31cf5253...8dbe | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Wiper
Trojan
Threat Names:
Gen:Heur.Ransom.Imps.3
ByteCode-MSIL.Trojan.Filecoder

BlueCheeser.exe

Windows Exe (x86-32)

Created at 2020-02-04T06:39:00

...

Remarks (1/1)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\BlueCheeser.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 8.50 KB
MD5 6f2ee43839efbb5665c706dcf017465c Copy to Clipboard
SHA1 8f76eda1988b0df2c6d57a2f1ea8e0c54ed9df31 Copy to Clipboard
SHA256 31cf5253f4a1d7db2ff2d580b92b25bec9c4ef86fc15c36ce27532fb73de8dbe Copy to Clipboard
SSDeep 96:ajAiOqKF3SWIvx4fyas2Lyaypyj3joxnn61HYC7l0dFOgzgLr7BfCR9zNt:a0iOqHx45y5gToxnn6h7lo9qFfCR3 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-11 01:54 (UTC+1)
Last Seen 2020-01-26 04:22 (UTC+1)
Names ByteCode-MSIL.Trojan.Filecoder
Families Filecoder
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x403652
Size Of Code 0x1800
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2019-11-18 17:21:30+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription BlueCheeser
FileVersion 1.0.0.0
InternalName BlueCheeser.exe
LegalCopyright Copyright © 2018
LegalTrademarks -
OriginalFilename BlueCheeser.exe
ProductName BlueCheeser
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x1658 0x1800 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.02
.rsrc 0x404000 0x5bc 0x600 0x1a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.09
.reloc 0x406000 0xc 0x200 0x2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x3628 0x1828 0x0
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.Imps.3
Malicious
C:\Users\FD1HVy\Desktop\Instructions.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 184 Bytes
MD5 0a1e8784d952bf77a088dc43ccd8e76e Copy to Clipboard
SHA1 ec948fd8357b2dae83e67c8171751d2208a60bbd Copy to Clipboard
SHA256 682758870ec9ccbfb30df9a89d74eb76df996e844f27b3331fca4493c8071a38 Copy to Clipboard
SSDeep 3:lL/LUVrVFD9CxxAfRAleBMiA1VC2GNEHA5raRwiZiWSscx8xwdeQXF3KUDMbCWaW:lL/WBFxCX2mUMxVCbNEHm+wiZiWSsA8n Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\FD1HVy\Desktop\-4zLDXisnuN0qm.odt.himr Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 21.88 KB
MD5 60f4a2c29592e36351914915673c0c62 Copy to Clipboard
SHA1 51fde8590d166a8db6984256cb230dc326f9e1f9 Copy to Clipboard
SHA256 97b8afecd70d90845b17d15453e54b8bd3b541ea969efd554e6447118667c36b Copy to Clipboard
SSDeep 384:E1fXqi982P3e8S+zUCTgUt1tFxhLmdL07zedIEsb9ojsZhRFVkt:2qi93frzM6FxkdQOZsb9oIZhRbU Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\FD1HVy\Desktop\1Ka7_Z4N.mp3.himr Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 94.58 KB
MD5 60f1cd5d553cdd3ca9c49f1b37087e02 Copy to Clipboard
SHA1 d86a16e913348798059d949af1019f800d6431b3 Copy to Clipboard
SHA256 15a0bd15c485d65552edd10f18405dfe447c3e07c3469c986707c48c1f80ea01 Copy to Clipboard
SSDeep 1536:s4Kl+8JjqOlI0fkY6zxCRS1KyZxkHEQynnjERjxPV2SXdbCKBTFTRwD9:vKA8JjqO6xYGxCRM0qj+VPVVkKBTFNwB Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\FD1HVy\Desktop\2khhpXiY5S7bZP2j.avi.himr Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 94.09 KB
MD5 ba1a9af6936c2a9c792d74f00fa1a0af Copy to Clipboard
SHA1 1f4f762dbf3f251e44fd8e8a94cf391273837427 Copy to Clipboard
SHA256 0fb8662387f08ee54a383b84d6e38fd338582d80493c15d1c9b412ae01f606ba Copy to Clipboard
SSDeep 1536:ll1qVQzaSm9V4NLJgMUp6mQEjRlJxm7b6E9OrDX1bAE4VbgJLUolIZjI2Yw8L:/1vQmJMpdQEj+b2X1bA/bILzlIZjI Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\FD1HVy\Desktop\3Bri89blGdncnaa_WC_-.avi.himr Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 34.62 KB
MD5 4aee2aa1c89129eca6e979704171a820 Copy to Clipboard
SHA1 e8962ba056bda27e244708254654e316f04f4295 Copy to Clipboard
SHA256 ed6f7da4a100db9da8dd849d47897cdc7d239061f7434abe6c75459f4e03415b Copy to Clipboard
SSDeep 768:Jw0O7dIqZ/8QWORM3SUMqKk8+hnwoK88Aa+sdlUTzoPL6qOKNS/l4i8vDzH:od7ZEQWOR2c+hwsc+O6OM4BH Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\FD1HVy\Desktop\5u6-Wo5zuX0.mkv.himr Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20.62 KB
MD5 935e555b2636802f31cdac58d1f8918b Copy to Clipboard
SHA1 2ac2331d1f038a92102388b67aa775648d4ba023 Copy to Clipboard
SHA256 46fa72f5c94653f2b941f2a451cd66b847e64e9c829fc3e376b79e27b284786b Copy to Clipboard
SSDeep 384:q+86xnzeGgTiaGdw0eh8Xk59cI9nIxMwYxKNTsvSKcPOInU:qixzev9YwV8UII9nIxMwkKmvlcPfU Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\FD1HVy\Desktop\7ANaoGDluEJ.wav.himr Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 92.03 KB
MD5 2c027c9a5ea1ae2a6e2393139106d2c5 Copy to Clipboard
SHA1 8050fe1750648cf7a74b9eac3606f07c6ad79572 Copy to Clipboard
SHA256 85ec3d4a9cd2295f611cb42345286a5bdef82963c89be87ab6643d676b526d4f Copy to Clipboard
SSDeep 1536:rg4LXFSK/nZCUQT44S+Ol6Exz2R4zScUpoFi2teUcwIc5daQ+jpe3ObdqxHr:zFvQm57z2eS9Ai2tLFIudZipeebSHr Copy to Clipboard
ImpHash None Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image