Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Trojan.GenericKDZ.76753 Gen:Variant.Mikey.113998

Dynamic Analysis Report

Created on 2021-09-28T10:04:00

27f32618162b8a522fc5fb8fb832848acb724cf2ac0c03b8488b2c405c582d6a.exe.dll

Windows DLL (x86-64)
...

Remarks (2/2)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "16 minutes, 34 seconds" to "4 minutes, 10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\27f32618162b8a522fc5fb8fb832848acb724cf2ac0c03b8488b2c405c582d6a.exe.dll Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.85 MB
MD5 fe213638baba7c73e9addd779b4f078a Copy to Clipboard
SHA1 e463b86c2e573569643c5e24668bd291d7c2e6b0 Copy to Clipboard
SHA256 27f32618162b8a522fc5fb8fb832848acb724cf2ac0c03b8488b2c405c582d6a Copy to Clipboard
SSDeep 12288:RVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:gfP7fWsK5z9A+WGAW+V5SB6Ct4bnb Copy to Clipboard
ImpHash 6668be91e2c948b183827f040944057f Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKDZ.76753
malicious
PE Information
»
Image Base 0x140000000
Entry Point 0x140041070
Size Of Code 0x41000
Size Of Initialized Data 0x198000
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2020-02-20 08:35:24+00:00
Version Information (8)
»
CompanyName Microsoft Corporati
FileDescription Background Intellig
FileVersion 7.5.7600.16385 (win7_rtm.090713-
InternalName bitsp
LegalCopyright © Microsoft Corporation. All rights reserv
OriginalFilename kbdy
ProductName Microsoft® Windows® Operating S
ProductVersion 6.1.7600
Sections (51)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x40796 0x41000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.73
.rdata 0x140042000 0x64fd0 0x65000 0x42000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.87
.data 0x1400a7000 0x178b8 0x18000 0xa7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.32
.pdata 0x1400bf000 0x12c 0x1000 0xbf000 IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.58
.rsrc 0x1400c0000 0x880 0x1000 0xc0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.24
.reloc 0x1400c1000 0x2324 0x3000 0xc1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.65
.qkm 0x1400c4000 0x74a 0x1000 0xc4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.cvjb 0x1400c5000 0x1e66 0x2000 0xc5000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.tlmkv 0x1400c7000 0xbde 0x1000 0xc7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wucsxe 0x1400c8000 0x45174 0x46000 0xc8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.fltwtj 0x14010e000 0x1267 0x2000 0x10e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.sfplio 0x140110000 0x736 0x1000 0x110000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.rpg 0x140111000 0x45174 0x46000 0x111000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.bewzc 0x140157000 0x1124 0x2000 0x157000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.vksvaw 0x140159000 0x736 0x1000 0x159000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wmhg 0x14015a000 0x1278 0x2000 0x15a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.kswemc 0x14015c000 0x36d 0x1000 0x15c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.kaxfk 0x14015d000 0x197d 0x2000 0x15d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.pjf 0x14015f000 0xbde 0x1000 0x15f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.retjqj 0x140160000 0x7fd 0x1000 0x160000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.mizn 0x140161000 0x9cd 0x1000 0x161000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.rsrub 0x140162000 0x197d 0x2000 0x162000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.susbqq 0x140164000 0x6cd0 0x7000 0x164000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.jeojcw 0x14016b000 0x13e 0x1000 0x16b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.vwl 0x14016c000 0xae7 0x1000 0x16c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.mub 0x14016d000 0x6cd0 0x7000 0x16d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.xwxpmb 0x140174000 0x573 0x1000 0x174000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.aea 0x140175000 0x7fd 0x1000 0x175000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.lwpch 0x140176000 0x7fd 0x1000 0x176000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.nzgp 0x140177000 0x1f7 0x1000 0x177000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.qimx 0x140178000 0x13e 0x1000 0x178000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.jbqbr 0x140179000 0x1f7 0x1000 0x179000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.kxxxil 0x14017a000 0xbf6 0x1000 0x17a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.drpaa 