32f7a9e9...1ff0 | Files
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Wiper
Dropper
Threat Names:
Win32.Virlock.Gen.1
Gen:Trojan.Heur.FU.IqX@aq8O8nni
Gen:Trojan.Heur.TP.IqX@bq8O8nni
...

Remarks (2/3)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 hours, 21 minutes, 12 seconds" to "7 minutes, 50 seconds" to reveal dormant functionality.

Remarks

(0x0200000F): The maximum number of memory dumps was exceeded. Some dumps may be missing in the report.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Lef9NVBNY3Gqm5dX.exe Sample File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 531.50 KB
MD5 4fb2382b7c4e49880851c42cad35e269 Copy to Clipboard
SHA1 6b4b6a3ae92084d78e50277896fe9e9e297acae9 Copy to Clipboard
SHA256 32f7a9e9e50f7a4f14cf9667bf30f7b51dc2937cee18c3c5fe97773767c41ff0 Copy to Clipboard
SSDeep 12288:mzUGV8+7jZegjTYUDAKH9RSmXvYitIt08N2n2:EMudLnAKdRSiJy42 Copy to Clipboard
ImpHash eb60115537175e45a3e1c618949a1c62 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x83200
Size Of Initialized Data 0x1600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2015-01-06 00:36:08+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x84000 0x83200 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.96
.rdata 0x485000 0x1000 0x200 0x83800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.94
.data 0x486000 0x136 0x200 0x83a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.97
.rsrc 0x487000 0x115c 0x1200 0x83c00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.21
Imports (2)
»
advapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptVerifySignatureW 0x0 0x485000 0x85050 0x83850 0xa3
user32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetClipboardSequenceNumber 0x0 0x485008 0x85058 0x83858 0xef
GetMessageTime 0x0 0x48500c 0x8505c 0x8385c 0x125
Icons (1)
»
Memory Dumps (354)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Relevant Image True 32-bit 0x00481804 True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x00481F0B True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x00463B35 True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x00464BDF True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x00463B94 True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x00458A28 True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x004590F4 True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x0045D9DE True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x0046132D True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x0040ABE5 True False
buffer 1 0x00900000 0x00901FFF Content Changed False 32-bit - False False
buffer 1 0x008F0000 0x008F1FFF Content Changed False 32-bit - False False
buffer 1 0x00910000 0x00911FFF Content Changed False 32-bit - False False
buffer 1 0x00900000 0x00901FFF Content Changed False 32-bit - False False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x0045E000 True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x0045CF5A True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x00404619 True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x004628BD True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x00468B5F True False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Content Changed True 32-bit 0x0045B57D True False
buffer 1 0x047B0000 0x047B0FFF Image In Buffer True 32-bit - False False
buffer 1 0x047C0000 0x047C0FFF Image In Buffer True 32-bit - False False
lef9nvbny3gqm5dx.exe 1 0x00400000 0x00488FFF Final Dump True 32-bit - True False
buffer 1 0x047A0000 0x047A0FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 3 0x04750000 0x04750FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 27 0x04750000 0x04750FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
Local AV Matches (1)
»
Threat Name Severity
Win32.Virlock.Gen.1
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\duIwksoU\BUccwoAg.exe Dropped File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 479.50 KB
MD5 1003785cbf380f470371c2799e02d699 Copy to Clipboard
SHA1 fd47823dd185fc024318c1d6a872bb5055aa6653 Copy to Clipboard
SHA256 3f6f4f642019e346f95e7cba8a3941999b57bee885b62b373426495424bd45a2 Copy to Clipboard
SSDeep 12288:ikgoVNZw1g0RFyZIzXF1WF/9EkEomts4J3Iuy3NiPKKlCvkiUMd0ON0Y4G08GEJH:3goVNZw1g0RFyZIzXF1WF/9Ekzma4hEt Copy to Clipboard
ImpHash d95b3f16bccd2684e353566510bcb8b4 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x77400
Size Of Initialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2015-01-06 00:36:08+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x78000 0x77400 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.96
.rdata 0x479000 0x1000 0x200 0x77a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.05
.data 0x47a000 0x158 0x200 0x77c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.37
Imports (3)
»
ntdll.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlDeleteElementGenericTable 0x0 0x479000 0x79068 0x77a68 0x1e9
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetVersion 0x0 0x479008 0x79070 0x77a70 0x195
user32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetActiveWindow 0x0 0x479010 0x79078 0x77a78 0xd8
Memory Dumps (418)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
buffer 1 0x00900000 0x00901FFF Content Changed False 32-bit - False False
buffer 1 0x008F0000 0x008F1FFF Content Changed False 32-bit - False False
buffer 1 0x00910000 0x00911FFF Content Changed False 32-bit - False False
buffer 1 0x00900000 0x00901FFF Content Changed False 32-bit - False False
buccwoag.exe 2 0x00400000 0x0047AFFF Relevant Image True 32-bit 0x004753A5 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004754F2 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00463B35 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00458A28 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004590F4 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045D9DE True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0046132D True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004608E2 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045E000 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045CF5A True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00404619 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00403015 True False
buffer 2 0x04790000 0x04790FFF Content Changed False 32-bit - False False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00408D79 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045396F True False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040D7AF True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00454000 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040A371 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040B21C True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040C44D True False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045D53D True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040A371 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040B21C True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00461B3E True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004621C5 True False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00454059 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00457E5B True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00456105 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00463AC8 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00472000 True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004730AF True False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00470FE4 True False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buccwoag.exe 2 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045A2A4 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Relevant Image True 32-bit 0x004753A5 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004754F2 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00463B35 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00402ACD True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00458A28 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004590F4 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045D9DE True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0046132D True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045E000 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045CF5A True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00404619 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00403015 True False
