385651ce...1050

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\FD1HVy\Desktop\fhjdji.exe

Sample File

Binary

Malicious

Mime Type	application/vnd.microsoft.portable-executable
File Size	657.00 KB
MD5	28d203be5b27fc5d7a6f39ebde8ad63b
SHA1	0e0289b2eba3397ed45bf472d4c35a4c98c3ccfb
SHA256	385651ce8441af1f43c9baf8fc24040a2eea53d574c193e5ba2618d09eef1050
SSDeep	12288:KooP589upmM/eJfGUp84dlV/MOhXynhiqTk5Xq2ls5OqPWqCe9HGt:Koz9upH/eJfp82lV/Mv/6Xqn5Oo9HGt
ImpHash	b55129d987b823c62b9e7b15a43444fb

PE Information

Image Base	0x400000
Entry Point	0x488dae
Size Of Code	0x8d400
Size Of Initialized Data	0x18800
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2020-06-02 01:02:59+00:00

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x8d227	0x8d400	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.22
.rdata	0x48f000	0xd26a	0xd400	0x8d800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.21
.data	0x49d000	0x20e8	0x600	0x9ac00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.33
.reloc	0x4a0000	0x91dc	0x9200	0x9b200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.82

Imports (19)

KERNEL32.dll (87)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetCurrentProcess	0x0	0x48f00c	0x9ac70	0x99470	0x217
WriteFile	0x0	0x48f010	0x9ac74	0x99474	0x612
LeaveCriticalSection	0x0	0x48f014	0x9ac78	0x99478	0x3bd
SetFilePointer	0x0	0x48f018	0x9ac7c	0x9947c	0x522
InitializeCriticalSectionEx	0x0	0x48f01c	0x9ac80	0x99480	0x360
CreateMutexA	0x0	0x48f020	0x9ac84	0x99484	0xd7
UnmapViewOfFile	0x0	0x48f024	0x9ac88	0x99488	0x5b0
HeapSize	0x0	0x48f028	0x9ac8c	0x9948c	0x34e
MultiByteToWideChar	0x0	0x48f02c	0x9ac90	0x99490	0x3ef
Sleep	0x0	0x48f030	0x9ac94	0x99494	0x57d
GetFileInformationByHandle	0x0	0x48f034	0x9ac98	0x99498	0x247
GetLastError	0x0	0x48f038	0x9ac9c	0x9949c	0x261
CreateFileA	0x0	0x48f03c	0x9aca0	0x994a0	0xc3
FileTimeToSystemTime	0x0	0x48f040	0x9aca4	0x994a4	0x16a
LoadLibraryA	0x0	0x48f044	0x9aca8	0x994a8	0x3c1
LockResource	0x0	0x48f048	0x9acac	0x994ac	0x3db
HeapReAlloc	0x0	0x48f04c	0x9acb0	0x994b0	0x34c
CloseHandle	0x0	0x48f050	0x9acb4	0x994b4	0x86
RaiseException	0x0	0x48f054	0x9acb8	0x994b8	0x462
GetSystemInfo	0x0	0x48f058	0x9acbc	0x994bc	0x2e3
FindResourceExW	0x0	0x48f05c	0x9acc0	0x994c0	0x195
LoadResource	0x0	0x48f060	0x9acc4	0x994c4	0x3c7
FindResourceW	0x0	0x48f064	0x9acc8	0x994c8	0x196
HeapAlloc	0x0	0x48f068	0x9accc	0x994cc	0x345
GetLocalTime	0x0	0x48f06c	0x9acd0	0x994d0	0x262
HeapDestroy	0x0	0x48f070	0x9acd4	0x994d4	0x348
GetProcAddress	0x0	0x48f074	0x9acd8	0x994d8	0x2ae
CreateFileMappingA	0x0	0x48f078	0x9acdc	0x994dc	0xc4
GetFileSize	0x0	0x48f07c	0x9ace0	0x994e0	0x24b
DeleteCriticalSection	0x0	0x48f080	0x9ace4	0x994e4	0x110
GetProcessHeap	0x0	0x48f084	0x9ace8	0x994e8	0x2b4
SystemTimeToFileTime	0x0	0x48f088	0x9acec	0x994ec	0x588
