3bb9f555...53f1 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Backdoor
Spyware
Threat Names:
Quasar
Gen:Variant.Bulz.92263
Trojan.GenericKD.34635518
...

FallGuysStats.exe

Windows Exe (x86-32)

Created at 2020-10-05T07:40:00

...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 40 seconds" to "10 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FallGuysStats.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Chrome updaters.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 2.14 MB
MD5 77f95dce9fa89e5c94feec855efcb1da Copy to Clipboard
SHA1 14f77334b3bca11e07f52408c1d216b5af139a5c Copy to Clipboard
SHA256 3bb9f55514122071824320091030f517a2809c140d86791275037569b26f53f1 Copy to Clipboard
SSDeep 24576:TksQWhHGhYIDTTQL86WFB3nblGNYT0+5FwxoMUnLkuokTHyh3LpcybuSQEpqXAvF:gRDfQLT4pG+T0+57nLkuokC7VbuStpn Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x62020e
Size Of Code 0x21e400
Size Of Initialized Data 0x4c00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-10-04 19:58:54+00:00
Version Information (11)
»
Assembly Version 1.77.0.0
Comments -
CompanyName -
FileDescription FallGuysStats
FileVersion 1.77.0.0
InternalName FallGuysStats.exe
LegalCopyright Copyright © 2020
LegalTrademarks -
OriginalFilename FallGuysStats.exe
ProductName FallGuysStats
ProductVersion 1.77.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x21e214 0x21e400 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.95
.rsrc 0x622000 0x4868 0x4a00 0x21e600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.49
.reloc 0x628000 0xc 0x200 0x223000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x2201e4 0x21e3e4 0x0
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
fallguysstats.exe 1 0x012E0000 0x01509FFF Relevant Image True 32-bit - False False
...
fallguysstats.exe 1 0x012E0000 0x01509FFF Final Dump True 32-bit - False False
...
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\keys.util Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 566.00 KB
MD5 df0e1df47950999edf9e14900a4aaba4 Copy to Clipboard
SHA1 5b424dbe70b7f5a1a6d6bbbd12bd4ded7f843966 Copy to Clipboard
SHA256 e7ce1e495072aada838625362fc805e199290cb66660e5069bfc73755ad6d7f8 Copy to Clipboard
SSDeep 12288:GY1XTGiF0Hi8LZ8oiQ2XGL822222o1jddHXTBYcuJ+woHpPvJlLvIPpOgO92IPpY:iDLZ81XGL822222o1jddHXTBYcuJnWxm Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x48ecee
Size Of Code 0x8ce00
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2104-04-11 18:36:52+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription Ninja Project
FileVersion 1.0.0.0
InternalName Ninja Project.exe
LegalCopyright Copyright © 2020
LegalTrademarks -
OriginalFilename Ninja Project.exe
ProductName Ninja Project
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x8ccf4 0x8ce00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.67