buffer 25 0x04790000 0x04790FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00408D79 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045396F True False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040D7AF True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00454000 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040A371 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040C44D True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004621C5 True False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045983F True False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00457E5B True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00456105 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00463AC8 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040B45C True False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00410B05 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00471C8C True False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004730AF True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00470FE4 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045D53D True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045396F True False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045A2A4 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045B57D True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004655C0 True False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00460AE7 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040F1D2 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00461B3E True False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040D08E True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040EFB5 True False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040AB3F True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00470FE4 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004621C5 True False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040EF30 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040C8E9 True False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040D08E True False
buffer 25 0x04E50000 0x04E52FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00467EE7 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00457522 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00456FDE True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045C0E5 True False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045EC76 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00410B05 True False
buccwoag.exe 25 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040F6F8 True False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
Local AV Matches (1)
»
Threat Name Severity
Win32.Virlock.Gen.1
Malicious
C:\ProgramData\GSogosQc\YMIIsQMA.exe Dropped File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 478.50 KB
MD5 61b36f23ac93e0eeaeb989af2bd8386d Copy to Clipboard
SHA1 b82df005aed57adeaf019f4c55ad1499afe549f5 Copy to Clipboard
SHA256 f10c97f076066b1d4051e5b39ebd2dfde3a4895d310367c5c34c718904d26cdb Copy to Clipboard
SSDeep 6144:6T49iYu7drWwizUmqCRAuxpmehFCBV+IKkTgqAsC9v5wdyX1e2HugbVQmmx5uyvm:417PizFIEpmmFCn5bGvVUgbVQmmHxgb Copy to Clipboard
ImpHash a905f8c72381ee7ee5f58170089e386a Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x77000
Size Of Initialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2015-01-06 00:36:08+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x77000 0x77000 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.96
.rdata 0x478000 0x1000 0x200 0x77600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.96
.data 0x479000 0x130 0x200 0x77800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.9
Imports (3)
»
advapi32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetNamedSecurityInfoExW 0x0 0x478000 0x78070 0x77670 0x210
GetSidSubAuthorityCount 0x0 0x478004 0x78074 0x77674 0x110
ws2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSAAsyncGetHostByName 0x0 0x47800c 0x7807c 0x7767c 0x9
kernel32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessHeap 0x0 0x478014 0x78084 0x77684 0x156
GetConsoleWindow 0x0 0x478018 0x78088 0x77688 0xf9
Memory Dumps (392)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
buffer 1 0x00900000 0x00901FFF Content Changed False 32-bit - False False
buffer 1 0x008F0000 0x008F1FFF Content Changed False 32-bit - False False
buffer 1 0x00910000 0x00911FFF Content Changed False 32-bit - False False
buffer 1 0x00900000 0x00901FFF Content Changed False 32-bit - False False
buffer 1 0x047A0000 0x047A0FFF Content Changed False 32-bit - False False
ymiisqma.exe 3 0x00400000 0x00479FFF Relevant Image True 32-bit 0x004752C8 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00475C10 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00463B35 True False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 2 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 2 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00458A28 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x004590F4 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045D9DE True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x0046132D True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045E000 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x0046387E True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00404619 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00458E42 True False
buffer 3 0x04750000 0x04750FFF Content Changed False 32-bit - False False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00408D79 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00460360 True False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 3 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 3 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040D7AF True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00454000 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00410A5D True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040C44D True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045D53D True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00410B05 True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040B21C True False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 2 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 2 0x05210000 0x05211FFF Content Changed False 32-bit - False False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x00461B3E True False
ymiisqma.exe 3 0x00400000 0x00479FFF Content Changed True 32-bit 0x004621C5 True False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 3 0x052E0000 0x052E1FFF Content Changed False 32-bit - False False
