Try VMRay Platform
Malicious
Classifications

Injector

Threat Names

Mal/HTMLGen-A C2/Generic-A Gen:Variant.Bulz.604474

Dynamic Analysis Report

Created on 2021-09-27T19:30:00

31a90ad6dbe61a0a90ee10802efa1a6ea8cc5edbeb3b74e79f7d07293cd56898.dll

Windows DLL (x86-32)
...

Remarks (2/3)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 day, 17 hours, 26 minutes, 34 seconds" to "5 hours, 7 minutes, 30 seconds" to reveal dormant functionality.

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\KEECFM~1\Desktop\31a90ad6dbe61a0a90ee10802efa1a6ea8cc5edbeb3b74e79f7d07293cd56898.dll Dropped File Binary
malicious
...
  • Actions
»
MIME Type application/vnd.microsoft.portable-executable
File Size 378.00 KB
MD5 7df93445d7752cd944b727d3824ebb55 Copy to Clipboard
SHA1 119352f971e74f397d5f78301b144c22be8f944f Copy to Clipboard
SHA256 31a90ad6dbe61a0a90ee10802efa1a6ea8cc5edbeb3b74e79f7d07293cd56898 Copy to Clipboard
SSDeep 3072:Do6vBnby4Yx0XjFFzPQ0MslzERfQB24hLxBVi/b/9+PdpiWC35ol/uwfTuT2b2MC:vs6Xpq0H3Jhds/9+qC/zfTPLg Copy to Clipboard
ImpHash ef258cd2a69e4871222e8a6651dd9af8 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
PE Information
»
Image Base 0x10000000
Entry Point 0x10001000
Size Of Code 0x30a00
Size Of Initialized Data 0x1f600
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-09-10 16:49:09+00:00
Sections (9)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x3090c 0x30a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.09
.edata 0x10032000 0x70 0x200 0x30e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.32
.data 0x10033000 0x2000 0x1400 0x31000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.data 0x10035000 0xbf54 0xc000 0x32400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.08
.rdatat 0x10041000 0x648 0x800 0x3e400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.75
.rsrc 0x10042000 0x10bf4 0x10c00 0x3ec00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.09
- 0x10053000 0x5000 0x5000 0x4f800 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
- 0x10058000 0x5000 0x5000 0x54800 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
- 0x1005d000 0x5000 0x5000 0x59800 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
Imports (17)
»
kernel32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress - 0x10041030 0x41274 0x3e674 0x0
LoadLibraryA - 0x10041034 0x41278 0x3e678 0x0
VirtualAlloc - 0x10041038 0x4127c 0x3e67c 0x0
VirtualProtect - 0x1004103c 0x41280 0x3e680 0x0
GetCurrentThread - 0x10041040 0x41284 0x3e684 0x0
lstrcmpA - 0x10041044 0x41288 0x3e688 0x0
user32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetWindowPos - 0x100410a0 0x412e4 0x3e6e4 0x0
ShowCursor - 0x100410a4 0x412e8 0x3e6e8 0x0
ShowWindow - 0x100410a8 0x412ec 0x3e6ec 0x0
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateGuid - 0x10041054 0x41298 0x3e698 0x0
OleUninitialize - 0x10041058 0x4129c 0x3e69c 0x0
CoFreeUnusedLibraries - 0x1004105c 0x412a0 0x3e6a0 0x0
CoGetCurrentProcess - 0x10041060 0x412a4 0x3e6a4 0x0
CoGetCurrentLogicalThreadId - 0x10041064 0x412a8 0x3e6a8 0x0
CoFileTimeNow - 0x10041068 0x412ac 0x3e6ac 0x0
CoGetContextToken - 0x1004106c 0x412b0 0x3e6b0 0x0
OleInitialize - 0x10041070 0x412b4 0x3e6b4 0x0
gdi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdiGetBitmapBitsSize - 0x10041018 0x4125c 0x3e65c 0x0
advapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SystemFunction003 - 0x10041000 0x41244 0x3e644 0x0
imagehlp.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindFileInPath - 0x10041028 0x4126c 0x3e66c 0x0
msimg32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AlphaBlend - 0x1004104c 0x41290 0x3e690 0x0
version.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x100410b0 0x412f4 0x3e6f4 0x0
winmm.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
auxGetVolume - 0x100410b8 0x412fc 0x3e6fc 0x0
winspool.drv (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AddPortW - 0x100410c0 0x41304 0x3e704 0x0
comctl32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetEffectiveClientRect - 0x10041008 0x4124c 0x3e64c 0x0
oledlg.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUIPromptUserW - 0x10041088 0x412cc 0x3e6cc 0x0
comdlg32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileTitleA - 0x10041010 0x41254 0x3e654 0x0
gdiplus.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipImageSelectActiveFrame - 0x10041020 0x41264 0x3e664 0x0
shell32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHFileOperationA - 0x10041090 0x412d4 0x3e6d4 0x0
shlwapi.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHRegSetUSValueA - 0x10041098 0x412dc 0x3e6dc 0x0
oleaut32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString - 0x10041080 0x412c4 0x3e6c4 0x0
Exports (2)
»
Api name EAT Address Ordinal
GetClass 0x555f6 0x1
SetClass 0x3804d 0x2
c:\samr Dropped File Unknown
N/A
Not Available because the file was not extracted successfully.
...
  • Actions
»
MIME Type -
File Size -
MD5 -
SHA1 -
SHA256 -
SSDeep -
ImpHash -
C:\Users\KEECFM~1\Desktop\31a90ad6dbe61a0a90ee10802efa1a6ea8cc5edbeb3b74e79f7d07293cd56898.dll Dropped File Binary
clean
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 378.00 KB
MD5 b19b0af9a01dd936d091c291b19696c8 Copy to Clipboard
SHA1 862ed0b9586729f2633670ccd7d075d7693908e1 Copy to Clipboard
SHA256 17d261eaca2629ef9907d0c00fb2271201e466796f06dcb7232900d711c29330 Copy to Clipboard
SSDeep 1536:92VcC6MtqWgV3vAFNJ3JXS9n5SYCR44u029R+J:XC6MtAAFNJ5XC5SYCi02r+J Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
PE Information
»
Image Base 0x10000000
Entry Point 0x10001000
Size Of Code 0x30a00
Size Of Initialized Data 0x1f600
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-09-10 16:49:09+00:00
Sections (9)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x3090c 0x30a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 2.95
.edata 0x10032000 0x70 0x200 0x30e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.data 0x10033000 0x2000 0x1400 0x31000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.data 0x10035000 0xbf54 0xc000 0x32400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdatat 0x10041000 0x648 0x800 0x3e400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x10042000 0x10bf4 0x10c00 0x3ec00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x10053000 0x5000 0x5000 0x4f800 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
- 0x10058000 0x5000 0x5000 0x54800 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
- 0x1005d000 0x5000 0x5000 0x59800 IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image