276dfc59...8114 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 91/100
Target: win10_64 | exe
Classification: Trojan, Dropper

276dfc5994510eb3186bc273360e01487994723246fbbd296e9215d268888114 (SHA256)

276dfc5994510eb3186bc273360e01487994723246fbbd296e9215d268888114.exe

Windows Exe (x86-32)

Created at 2018-03-06 15:52:00

...

Notifications (1/1)

The overall sleep time of all monitored processes was truncated from "55 seconds" to "10 seconds" to reveal dormant functionality.

Files Information

Number of sample files submitted for analysis 1
Number of files created and extracted during analysis 1
Number of files modified and extracted during analysis 7
c:\users\ciihmnxmn6ps\desktop\276dfc5994510eb3186bc273360e01487994723246fbbd296e9215d268888114.exe
Blacklisted
»
File Properties
Names c:\users\ciihmnxmn6ps\desktop\276dfc5994510eb3186bc273360e01487994723246fbbd296e9215d268888114.exe (Sample File)
Size 448.00 KB
Hash Values MD5: 0c2a5323f76cbffca948a310aae11cfe
SHA1: 5b283977be104627f30b2bdcdc2d47f7aa3bc807
SHA256: 276dfc5994510eb3186bc273360e01487994723246fbbd296e9215d268888114
Actions
...
File Reputation Information
»
Information Value
Severity
Blacklisted
Names Win32.Trojan.Generickd
Families Generickd
Classification Trojan
PE Information
»
Information Value
Image Base 0x400000
Entry Point 0x47600a
Size Of Code 0xda00
Size Of Initialized Data 0x62200
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2018-02-21 11:58:07
Compiler/Packer Unknown
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
T%o5;O 0x402000 0x5f144 0x5f200 0x400 CNT_INITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE 8.0
.text 0x462000 0xd6f8 0xd800 0x5f600 CNT_CODE, MEM_EXECUTE, MEM_READ 4.74
.rsrc 0x470000 0x2c68 0x2e00 0x6ce00 CNT_INITIALIZED_DATA, MEM_READ 5.21
.reloc 0x474000 0xc 0x200 0x6fc00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.1
- 0x476000 0x10 0x200 0x6fe00 CNT_CODE, MEM_EXECUTE, MEM_READ 0.14
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_CorExeMain 0x0 0x476000 0x62898 0x5fe98
Icons (1)
»
c:\users\ciihmnxmn6ps\appdata\local\icosineczo.bin
Blacklisted
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\local\icosineczo.bin (Created File)
Size 373.00 KB
Hash Values MD5: 186ab6b31766e04f07fa8b3eb9314bef
SHA1: ebab8b38fd4c556d990be10a21118577e666490f
SHA256: 4f7f8918ce69501048d1b846428c509bf352ab662d6e33b82ec93caa72e7f9da
Actions
...
File Reputation Information
»
Information Value
Severity
Blacklisted
Names Win32.Trojan.Filecoder
Families Filecoder
Classification Trojan
PE Information
»
Information Value
Image Base 0x400000
Entry Point 0x46400a
Size Of Code 0xcc00
Size Of Initialized Data 0x50400
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2018-02-21 11:57:42
Compiler/Packer Unknown
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
pVT"")G 0x402000 0x4f8b4 0x4fa00 0x400 CNT_INITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE 8.0