buffer 3 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 2 0x052D0000 0x052D1FFF Content Changed False 32-bit - False False
buffer 2 0x052B0000 0x052B1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
buffer 25 0x04BE0000 0x04BE1FFF Content Changed False 32-bit - False False
buffer 25 0x04BD0000 0x04BD1FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Relevant Image True 32-bit 0x004752C8 True False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00475C10 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00463B35 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00458A28 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x004590F4 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045D9DE True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0046132D True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045E000 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045CF5A True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00404619 True False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
buffer 25 0x05220000 0x05221FFF Content Changed False 32-bit - False False
buffer 25 0x05210000 0x05211FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00403015 True False
buffer 27 0x04750000 0x04750FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00408D79 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045396F True False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
buffer 27 0x04BA0000 0x04BA1FFF Content Changed False 32-bit - False False
buffer 27 0x04B90000 0x04B91FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040D7AF True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00454000 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040C44D True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040A371 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040B21C True False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
buffer 25 0x053A0000 0x053A1FFF Content Changed False 32-bit - False False
buffer 25 0x05380000 0x05381FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045396F True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00461B3E True False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 25 0x05590000 0x05591FFF Content Changed False 32-bit - False False
buffer 25 0x05430000 0x05431FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00454059 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00410B05 True False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040F1D2 True False
buffer 27 0x051D0000 0x051D2FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D2FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 27 0x051E0000 0x051E1FFF Content Changed False 32-bit - False False
buffer 27 0x051D0000 0x051D1FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0045D53D True False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05252FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
buffer 25 0x05610000 0x05611FFF Content Changed False 32-bit - False False
buffer 25 0x05600000 0x05601FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040C44D True False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00460AE7 True False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040EF30 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040D08E True False
buffer 27 0x05250000 0x05252FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x004621C5 True False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x00454059 True False
ymiisqma.exe 27 0x00400000 0x00479FFF Content Changed True 32-bit 0x0040B45C True False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 27 0x05260000 0x05261FFF Content Changed False 32-bit - False False
buffer 27 0x05250000 0x05251FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
buffer 25 0x04E60000 0x04E61FFF Content Changed False 32-bit - False False
buffer 25 0x04E50000 0x04E51FFF Content Changed False 32-bit - False False
Local AV Matches (1)
»
Threat Name Severity
Win32.Virlock.Gen.1
Malicious
C:\ProgramData\VWcUEoYI\ssYIYkgc.exe Dropped File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 481.50 KB
MD5 1dc9cf3c208fbc9eb88fb5cd45b78af3 Copy to Clipboard
SHA1 df05cc6a905260ead7e865064c537e17797b40b9 Copy to Clipboard
SHA256 a6e3ee00ff2273a1ad33cb0751aa651e83ce4151a3eb1f868af8619a2960eafa Copy to Clipboard
SSDeep 12288:CkxD72jNNTA8f5Dj9InOHzmD8zydV20qc6hy6gsJ1x:CkxqYOHiD88Vb96g6gsJj Copy to Clipboard
ImpHash 5003e90a3bcba3f9fdbf314b36266ff9 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x77c00
Size Of Initialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2015-01-06 00:36:08+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x78000 0x77c00 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.96
.rdata 0x479000 0x1000 0x200 0x78200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.28
.data 0x47a000 0xc3 0x200 0x78400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.45
Imports (4)
»
ntdll.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlComputePrivatizedDllName_U 0x0 0x479000 0x79088 0x78288 0x1b3
RtlpUnWaitCriticalSection 0x0 0x479004 0x7908c 0x7828c 0x371
shell32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHPropStgReadMultiple 0x0 0x47900c 0x79094 0x78294 0xb4
user32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetInputState 0x0 0x479014 0x7909c 0x7829c 0x105
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSystemDefaultLangID 0x0 0x47901c 0x790a4 0x782a4 0x170
Memory Dumps (15)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
ssyiykgc.exe 17 0x00400000 0x0047AFFF Relevant Image True 32-bit 0x0047589E True False
ssyiykgc.exe 17 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00475D62 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Relevant Image True 32-bit 0x0047589E True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00475D62 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00463B35 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00458A28 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x004590F4 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045D9DE True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0046132D True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045E000 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00404619 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x00403015 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0040AE4A True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045F078 True False
ssyiykgc.exe 26 0x00400000 0x0047AFFF Content Changed True 32-bit 0x0045F1D4 True False
Local AV Matches (1)
»
Threat Name Severity
Win32.Virlock.Gen.1
Malicious
ccgE.exe Dropped File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.27 MB
MD5 3670e405865c9a60aeac56eb66422a7b Copy to Clipboard
SHA1 8f20935d4cf7cb8bdf0e79c089b1d4ed27e50b46 Copy to Clipboard
SHA256 f95338aec49f5cf3e62903cde9ebbbe39e15f6c9aa4fb020dffc4c181afd5476 Copy to Clipboard
SSDeep 12288:cEfjWoEu/PTrUjPN/X5Ngp5UaTX3Ce7LpqGDSlXANfCvA+9E4kYSnd7e74JzENtm:1CoEu3U5freye7HhFE9eLdLx0Wu Copy to Clipboard
ImpHash 63bf1cc6f4f4661d9b9c9eb43e3da80f Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x143600
Size Of Initialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2015-01-06 00:36:08+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x144000 0x143600 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.88
.rdata 0x545000 0x1000 0x200 0x143c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.17
.data 0x546000 0x16c 0x200 0x143e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.65
