131e0878...49af

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\DaVinci.exe

Sample File

Binary

Malicious

Mime Type	application/vnd.microsoft.portable-executable
File Size	98.00 KB
MD5	e3ad4136679055f898d6f8dcfeee0782
SHA1	f3eb83c2bb97d47bc4959f495b9eaf67d67ce478
SHA256	131e0878cc308e8e6f3d9b0b53f492f62268ae9b4b98243c9aacf7126c8c49af
SSDeep	1536:701R3JzDwX4iLRiqat4i8yRGOLa6v13fYA4CYxk/zWYjzG+Pi72V1:70zJw9LR7CVW6d3fDpxa27
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Severity	Blacklisted
Names	Mal/Generic-S

PE Information

Version Information (11)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x17020	0x17200	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.2
.rsrc	0x41a000	0x1100	0x1200	0x17400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.09
.reloc	0x41c000	0xc	0x200	0x18600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	0x0	0x402000	0x18ff0	0x171f0	0x0

Memory Dumps (10)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
davinci.exe	1	0x01330000	0x0134DFFF	Relevant Image	64-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	1	0x7FF000DB000	0x7FF000DBFFF	First Execution	64-bit	0x7FF000DB000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FF001AE000	0x7FF001AEFFF	First Execution	64-bit	0x7FF001AE000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FF001AF000	0x7FF001AFFFF	First Execution	64-bit	0x7FF001AF040	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FF001C0000	0x7FF001CFFFF	First Execution	64-bit	0x7FF001C0080	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FF001C0000	0x7FF001CFFFF	Content Changed	64-bit	0x7FF001C1040	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FF001AE000	0x7FF001AEFFF	Content Changed	64-bit	0x7FF001AEF60	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FF000DB000	0x7FF000DBFFF	Content Changed	64-bit	0x7FF000DBE60	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FF001AF000	0x7FF001AFFFF	Content Changed	64-bit	0x7FF001AF820	... Memory Dump Actions Go to Process Download Dump
davinci.exe	1	0x01330000	0x0134DFFF	Final Dump	64-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump

Local AV Matches (1)

Threat Name	Severity
Gen:Variant.MSILPerseus.226862	Malicious

YARA Matches (1)

Rule Name	Rule Description	Classification	Score	Actions
ransomware_windows_wannacry	WannaCry / WannaCryptor ransomware	Worm, Ransomware	5/5	... YARA Actions Show Ruleset Show Match

C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\GDIPFONTCACHEV1.DAT

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	106.27 KB
MD5	92e128dcb152d05f07faf5da64bd1c91
SHA1	2174814ca563fc2b9679fffbf1b40bdf3ac9abec
SHA256	11437a99f5f9c0a6df09c64abc8828ad3ecd8cf4fa601340ded86b8945edff43
SSDeep	768:i8HrbdvVyZHgTl7ho5sZWN/Ys9byFRQ+AwqGuGyZoVyOF7rrlqTIyMnm:/pVyZHgTl7h6tKR7AwqlGyZQVO1Mnm
ImpHash	-