18f4123e...4055 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Threat Names:
Gen:Heur.Ransom.REntS.Gen.1

zhang.exe

Windows Exe (x86-32)

Created at 2020-09-19T13:01:00

...

Remarks (1/1)

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 Bytes
...


Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\zhang.exe Sample File Binary
Malicious
...
»
Also Known As C:\ProgramData\zhang.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 7.11 MB
MD5 d5f9fa1a8dca5319432f51a5891f7794 Copy to Clipboard
SHA1 2a937328f5b99eccb9b8c13ed71d6ffb9dff4521 Copy to Clipboard
SHA256 18f4123ee42f5a29f8df7bd1cf95ab73441f082584f390aa218c2dd1134f4055 Copy to Clipboard
SSDeep 196608:TfavVYaolX+aFFLlPKQ8hY/RkQWslX4ge+:TiYaolrFFEHYu3sSge Copy to Clipboard
ImpHash 3243b13e562279ab7fbe2f31e45d3a95 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0xf89cd0
Size Of Code 0x15b000
Size Of Initialized Data 0x5c1000
Size Of Uninitialized Data 0xa2e000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-09-16 18:29:22+00:00
Packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Version Information (6)
»
CompanyName Xindy
FileVersion 3.02.0002
InternalName zhang
OriginalFilename zhang.exe
ProductName xydo
ProductVersion 3.02.0002
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CDS0 0x401000 0xa2e000 0x0 0x400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
CDS1 0xe2f000 0x15b000 0x15b000 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.79
.rsrc 0xf8a000 0x5c1000 0x5c0a00 0x15b400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.92
Imports (2)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x154a7c0 0x114a7c0 0x71bbc0 0x0
GetProcAddress 0x0 0x154a7c4 0x114a7c4 0x71bbc4 0x0
VirtualProtect 0x0 0x154a7c8 0x114a7c8 0x71bbc8 0x0
VirtualAlloc 0x0 0x154a7cc 0x114a7cc 0x71bbcc 0x0
VirtualFree 0x0 0x154a7d0 0x114a7d0 0x71bbd0 0x0
ExitProcess 0x0 0x154a7d4 0x114a7d4 0x71bbd4 0x0
MSVBVM60.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x245 0x154a7dc 0x114a7dc 0x71bbdc -
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
buffer 1 0x00210000 0x0021FFFF Marked Executable False 32-bit - False False
...
buffer 1 0x00210000 0x0021FFFF Content Changed False 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.REntS.Gen.1
Malicious
C:\ProgramData\MSWINSCK.OCX Dropped File Binary
Whitelisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 105.80 KB
MD5 9484c04258830aa3c2f2a70eb041414c Copy to Clipboard
SHA1 b242a4fb0e9dcf14cb51dc36027baff9a79cb823 Copy to Clipboard
SHA256 bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5 Copy to Clipboard
SSDeep 3072:R7ZSBYfkVoFdRrqo0aRaA/HF673+UWHIfrb:RNkVsuaRaU6mHGb Copy to Clipboard
ImpHash c56474ae3bdf03b962bdc8693b519e78 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
PE Information
»
Image Base 0x22170000
Entry Point 0x22171344
Size Of Code 0x10800
Size Of Initialized Data 0x8400
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1998-06-18 17:49:25+00:00
Version Information (10)
»
Comments June 18, 1998
CompanyName Microsoft Corporation
FileDescription Microsoft Winsock Control DLL
FileVersion 6.00.8169
InternalName MSWINSCK.OCX
LegalCopyright Copyright © 1987-1998 Microsoft Corp.
LegalTrademarks Microsoft® is a registered trademark of Microsoft Corporation. Windows(tm) is a trademark of Microsoft Corporation.