Imports (4)
»
oleaut32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleCreatePropertyFrameIndirect 0x0 0x545000 0x145088 0x143c88 0x26
ntdll.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlInitializeAtomPackage 0x0 0x545008 0x145090 0x143c90 0x275
kernel32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserDefaultLangID 0x0 0x545010 0x145098 0x143c98 0x192
DefineDosDeviceW 0x0 0x545014 0x14509c 0x143c9c 0x65
user32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetInputDesktop 0x0 0x54501c 0x1450a4 0x143ca4 0x104
Local AV Matches (1)
»
Threat Name Severity
Win32.Virlock.Gen.1
Malicious
ccgE.exe Dropped File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.27 MB
MD5 c6c814b3994303a5a36725c897abf949 Copy to Clipboard
SHA1 1daa5d6e72e61d9900f6d19826c033ca38955a74 Copy to Clipboard
SHA256 6d555ad988cdbd5a6db0be779994b1e0268bc1f6a8ab77fa8a3da09169e07cb1 Copy to Clipboard
SSDeep 12288:/EfjWoEu/PTrUjPN/X5Ngp5UaTX3Ce7LpqGDSlXANfCvA+9E4kYSnd7e74JzENtm:MCoEu3U5freye7HhFE9eLdLx0Wu Copy to Clipboard
ImpHash 63bf1cc6f4f4661d9b9c9eb43e3da80f Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x143600
Size Of Initialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2015-01-06 00:36:08+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x144000 0x143600 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.88
.rdata 0x545000 0x1000 0x200 0x143c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.17
.data 0x546000 0x16c 0x200 0x143e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.65
.rsrc 0x547000 0x200 0x200 0x144000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
Imports (4)
»
oleaut32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleCreatePropertyFrameIndirect 0x0 0x545000 0x145088 0x143c88 0x26
ntdll.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlInitializeAtomPackage 0x0 0x545008 0x145090 0x143c90 0x275
kernel32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserDefaultLangID 0x0 0x545010 0x145098 0x143c98 0x192
DefineDosDeviceW 0x0 0x545014 0x14509c 0x143c9c 0x65
user32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetInputDesktop 0x0 0x54501c 0x1450a4 0x143ca4 0x104
Local AV Matches (1)
»
Threat Name Severity
Win32.Virlock.Gen.1
Malicious
C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\DW20.EXE.exe Dropped File Binary
Malicious
»
Also Known As ccgE.exe (Dropped File)
c:\rcxf4aa.tmp (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 1.27 MB
MD5 57cc2b30cac70e137d08651edb646664 Copy to Clipboard
SHA1 688b9d07447f22980847f0a27407ec07139b2514 Copy to Clipboard
SHA256 f5aaa1ffb2213d1279b3e8ba0b499688dbce99175eb5550377ebd4c2b18c1787 Copy to Clipboard
SSDeep 12288:7EfjWoEu/PTrUjPN/X5Ngp5UaTX3Ce7LpqGDSlXANfCvA+9E4kYSnd7e74JzENtS:QCoEu3U5freye7HhFE9eLdLx0Wu2J Copy to Clipboard
ImpHash 63bf1cc6f4f4661d9b9c9eb43e3da80f Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401000
Size Of Code 0x143600
Size Of Initialized Data 0x1600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2015-01-06 00:36:08+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x144000 0x143600 0x600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.88
.rdata 0x545000 0x1000 0x200 0x143c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.17
.data 0x546000 0x16c 0x200 0x143e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.65
.rsrc 0x547000 0x115c 0x1200 0x144000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_LOCKED, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.8
Imports (4)
»
oleaut32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleCreatePropertyFrameIndirect 0x0 0x545000 0x145088 0x143c88 0x26
ntdll.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlInitializeAtomPackage 0x0 0x545008 0x145090 0x143c90 0x275
kernel32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserDefaultLangID 0x0 0x545010 0x145098 0x143c98 0x192
DefineDosDeviceW 0x0 0x545014 0x14509c 0x143c9c 0x65
user32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetInputDesktop 0x0 0x54501c 0x1450a4 0x143ca4 0x104
Icons (1)
»
Local AV Matches (1)
»
Threat Name Severity
Win32.Virlock.Gen.1
Malicious
iCIo.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 f0a313942dabb889bd5ffecb3f6f7ef3 Copy to Clipboard
SHA1 8d75ffa43cc2c2f6cb3181f03e056b7e2c434551 Copy to Clipboard
SHA256 90ceecbaefccc710099189ba6d56cd73c6389a25f4e1922583a97e6979a3491c Copy to Clipboard
SSDeep 48:3Wq5sRyjUN9AmpjxjrPseFWK6ZwV+j7A6/sdVRAkOfTIEyYUvZ+6E9ApHTn:3W2sRgc99pjxX87ZwMA2sZEChHECz Copy to Clipboard
ImpHash -
iaks.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 83b6ef670dc0895ad0fb5cad0c7fc5f9 Copy to Clipboard
SHA1 ec56bf4915d371fec52ab5011a90dc241df15525 Copy to Clipboard
SHA256 83d9dea522bed400139aa27d1c9be33327a94ecdf2ceb6501f70a10489e7c57a Copy to Clipboard
SSDeep 48:AEBqIvPIDhw8rXG6qv+IYddwazbqvj6RIFwvY0jKYgxCLP:AEFMhXG6+xYTwadY0jMxK Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ueeg.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\asii.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 6fa40291789528f35bc0cc0a6211ae7a Copy to Clipboard
SHA1 4417228b4c33f13084b2ea32686707a6bdef3972 Copy to Clipboard
SHA256 6a342d9a025fbd9f5fd4743a88f5aea15d2596a6242a379d66a5de374466dd74 Copy to Clipboard
SSDeep 48:qeMpt5PggS4Yg/Xlzxygvg9gggbIgggbHt3gD6m7VkgggntKKKKKxygggbtKKKKp:qeg5tOnR5KKKKK1KKKKKKSa4o1uFErp Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ayiy.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 9752cb43ff0b699ee9946f7ec38a39fb Copy to Clipboard
SHA1 af48ac2f23f319d86ad391f991bd6936f344f14f Copy to Clipboard
SHA256 402d8268d2aa10c77d31bccb3f2e01a4927dbec9ea62b657dbd01b7b94822636 Copy to Clipboard
SSDeep 96:aj5QkVXqOIv86TDyAI9Mesg3rlzLs7SwiMv:aj5QkVaOpayASfXs7SwiMv Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\omgy.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 47c4b56dbc7cf6db56abef72e04efc4d Copy to Clipboard
SHA1 9339d75c4b44d41f381c96657e00df3954c75691 Copy to Clipboard
SHA256 57f9cb73fbbe4778fe13ab859d88b38f687246e3edea38337d425174fb5fb146 Copy to Clipboard
SSDeep 96:+jX5a0Y8LtIpmuadQYx72ObVGJkNjqJyQ2lQPmhC0L4c0J:X0+muadQi7bVLtGyQ8Q+Cv9J Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ekcq.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ymaa.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 97ff638c39767356fc81ae9ba75057e8 Copy to Clipboard
SHA1 92e201c9a4dc807643402f646cbb7e4433b7d713 Copy to Clipboard
SHA256 9367b951a0360e200345d9aa5e6895e090fc3b57ae0299c468a5b43c0c63a093 Copy to Clipboard
SSDeep 48:ba4ukzw+Lv6dN8Dn2JKtD3thdqdNr5htkebEVbQ1gI9QGoim82y+MGGQgjl/oU8X:+0LG88KNhqdJDE5b0FM82bg2 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mqey.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iyua.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 0e6408f4ba9fb33f0506d55e083428c7 Copy to Clipboard
SHA1 48f17bb29dcd3b6855bf37e946ffad862ee39053 Copy to Clipboard
SHA256 fee2d2cfa0013626366a5377cb0741f28e6ec7ac15ef5d1fc7e286b755907a67 Copy to Clipboard
SSDeep 96:+0LbLSNR8L5oCNMddCp7mASI1pf+lqKMo:hLPSQekud+mWrmUKr Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ekis.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iauo.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\smik.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 e1ef4ce9101a2d621605c1804fa500f0 Copy to Clipboard
SHA1 0cef22e54d5a2a576dd684c456ede63193dcb1dc Copy to Clipboard
SHA256 8014d06d5ea4e50a99133005861cc3f30560cba30059cdd564013941560d3fc0 Copy to Clipboard
