe 1 0x00F90000 0x00FC9FFF Relevant Image True 32-bit - False False
...
buffer 1 0x03193000 0x03194FFF First Execution False 32-bit 0x03193CDE False False
...
buffer 1 0x017A5000 0x017A5FFF First Execution False 32-bit 0x017A5008 False False
...
buffer 1 0x017A5000 0x017A5FFF Content Changed False 32-bit 0x017A516B False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193E96 False False
...
buffer 1 0x0143B000 0x0143BFFF First Execution False 32-bit 0x0143B0F1 False False
...
buffer 1 0x017A6000 0x017A6FFF First Execution False 32-bit 0x017A6170 False False
...
buffer 1 0x017A5000 0x017A5FFF Content Changed False 32-bit 0x017A5E80 False False
...
buffer 1 0x017A6000 0x017A6FFF Content Changed False 32-bit 0x017A6170 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193D7E False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x0319449E False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03194886 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03194836 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x031948D6 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x031946A6 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x031945B6 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x0319444E False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x031945DE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03194476 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03194566 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03194606 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03194976 False False
...
buffer 1 0x03193000 0x03194FFF Content Changed False 32-bit 0x03193CDE False False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.43441079
Malicious
C:\Users\FD1HVy\Desktop\3Y38TZbHyi_ G8.swf.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 92.68 KB
MD5 c3ed2018b93621d1ccadd2e85094ec33 Copy to Clipboard
SHA1 3be2bb85c63231d3b1a17a306bd87d9aca0850d9 Copy to Clipboard
SHA256 2bc43de544bc8e738cf5dbfc4f3335c9a00f40a7b009027fed5a78ab6a81f95b Copy to Clipboard
SSDeep 1536:1dTr3LdqnUpLLujeKDUYFQR4tcTi7QKKMqa+NhbAv5plNr73zWbhDVqIlByPW0:zTr3BBu9D3FQoWigMJstAPf73zmLgv Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\8glF1S-8a0qssGK8iSa.xlsx.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 89.22 KB
MD5 a476b271f8a7ad6cb651ecde39766404 Copy to Clipboard
SHA1 0c5a0becc386e12fdd1f12b4fe5f92c5695ab608 Copy to Clipboard
SHA256 03998611dca71aec2a74ee49abcfbb3a805f829db18e7e27f7194b5e56bcebaa Copy to Clipboard
SSDeep 1536:CmhttVDaUGWNrklG1lMuAuPriW+cyhtNvlbrvSnehWc2nzUR4zKt7SOb:CeVD3GW11OuAkOFhtN1SnUWc2zI4zSmA Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\desktop.ini.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 389 Bytes
MD5 d905b64e19691e7ef9d9b1383b2fdf57 Copy to Clipboard
SHA1 6f7f143f0de06c73058b45ce9f14ed50f11635d9 Copy to Clipboard
SHA256 318f224b6d461cfae0ce13ecd5dca6c40a0c050eec843ba2c53f884fc0b7ae38 Copy to Clipboard
SSDeep 6:pgN5EcGVKvRw166sP0QVv0gYzJfK+aktSJctTfllDioNdL+OtNRiVM0wJWYWv5cw:lVEwNsMhgW8k0eiEYO3RoYW68oj/eGY Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\drxDs8w.mkv.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 87.22 KB
MD5 e977e1692917de2f85dc2a977bfb4fbc Copy to Clipboard