FreeLibrary	0x0	0x48f08c	0x9acf0	0x994f0	0x1ab
WideCharToMultiByte	0x0	0x48f090	0x9acf4	0x994f4	0x5fe
EnterCriticalSection	0x0	0x48f094	0x9acf8	0x994f8	0x131
GetTickCount	0x0	0x48f098	0x9acfc	0x994fc	0x307
IsWow64Process	0x0	0x48f09c	0x9ad00	0x99500	0x391
AreFileApisANSI	0x0	0x48f0a0	0x9ad04	0x99504	0x23
GetFullPathNameW	0x0	0x48f0a4	0x9ad08	0x99508	0x259
LockFile	0x0	0x48f0a8	0x9ad0c	0x9950c	0x3d9
InitializeCriticalSection	0x0	0x48f0ac	0x9ad10	0x99510	0x35e
GetFullPathNameA	0x0	0x48f0b0	0x9ad14	0x99514	0x256
SetEndOfFile	0x0	0x48f0b4	0x9ad18	0x99518	0x510
GetTempPathW	0x0	0x48f0b8	0x9ad1c	0x9951c	0x2f6
CreateFileW	0x0	0x48f0bc	0x9ad20	0x99520	0xcb
GetFileAttributesW	0x0	0x48f0c0	0x9ad24	0x99524	0x245
GetCurrentThreadId	0x0	0x48f0c4	0x9ad28	0x99528	0x21c
GetTempPathA	0x0	0x48f0c8	0x9ad2c	0x9952c	0x2f5
GetFileAttributesA	0x0	0x48f0cc	0x9ad30	0x99530	0x240
GetVersionExA	0x0	0x48f0d0	0x9ad34	0x99534	0x31a
DeleteFileA	0x0	0x48f0d4	0x9ad38	0x99538	0x112
DeleteFileW	0x0	0x48f0d8	0x9ad3c	0x9953c	0x115
LoadLibraryW	0x0	0x48f0dc	0x9ad40	0x99540	0x3c4
UnlockFile	0x0	0x48f0e0	0x9ad44	0x99544	0x5ae
LockFileEx	0x0	0x48f0e4	0x9ad48	0x99548	0x3da
GetCurrentProcessId	0x0	0x48f0e8	0x9ad4c	0x9954c	0x218
GetSystemTimeAsFileTime	0x0	0x48f0ec	0x9ad50	0x99550	0x2e9
GetSystemTime	0x0	0x48f0f0	0x9ad54	0x99554	0x2e7
FormatMessageA	0x0	0x48f0f4	0x9ad58	0x99558	0x1a6
QueryPerformanceCounter	0x0	0x48f0f8	0x9ad5c	0x9955c	0x44d
FlushFileBuffers	0x0	0x48f0fc	0x9ad60	0x99560	0x19f
GetCurrentDirectoryW	0x0	0x48f100	0x9ad64	0x99564	0x211
CreateDirectoryW	0x0	0x48f104	0x9ad68	0x99568	0xba
FindClose	0x0	0x48f108	0x9ad6c	0x9956c	0x175
FindFirstFileExW	0x0	0x48f10c	0x9ad70	0x99570	0x17b
FindNextFileW	0x0	0x48f110	0x9ad74	0x99574	0x18c
GetFileAttributesExW	0x0	0x48f114	0x9ad78	0x99578	0x242
RemoveDirectoryW	0x0	0x48f118	0x9ad7c	0x9957c	0x4b9
HeapFree	0x0	0x48f11c	0x9ad80	0x99580	0x349
SizeofResource	0x0	0x48f120	0x9ad84	0x99584	0x57c
MapViewOfFile	0x0	0x48f124	0x9ad88	0x99588	0x3de
ReadFile	0x0	0x48f128	0x9ad8c	0x9958c	0x473
SetLastError	0x0	0x48f12c	0x9ad90	0x99590	0x532
GetModuleHandleW	0x0	0x48f130	0x9ad94	0x99594	0x278
CopyFileW	0x0	0x48f134	0x9ad98	0x99598	0xad
IsDebuggerPresent	0x0	0x48f138	0x9ad9c	0x9959c	0x37f
OutputDebugStringW	0x0	0x48f13c	0x9ada0	0x995a0	0x419
InitializeCriticalSectionAndSpinCount	0x0	0x48f140	0x9ada4	0x995a4	0x35f
SetEvent	0x0	0x48f144	0x9ada8	0x995a8	0x516
ResetEvent	0x0	0x48f148	0x9adac	0x995ac	0x4c6
WaitForSingleObjectEx	0x0	0x48f14c	0x9adb0	0x995b0	0x5d8
CreateEventW	0x0	0x48f150	0x9adb4	0x995b4	0xbf
UnhandledExceptionFilter	0x0	0x48f154	0x9adb8	0x995b8	0x5ad
SetUnhandledExceptionFilter	0x0	0x48f158	0x9adbc	0x995bc	0x56d
IsProcessorFeaturePresent	0x0	0x48f15c	0x9adc0	0x995c0	0x386
InitializeSListHead	0x0	0x48f160	0x9adc4	0x995c4	0x363
TerminateProcess	0x0	0x48f164	0x9adc8	0x995c8	0x58c