0x14017b000 0x23b 0x1000 0x17b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.lepjc 0x14017c000 0x1f7 0x1000 0x17c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ywrsat 0x14017d000 0x8fe 0x1000 0x17d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ialjct 0x14017e000 0x103 0x1000 0x17e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ujrqkf 0x14017f000 0x1278 0x2000 0x17f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.lwaoje 0x140181000 0x1af 0x1000 0x181000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.pces 0x140182000 0x8fe 0x1000 0x182000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.zuizg 0x140183000 0x6cd0 0x7000 0x183000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.upz 0x14018a000 0x3ba 0x1000 0x18a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wxuh 0x14018b000 0xbf6 0x1000 0x18b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.fsdfq 0x14018c000 0x5a7 0x1000 0x18c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.xxlo 0x14018d000 0x1f7 0x1000 0x18d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.hcxtgl 0x14018e000 0x1e66 0x2000 0x18e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.owbx 0x140190000 0xf9 0x1000 0x190000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.phg 0x140191000 0x736 0x1000 0x191000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.trmoj 0x140192000 0x1ee 0x1000 0x192000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.zaixaf 0x140193000 0x45174 0x46000 0x193000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.myzf 0x1401d9000 0x13e 0x1000 0x1d9000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.65
Imports (7)
»
USER32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LookupIconIdFromDirectoryEx - 0x140042098 0xa64c8 0xa64c8 0x205
WaitForInputIdle - 0x1400420a0 0xa64d0 0xa64d0 0x32e
GetParent - 0x1400420a8 0xa64d8 0xa64d8 0x166
GetFocus - 0x1400420b0 0xa64e0 0xa64e0 0x12e
SETUPAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CM_Get_Resource_Conflict_DetailsW - 0x140042078 0xa64a8 0xa64a8 0x8a
KERNEL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection - 0x140042038 0xa6468 0xa6468 0xd2
DeleteTimerQueue - 0x140042040 0xa6470 0xa6470 0xd9
TerminateJobObject - 0x140042048 0xa6478 0xa6478 0x4cd
GetFileInformationByHandle - 0x140042050 0xa6480 0xa6480 0x1f3
GetThreadLocale - 0x140042058 0xa6488 0xa6488 0x293
GetNamedPipeServerProcessId - 0x140042060 0xa6490 0xa6490 0x229
GetConsoleFontSize - 0x140042068 0xa6498 0xa6498 0x1aa
GDI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateBitmapIndirect - 0x140042020 0xa6450 0xa6450 0x2b
GetPolyFillMode - 0x140042028 0xa6458 0xa6458 0x206
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CertGetCTLContextProperty - 0x140042010 0xa6440 0xa6440 0x44
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AddAccessDeniedObjectAce - 0x140042000 0xa6430 0xa6430 0x15
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChrCmpIW - 0x140042088 0xa64b8 0xa64b8 0xa
Exports (6)
»
Api name EAT Address Ordinal
CreateXmlReader 0x3d414 0x1
CreateXmlReaderInputWithEncodingCodePage 0x3a750 0x2
CreateXmlReaderInputWithEncodingName 0xd9f8 0x3
CreateXmlWriter 0x30868 0x4
CreateXmlWriterOutputWithEncodingCodePage 0x276b8 0x5
CreateXmlWriterOutputWithEncodingName 0x163e4 0x6
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 53 Bytes
MD5 9c3c1a69a3c43835d6a2579570e6aa0d Copy to Clipboard
SHA1 8af2c3b90473b35f1bb936de12a8bf72fe658468 Copy to Clipboard
SHA256 e641ff8107a4197ded9f558d1891e716811e9a7f109f14e876f5a8394844dc34 Copy to Clipboard
SSDeep 3:/l4l5mrc9l:e4rc9l Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 c4f635c6f725928c5605b809ed0006cb Copy to Clipboard
SHA1 5812625171851b04f30e20594a6788c1f7551ac5 Copy to Clipboard
SHA256 5a79e93669f5ee38c4b46b682c43ffef1ef473283a218c4e655ccd2e6b187364 Copy to Clipboard
SSDeep 24:ewohUPOUgXtEEmGPesFvEMw8wV+pR+wIViw3q0O15kYzmSFedV2TktTckMmNvtgw:xopUZGfvW8W+pR+wyipRvpzD01YkMmTh Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 253250ecef24e59cbe308e437e2fef34 Copy to Clipboard
SHA1 cecf6a97c73c87eb8153ded4da6365f2f576a902 Copy to Clipboard
SHA256 4459de34f31d879717f63fcf0b48c4b322ee763c7e60d4b0e2a2a61a7805cf43 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 0e4b9649c39ebabb872a007bbe9f322f Copy to Clipboard
SHA1 6977414d845bb23f78617ebcacc506bf082082a0 Copy to Clipboard
SHA256 34034fa56619ffaed7da17dd9a2b25628ca9ee22b53d7aaec87b347ff7940e1b Copy to Clipboard
SSDeep 24:ewohUPOUg+TI8Xqwg+Qy3COdGHLXTvj3mnvwMUQ+TixWhiJjZLC/gG5MO0tU46:xopU/lq+PjmDkyi6ytC/p5MO0tU46 Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image