OLESelfRegister -
ProductName Microsoft Winsock Control
ProductVersion 6.00.8169
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x22171000 0x1071e 0x10800 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.55
.data 0x22182000 0x738 0x800 0x10e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.77
.rsrc 0x22183000 0x66e4 0x6800 0x11600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.38
.reloc 0x2218a000 0x136c 0x1400 0x17e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.59
Imports (7)
»
WSOCK32.dll (33)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
accept 0x1 0x22171000 0x10c00 0x10200 -
listen 0xd 0x22171004 0x10c04 0x10204 -
inet_ntoa 0xc 0x22171008 0x10c08 0x10208 -
recv 0x10 0x2217100c 0x10c0c 0x1020c -
WSAGetLastError 0x6f 0x22171010 0x10c10 0x10210 -
WSASetLastError 0x70 0x22171014 0x10c14 0x10214 -
select 0x12 0x22171018 0x10c18 0x10218 -
__WSAFDIsSet 0x97 0x2217101c 0x10c1c 0x1021c -
shutdown 0x16 0x22171020 0x10c20 0x10220 -
ntohs 0xf 0x22171024 0x10c24 0x10224 -
sendto 0x14 0x22171028 0x10c28 0x10228 -
recvfrom 0x11 0x2217102c 0x10c2c 0x1022c -
connect 0x4 0x22171030 0x10c30 0x10230 -
getsockopt 0x7 0x22171034 0x10c34 0x10234 -
setsockopt 0x15 0x22171038 0x10c38 0x10238 -
getsockname 0x6 0x2217103c 0x10c3c 0x1023c -
getpeername 0x5 0x22171040 0x10c40 0x10240 -
closesocket 0x3 0x22171044 0x10c44 0x10244 -
WSACancelAsyncRequest 0x6c 0x22171048 0x10c48 0x10248 -
gethostbyaddr 0x33 0x2217104c 0x10c4c 0x1024c -
bind 0x2 0x22171050 0x10c50 0x10250 -
WSAAsyncSelect 0x65 0x22171054 0x10c54 0x10254 -
socket 0x17 0x22171058 0x10c58 0x10258 -
WSAStartup 0x73 0x2217105c 0x10c5c 0x1025c -
WSACleanup 0x74 0x22171060 0x10c60 0x10260 -
inet_addr 0xb 0x22171064 0x10c64 0x10264 -
WSAAsyncGetHostByName 0x67 0x22171068 0x10c68 0x10268 -
WSAAsyncGetHostByAddr 0x66 0x2217106c 0x10c6c 0x1026c -
gethostbyname 0x34 0x22171070 0x10c70 0x10270 -
htons 0x9 0x22171074 0x10c74 0x10274 -
gethostname 0x39 0x22171078 0x10c78 0x10278 -
ioctlsocket 0xa 0x2217107c 0x10c7c 0x1027c -
send 0x13 0x22171080 0x10c80 0x10280 -
KERNEL32.dll (38)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
lstrlenW 0x0 0x22171088 0x10c88 0x10288 0x2a2
GetFileAttributesA 0x0 0x2217108c 0x10c8c 0x1028c 0xe8
GetModuleFileNameA 0x0 0x22171090 0x10c90 0x10290 0xfc
InitializeCriticalSection 0x0 0x22171094 0x10c94 0x10294 0x179
HeapFree 0x0 0x22171098 0x10c98 0x10298 0x16e
HeapAlloc 0x0 0x2217109c 0x10c9c 0x1029c 0x168
GetProcessHeap 0x0 0x221710a0 0x10ca0 0x102a0 0x118
lstrcpynA 0x0 0x221710a4 0x10ca4 0x102a4 0x29e
lstrcpyA 0x0 0x221710a8 0x10ca8 0x102a8 0x29b
lstrlenA 0x0 0x221710ac 0x10cac 0x102ac 0x2a1
lstrcatA 0x0 0x221710b0 0x10cb0 0x102b0 0x292
IsBadWritePtr 0x0 0x221710b4 0x10cb4 0x102b4 0x186
WideCharToMultiByte 0x0 0x221710b8 0x10cb8 0x102b8 0x26e