USER32.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetDC	0x0	0x48f1d0	0x9ae34	0x99634	0x140
GetDesktopWindow	0x0	0x48f1d4	0x9ae38	0x99638	0x143
FindWindowA	0x0	0x48f1d8	0x9ae3c	0x9963c	0x111
GetSystemMetrics	0x0	0x48f1dc	0x9ae40	0x99640	0x1c4
ShowWindow	0x0	0x48f1e0	0x9ae44	0x99644	0x380
ReleaseDC	0x0	0x48f1e4	0x9ae48	0x99648	0x2f5

GDI32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DeleteObject	0x0	0x48f000	0x9ac64	0x99464	0x17f
GetObjectA	0x0	0x48f004	0x9ac68	0x99468	0x2a6

MSVCP140.dll (21)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z	0x0	0x48f16c	0x9add0	0x995d0	0xb1
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z	0x0	0x48f170	0x9add4	0x995d4	0x1b8
?narrow@?$ctype@_W@std@@QBEPB_WPB_W0DPAD@Z	0x0	0x48f174	0x9add8	0x995d8	0x42c
??Bid@locale@std@@QAEIXZ	0x0	0x48f178	0x9addc	0x995dc	0x131
?_Getname@_Locinfo@std@@QBEPBDXZ	0x0	0x48f17c	0x9ade0	0x995e0	0x1de
??1_Locinfo@std@@QAE@XZ	0x0	0x48f180	0x9ade4	0x995e4	0xa4
??0_Locinfo@std@@QAE@HPBD@Z	0x0	0x48f184	0x9ade8	0x995e8	0x6b
??1_Lockit@std@@QAE@XZ	0x0	0x48f188	0x9adec	0x995ec	0xa5
??0_Lockit@std@@QAE@H@Z	0x0	0x48f18c	0x9adf0	0x995f0	0x6d
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z	0x0	0x48f190	0x9adf4	0x995f4	0x1a6
?_Xruntime_error@std@@YAXPBD@Z	0x0	0x48f194	0x9adf8	0x995f8	0x292
?_Syserror_map@std@@YAPBDH@Z	0x0	0x48f198	0x9adfc	0x995fc	0x273
?_Xlength_error@std@@YAXPBD@Z	0x0	0x48f19c	0x9ae00	0x99600	0x28e
?_Winerror_map@std@@YAHH@Z	0x0	0x48f1a0	0x9ae04	0x99604	0x285
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z	0x0	0x48f1a4	0x9ae08	0x99608	0x23a
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z	0x0	0x48f1a8	0x9ae0c	0x9960c	0x243
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ	0x0	0x48f1ac	0x9ae10	0x99610	0x1d5
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z	0x0	0x48f1b0	0x9ae14	0x99614	0x20f
?_Winerror_message@std@@YAKKPADK@Z	0x0	0x48f1b4	0x9ae18	0x99618	0x286
?id@?$ctype@_W@std@@2V0locale@2@A	0x0	0x48f1b8	0x9ae1c	0x9961c	0x3d1
?_Xout_of_range@std@@YAXPBD@Z	0x0	0x48f1bc	0x9ae20	0x99620	0x28f

