102c242e...4db1 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -
Threat Names:
Gen:Variant.Mikey.108550

qKxYF.exe

Windows Exe (x86-32)

Created at 2020-06-06T01:43:00

...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "50 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\qKxYF.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\FD1HVy\Desktop\kAAPVslSulan.exe (Dropped File)
C:\Users\FD1HVy\Desktop\dDODNWNHPlan.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 114.00 KB
MD5 5b434ac4ee3890a07393800f6978a264 Copy to Clipboard
SHA1 4fc23dc120dd6a3121abfebfe5bc7c198303d4aa Copy to Clipboard
SHA256 102c242eafbbc9cbd29348814941310e39fa2f296c4f85827c13bda177de4db1 Copy to Clipboard
SSDeep 1536:eWlkahWLeghO12pkhhx9ePnLuatoQtLd8f7onkvPuQ0sWtmcdidE8rtBAeE3oooz:furLegZQ5onLBtoQtKBWHiectBA5g Copy to Clipboard
ImpHash b36190c963c853fa0bd432cf79402bc1 Copy to Clipboard
PE Information
»
Image Base 0x35000000
Entry Point 0x350061a3
Size Of Code 0x10600
Size Of Initialized Data 0x148a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-17 18:22:30+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x35001000 0x10597 0x10600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.69
.rdata 0x35012000 0x5da2 0x5e00 0x10a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.96
.data 0x35018000 0x1428b0 0x5e00 0x16800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.88
.gfids 0x3515b000 0xdc 0x200 0x1c600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.65
Imports (2)
»
KERNEL32.dll (78)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LocalFree 0x0 0x35012000 0x176a8 0x160a8 0x348
HeapAlloc 0x0 0x35012004 0x176ac 0x160ac 0x2cb
HeapFree 0x0 0x35012008 0x176b0 0x160b0 0x2cf
GetProcessHeap 0x0 0x3501200c 0x176b4 0x160b4 0x24a
GetBinaryTypeW 0x0 0x35012010 0x176b8 0x160b8 0x171
OpenProcess 0x0 0x35012014 0x176bc 0x160bc 0x380
GetCurrentProcess 0x0 0x35012018 0x176c0 0x160c0 0x1c0
ExitProcess 0x0 0x3501201c 0x176c4 0x160c4 0x119
GetCurrentThread 0x0 0x35012020 0x176c8 0x160c8 0x1c4
SetLastError 0x0 0x35012024 0x176cc 0x160cc 0x473
Sleep 0x0 0x35012028 0x176d0 0x160d0 0x4b2
GlobalFree 0x0 0x3501202c 0x176d4 0x160d4 0x2ba
LoadLibraryA 0x0 0x35012030 0x176d8 0x160d8 0x33c
GetCommandLineW 0x0 0x35012034 0x176dc 0x160dc 0x187
GetTempPathW 0x0 0x35012038 0x176e0 0x160e0 0x285
GetVersionExW 0x0 0x3501203c 0x176e4 0x160e4 0x2a4
IsWow64Process 0x0 0x35012040 0x176e8 0x160e8 0x30e
CreateToolhelp32Snapshot 0x0 0x35012044 0x176ec 0x160ec 0xbe
Process32FirstW 0x0 0x35012048 0x176f0 0x160f0 0x396
Process32NextW 0x0 0x3501204c 0x176f4 0x160f4 0x398
GlobalAlloc 0x0 0x35012050 0x176f8 0x160f8 0x2b3
GetProcAddress 0x0 0x35012054 0x176fc 0x160fc 0x245
WinExec 0x0 0x35012058 0x17700 0x16100 0x512
FreeLibrary 0x0 0x3501205c 0x17704 0x16104 0x162
DecodePointer 0x0 0x35012060 0x17708 0x16108 0xca
WriteConsoleW 0x0 0x35012064 0x1770c 0x1610c 0x524
SetFilePointerEx 0x0 0x35012068 0x17710 0x16110 0x467
GetConsoleMode 0x0 0x3501206c 0x17714 0x16114 0x1ac
GetConsoleCP 0x0 0x35012070 0x17718 0x16118 0x19a
FlushFileBuffers 0x0 0x35012074 0x1771c 0x1611c 0x157
HeapReAlloc 0x0 0x35012078 0x17720 0x16120 0x2d2
HeapSize 0x0 0x3501207c 0x17724 0x16124 0x2d4
GetFileType 0x0 0x35012080 0x17728 0x16128 0x1f3