GetVersion 0x0 0x221710bc 0x10cbc 0x102bc 0x14c
LeaveCriticalSection 0x0 0x221710c0 0x10cc0 0x102c0 0x18f
GetCurrentThreadId 0x0 0x221710c4 0x10cc4 0x102c4 0xd6
EnterCriticalSection 0x0 0x221710c8 0x10cc8 0x102c8 0x58
LocalFree 0x0 0x221710cc 0x10ccc 0x102cc 0x19a
FormatMessageA 0x0 0x221710d0 0x10cd0 0x102d0 0x93
GetTickCount 0x0 0x221710d4 0x10cd4 0x102d4 0x145
MultiByteToWideChar 0x0 0x221710d8 0x10cd8 0x102d8 0x1ab
SetLastError 0x0 0x221710dc 0x10cdc 0x102dc 0x21e
GetProcAddress 0x0 0x221710e0 0x10ce0 0x102e0 0x116
GetLocaleInfoA 0x0 0x221710e4 0x10ce4 0x102e4 0xf6
DeleteCriticalSection 0x0 0x221710e8 0x10ce8 0x102e8 0x4c
FreeLibrary 0x0 0x221710ec 0x10cec 0x102ec 0x98
DisableThreadLibraryCalls 0x0 0x221710f0 0x10cf0 0x102f0 0x51
lstrcmpA 0x0 0x221710f4 0x10cf4 0x102f4 0x295
InterlockedDecrement 0x0 0x221710f8 0x10cf8 0x102f8 0x17b
GetWindowsDirectoryA 0x0 0x221710fc 0x10cfc 0x102fc 0x151
LoadLibraryA 0x0 0x22171100 0x10d00 0x10300 0x190
HeapReAlloc 0x0 0x22171104 0x10d04 0x10304 0x171
InterlockedIncrement 0x0 0x22171108 0x10d08 0x10308 0x17e
lstrcmpiA 0x0 0x2217110c 0x10d0c 0x1030c 0x298
GetLastError 0x0 0x22171110 0x10d10 0x10310 0xf4
LockResource 0x0 0x22171114 0x10d14 0x10314 0x1a3
LoadResource 0x0 0x22171118 0x10d18 0x10318 0x195
FindResourceA 0x0 0x2217111c 0x10d1c 0x1031c 0x89
USER32.dll (57)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EndDialog 0x0 0x22171124 0x10d24 0x10324 0xb4
DialogBoxParamA 0x0 0x22171128 0x10d28 0x10328 0x8e
GetActiveWindow 0x0 0x2217112c 0x10d2c 0x1032c 0xd5
MessageBoxA 0x0 0x22171130 0x10d30 0x10330 0x195
DrawEdge 0x0 0x22171134 0x10d34 0x10334 0xa0
GetDC 0x0 0x22171138 0x10d38 0x10338 0xee
CharNextA 0x0 0x2217113c 0x10d3c 0x1033c 0x21
LoadCursorA 0x0 0x22171140 0x10d40 0x10340 0x172
wsprintfA 0x0 0x22171144 0x10d44 0x10344 0x264
GetWindowRect 0x0 0x22171148 0x10d48 0x10348 0x13d
SetWindowPos 0x0 0x2217114c 0x10d4c 0x1034c 0x21e
ShowWindow 0x0 0x22171150 0x10d50 0x10350 0x22d
IsDialogMessageA 0x0 0x22171154 0x10d54 0x10354 0x160
GetWindow 0x0 0x22171158 0x10d58 0x10358 0x137
GetNextDlgTabItem 0x0 0x2217115c 0x10d5c 0x1035c 0x11b
IsWindowEnabled 0x0 0x22171160 0x10d60 0x10360 0x168
GetDlgItem 0x0 0x22171164 0x10d64 0x10364 0xf3
IsChild 0x0 0x22171168 0x10d68 0x10368 0x15d
GetKeyState 0x0 0x2217116c 0x10d6c 0x1036c 0x101
SetParent 0x0 0x22171170 0x10d70 0x10370 0x203
WinHelpA 0x0 0x22171174 0x10d74 0x10374 0x25e
IsWindowVisible 0x0 0x22171178 0x10d78 0x10378 0x16a
EndPaint 0x0 0x2217117c 0x10d7c 0x1037c 0xb6
GetClientRect 0x0 0x22171180 0x10d80 0x10380 0xe4
BeginPaint 0x0 0x22171184 0x10d84 0x10384 0x9
SendDlgItemMessageA 0x0 0x22171188 0x10d88 0x10388 0x1d8
LoadStringA 0x0 0x2217118c 0x10d8c 0x1038c 0x183
ClientToScreen 0x0 0x22171190 0x10d90 0x10390 0x36
OffsetRect 0x0 0x22171194 0x10d94 0x10394 0x1a5
EqualRect 0x0 0x22171198 0x10d98 0x10398 0xc9