SHLWAPI.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PathFindExtensionW	0x0	0x48f1c4	0x9ae28	0x99628	0x4b
PathFindExtensionA	0x0	0x48f1c8	0x9ae2c	0x9962c	0x4a

gdiplus.dll (11)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GdiplusStartup	0x0	0x48f380	0x9afe4	0x997e4	0x275
GdipCreateBitmapFromHBITMAP	0x0	0x48f384	0x9afe8	0x997e8	0x4d
GdipGetImageEncoders	0x0	0x48f388	0x9afec	0x997ec	0x11e
GdipCloneImage	0x0	0x48f38c	0x9aff0	0x997f0	0x36
GdipAlloc	0x0	0x48f390	0x9aff4	0x997f4	0x21
GdiplusShutdown	0x0	0x48f394	0x9aff8	0x997f8	0x274
GdipDisposeImage	0x0	0x48f398	0x9affc	0x997fc	0x98
GdipFree	0x0	0x48f39c	0x9b000	0x99800	0xed
GdipGetImageEncodersSize	0x0	0x48f3a0	0x9b004	0x99804	0x11f
GdipCreateBitmapFromScan0	0x0	0x48f3a4	0x9b008	0x99808	0x50
GdipSaveImageToFile	0x0	0x48f3a8	0x9b00c	0x9980c	0x1f0

WININET.dll (9)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
HttpEndRequestA	0x0	0x48f228	0x9ae8c	0x9968c	0x71
HttpSendRequestExA	0x0	0x48f22c	0x9ae90	0x99690	0x80
InternetCloseHandle	0x0	0x48f230	0x9ae94	0x99694	0x95
InternetConnectA	0x0	0x48f234	0x9ae98	0x99698	0x9b
InternetWriteFile	0x0	0x48f238	0x9ae9c	0x9969c	0xef
InternetOpenA	0x0	0x48f23c	0x9aea0	0x996a0	0xc6
HttpOpenRequestA	0x0	0x48f240	0x9aea4	0x996a4	0x78
InternetReadFile	0x0	0x48f244	0x9aea8	0x996a8	0xce
HttpSendRequestA	0x0	0x48f248	0x9aeac	0x996ac	0x7f

VCRUNTIME140.dll (14)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CxxThrowException	0x0	0x48f1ec	0x9ae50	0x99650	0x1
__CxxFrameHandler3	0x0	0x48f1f0	0x9ae54	0x99654	0x10
__std_exception_destroy	0x0	0x48f1f4	0x9ae58	0x99658	0x22
memmove	0x0	0x48f1f8	0x9ae5c	0x9965c	0x47
__current_exception	0x0	0x48f1fc	0x9ae60	0x99660	0x1c
memcpy	0x0	0x48f200	0x9ae64	0x99664	0x46
__std_exception_copy	0x0	0x48f204	0x9ae68	0x99668	0x21
memcmp	0x0	0x48f208	0x9ae6c	0x9966c	0x45
__current_exception_context	0x0	0x48f20c	0x9ae70	0x99670	0x1d
_except_handler3	0x0	0x48f210	0x9ae74	0x99674	0x34
memchr	0x0	0x48f214	0x9ae78	0x99678	0x44
_except_handler4_common	0x0	0x48f218	0x9ae7c	0x9967c	0x35
__std_terminate	0x0	0x48f21c	0x9ae80	0x99680	0x23
memset	0x0	0x48f220	0x9ae84	0x99684	0x48

api-ms-win-crt-runtime-l1-1-0.dll (23)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_configure_narrow_argv	0x0	0x48f29c	0x9af00	0x99700	0x19
_initialize_narrow_environment	0x0	0x48f2a0	0x9af04	0x99704	0x35
_invalid_parameter_noinfo_noreturn	0x0	0x48f2a4	0x9af08	0x99708	0x3b
_register_onexit_function	0x0	0x48f2a8	0x9af0c	0x9970c	0x3e
_crt_atexit	0x0	0x48f2ac	0x9af10	0x99710	0x1f
_cexit	0x0	0x48f2b0	0x9af14	0x99714	0x17
_seh_filter_exe	0x0	0x48f2b4	0x9af18	0x99718	0x42
_errno	0x0	0x48f2b8	0x9af1c	0x9971c	0x23
terminate	0x0	0x48f2bc	0x9af20	0x99720	0x6a
_get_initial_narrow_environment	0x0	0x48f2c0	0x9af24	0x99724	0x2a
_initterm	0x0	0x48f2c4	0x9af28	0x99728	0x38
_initterm_e	0x0	0x48f2c8	0x9af2c	0x9972c	0x39
_exit	0x0	0x48f2cc	0x9af30	0x99730	0x25
_invalid_parameter_noinfo	0x0	0x48f2d0	0x9af34	0x99734	0x3a
__p___argc	0x0	0x48f2d4	0x9af38	0x99738	0x5
__p___argv	0x0	0x48f2d8	0x9af3c	0x9973c	0x6
_c_exit	0x0	0x48f2dc	0x9af40	0x99740	0x16
_register_thread_local_exe_atexit_callback	0x0	0x48f2e0	0x9af44	0x99744	0x3f
exit	0x0	0x48f2e4	0x9af48	0x99748	0x58
_resetstkoflw	0x0	0x48f2e8	0x9af4c	0x9974c	0x40
_set_app_type	0x0	0x48f2ec	0x9af50	0x99750	0x44
_controlfp_s	0x0	0x48f2f0	0x9af54	0x99754	0x1d
_initialize_onexit_table	0x0	0x48f2f4	0x9af58	0x99758	0x36