SSDeep 48:ba4ukzw+Lv6J74aELf2Zy27WAYdu9vvPTn6UnZZJp6fzcfIoUIxtYO:+0L674zLWhPYdEZnpEzSr Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iqme.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\aasa.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 48576769b7f22ddbfd6a0cc5d7bcdf9a Copy to Clipboard
SHA1 5fb84a89fb206ab650491b0ef90c88ab66f6fb22 Copy to Clipboard
SHA256 24e176a68451080ca8f52c6a3fac02d1305301e8c0a99a1f73bf4e23af42f218 Copy to Clipboard
SSDeep 96:U0un19B41RiTAD9eLkv222222d22222222tX9Cbx:UznN41YTAD9eLkv222222d22222222ly Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ueeq.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iyyo.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\weia.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cmmk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oosc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qqsi.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cmku.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 31b08fa4eec93140c129459a1f6fee05 Copy to Clipboard
SHA1 2398072762bb4d85c43b0753eebf4c4db093614f Copy to Clipboard
SHA256 bb4db0f860a9999628e7d43a3cfc5cd51774553937702b4e84fb24f224bc92e6 Copy to Clipboard
SSDeep 48:ba4ukzw+Lv6dN8Dn2JKtD3thdqdNrCu509bKgAqTQrGj0mQb3evdlOkpqaOjDpLo:+0LG88KNhqd8Y0pF9WcqEdtCO Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\sekq.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\uayi.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gooc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\geme.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cycs.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\aqwq.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iics.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gwgm.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\aaso.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 cb85c324348e99321fa9609bbc366cd4 Copy to Clipboard
SHA1 7a1a7d60fc5fe1ab6324e18170f482f04d65fd9d Copy to Clipboard
SHA256 47bfbc630ae0606ed28182a560f86bbf9da0f453a94e82fd314aa7c72aaf677a Copy to Clipboard
SSDeep 48:ba4ukzw+Lv6KbLSNRyBLf2qoCfVMddBrrEaWW+TxLTIlAkPi9QUON+3mfqs8wHYm:+0LbLSNR8L5oCNMddaaEnIN+Wii Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\auio.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\weqc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wqqk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\imac.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\waek.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oewk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\sqss.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 8e03abdaa3016247fdd755b7130384bc Copy to Clipboard
SHA1 08dd2d9541e1961b06957fe9a19ce83aeff51a5d Copy to Clipboard
SHA256 42b58cb0928fd8fa0e0bfb129fae9cfc3b7d3230c2c9c367f0a17c4d0039aef8 Copy to Clipboard
SSDeep 48:ba4ukzw+Lv6J74aELf2Zy27WAYdu9v7Tpj77fQ1JJ8BJndoacD7nMctsINZAmNC1:+0L674zLWhPYdmej8LcX/sINVmk4b Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eykg.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 7b026f488bb295b5b30addb7a93b929c Copy to Clipboard
SHA1 135a44e84d7614920ccdd87c4ecafa3f4743ed17 Copy to Clipboard
SHA256 d373b6e1663d853dbd538f284dfb1eb4bac660425825e2561fa4199d154afbc0 Copy to Clipboard
SSDeep 96:1gAhR7cIaYP8BTo5xq/smmPcS1iZSMsGMbeHTCn17HVw:iwBaYPn5LmIcbIBHVw Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kysq.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 ba05d47580da5d8c972a13f797b589d4 Copy to Clipboard
SHA1 7b2197df04357178b44cf864c547bc978031edb1 Copy to Clipboard
SHA256 d040e62a100a0013a146f486b9c0cbbb6bef5333373b79a89189302ec8768cb5 Copy to Clipboard
SSDeep 96:1aF3mcFrqHGPfV2jfGCuDVAjmvdadvcIqS1LLHXsEb:kdphPNwfUqSd01vLLHX Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gkas.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 5ad2d64c0a95d6c5b14080be69411359 Copy to Clipboard
SHA1 5dcb20bf14beb7b51a18b284fee7fb5666363f14 Copy to Clipboard
SHA256 1e2f0d83e1a8d1e9e87b2e81b3f80c67ef0cb52ded3067f5bfc562b591d1e6b4 Copy to Clipboard
SSDeep 96:M624BCJzDV+Ww1lFCLSBWOXxvQyrFGymTU5zihFy:M4BCJzh+ll0+xvnrkymTr Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ceao.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 56c1232e8cd7f51f4ebd55ef92ee4025 Copy to Clipboard
SHA1 a88126c63612fd5a9c13bb3a2f67927b9374ad0d Copy to Clipboard
SHA256 761533a482ff95e2119f0ddaf3eaabb8d1485e23eed5e2a204270347bbfb6235 Copy to Clipboard
SSDeep 96:7emrl1CLgvybgS4qAJ0NrF2O4SqwGcwBtBs9pLkNt6+GC2QArjN3eD:7fRSxAJkcO4F4wps9pLkS+GCOZ3e Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kkqu.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 566c66f3f54ec9c23c94d0be04f8d7b3 Copy to Clipboard
SHA1 18c8dd0fc3ff75f3a2ddf662948f0a78b0a1a161 Copy to Clipboard
SHA256 932e9162878c8d13504a717f186e91aed3721443c59738d9e4dc4724ff21ae32 Copy to Clipboard
SSDeep 96:DHc30SLOiHzysCN+5eifW3EQkfpYvbK3VlBJ2sJZnDcogV:D83vP9G+5eqW3gqvbK3esJZnDC Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mmie.ico Dropped File Image
Unknown
»
Mime Type image/x-icon
File Size 4.19 KB
MD5 e2bad116cbc52999578f4b9f350ba4a3 Copy to Clipboard
SHA1 9c750efc12efcb92f95f0008caeaee8a122c4a55 Copy to Clipboard
SHA256 0a3aff5c9377abdc5f87082d77a6a96e0df25069dc50ed0c4743cafa66e3dd3e Copy to Clipboard
SSDeep 96:J794c3WiIVgbGNhlBdTNuS4ExH/KHwWIilDb3:N9F5mhl8S3OwAlv Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qckc.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yykk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ycmm.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\amsi.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ckqq.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ykui.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\uguu.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ckam.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\aeks.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wege.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cyuk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cawm.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yosg.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ecwc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iwqu.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 5647ff3b5b2783a651f5b591c0405149 Copy to Clipboard
SHA1 4af7969d82a8e97cf4e358fa791730892efe952b Copy to Clipboard
SHA256 590a5b0123fdd03506ad4dd613caeffe4af69d9886e85e46cbde4557a3d2d3db Copy to Clipboard
SSDeep 48:T2JgywBY/kDstb+ujURAJLeoLGKLX7xLTnf:T2JWu/JjEA9q4X7xPf Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mgyi.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\siia.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mewc.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 964614b7c6bd8dec1ecb413acf6395f2 Copy to Clipboard
SHA1 0f57a84370ac5c45dbe132bb2f167eee2eb3ce7f Copy to Clipboard
SHA256 af0b1d2ebc52e65ec3f3c2f4f0c5422e6bbac40c7f561b8afe480f3eeb191405 Copy to Clipboard