QueryPerformanceCounter 0x0 0x35012084 0x1772c 0x1612c 0x3a7
GetCurrentProcessId 0x0 0x35012088 0x17730 0x16130 0x1c1
GetCurrentThreadId 0x0 0x3501208c 0x17734 0x16134 0x1c5
GetSystemTimeAsFileTime 0x0 0x35012090 0x17738 0x16138 0x279
InitializeSListHead 0x0 0x35012094 0x1773c 0x1613c 0x2e7
IsDebuggerPresent 0x0 0x35012098 0x17740 0x16140 0x300
UnhandledExceptionFilter 0x0 0x3501209c 0x17744 0x16144 0x4d3
SetUnhandledExceptionFilter 0x0 0x350120a0 0x17748 0x16148 0x4a5
GetStartupInfoW 0x0 0x350120a4 0x1774c 0x1614c 0x263
IsProcessorFeaturePresent 0x0 0x350120a8 0x17750 0x16150 0x304
GetModuleHandleW 0x0 0x350120ac 0x17754 0x16154 0x218
TerminateProcess 0x0 0x350120b0 0x17758 0x16158 0x4c0
RaiseException 0x0 0x350120b4 0x1775c 0x1615c 0x3b1
RtlUnwind 0x0 0x350120b8 0x17760 0x16160 0x418
GetLastError 0x0 0x350120bc 0x17764 0x16164 0x202
EnterCriticalSection 0x0 0x350120c0 0x17768 0x16168 0xee
LeaveCriticalSection 0x0 0x350120c4 0x1776c 0x1616c 0x339
DeleteCriticalSection 0x0 0x350120c8 0x17770 0x16170 0xd1
InitializeCriticalSectionAndSpinCount 0x0 0x350120cc 0x17774 0x16174 0x2e3
TlsAlloc 0x0 0x350120d0 0x17778 0x16178 0x4c5
TlsGetValue 0x0 0x350120d4 0x1777c 0x1617c 0x4c7
TlsSetValue 0x0 0x350120d8 0x17780 0x16180 0x4c8
TlsFree 0x0 0x350120dc 0x17784 0x16184 0x4c6
LoadLibraryExW 0x0 0x350120e0 0x17788 0x16188 0x33e
GetModuleHandleExW 0x0 0x350120e4 0x1778c 0x1618c 0x217
GetStdHandle 0x0 0x350120e8 0x17790 0x16190 0x264
WriteFile 0x0 0x350120ec 0x17794 0x16194 0x525
GetModuleFileNameW 0x0 0x350120f0 0x17798 0x16198 0x214
MultiByteToWideChar 0x0 0x350120f4 0x1779c 0x1619c 0x367
WideCharToMultiByte 0x0 0x350120f8 0x177a0 0x161a0 0x511
GetACP 0x0 0x350120fc 0x177a4 0x161a4 0x168
GetStringTypeW 0x0 0x35012100 0x177a8 0x161a8 0x269
LCMapStringW 0x0 0x35012104 0x177ac 0x161ac 0x32d
CloseHandle 0x0 0x35012108 0x177b0 0x161b0 0x52
FindClose 0x0 0x3501210c 0x177b4 0x161b4 0x12e
FindFirstFileExW 0x0 0x35012110 0x177b8 0x161b8 0x134
FindNextFileW 0x0 0x35012114 0x177bc 0x161bc 0x145
IsValidCodePage 0x0 0x35012118 0x177c0 0x161c0 0x30a
GetOEMCP 0x0 0x3501211c 0x177c4 0x161c4 0x237
GetCPInfo 0x0 0x35012120 0x177c8 0x161c8 0x172
GetCommandLineA 0x0 0x35012124 0x177cc 0x161cc 0x186
GetEnvironmentStringsW 0x0 0x35012128 0x177d0 0x161d0 0x1da
FreeEnvironmentStringsW 0x0 0x3501212c 0x177d4 0x161d4 0x161
SetStdHandle 0x0 0x35012130 0x177d8 0x161d8 0x487
CreateFileW 0x0 0x35012134 0x177dc 0x161dc 0x8f
WS2_32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x74 0x3501213c 0x177e4 0x161e4 -
WSAStartup 0x73 0x35012140 0x177e8 0x161e8 -
socket 0x17 0x35012144 0x177ec 0x161ec -
setsockopt 0x15 0x35012148 0x177f0 0x161f0 -
sendto 0x14 0x3501214c 0x177f4 0x161f4 -
inet_addr 0xb 0x35012150 0x177f8 0x161f8 -
htons 0x9 0x35012154 0x177fc 0x161fc -
htonl 0x8 0x35012158 0x17800 0x16200 -
closesocket 0x3 0x3501215c 0x17804 0x16204 -
bind 0x2 0x35012160 0x17808 0x16208 -
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
qkxyf.exe 1 0x35000000 0x3515BFFF Relevant Image True 32-bit 0x350078D6 False False
...
buffer 1 0x02DF0000 0x02DF1FFF Content Changed False 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Mikey.108550
Malicious
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image