.rsrc 0x490000 0x5cc 0x600 0x8d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.12
.reloc 0x492000 0xc 0x200 0x8d600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x8ecc1 0x8cec1 0x0
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Bulz.92263
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\ctfmom.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 238.00 KB
MD5 21f6685dd6b90f73bf9586acbc41f408 Copy to Clipboard
SHA1 33fcfb9cb7c7e698c1c7da27174ded1e00cfdf0a Copy to Clipboard
SHA256 6b50dffc03fa2eb27a7cfb43c0e9fc31c95411e2193a564eb6b6578e28155839 Copy to Clipboard
SSDeep 6144:omalc+otpWqr4JqAkfyaSZuIGaAOwXuq5:oNc+otp5FiuIGaKf5 Copy to Clipboard
ImpHash d48076f4fb0c05cb055b77fb24f0a143 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x40dc87
Size Of Code 0x28400
Size Of Initialized Data 0x13e00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-09-26 12:52:07+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x282d4 0x28400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.65
.rdata 0x42a000 0xf384 0xf400 0x28800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.38
.data 0x43a000 0x1f78 0x1200 0x37c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.22
.rsrc 0x43c000 0x1e0 0x200 0x38e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.72
.reloc 0x43d000 0x2618 0x2800 0x39000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.45
Imports (3)
»
KERNEL32.dll (89)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleW 0x0 0x42a018 0x38a98 0x37298 0x278
GlobalUnlock 0x0 0x42a01c 0x38a9c 0x3729c 0x33f
WriteConsoleW 0x0 0x42a020 0x38aa0 0x372a0 0x611
HeapSize 0x0 0x42a024 0x38aa4 0x372a4 0x34e
GlobalLock 0x0 0x42a028 0x38aa8 0x372a8 0x338
GetProcessHeap 0x0 0x42a02c 0x38aac 0x372ac 0x2b4
SetEnvironmentVariableW 0x0 0x42a030 0x38ab0 0x372b0 0x514
FreeEnvironmentStringsW 0x0 0x42a034 0x38ab4 0x372b4 0x1aa
GetEnvironmentStringsW 0x0 0x42a038 0x38ab8 0x372b8 0x237
GetCommandLineW 0x0 0x42a03c 0x38abc 0x372bc 0x1d7
GlobalAlloc 0x0 0x42a040 0x38ac0 0x372c0 0x32d
CopyFileA 0x0 0x42a044 0x38ac4 0x372c4 0xa8
Sleep 0x0 0x42a048 0x38ac8 0x372c8 0x57d
MultiByteToWideChar 0x0 0x42a04c 0x38acc 0x372cc 0x3ef
GetModuleFileNameA 0x0 0x42a050 0x38ad0 0x372d0 0x273
GetLastError 0x0 0x42a054 0x38ad4 0x372d4 0x261
WideCharToMultiByte 0x0 0x42a058 0x38ad8 0x372d8 0x5fe
EnterCriticalSection 0x0 0x42a05c 0x38adc 0x372dc 0x131
LeaveCriticalSection 0x0 0x42a060 0x38ae0 0x372e0 0x3bd
DeleteCriticalSection 0x0 0x42a064 0x38ae4 0x372e4 0x110
SetLastError 0x0 0x42a068 0x38ae8 0x372e8 0x532
InitializeCriticalSectionAndSpinCount 0x0 0x42a06c 0x38aec 0x372ec 0x35f
SwitchToThread 0x0 0x42a070 0x38af0 0x372f0 0x587
TlsAlloc 0x0 0x42a074 0x38af4 0x372f4 0x59e
TlsGetValue 0x0 0x42a078 0x38af8 0x372f8 0x5a0