IntersectRect 0x0 0x2217119c 0x10d9c 0x1039c 0x151
SetWindowRgn 0x0 0x221711a0 0x10da0 0x103a0 0x21f
PtInRect 0x0 0x221711a4 0x10da4 0x103a4 0x1bb
MessageBeep 0x0 0x221711a8 0x10da8 0x103a8 0x194
LoadBitmapA 0x0 0x221711ac 0x10dac 0x103ac 0x170
GetSystemMetrics 0x0 0x221711b0 0x10db0 0x103b0 0x12c
GetParent 0x0 0x221711b4 0x10db4 0x103b4 0x11d
CreateDialogIndirectParamA 0x0 0x221711b8 0x10db8 0x103b8 0x48
GetDlgItemTextA 0x0 0x221711bc 0x10dbc 0x103bc 0xf5
SetDlgItemInt 0x0 0x221711c0 0x10dc0 0x103c0 0x1f1
SendMessageA 0x0 0x221711c4 0x10dc4 0x103c4 0x1da
DefWindowProcA 0x0 0x221711c8 0x10dc8 0x103c8 0x80
GetWindowLongA 0x0 0x221711cc 0x10dcc 0x103cc 0x13a
DestroyWindow 0x0 0x221711d0 0x10dd0 0x103d0 0x8a
KillTimer 0x0 0x221711d4 0x10dd4 0x103d4 0x16d
SetTimer 0x0 0x221711d8 0x10dd8 0x103d8 0x216
UnregisterClassA 0x0 0x221711dc 0x10ddc 0x103dc 0x24d
RegisterClassA 0x0 0x221711e0 0x10de0 0x103e0 0x1be
PeekMessageA 0x0 0x221711e4 0x10de4 0x103e4 0x1af
PostMessageA 0x0 0x221711e8 0x10de8 0x103e8 0x1b1
SetDlgItemTextA 0x0 0x221711ec 0x10dec 0x103ec 0x1f2
SetFocus 0x0 0x221711f0 0x10df0 0x103f0 0x1f5
GetDlgItemInt 0x0 0x221711f4 0x10df4 0x103f4 0xf4
MoveWindow 0x0 0x221711f8 0x10df8 0x103f8 0x19d
SetWindowLongA 0x0 0x221711fc 0x10dfc 0x103fc 0x21b
CreateWindowExA 0x0 0x22171200 0x10e00 0x10400 0x55
ReleaseDC 0x0 0x22171204 0x10e04 0x10404 0x1cd
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemAlloc 0x0 0x2217120c 0x10e0c 0x1040c 0x44
CoTaskMemFree 0x0 0x22171210 0x10e10 0x10410 0x45
CoCreateInstance 0x0 0x22171214 0x10e14 0x10414 0xc
CreateOleAdviseHolder 0x0 0x22171218 0x10e18 0x10418 0x56
ADVAPI32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegDeleteValueA 0x0 0x22171220 0x10e20 0x10420 0x120
RegQueryValueA 0x0 0x22171224 0x10e24 0x10424 0x135
RegOpenKeyA 0x0 0x22171228 0x10e28 0x10428 0x12d
RegQueryValueExA 0x0 0x2217122c 0x10e2c 0x1042c 0x136
RegEnumKeyExA 0x0 0x22171230 0x10e30 0x10430 0x123
RegDeleteKeyA 0x0 0x22171234 0x10e34 0x10434 0x11e
RegOpenKeyExA 0x0 0x22171238 0x10e38 0x10438 0x12e
RegCreateKeyExA 0x0 0x2217123c 0x10e3c 0x1043c 0x11b
RegSetValueExA 0x0 0x22171240 0x10e40 0x10440 0x141
RegCloseKey 0x0 0x22171244 0x10e44 0x10444 0x117
OLEAUT32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString 0x2 0x2217124c 0x10e4c 0x1044c -
VariantChangeType 0xc 0x22171250 0x10e50 0x10450 -
SysAllocStringLen 0x4 0x22171254 0x10e54 0x10454 -
SysStringLen 0x7 0x22171258 0x10e58 0x10458 -
SafeArrayRedim 0x28 0x2217125c 0x10e5c 0x1045c -
RegisterTypeLib 0xa3 0x22171260 0x10e60 0x10460 -
LoadTypeLib 0xa1 0x22171264 0x10e64 0x10464 -
UnRegisterTypeLib 0xba 0x22171268 0x10e68 0x10468 -
LoadTypeLibEx 0xb7 0x2217126c 0x10e6c 0x1046c -
OleCreatePropertyFrame 0x1a1 0x22171270 0x10e70 0x10470 -
LoadRegTypeLib 0xa2 0x22171274 0x10e74 0x10474 -
