1e0db9aa...5b94

VTI SCORE: 100/100

Dynamic Analysis Report

Classification: Riskware, Dropper, Wiper, Trojan, Ransomware

1e0db9aae4b512fed223e566d6a7baf6c149e252d276f30037a990fb7c325b94 (SHA256)

Desktop Ransomware.exe

Windows Exe (x86-32)

Created at 2018-11-01 17:12:00

Notifications (1/1)

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Severity	Category	Operation	Classification
5/5	File System	Encrypts content of user files	Ransomware
Encrypts the content of multiple user files. This is an indicator for ransomware. ... VTI Actions Go to function call
4/5	File System	Known malicious file	Trojan
File "C:\Users\CIiHmnxMn6Ps\Desktop\Desktop Ransomware.exe" is a known malicious file. ... VTI Actions Go to file details Go to function call
2/5	Anti Analysis	Tries to detect debugger	-
Check via API "IsDebuggerPresent". ... VTI Actions Go to function call
1/5	Anti Analysis	Resolves APIs dynamically	-
Resolves an unusually high number of APIs. ... VTI Actions Go to function call
1/5	Masquerade	Changes folder appearance	Riskware
Folder "c:\users\ciihmnxmn6ps\desktop" has a changed appearance. ... VTI Actions Go to function call
Folder "c:\users\ciihmnxmn6ps\music" has a changed appearance. ... VTI Actions Go to function call
Folder "c:\users\ciihmnxmn6ps\pictures" has a changed appearance. ... VTI Actions Go to function call
Folder "c:\users\ciihmnxmn6ps\videos" has a changed appearance. ... VTI Actions Go to function call
Folder "c:\users\ciihmnxmn6ps\documents" has a changed appearance. ... VTI Actions Go to function call
Folder "c:\users\public\documents" has a changed appearance. ... VTI Actions Go to function call
Folder "c:\users\public\pictures" has a changed appearance. ... VTI Actions Go to function call
Folder "c:\users\public\videos" has a changed appearance. ... VTI Actions Go to function call
1/5	Device	Monitors mouse movements and clicks	-
Frequently reads the state of a mouse button by API. ... VTI Actions Go to function call
1/5	File System	Creates an unusually large number of files	-
Creates an unusually large number of files. ... VTI Actions Go to file details Go to function call
1/5	Static	Unparsable sections in file	-
Static analyzer was unable to completely parse the analyzed file: C:\Users\CIiHmnxMn6Ps\Desktop\Desktop Ransomware.exe. ... VTI Actions Go to file details
1/5	PE	Drops PE file	Dropper
Drops file "C:\Users\CIiHmnxMn6Ps\AppData\Local\TempCHHKSM.exe". ... VTI Actions Go to file details Go to function call
1/5	PE	Executes dropped PE file	-
Executes dropped file "C:\Users\CIiHmnxMn6Ps\AppData\Local\TempCHHKSM.exe". ... VTI Actions Go to file details Go to function call

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Notifications (1/1)

Before

After