TlsSetValue 0x0 0x42a07c 0x38afc 0x372fc 0x5a1
TlsFree 0x0 0x42a080 0x38b00 0x37300 0x59f
GetSystemTimeAsFileTime 0x0 0x42a084 0x38b04 0x37304 0x2e9
GetProcAddress 0x0 0x42a088 0x38b08 0x37308 0x2ae
EncodePointer 0x0 0x42a08c 0x38b0c 0x3730c 0x12d
DecodePointer 0x0 0x42a090 0x38b10 0x37310 0x109
GetCPInfo 0x0 0x42a094 0x38b14 0x37314 0x1c1
CompareStringW 0x0 0x42a098 0x38b18 0x37318 0x9b
LCMapStringW 0x0 0x42a09c 0x38b1c 0x3731c 0x3b1
GetLocaleInfoW 0x0 0x42a0a0 0x38b20 0x37320 0x265
GetStringTypeW 0x0 0x42a0a4 0x38b24 0x37324 0x2d7
UnhandledExceptionFilter 0x0 0x42a0a8 0x38b28 0x37328 0x5ad
SetUnhandledExceptionFilter 0x0 0x42a0ac 0x38b2c 0x3732c 0x56d
GetCurrentProcess 0x0 0x42a0b0 0x38b30 0x37330 0x217
TerminateProcess 0x0 0x42a0b4 0x38b34 0x37334 0x58c
IsProcessorFeaturePresent 0x0 0x42a0b8 0x38b38 0x37338 0x386
IsDebuggerPresent 0x0 0x42a0bc 0x38b3c 0x3733c 0x37f
GetStartupInfoW 0x0 0x42a0c0 0x38b40 0x37340 0x2d0
QueryPerformanceCounter 0x0 0x42a0c4 0x38b44 0x37344 0x44d
GetCurrentProcessId 0x0 0x42a0c8 0x38b48 0x37348 0x218
GetCurrentThreadId 0x0 0x42a0cc 0x38b4c 0x3734c 0x21c
InitializeSListHead 0x0 0x42a0d0 0x38b50 0x37350 0x363
RtlUnwind 0x0 0x42a0d4 0x38b54 0x37354 0x4d3
RaiseException 0x0 0x42a0d8 0x38b58 0x37358 0x462
FreeLibrary 0x0 0x42a0dc 0x38b5c 0x3735c 0x1ab
LoadLibraryExW 0x0 0x42a0e0 0x38b60 0x37360 0x3c3
ExitProcess 0x0 0x42a0e4 0x38b64 0x37364 0x15e
GetModuleHandleExW 0x0 0x42a0e8 0x38b68 0x37368 0x277
CreateFileW 0x0 0x42a0ec 0x38b6c 0x3736c 0xcb
GetDriveTypeW 0x0 0x42a0f0 0x38b70 0x37370 0x22f
GetFileInformationByHandle 0x0 0x42a0f4 0x38b74 0x37374 0x247
GetFileType 0x0 0x42a0f8 0x38b78 0x37378 0x24e
CloseHandle 0x0 0x42a0fc 0x38b7c 0x3737c 0x86
PeekNamedPipe 0x0 0x42a100 0x38b80 0x37380 0x422
SystemTimeToTzSpecificLocalTime 0x0 0x42a104 0x38b84 0x37384 0x589
FileTimeToSystemTime 0x0 0x42a108 0x38b88 0x37388 0x16a
GetModuleFileNameW 0x0 0x42a10c 0x38b8c 0x3738c 0x274
GetStdHandle 0x0 0x42a110 0x38b90 0x37390 0x2d2
WriteFile 0x0 0x42a114 0x38b94 0x37394 0x612
GetFileSizeEx 0x0 0x42a118 0x38b98 0x37398 0x24c
SetFilePointerEx 0x0 0x42a11c 0x38b9c 0x3739c 0x523
HeapAlloc 0x0 0x42a120 0x38ba0 0x373a0 0x345
FlushFileBuffers 0x0 0x42a124 0x38ba4 0x373a4 0x19f
GetConsoleCP 0x0 0x42a128 0x38ba8 0x373a8 0x1ea
GetConsoleMode 0x0 0x42a12c 0x38bac 0x373ac 0x1fc
HeapFree 0x0 0x42a130 0x38bb0 0x373b0 0x349
HeapReAlloc 0x0 0x42a134 0x38bb4 0x373b4 0x34c
GetCurrentDirectoryW 0x0 0x42a138 0x38bb8 0x373b8 0x211
GetFullPathNameW 0x0 0x42a13c 0x38bbc 0x373bc 0x259
IsValidLocale 0x0 0x42a140 0x38bc0 0x373c0 0x38d
GetUserDefaultLCID 0x0 0x42a144 0x38bc4 0x373c4 0x312
EnumSystemLocalesW 0x0 0x42a148 0x38bc8 0x373c8 0x154
SetStdHandle 0x0 0x42a14c 0x38bcc 0x373cc 0x54a
ReadFile 0x0 0x42a150 0x38bd0 0x373d0 0x473
ReadConsoleW 0x0 0x42a154 0x38bd4 0x373d4 0x470