SHA1 0b022c54862ebdf83604ddb0547463b319e56a73 Copy to Clipboard
SHA256 e014eacfec9d465885d9b4b531ba708658f38bc3e3b2b25c37d470fdb20cef9c Copy to Clipboard
SSDeep 1536:63SAqNPNJDb/jl0m6rvsO3oB7oT+MasYXNbIWai+FHuje8MNPq1LuoY9L8dAvF:1A0PNJDbR00d7TMZYXN7/lMNPEKadAvF Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\dsO_dEPujNc.bmp.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 122.58 KB
MD5 7c9a59ca3c0c8929971c0ca10c3f2873 Copy to Clipboard
SHA1 1a035df568570dcea40236377307896335098ac9 Copy to Clipboard
SHA256 d815c6970a49033a2772a9501e043ad1c44d7076bc5012bdf5937d08dd4f3044 Copy to Clipboard
SSDeep 3072:LeLz15SU4UPd5ZQnYSIedclpFgPhY6VgggzYy9:wYb6yIfUY6GvL9 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\FVASU0m7Ml_oaeP.jpg.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 19.86 KB
MD5 d5bca45bce75d9220bc67edf5e95df79 Copy to Clipboard
SHA1 07fd26668dc71c1a964dc8ce598f119999f25eb6 Copy to Clipboard
SHA256 6a46946fb40581cf1886acb48d599af00a9775238efd73a2ef844601d91f2f3a Copy to Clipboard
SSDeep 384:GUsOobig+DjYUIxGIcgdW64Gmeg6ov2jqoaJ6jvQStOPcdezdLibZ6+j9P3:GHPbV+/MxGINWHcgJoaJ6jvQSthedi1R Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\GcQ8.mp3.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 124.32 KB
MD5 d04e69a24bbfd2f10d85471ddddf20fe Copy to Clipboard
SHA1 607d802ea3c151e6513f715a760b2934913794ef Copy to Clipboard
SHA256 39cb9ba8b175a49996d034a868867b552e644fcf8f11f3892e3a5688364ada06 Copy to Clipboard
SSDeep 3072:EyvW3ATWyfWBJRVlk+TAj8nthO5modw3w/qdKGYL:8wPebRVlNkjtLlydKtL Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\GfroSWP57VXoWK.m4a.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 172.61 KB
MD5 7f684cdc261661f5ab8d9ac12059bdb7 Copy to Clipboard
SHA1 7c1a41454e5333972d31716c624c03400a02e5ad Copy to Clipboard
SHA256 30164e8f2b4d37d93045dea942acf61c6f9a5e320ae739476cf7b39adbe88631 Copy to Clipboard
SSDeep 3072:H0XRzKQd36PNphfnht15c4ja0bP0SLYeMYXWHw1RPXnKdG4:H0Bzzdarhfht140bs+WtHsNXK44 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\GRH5.mkv.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 51.13 KB
MD5 2d7e426221ab1f883d7a7a38fe3f5b8f Copy to Clipboard
SHA1 80d6c8f007b198aca4087fe2a4a45db8cb01aa22 Copy to Clipboard
SHA256 8569322ef8dd9102666bd5278b694200f9673be83854eaae9656381033a4ec31 Copy to Clipboard
SSDeep 1536:6YxHy7qzrHDPSyIxiCk+ZFrRovePV2p+37kE0:12qvjPSTprOw7kE0 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\gXuN80GTlMD0KH.wav.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 62.89 KB
MD5 2a5067536ab6f7ae9516ac42800de572 Copy to Clipboard
SHA1 853fbd8c9248cb88f01f3919eea354831752da7d Copy to Clipboard
SHA256 9c18d57ef74ad479efb8122a94ee479ece0d950645e7b8e04262ae22271da48d Copy to Clipboard
SSDeep 1536:99/lMQ77u1wEwKVIOga8NYUN7nf0nTeLLLt:5MLQmr69N7M6LLB Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\HFsnHXkYnW7e7MDSBr.mp4.IT Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 180.20 KB
MD5 6affa760e4f77f85c52a250e484a5a92 Copy to Clipboard
SHA1 7c5e9839759f28ca71805c3c6f3c6368b83c3b6c Copy to Clipboard
SHA256 705ae733b4d1f8795b1806a2239cf6cbb2801f239442087595f465cf760f7402 Copy to Clipboard
SSDeep 3072:XgmViHECEdRiK8T6GHRfZ+cUuFckTp+OAw1PZUx9Vce7F53gPLQM8xngT28e:X8XEdREpZzUcTLRUx9X7F5QPLrkngT2J Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image