api-ms-win-crt-time-l1-1-0.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
clock	0x0	0x48f35c	0x9afc0	0x997c0	0x45
asctime	0x0	0x48f360	0x9afc4	0x997c4	0x43
_time64	0x0	0x48f364	0x9afc8	0x997c8	0x30
_localtime64	0x0	0x48f368	0x9afcc	0x997cc	0x23

api-ms-win-crt-string-l1-1-0.dll (14)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
wcscspn	0x0	0x48f320	0x9af84	0x99784	0xa2
strlen	0x0	0x48f324	0x9af88	0x99788	0x8b
isspace	0x0	0x48f328	0x9af8c	0x9978c	0x6e
isalnum	0x0	0x48f32c	0x9af90	0x99790	0x64
isdigit	0x0	0x48f330	0x9af94	0x99794	0x68
wcsspn	0x0	0x48f334	0x9af98	0x99798	0xab
strcmp	0x0	0x48f338	0x9af9c	0x9979c	0x86
wcslen	0x0	0x48f33c	0x9afa0	0x997a0	0xa3
strcat	0x0	0x48f340	0x9afa4	0x997a4	0x84
tolower	0x0	0x48f344	0x9afa8	0x997a8	0x97
isxdigit	0x0	0x48f348	0x9afac	0x997ac	0x7e
_wcsicmp	0x0	0x48f34c	0x9afb0	0x997b0	0x4a
wmemcpy_s	0x0	0x48f350	0x9afb4	0x997b4	0xb0
strcpy	0x0	0x48f354	0x9afb8	0x997b8	0x88

api-ms-win-crt-heap-l1-1-0.dll (7)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_recalloc	0x0	0x48f260	0x9aec4	0x996c4	0x15
free	0x0	0x48f264	0x9aec8	0x996c8	0x18
_set_new_mode	0x0	0x48f268	0x9aecc	0x996cc	0x16
calloc	0x0	0x48f26c	0x9aed0	0x996d0	0x17
realloc	0x0	0x48f270	0x9aed4	0x996d4	0x1a
_callnewh	0x0	0x48f274	0x9aed8	0x996d8	0x8
malloc	0x0	0x48f278	0x9aedc	0x996dc	0x19

api-ms-win-crt-utility-l1-1-0.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
srand	0x0	0x48f370	0x9afd4	0x997d4	0x1d
rand	0x0	0x48f374	0x9afd8	0x997d8	0x1b
labs	0x0	0x48f378	0x9afdc	0x997dc	0x15

api-ms-win-crt-stdio-l1-1-0.dll (8)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
fopen	0x0	0x48f2fc	0x9af60	0x99760	0x7d
__stdio_common_vsprintf	0x0	0x48f300	0x9af64	0x99764	0xd
feof	0x0	0x48f304	0x9af68	0x99768	0x75
fclose	0x0	0x48f308	0x9af6c	0x9976c	0x74
__p__commode	0x0	0x48f30c	0x9af70	0x99770	0x1
_set_fmode	0x0	0x48f310	0x9af74	0x99774	0x54
fread	0x0	0x48f314	0x9af78	0x99778	0x83
fwrite	0x0	0x48f318	0x9af7c	0x9977c	0x8a

api-ms-win-crt-multibyte-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_mbsicmp	0x0	0x48f294	0x9aef8	0x996f8	0x6b

api-ms-win-crt-environment-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
getenv	0x0	0x48f258	0x9aebc	0x996bc	0x10

api-ms-win-crt-convert-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
atoi	0x0	0x48f250	0x9aeb4	0x996b4	0x50

api-ms-win-crt-locale-l1-1-0.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_configthreadlocale	0x0	0x48f280	0x9aee4	0x996e4	0x8
___lc_codepage_func	0x0	0x48f284	0x9aee8	0x996e8	0x0

api-ms-win-crt-math-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__setusermatherr	0x0	0x48f28c	0x9aef0	0x996f0	0x2e