GetTimeZoneInformation 0x0 0x42a158 0x38bd8 0x373d8 0x30e
FindClose 0x0 0x42a15c 0x38bdc 0x373dc 0x175
FindFirstFileExW 0x0 0x42a160 0x38be0 0x373e0 0x17b
FindNextFileW 0x0 0x42a164 0x38be4 0x373e4 0x18c
IsValidCodePage 0x0 0x42a168 0x38be8 0x373e8 0x38b
GetACP 0x0 0x42a16c 0x38bec 0x373ec 0x1b2
GetOEMCP 0x0 0x42a170 0x38bf0 0x373f0 0x297
GetCommandLineA 0x0 0x42a174 0x38bf4 0x373f4 0x1d6
SetEndOfFile 0x0 0x42a178 0x38bf8 0x373f8 0x510
USER32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EmptyClipboard 0x0 0x42a180 0x38c00 0x37400 0xe8
GetClipboardData 0x0 0x42a184 0x38c04 0x37404 0x134
SetClipboardData 0x0 0x42a188 0x38c08 0x37408 0x31b
IsClipboardFormatAvailable 0x0 0x42a18c 0x38c0c 0x3740c 0x228
CloseClipboard 0x0 0x42a190 0x38c10 0x37410 0x4f
OpenClipboard 0x0 0x42a194 0x38c14 0x37414 0x297
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegOpenKeyA 0x0 0x42a000 0x38a80 0x37280 0x28a
RegQueryValueExA 0x0 0x42a004 0x38a84 0x37284 0x298
RegSetValueExA 0x0 0x42a008 0x38a88 0x37288 0x2a8
RegOpenKeyExA 0x0 0x42a00c 0x38a8c 0x3728c 0x28b
RegCloseKey 0x0 0x42a010 0x38a90 0x37290 0x25b
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
ctfmom.exe 4 0x00900000 0x0093FFFF Relevant Image True 32-bit 0x009271F5 False False
...
ctfmom.exe 21 0x008E0000 0x0091FFFF Relevant Image True 32-bit 0x009071F5 False False
...
ctfmom.exe 21 0x008E0000 0x0091FFFF Process Termination True 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.34635518
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\gpustats.bx Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 76 Bytes
MD5 ee3c4e96f30b343f7fb57a5bc4571a5c Copy to Clipboard
SHA1 1f58188dfb9dcffb4e2812b4f425288b3b486e06 Copy to Clipboard
SHA256 ee6fdbc949a9a0aef06e01eb3bc05ddecfce3e530b8287b7c3fafe403c0b36ab Copy to Clipboard
SSDeep 3:mVSJNJGtFmuz/3T0df51V8VBn:mE0FfkXV8Vd Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\ec3947efc19179a8010c6bae37caac89\Dirs\Temp.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.14 KB
MD5 0dae518a10a9bd2e93e35bcfdcbe240d Copy to Clipboard
SHA1 bc94e731f463af0010c7bddb3d553eef8588b418 Copy to Clipboard
SHA256 30f5b89cbe203c1431be234d7e7d08e33875327c69c11b49b855dafbc0cb5651 Copy to Clipboard
SSDeep 24:ghORl112Fowh4835PLo659k5g5rbYAdLObfR3SxkaN4+Jkk0e:SML2F34835zo659k5g5rJd6TRtC5/0e Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\gpustats.bx Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 148 Bytes
MD5 ed3107278b238a0e3ea9d62d69cc129a Copy to Clipboard
SHA1 618a43d648345517b9a6a940739475e04ddcfc25 Copy to Clipboard
SHA256 209fa9d16f6c975799a6e4494ba8ffd8b66bee9cf25a84e6d30f90924536b548 Copy to Clipboard
SSDeep 3:mVSJNJGtFm6GwHmDx8WyJBhFqBE9fUIQmsojEvL+9nOs3ILN1b:mE0FBGyuCBhEBE9fSpEdx3op Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\_CL_02f3a8c9sy Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 48 Bytes