SSDeep 48:T2Jmszq7IqYcmg8o1lF+R7SOaiMhVlwYZGj3Z6xAQTgoo:T2JmszEINcmg8kW7VJMtQp6xUF Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qqom.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\okmk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wysi.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eqwq.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ggei.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\usii.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\acoi.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yooy.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wuuo.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gyis.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cemo.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\camk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mkmq.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\caiy.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gmqw.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gume.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\amem.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iykc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eoqm.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\acss.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wyko.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gics.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ukak.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\myug.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\guwu.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\uwwo.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\usgc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yymq.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gcco.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wqqk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qsoi.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kmsc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cwya.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gaag.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oyeo.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kwuy.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 47a169535b738bd50344df196735e258 Copy to Clipboard
SHA1 23b4c8041b83f0374554191d543fdce6890f4723 Copy to Clipboard
SHA256 ad3e74be9334aa840107622f2cb1020a805f00143d9fef41bc6fa21ac8602eaf Copy to Clipboard
SSDeep 96:T2JIoxvNotSiMgdoDM/AmneiR3lQV+FvMo:T2JIo1No2pDMZne23lo+FEo Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ekao.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ccqw.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 146d65bcc59fcb947c1ebe9ef78032bd Copy to Clipboard
SHA1 ed023f1cee35e189c423285fa48d860fed7ce6a8 Copy to Clipboard
SHA256 d2d3bae1f341cddf0e6da7dea0eed37675e6a19af6ea16bc020b9508a8f93365 Copy to Clipboard
SSDeep 96:6A/fwIJ/KLGUU+50nrs3T0IuVqF67QUYDAlDQiiI9H:6AjJFUROrw0OkQUYDAWlI Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ywks.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iiie.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 43fb17176d0c9d4f0252c3be1fa814b2 Copy to Clipboard
SHA1 3502cf821bd20cdb16d07808113c11350b3ba458 Copy to Clipboard
SHA256 4e0a7b8f66887ae33764ac3781b72487acdb81afecefebc599378b2c3083dffc Copy to Clipboard
SSDeep 96:ZWSoHxFOMDjNBv91tulJBRczolgwHSU75:ZWpvQkzolM Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ccsw.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yaqc.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 61a9e8adab6b05123754b4a1eb413fc3 Copy to Clipboard
SHA1 cb0f2a153f4da1ec63f20f5a872c1a5d4f6df51a Copy to Clipboard
SHA256 12cfe001895eed57e7e8403911463fa3f42a26bf3c2b48f447241fe55cf63898 Copy to Clipboard
SSDeep 96:LQrQNqikY5wUQl41AY7HkNdLRDrT+7Y4z9HWk9QGgq/7nnn:MQki1AAMDGtD9B Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gcgi.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qoim.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 1868049088686e9aad04f3111148ede1 Copy to Clipboard
SHA1 14b2bd5e06fb2c18673c641413e5cc332109d0be Copy to Clipboard
SHA256 119e543da74eee4a2e88f448f923766f31088bd5b7ff0c8fd1f74ffe01cd3476 Copy to Clipboard
SSDeep 96:8Y39Ma04X4REue44DNBgQKpcu68/AQWq:b9Ma0hCue3N+QKp+ Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ugow.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wksw.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 216f7a9a28e43fdf369e9d9da896979a Copy to Clipboard
SHA1 5630b3e0d652985d6cf6728d614398679f545112 Copy to Clipboard
SHA256 48c181322975ef80d2031623a7734a04f168ef48e61c3c19377caca398910063 Copy to Clipboard
SSDeep 48:tdTA2omhaOG5EUjW7UJS05rbxblHfpTdbJk2vpFj9KdmEK51BZ:XtoTn5EUqo5JZf3SECib Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cais.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gaic.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 2b2d4e70eef423f850b689fc0e5fd078 Copy to Clipboard
SHA1 19380d850fc260e9323dbc07b64876708ed26c19 Copy to Clipboard
SHA256 3e62bec57dfe240113eb760a5de0ce042de07227ae4a729084d60563099dbb20 Copy to Clipboard
SSDeep 96:rzSQN4GcMk4MjuSUnP4yymYkIi1k0fqlni:CA4GBSryymei1kVli Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gyou.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ygmu.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 0b85216d25cd1e98e0df962e4dae7e65 Copy to Clipboard
SHA1 7660bd607f138d287acc22ace37c0641866a9b54 Copy to Clipboard
SHA256 073453579cbf30181dcb3107798ece454d8983a73717b25b990bc33a19da2f81 Copy to Clipboard
SSDeep 96:Z6QnPnED0xcG/LkTSGS9a8rODJoFYqqDSwdl:QQPqM7LkTStk8rOd Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\owqo.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oaka.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 59b148ec85ef3b621ec4ec47357a9302 Copy to Clipboard
SHA1 b05721f07337e621be04dfeb759307749d6f34f9 Copy to Clipboard
SHA256 b041d02a0b02bc4027b1bcb49196d160db86911d36be8369a94d07053108a074 Copy to Clipboard
SSDeep 96:0w16JYmUtyThFqTV3IEmZpUzd0ByiCUSstgDI+D2bYt7Oa:0w1pmFfq9IE/0ByiCpOYpO Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qkmq.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wgmy.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 72f85ea799b6517c407c2e28cd66e158 Copy to Clipboard
SHA1 b795ac4ed643ff460b5356f1effc7296b62ace37 Copy to Clipboard
SHA256 ee2426900c38699da193fa4e76c8dcd3384f238ec8dde49ac5d5768507300ff1 Copy to Clipboard
SSDeep 96:rb++M3tY55Gxb4wYoobr755ahGfiR51XNh/mOegRMJNaG444:raFt420fbr755ahGqR5199mOeOs8z44 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ouyk.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\amyq.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 36ad5ce9df3b944e9d11cc3777da18e9 Copy to Clipboard
SHA1 fe47fd324f476cfdfe098914a30aeafbd57f2200 Copy to Clipboard
SHA256 acc1336ea43901d0a86ebda5143ba57bad3bcc110d177e8b30d30b3e7410cdad Copy to Clipboard
SSDeep 96:jgXIH8MjbGXj3EJMTntTXNCHi2pL3f+EPDRRWVVC:84HL/MtTdCm Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wwim.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wooo.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 09a85a3f63a9d129683e8027798083e3 Copy to Clipboard
SHA1 ccfe48f8e06cac8cebade0357932b6a3052e5962 Copy to Clipboard
SHA256 c5a7073a860aa9a4ae28fc148993a6bfc798cbc757106142b9e4111e918f64c7 Copy to Clipboard
SSDeep 96:Lwz7+8rPTifu/z3krQJ/+wTMYBoaR039xZKq2xanFTkBnA:8zK8rPTi2/z38q+hg0bEvAFTkB Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eacy.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\aogg.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 a5e2f690822344fa4902b75d7abf8ca1 Copy to Clipboard
SHA1 9d1373c671b788435053cb5dbad23a3188f48cb7 Copy to Clipboard
SHA256 cc64a1ac2b9caef497e263bd881c63dd78c718f28cf71adf527edd9638efec5a Copy to Clipboard
SSDeep 96:aL0CCHrdVZp6aAyhWzNUCK+Vx097k1KrqcYqITREiwv1N/:aLCHHCaA2WzSCK37IQX0RU1x Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cwwk.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gwiw.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 c0dd1c207748efbe3f997131b9c6e9aa Copy to Clipboard
SHA1 d295511a656c72b54a054aefbc5116718c58160f Copy to Clipboard
SHA256 fbdb3b044f162b6f5f5b7824b056b24478d452e5e250145c98203822085f9114 Copy to Clipboard
