VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: |
Ransomware
Wiper
Trojan
|
Threat Names: |
Gen:Heur.Ransom.Imps.3
ByteCode-MSIL.Trojan.Filecoder
|
BlueCheeser.exe
Windows Exe (x86-32)
Created at 2020-02-04T06:39:00
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
File Reputation Information
»
Severity |
Blacklisted
|
First Seen | 2020-01-11 01:54 (UTC+1) |
Last Seen | 2020-01-26 04:22 (UTC+1) |
Names | ByteCode-MSIL.Trojan.Filecoder |
Families | Filecoder |
Classification | Trojan |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x403652 |
Size Of Code | 0x1800 |
Size Of Initialized Data | 0x800 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_cui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2019-11-18 17:21:30+00:00 |
Version Information (11)
»
Assembly Version | 1.0.0.0 |
Comments | - |
CompanyName | - |
FileDescription | BlueCheeser |
FileVersion | 1.0.0.0 |
InternalName | BlueCheeser.exe |
LegalCopyright | Copyright © 2018 |
LegalTrademarks | - |
OriginalFilename | BlueCheeser.exe |
ProductName | BlueCheeser |
ProductVersion | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x1658 | 0x1800 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.02 |
.rsrc | 0x404000 | 0x5bc | 0x600 | 0x1a00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.09 |
.reloc | 0x406000 | 0xc | 0x200 | 0x2000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.08 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | 0x0 | 0x402000 | 0x3628 | 0x1828 | 0x0 |
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Gen:Heur.Ransom.Imps.3 |
Malicious
|
C:\Users\FD1HVy\Desktop\Instructions.txt | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\FD1HVy\Desktop\-4zLDXisnuN0qm.odt.himr | Dropped File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Desktop\1Ka7_Z4N.mp3.himr | Dropped File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Desktop\2khhpXiY5S7bZP2j.avi.himr | Dropped File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Desktop\3Bri89blGdncnaa_WC_-.avi.himr | Dropped File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Desktop\5u6-Wo5zuX0.mkv.himr | Dropped File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\Desktop\7ANaoGDluEJ.wav.himr | Dropped File | Stream |
Unknown
|
...
|
»