MD5 cb7340d02e808d15148f61c53feec557 Copy to Clipboard
SHA1 0e961865c500ce6884871af09cf43156dc6a6bc4 Copy to Clipboard
SHA256 55d82240f6a79ccedd881bdb5aa30e213eab0a522d98c2a87f61f70822aeffc3 Copy to Clipboard
SSDeep 3:IGCMRaf3LItT1n:IGFRaf3EtT1n Copy to Clipboard
ImpHash -
Dirs\Desktop.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 1007 Bytes
MD5 c2709172090d0e95b37079f1594f9255 Copy to Clipboard
SHA1 8513fd8e054d95b86f3d066011743cf3d3b50b5d Copy to Clipboard
SHA256 9e08e8bb1e5e638373c9089b911701b39b5bdaa126edc284480db10dcc6cadb7 Copy to Clipboard
SSDeep 24:gIw1phI3TnsHw1HibwF6kEvBTVEYQ+KcJkOC4g:gIs+TsiF6kEDNJkmg Copy to Clipboard
ImpHash -
Dirs\Documents.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 1.34 KB
MD5 0f47897cb0629af0dccd0860a02d7c6d Copy to Clipboard
SHA1 5037cbc053e663a277cf5d3922fb868aeb1f2efb Copy to Clipboard
SHA256 354d9c80f93c542a12c953eb74fce35e6df4fd17d1ee7794ea6cf5e1033b99c5 Copy to Clipboard
SSDeep 24:PTAZW9ab/V4WWyngY5jqzoaP5ZZ4kP0CpQsYQ5UmHv93pVVNKZzzhDDIUGP6:bAZfb/V4lygVoaP5D4C0CibQ5hHlZ/Ns Copy to Clipboard
ImpHash -
Dirs\Pictures.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 799 Bytes
MD5 ea48ddfc2ef7e606c2588b650414fda8 Copy to Clipboard
SHA1 b20c3baef3f4d0dea9a602e4e62020cbf7b616c7 Copy to Clipboard
SHA256 3a53aa13573d750dd60af2482d1f7c7ebe6fdbd985d17f822c4ec83a466d95f5 Copy to Clipboard
SSDeep 24:qmjTKSabt4/ScHiNjY+E7y+bggCCQca0fE4a:jjTKShdimv7y+bgIlfE4a Copy to Clipboard
ImpHash -
Dirs\Videos.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 716 Bytes
MD5 fa8468d75195b873ce8ab723b2155def Copy to Clipboard
SHA1 da92bace2ab69780f54eb8c9e1831465525bcf3c Copy to Clipboard
SHA256 1d8eccc0094c22b1b7255f504398318d98ab5b828a2a20f3e55c8f146667bca6 Copy to Clipboard
SSDeep 12:k+VyVS8Ug/Gw9k1ir6IsGm9Q1P5h7oO8/WjOsce/yTbvDtyUcInNYMSLKUNn:kNVTOwy10rsDQbh7Bp61CGyUpNYg0 Copy to Clipboard
ImpHash -
Dirs\Startup.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 46 Bytes
MD5 46fee4b4e286b9b40573315755ef5262 Copy to Clipboard
SHA1 5d4b51f2626abffea31332730e73c16cdb69ce73 Copy to Clipboard
SHA256 2c6167fe4c2e45011f91ec57c5c80f7d8ae96f8860e3838c1f6a61698008b03a Copy to Clipboard
SSDeep 3:jgcQmxduAWfLKB:jUgdOLKB Copy to Clipboard
ImpHash -
Dirs\Downloads.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 26 Bytes
MD5 df43f7da877de3ab3774aa024d5b929c Copy to Clipboard
SHA1 e39dfffb4c9b627b68ff92f9f0ba026551b1e662 Copy to Clipboard
SHA256 582a0a96d76d3688fff52d48079910cba2b4fb53af678aa3bbfd872dd6c7466b Copy to Clipboard
SSDeep 3:jLtgrLKB:3tSLKB Copy to Clipboard
ImpHash -
Dirs\Temp.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 1.16 KB
MD5 21031bb7fbc697a422010d4175078b07 Copy to Clipboard
SHA1 016ec8ef3bc36a1f86d785674bc83a937f4f9683 Copy to Clipboard