SSDeep 48:hiTIi4g9c8MW6DmBMZgcUgmzqdsFXXa5AFQumrAVUdmD+mWsgo59DLofMoSiBynN:hkGKMrmzAyXFQdwUcgk9DLqBSizohAG Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\swqy.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kyqc.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 4b6bb2263e56cf0eefc8a72e2cd48d27 Copy to Clipboard
SHA1 7ca6350db95df50f88afed022add82a623d1a85e Copy to Clipboard
SHA256 4b4caf9f37bb411ef5f2064775f65e2e939a5e3ad34947f812b004bdf550b8ec Copy to Clipboard
SSDeep 96:oCAFNTR08ACADaxsw024kFFwPGIMo3XD3kt2AO:oCMJiCvs9kFFwBMo3XD3d Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\quyg.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kyim.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 a46fe89c6a0f7ada808f2aad4ba61a97 Copy to Clipboard
SHA1 e8eb70a19d7a5315fc7b1bd2cd53e5ccf4ba8a6a Copy to Clipboard
SHA256 cf6f749b95173dfcd5882b021126325a91e83734f53cf5667f26ba54df89cd72 Copy to Clipboard
SSDeep 96:Vwz2ZOea18PNV2BZSYrM1Ns8vjxyEmmTegm8Y19p:Vwz2Z97V2BZ58JvjP1ET Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ywma.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wiqw.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 d8d4097463612e9623a6a9e28e285cb2 Copy to Clipboard
SHA1 b7b39b1a057d735d7f6b2d663477f4aec9538212 Copy to Clipboard
SHA256 a7afb246c8db5326e0ec7e6568175820df9b0dd1a671a4a794d83b89681434d2 Copy to Clipboard
SSDeep 96:c3JQLyQka00qPsBvIFyZwt+BxTeerFrrWFrhmxh:T+hPKEyZq+BheerFrwrI Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ysag.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cygy.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 1bf97e6e91c2f9b37fa1242fe703612e Copy to Clipboard
SHA1 7658cd0914d46a6daba266ef41364f9ac05132fa Copy to Clipboard
SHA256 76d1bc87ea3a3455e7dc35f25e77c7187bbeaec84273e6fb7a4917dd51e2f4f8 Copy to Clipboard
SSDeep 96:/ga8PhwAWvBoxjMrxUAe/Wilzz0R0mGCaWQvMkEFj8:/r8+AE3Z4WiBQamGC9d4 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kaiq.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iwaa.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 fd4e947368f6444a3b4b41279ab3a584 Copy to Clipboard
SHA1 7c2410b8b37b764674a71ea6ff438e23463e6f46 Copy to Clipboard
SHA256 67e21d38d332dd020cfc0ea26d2100c61b0fb391c8228944fbda1b4f945b119d Copy to Clipboard
SSDeep 48:VLHtaXAxRLXeETTN8PwYQAb+UChUaiW+c1w23MymFfFbOFvWUO/rKl6FZ:VBaXQLrTO+UChUdclgtCFeUeTZ Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cimc.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gyqq.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 c33acd134cfedf1f41b8f502fd630662 Copy to Clipboard
SHA1 ef98cb0f1961a732be68b0b339c296a4254b24db Copy to Clipboard
SHA256 88c8d86674c04124fbd0744b0f650d54ef2c3c7f27b0aab81ed2685c06e03c14 Copy to Clipboard
SSDeep 96:DtPA3a9uV/r6WhIP+V2bD5jPg4ZFcHUBQlYhv1kWb1jw/T:pPA3aQ7p2vlgkFcLYNhyT Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iwus.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\syww.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 5d075060f17ba8a9238c69bd0a77b765 Copy to Clipboard
SHA1 6c6525089b1fc973b2adb645f1450b5d68fdf84a Copy to Clipboard
SHA256 8fbc511d14d5e116f03ab9c5f7510826e0411831a034b8d5452883498d83ef40 Copy to Clipboard
SSDeep 96:/rdvXhnYF9TsrTVoY60Ovmbjn4Lh+hDlASqm4DMsalu5K5+m:BhOsrTVJCvmbjn4t+hDlfqp4Llue9 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wyys.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eiek.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 176978bea5fe2c3b54a262370e7a7fb4 Copy to Clipboard
SHA1 1b6ebd24422b66eb46e4d8c9e9179291bedb1ba5 Copy to Clipboard
SHA256 e2c313abbbb9005ddf94caf08480a0f3c8348ac52d3514ea776f4ae963cd12fa Copy to Clipboard
SSDeep 48:6d119s7DveNNPZz+nqpjD4+kuhxmvLYiOAKp9/E9NGHBAtJHNd:QBsHvGPZzOsk+kuwU3AKr/E6hAVd Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kucg.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eyyc.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 3b6d9eee46b200f44878d7a0931ce8b7 Copy to Clipboard
SHA1 f961886c0fc14dbeaf652d1e01523578ea9cdabb Copy to Clipboard
SHA256 3626945c90f90a0d4f60fdd7456a66637780066ad6bc881544e0385ad4b4f286 Copy to Clipboard
SSDeep 96:WiAbt+Yvja80yEUP8XwJbPmkIO1HTDIwq:BAbAYgZUPzzmEFTcw Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gqia.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\guug.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 264bd2bd18a124f6c0b2e80aa1ebe94f Copy to Clipboard
SHA1 2d8c3c9c808ec4d61865db154ad4055c6407b597 Copy to Clipboard
SHA256 e8b79df5ee3d1fbd221cbb866a5f02d371e3f88e04b334d4f50f8057083e227c Copy to Clipboard
SSDeep 96:nS3yPgBgaaRadZLylFk04LM2RrS+zYuygLhQfRTjrLugw:SCPZaKadZaRAM2w+U1THqP Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\sags.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ecka.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 5503279f39b2727db2c01bad6cd372e8 Copy to Clipboard
SHA1 55ac204951900c72b7ca341d2aeb3b338c29b101 Copy to Clipboard
SHA256 b1b57c79c5275198a1e5cbb1553f463052ebd36a6738d472aed07d0b05f42d90 Copy to Clipboard
SSDeep 96:OP5TD8u64QsMNewtFzoX1TYuj9iwCzj/cRdRuZDyQDK2eR4zTL2P8BnUZggii24:w64NsewbzeTYujvCzj/adODyQO2eR4K0 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\egeu.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kwog.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 06fcd2f0776dc15636562c5b44fba44d Copy to Clipboard
SHA1 29d636c260555ca260dd99a0754760e8960df7e8 Copy to Clipboard
SHA256 3776326cd7f05724fb7647be81475badb74d9ebdaa1f1a39b76b2a59be31efd5 Copy to Clipboard
SSDeep 96:oC6hYJgpJBLAfRIeylYOP8Jd/sOEpduveJNXau5GDM1tOp:oC6hYepHje+YOP8P/sOEpduW3p Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oqyu.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\goyo.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 33c1103770f632245e81b50a49ba33dc Copy to Clipboard
SHA1 7421a5a773eadf4c989a0340bca560b41b039d97 Copy to Clipboard
SHA256 dac32b2d5f99b9f1746ec8c84e4de670fa13796b7aa529e3a7d5ecccab1c27db Copy to Clipboard
SSDeep 48:HXaVeou54fMjQL04q42lANRrM4z2aNAU5EG2fzKAwoy97fuMAz3KOpLwhGGK8CwD:ofDIplAHM22CEG+mAXy9ahLd3An6 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yykq.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eyoa.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 07f17ba30239e8fa4d58ec5f441c88a0 Copy to Clipboard
SHA1 548c40d36774217f1661bb7c6d3b3412cff5f867 Copy to Clipboard
SHA256 4bebc7ae19366b3eb48a7c00aa3df6ecbd612aedf96d947c2af44b88448f8fce Copy to Clipboard
SSDeep 48:yqqGvg2bLBCbdV2rXfoLh31BbI5JEPv0TOGJBkg+gI6HPFJk59lQW0a3S9L+LFuy:yqhgwYJcA3/bIk8TlJcQ/JyoSLZ5wC Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mkum.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cami.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 ba08f1f2e10c60785acfb6fb5f1b5a6a Copy to Clipboard
SHA1 a2d9e3b4c22286a12685d1604113ba40137026c2 Copy to Clipboard
SHA256 1503040f0679e9e2d0c8baa42f37b43fc1ea0af49442bca3aaacc880f6268a34 Copy to Clipboard
SSDeep 96:uFM2iwy+yliC60lGe0rUGBF/uzN07ibfdQNKY5hgRho:uFM2iwy+yECLGtf/uyaQNZ5hwho Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kewu.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iewg.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 bcc6fb5de02f1fdba19c14e4b85e9bea Copy to Clipboard
SHA1 1cc7cfcdfb53e6c2b7f623ad6318b56fc51b8547 Copy to Clipboard
SHA256 5595b35e3bee2a2d6008cde94444a8098e390a9fe6ed8f67a3f364a6ebb06fbd Copy to Clipboard
SSDeep 96:oBFZXBUulSKRbrJ+PjnAudyYvG0ij1bQg4ltrkugl12h8:oBPGIr4jnAuVOnJQg+zg Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\esuy.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ieee.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 fb920eba37687cd6b9156435da967328 Copy to Clipboard
SHA1 13be1575b185d72922501a0ab58615cc7d55e7c4 Copy to Clipboard