Memory Dumps (2)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	AV	YARA	Actions
fhjdji.exe	1	0x011F0000	0x01299FFF	Relevant Image		32-bit	0x011F13CD			... Memory Dump Actions Go to Process Go to AV Match Download Dump
fhjdji.exe	1	0x011F0000	0x01299FFF	Process Termination		32-bit	-			... Memory Dump Actions Go to Process Go to AV Match Download Dump

Local AV Matches (1)

Threat Name	Severity
Gen:Variant.Zusy.305535	Malicious

C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\QPDQMBELLP.EKRYHSSLQ

Dropped File

Sqlite

Whitelisted

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	18.00 KB
MD5	5c2161fc7b16d12b45b3e53d56fad16a
SHA1	06a317f3d6519cf226db3ab029a212293d318a1b
SHA256	cdad85eefaeee766286a12d8c4039c819a3515170da3070967a7f5198119b35a
SSDeep	24:LLUH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6FZW:Uz+JH3yJUheCVE9V8MX0PFlNU12ZW
ImpHash	-

File Reputation Information

Severity	Whitelisted

c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	128 Bytes
MD5	f3344e084c76cf0e0a3ad5bacde88678
SHA1	7609c6b4fe4da79d21ddea0cbc56b9e0ce5822a7
SHA256	67a2c36c1223e17b98b6114a85c345a63696aabb2d8225e7c3423762f7109ed7
SSDeep	3:iu/B:i
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\QPDQMBELLP.EKRYHSSLQ

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	7.00 KB
MD5	5437864c133f53e6a43fc8678fee8ca9
SHA1	383ed41171772885ecedac3639de19c6d4024b57
SHA256	037369299fe8f3e3755fd3d7b421ae7676b1d713d948a4bf02ac138aaea55748
SSDeep	24:rid5UcYQ2yZTPaFpEvg3obNmQMOypv6UoF:+decYFgPOpEveoJNCoUc
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\QPDQMBELLP.EKRYHSSLQ

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	28.00 KB
MD5	164f4ab18544aae9d15a13d4515bd3dc
SHA1	78c8d3bdd34ba554fd077b0a126f01c6e877b1ae
SHA256	fcbf28e532103aee92e2e1d0ca8e96e7c1387fb6654566078362623a0c893129
SSDeep	48:T1L/ecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:FHSNDJAAvfbc
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\QPDQMBELLP.EKRYHSSLQ

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	64.00 KB
MD5	e3a002935a782f75c8ac7f3f0505d7f2
SHA1	5ec603207a726efa249b6ef575b2d03c64e928fd
SHA256	912c041f1f45b8b817f94c84c15433a40463a8a56d6978cf08b7ed28996050a7
SSDeep	96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\LLMQTVYKCPKGVSOPNBD.BGPCXJEHXDFQNJEQ

Dropped File

Image

Unknown

Also Known As	Screenshot.png (Embedded File)
Mime Type	image/png
File Size	813.60 KB
MD5	d8381ea0d47cc97679983170367c001e
SHA1	0293c23fb53efa0521e3d8d91b703abe2e016126
SHA256	7cfd983f6bfb7b28d5fc4cab84a107e3873108b9c930b73ff916322b797f286f
SSDeep	12288:nUggoAvsCVuoWsyutpVRYz1p3Ff9Md1vpPYVSYk5EI98Lyaeui5LSoNO85OeeRw:nUggdvsFscFf9MzSVSY7C8XaLSoCee2
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\RICSMCRNBTCNCLYIKKRS\LHFIWHKHJVWTSWKFVKYY.RWLO

Dropped File

Text

Unknown

Also Known As	information.txt (Embedded File)
Mime Type	text/plain
File Size	610 Bytes
MD5	c1dd408d37b3ee3083b128dc1b402bdc
SHA1	dac0862c752af45a6cad0f04e7c898fb372c6795
SHA256	b21295ba4bb12aedf554c863eafb521f6660754336c940e292ebcab862e679c8
SSDeep	6:q39NqxtIn/j+QcpSLbyIIQTUrmSz3gDVUk5GUnKtZKdE7xRPzL72RHNx31Hdwtm6:U+xG/fTLbygBUiBns0dcz2Hz3Vaj
ImpHash	-

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After