SHA256 ba9d88f51bc4fed4f90b04bd58917d00cec12cb924ac5851e041f80f88f17444 Copy to Clipboard
SSDeep 24:ghORl112FPwh4835PLo659k5g5rbYAdLObfR3SxkaN4+Jkk0e:SML2Fa4835zo659k5g5rJd6TRtC5/0e Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\ran.bx Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 4 Bytes
MD5 c5bbc7a02cb410d9e0035f30dc589fc3 Copy to Clipboard
SHA1 73c241b3c61da0512b7e4cbf5da998029fef9ee1 Copy to Clipboard
SHA256 994b7e534b9f1fd07222c5be8e7b00504ed01689cff8db789ccf56022934f625 Copy to Clipboard
SSDeep 3:1n:1 Copy to Clipboard
ImpHash -
screen.jpeg Embedded File Image
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type image/jpeg
File Size 95.31 KB
MD5 cfd7fbc3e097c48c0f66fb7dccb59c61 Copy to Clipboard
SHA1 d97df02976fa90b345f26e2049c9aac7fbf96544 Copy to Clipboard
SHA256 0e56651c7f1e4c2f2e37454571f34d7353bdc9785d3acb574b574acefc40795a Copy to Clipboard
SSDeep 1536:bS1/Hd3Cmv8JGUbUKBrTt5VwemIwnRM+siq9BgOvUyZ2kKuSOE8m4ABDcA:21/HdSmEMfWdMe1wRNsizO12kKuHxFAp Copy to Clipboard
ImpHash -
DBs\Google\Login Data Embedded File Sqlite
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type application/x-sqlite3
File Size 18.00 KB
MD5 29844404ae855e9df054833f71888eb1 Copy to Clipboard
SHA1 3e86f08def08fc14ddec0227d0643319562666db Copy to Clipboard
SHA256 c381401ea96dfe9b926126dcbbc0dd6ab541dbf549732cc6c66f20096b1f663e Copy to Clipboard
SSDeep 24:LLijhJ0KL7G0TMJHUyyJtmCm0u6lOKQAE9V8FsffDVOzeCmly6UwcTa/HMQW:wz+JH3yJUhJCVE9V8FsXhFlNU1Ts3W Copy to Clipboard
ImpHash -
processes.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 2.67 KB
MD5 04ee5ae8e812f5eb164d7ec199679a9e Copy to Clipboard
SHA1 f85497dbc6093d5fcaa495a554ba017f6584b3d1 Copy to Clipboard
SHA256 f22c8bcb07fa8e526c4bef8a6491c23602f29b8290f662c1aa43186cfe7bdb85 Copy to Clipboard
SSDeep 48:1V3cEcuPIoc5HmaCYESd8+odpwOUAzJhJB6KDrNH9wNaFFoVaZ:/3cDuQv5GaCYESd8+odpwOUA1hJB1DhH Copy to Clipboard
ImpHash -
DBs\Google\Cookies Embedded File Sqlite
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type application/x-sqlite3
File Size 7.00 KB
MD5 0111897c22e2ab86bfd65ccf91adc717 Copy to Clipboard
SHA1 c499d8febec0f0cb771a654fc65699c22226fe37 Copy to Clipboard
SHA256 cff896f26e26cdf1a63e312f89795366ee2bc902323cabe44a86aa4ad0977228 Copy to Clipboard
SSDeep 48:tNecVTgPOpEveoJZFrU10WB58PdJAKr1EcO:tVSNDX25E Copy to Clipboard
ImpHash -
DBs\Google\Local State Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 66.04 KB
MD5 edea92a7dd66d2e13b1b46414df046ec Copy to Clipboard
SHA1 a7068ec5a41ff158c4ff74381bb5f3ac4774e75b Copy to Clipboard
SHA256 cab40edc26b345bfe6e81b80e50a651419d29cd0e3c93eab9561cc86e6d5a1a6 Copy to Clipboard