SafeArrayDestroy 0x10 0x22171278 0x10e78 0x10478 -
SafeArrayUnaccessData 0x18 0x2217127c 0x10e7c 0x1047c -
SetErrorInfo 0xc9 0x22171280 0x10e80 0x10480 -
CreateErrorInfo 0xca 0x22171284 0x10e84 0x10484 -
GetErrorInfo 0xc8 0x22171288 0x10e88 0x10488 -
SysFreeString 0x6 0x2217128c 0x10e8c 0x1048c -
SysAllocStringByteLen 0x96 0x22171290 0x10e90 0x10490 -
SafeArrayCreate 0xf 0x22171294 0x10e94 0x10494 -
VariantClear 0x9 0x22171298 0x10e98 0x10498 -
SafeArrayGetUBound 0x13 0x2217129c 0x10e9c 0x1049c -
SafeArrayGetLBound 0x14 0x221712a0 0x10ea0 0x104a0 -
SysStringByteLen 0x95 0x221712a4 0x10ea4 0x104a4 -
SafeArrayAccessData 0x17 0x221712a8 0x10ea8 0x104a8 -
SafeArrayGetElemsize 0x12 0x221712ac 0x10eac 0x104ac -
SafeArrayGetDim 0x11 0x221712b0 0x10eb0 0x104b0 -
VariantInit 0x8 0x221712b4 0x10eb4 0x104b4 -
GDI32.dll (17)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDeviceCaps 0x0 0x221712bc 0x10ebc 0x104bc 0xc7
CreateCompatibleDC 0x0 0x221712c0 0x10ec0 0x104c0 0x1f
CreateRectRgnIndirect 0x0 0x221712c4 0x10ec4 0x104c4 0x3c
GetWindowExtEx 0x0 0x221712c8 0x10ec8 0x104c8 0x111
GetViewportExtEx 0x0 0x221712cc 0x10ecc 0x104cc 0x10e
DeleteDC 0x0 0x221712d0 0x10ed0 0x104d0 0x43
DeleteObject 0x0 0x221712d4 0x10ed4 0x104d4 0x46
GetObjectA 0x0 0x221712d8 0x10ed8 0x104d8 0xea
LPtoDP 0x0 0x221712dc 0x10edc 0x104dc 0x116
SetMapMode 0x0 0x221712e0 0x10ee0 0x104e0 0x161
SetViewportExtEx 0x0 0x221712e4 0x10ee4 0x104e4 0x174
SetWindowExtEx 0x0 0x221712e8 0x10ee8 0x104e8 0x178
SetViewportOrgEx 0x0 0x221712ec 0x10eec 0x104ec 0x175
SetWindowOrgEx 0x0 0x221712f0 0x10ef0 0x104f0 0x179
CreateDCA 0x0 0x221712f4 0x10ef4 0x104f4 0x20
BitBlt 0x0 0x221712f8 0x10ef8 0x104f8 0xa
SelectObject 0x0 0x221712fc 0x10efc 0x104fc 0x14a
Exports (5)
»
Api name EAT Address Ordinal
DLLGetDocumentation 0xb3e4 0x1
DllCanUnloadNow 0x1630 0x2
DllGetClassObject 0x1d2d 0x3
DllRegisterServer 0xb485 0x4
DllUnregisterServer 0xb4a2 0x5
Icons (2)
»
Digital Signatures (1)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Country Name US
Valid From 1998-04-16 00:00:00+00:00
Valid Until 1999-04-16 23:59:59+00:00
Algorithm md2_rsa
Serial Number 79 66 96 6E 83 B0 D0 B6 01 12 6E 9D C0 B4 65 71
Thumbprint D6 CD 01 90 B3 1B 31 85 81 12 23 14 B5 17 A0 AA CE F2 7B D5
c:\users\5p5nrg~1\appdata\local\temp\~df40e2888d77eb8089.tmp Dropped File Unknown
Unknown
...
»
Mime Type application/CDFV2
File Size 16.00 KB
MD5 4700b285d9ede726e7a1f5f55ba8514f Copy to Clipboard
SHA1 bedd1a5213d6ef9f4c44f5a2e2cace2aeeed5f0a Copy to Clipboard
SHA256 e24dd97f526aa50b60ba4c3f38a599ae6123e626b8de3dd3a488ec39b75fcea2 Copy to Clipboard
SSDeep 3:YmsalTlLPltl2N81HRJ//:rl912N0xJX Copy to Clipboard
ImpHash -
C:\ProgramData\chk.dat Dropped File Unknown
Not Queried
...
»
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image