.text 0x452000 0xc878 0xca00 0x4fe00 CNT_CODE, MEM_EXECUTE, MEM_READ 4.78
.rsrc 0x460000 0x608 0x800 0x5c800 CNT_INITIALIZED_DATA, MEM_READ 3.42
.reloc 0x462000 0xc 0x200 0x5d000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.1
- 0x464000 0x10 0x200 0x5d200 CNT_CODE, MEM_EXECUTE, MEM_READ 0.14
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_CorExeMain 0x0 0x464000 0x528d8 0x506d8
c:\users\ciihmnxmn6ps\documents\database1.accdb
»
File Properties
Names c:\users\ciihmnxmn6ps\documents\database1.accdb (Modified File)
Size 348.00 KB
Hash Values MD5: 0affb996a3d753e52944587f1949b434
SHA1: 073cc2544d7db1bb48ee1f1742b40b8452baed3a
SHA256: 69313f9e8400235f34fe6f09c8789fadfb2bff8d19d19fda69782cc0085c652f
Actions
...
c:\users\ciihmnxmn6ps\documents\database1.accdb
»
File Properties
Names c:\users\ciihmnxmn6ps\documents\database1.accdb (Modified File)
Size 348.04 KB
Hash Values MD5: 2e6813acd120565be9c33bfe27bcf013
SHA1: 81dfc5d15bd304167463ca46916829dfa3dbbbba
SHA256: 04d1af35c31806b0b70070fe7b45c9f3f77daeb61e222cc9d6cb0f5c74de1fd1
Actions
...
c:\users\ciihmnxmn6ps\desktop\i4r-ul5\yxxexh\xq6rk6uq64dvg1c.avi
»
File Properties
Names c:\users\ciihmnxmn6ps\desktop\i4r-ul5\yxxexh\xq6rk6uq64dvg1c.avi (Modified File)
Size 69.63 KB
Hash Values MD5: c5adfc861c7f8e34c6780adc95727876
SHA1: 900fe27c29cb830233a23446e265b7435fcc74e5
SHA256: c4925f97c5939cc6abe1bd3c0826b711ee6aaeaf8507c73836ee1bd8e2efb403
Actions
...
c:\users\ciihmnxmn6ps\desktop\i4r-ul5\yxxexh\xq6rk6uq64dvg1c.avi
»
File Properties
Names c:\users\ciihmnxmn6ps\desktop\i4r-ul5\yxxexh\xq6rk6uq64dvg1c.avi (Modified File)
Size 69.66 KB
Hash Values MD5: ea15ca3be4e77f2697033b37d6b13b40
SHA1: e6b8e164a7065c1e67b0748e37a5a5acf0a18c66
SHA256: b6abc966fef57b7ba6cc8afb4234f753ff3fd661f8923051c4602ee9b53d398f
Actions
...
c:\users\ciihmnxmn6ps\desktop\phqq\hnnrdpa\vm9rzszbg2b2vr2.avi
»
File Properties
Names c:\users\ciihmnxmn6ps\desktop\phqq\hnnrdpa\vm9rzszbg2b2vr2.avi (Modified File)
Size 97.06 KB
Hash Values MD5: bdd673b0dd4e1e770b5253a6e9383594
SHA1: 879261e7b3d7f41c407e79dd5da6c1ea72afbdf5
SHA256: 8cdcb2d8d8434ee55c9c9c0b7565ad3a6c9691470d0dc825c0f13dfdb73cf185
Actions
...
c:\users\ciihmnxmn6ps\desktop\phqq\hnnrdpa\vm9rzszbg2b2vr2.avi
»
File Properties
Names c:\users\ciihmnxmn6ps\desktop\phqq\hnnrdpa\vm9rzszbg2b2vr2.avi (Modified File)
Size 97.10 KB
Hash Values MD5: be74b1fc220d9168e6ed190f68b9d773
SHA1: 5f47f7d95e7fe6f648a79db0a8d417ca2a81e6d0
SHA256: 73b86fd70e00fbf33fc5d17cf8209988299e5fecb30ea2c5033d8a8d10f7b220
Actions
...
c:\users\ciihmnxmn6ps\documents\woti l543fb\xljhq-trrewg.csv
»
File Properties
Names c:\users\ciihmnxmn6ps\documents\woti l543fb\xljhq-trrewg.csv (Modified File)
Size 70.42 KB
Hash Values MD5: 3b0a062839ef2d945084f41b11081d9c
SHA1: 467f132d345dbe2e5b01e87fcc30dbb2ea14a64b
SHA256: 16fc1803b0ed60de6b82db5c94769af7651f7b98ebaa630cb48f7d17810284c4
Actions
...
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image