Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

FormBook

Dynamic Analysis Report

Created on 2022-01-31T10:08:00

35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d.exe Sample File Binary
malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\KHDScDG.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 523.00 KB
MD5 5e9af5b2056e4da639a9459e3b36193c Copy to Clipboard
SHA1 b779402e9a6ecbbef6b68817814991bbcade12df Copy to Clipboard
SHA256 35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d Copy to Clipboard
SSDeep 12288:KcqT+JVO7JUQ1h1038w3pym2sdklRwCk3:KcqcVOV3h103s0waH Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x484132
Size Of Code 0x82200
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2022-01-31 05:39:35+00:00
Version Information (11)
»
Comments Borders Books
CompanyName Honda
FileDescription LineNumberInfo
FileVersion 12.0.0.0
InternalName Regist.exe
LegalCopyright 2010 Honda Fit
LegalTrademarks -
OriginalFilename Regist.exe
ProductName LineNumberInfo
ProductVersion 12.0.0.0
Assembly Version 12.1.9.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x82138 0x82200 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.4
.rsrc 0x486000 0x5e4 0x600 0x82400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.18
.reloc 0x488000 0xc 0x200 0x82a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x402000 0x84108 0x82308 0x0
Memory Dumps (6)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
35147128936c2e79548e5c0a2bbd70cd5a29c1b01dfa1ac2515fa5becb7efa6d.exe 1 0x00400000 0x00489FFF Relevant Image False 32-bit - False
...
buffer 1 0x049B0000 0x049BDFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x06AA0000 0x06AFEFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 7 0x00400000 0x0042EFFF First Execution False 32-bit 0x0041F1A0 True
...
buffer 7 0x00A00000 0x00CF9FFF First Execution False 32-bit 0x00A77000 False
...
buffer 7 0x006F0000 0x007EFFFF Process Termination False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpC2CF.tmp Dropped File Text
clean
...
»
MIME Type text/xml
File Size 1.56 KB
MD5 5ef806ce2083722e380d6c4b7777ac17 Copy to Clipboard
SHA1 11df913dfb97edf6a2ea6a68a30c98cef892736d Copy to Clipboard
SHA256 88c520f6470da06d6682104a1d1b9cc26ebbb34b42b04dddc194d7c018d81e3d Copy to Clipboard
SSDeep 24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtRxvn:cge2UYrFdOFzOzN33ODOiDdKrsuTXv Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image