SHA256 335322b1cf9302004c176dc194bd5c14cee28f908dd68e777d77d5211c96621b Copy to Clipboard
SSDeep 96:UMR3yipMCGOHAwFaL8i093Dx6qPXH0t5pTRfYqT4:3rvaYi09TxxmH Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mqkk.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wywi.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 c52e0fb3b2454ad283f9b2762f615e32 Copy to Clipboard
SHA1 001db614d9cda05a24db271cac4be40efba7abe7 Copy to Clipboard
SHA256 df0fde3f6ebefdbf09319536d3b3f02345c6d76bc440c4bd85bcad1a767e0c25 Copy to Clipboard
SSDeep 96:XGM/oZn/TiHlwoiKX/GPnwJWXd+8+yFhx3sPWqOFi/bCZPqc:fwZnLiwoTvqwJWXw0FhxQWq+wbCd Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ykos.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mkcq.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 209429f07ef5abc3062bd91c444f2b14 Copy to Clipboard
SHA1 27456d176f23dc43fe3e5f9184c0e5c3e479e46e Copy to Clipboard
SHA256 8b6b8ab42463d6d079b3f45e0f42bccf07f954695172561d309dd215c6d43772 Copy to Clipboard
SSDeep 96:eFZCwUUH4Us2Q+3JpT4sGAQ9hcHLR4ViHrhb8gtc918OAQ5voKg1:eFZlHnTcR3q4VUNbo1oqVg1 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ukkw.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gguq.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 4574c8982b7a28f160476567e6599af6 Copy to Clipboard
SHA1 b0fc179b04975c502317c30f9ab91a63d92c4b54 Copy to Clipboard
SHA256 1c49e313d84265102b1de933f05eb991714f0166a41d859e65688b872b1b7719 Copy to Clipboard
SSDeep 96:yEQYhUxFdY4MfR/NzMqkb+xU8g97kpavcj:JQwUOlzMryxc97kpn Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\skwe.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mgkm.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 b79a500045c279810e8ba68b2c13a6fb Copy to Clipboard
SHA1 5189ac3e6d5522d0cf93bcbdc707f7a7d76036ce Copy to Clipboard
SHA256 f15ef7ef71748d87792d43d1ae4e2cfb3ceb8dfbe22172883a6d92c486fa2885 Copy to Clipboard
SSDeep 96:94mfIh3WQRKiFfJLbAC25l6GMKw6vDt296UGtlSyd:9iRbFen8ROJhlSyd Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wigc.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oowm.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 03b39e31aa2e6d1485a15e25f8457ebf Copy to Clipboard
SHA1 75c7ecd63868d2d005f3180cf900eb6b11ec9188 Copy to Clipboard
SHA256 762f7b0fa7ac1d8069b81c779d130d97d9e4afcf5f3a494d3865d82c880ca85d Copy to Clipboard
SSDeep 96:mLj1CXOabmbMY0M2rhRvZ1wsBskYsXeO6HesIAV6kXJ8pzad:KjZabFlBYsSvsXhsIETXapz Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\auyy.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kysu.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 abcfda34e03309b96f2e2d3c4e7b8818 Copy to Clipboard
SHA1 56b0703d59e98d21089cc429f398be18c8ed1ab0 Copy to Clipboard
SHA256 762971928edd55a35d2c45b4f2b31cfa8346b28126730db50a0bc3180f95fda5 Copy to Clipboard
SSDeep 96:BtGUVdRKEm1hJDaZ33VpjoAgvx6BCEBpsOGqZ9Ug:3D3BMJeZHVpjaGCEE Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kwoq.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iwew.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 b7be0e77dbd958ae54e3bbff9698f3ce Copy to Clipboard
SHA1 0bf3c182309b68376602cc258560e4dad0bef3b5 Copy to Clipboard
SHA256 5f5814466b3b52e0e25ff0e9c0597d6b1c19e78f6035d93fcd34eaf90cf64286 Copy to Clipboard
SSDeep 96:Q6siWH0z8S3fFl75YlbhxblM127IFOdhZgbuwhRsBFLNazT672:Q6sPU53fFkdxBioprArwnJaG Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wyco.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ogsg.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iqgc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gyos.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kysq.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yweq.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gqii.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\sgga.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kkoe.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gcam.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ymsk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eukk.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 ac4b56cc5c5e71c3bb226181418fd891 Copy to Clipboard
SHA1 e62149df7a7d31a7777cae68822e4d0eaba2199d Copy to Clipboard
SHA256 701a17a9ee5c9340bae4f0810f103d1f0ca5c03141e0da826139d5b7397a6fb3 Copy to Clipboard
SSDeep 24:su1Flj/XygwYAaMiM1E2/pkQ14btLH3RJigg1Kjq:vFlj/XygFA28BRkI4btLHhJigg1Kjq Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\saqw.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\esiw.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ioew.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mqse.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wwys.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iuqo.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\osuo.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\eyom.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\mkom.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\qecm.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ksik.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wccs.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\quke.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iciq.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gcsk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\aeyi.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\umiu.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iuoe.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\yugi.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 2fb613374fd9eef57a03c8a2d2e52d8e Copy to Clipboard
SHA1 345eae2c0189099b5367e22315b663fe6d037232 Copy to Clipboard
SHA256 0e140fda863f8fb77d504391b920972bfc33da1bf087ebc7728bc700d402d0f3 Copy to Clipboard
SSDeep 96:xguRJDhHREoYxoJooz1oj8vJBI+L6Y1X4Ni:xgZb+Hz1FaI Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\oeie.ico Dropped File Image
Unknown
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kmkg.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\omae.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\kmyc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\cksm.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\umuk.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iuwm.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\wemu.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\quea.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\ciyc.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\sewm.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\gamu.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\akac.ico (Dropped File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\windows\syswow64\iauw.ico (Dropped File)
Mime Type image/x-icon
File Size 4.19 KB
MD5 f461866875e8a7fc5c0e5bcdb48c67f6 Copy to Clipboard
SHA1 c6831938e249f1edaa968321f00141e6d791ca56 Copy to Clipboard
SHA256 0b3ebd04101a5bda41f07652c3d7a4f9370a4d64c88f5de4c57909c38d30a4f7 Copy to Clipboard
SSDeep 48:T2JhqlWBMnw0JAZHc+0ydNB/i46G8dKdA6mOFYSCbkx0+EiOsD7lfyfl/fz:T2JhqlW2J0HcLyDcdelaE0+EiOO2lXz Copy to Clipboard
ImpHash -
C:\ProgramData\vgYI.txt Dropped File Stream
Unknown
»
Mime Type application/octet-stream
File Size 33.34 KB
MD5 b9b9d5a472919b725370df5f7199ed5b Copy to Clipboard
SHA1 88944bb2fe5960c306cd5615ce6821e05a6ed9a4 Copy to Clipboard
SHA256 690343fe8c71a049150e3fe80d65421bc318b39d5d7bd7a00ea423cf1e6119dd Copy to Clipboard
SSDeep 768:FtSlWJWbKbKHVXHol7kKBbaCBWcv5LmGWraVUPphChzwN3AKr6H/1ZFsWAIKccUo:FtWWJWbKbKHVXHol7kKBbaCBWcv5LmGq Copy to Clipboard
ImpHash -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image