SSDeep 1536:jx2yuMjgKRTDow4tRovIkCngQvq783ksXyHrPKu:tWw4tRaCngEu83JCuu Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\tempDataBase2020-10-05T18_43_56.1430000+11_0088 Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Mozilla\Firefox\Profiles\silmbjec.default\key3.db (Dropped File)
Mime Type application/octet-stream
File Size 16.00 KB
MD5 2d88595af5ff16543a02e5a6020442fa Copy to Clipboard
SHA1 d90a7acb454672217407101726fc8459b192f2a5 Copy to Clipboard
SHA256 ee89c454e3ecfd9229733187bc804097b31717637c0742f9035d79442d4574d5 Copy to Clipboard
SSDeep 3:Lt/hV/plfltt/lE9lllnldlHGltdl/l8/V0V6UkWfTsFrgRz7EX9m90tMwzac+3Y:5X9cvVmXy/VskWLsFcRkYO3zWu7H0cLD Copy to Clipboard
ImpHash -
Cookies.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 79 Bytes
MD5 40443610f7a9cf2473f7ee32c71fcba6 Copy to Clipboard
SHA1 535b20c44f77b15cb613663a24078c43634e4240 Copy to Clipboard
SHA256 9b16a5c831cbda21f0383885bd1827538ea8f38538e42c58217cfadc65eeb0b9 Copy to Clipboard
SSDeep 3:vGWJ3uGFlTRhRLb2Ai55QVvFmk1I:F+GbTRhhiAFmk1I Copy to Clipboard
ImpHash -
Others.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 140 Bytes
MD5 776c3daf4a2057fd079e9e56639edfbe Copy to Clipboard
SHA1 17a3df18ff3a051d5e921f09067b52137fae8dfa Copy to Clipboard
SHA256 7cb1da2b7b2e35a2690f644c5e3e9a5013c2c69460b63bb650f545132c5bc666 Copy to Clipboard
SSDeep 3:zROfVPx1MADMOSyw1N0Jt5Bb1QQP3WE5By1RePtW41akaBclxn:zRORx1BDMOkNiPQaDw1cFZ1Kclxn Copy to Clipboard
ImpHash -
Hardware & Soft.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp
Mime Type text/plain
File Size 1.77 KB
MD5 fec56636021230fb84d6444a5f134a77 Copy to Clipboard
SHA1 c4ddff3707739a026fd428de3b6fb199a87d9465 Copy to Clipboard
SHA256 750d59ae9fe877066e1a174246eac0f7e730a29e7705e67208e77c4402e6999c Copy to Clipboard
SSDeep 48:3uFDzd7rPbhPFpSPPU4PrLPRpRB/MVPrEB/MVPcXJuPc8YKiKnCP6tPWp2PU0PX7:e5zxrjhNpW84zLZpvKDMK0XJu08ASte0 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\9df274b54410817b3690312b4cb55431\22e94f5071aaed0706b87ec862736685-mat-debug.tmp Dropped File ZIP
Unknown
...
»
Mime Type application/zip
File Size 144.67 KB
MD5 72d43f34d5b4d79ec3ab38ad6c7e7183 Copy to Clipboard
SHA1 43b14be5da5ac8a7a7544d665f60f95796784b39 Copy to Clipboard
SHA256 3f5f9a995ab940d131af8ef9f27c7bd99856f256baa510e4a12f6699150589fa Copy to Clipboard
SSDeep 3072:0ut/ixzjJvOI+Tej3mPAg3yvHUS93sDFg0FxetZefr0R4I0aYx0HB:0+/qztD+E3mPuvB93CFgNtZRaI0ac0HB Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 15
Number of Folders 0
Size of Packed Archive Contents 143.07 KB
Size of Unpacked Archive Contents 196.02 KB
File Format zip
Contents (15)
»
Filename Packed Size Unpacked Size Compression Is Encrypted Modify Time Actions
screen.jpeg 87.69 KB 95.31 KB Deflate False 2020-10-05 18:43 (UTC+2)
...
Dirs\Videos.txt 462 Bytes 716 Bytes Deflate False 2020-10-05 18:43 (UTC+2)
...
Dirs\Startup.txt 47 Bytes 46 Bytes Deflate False 2020-10-05 18:43 (UTC+2)
...
Dirs\Documents.txt 865 Bytes 1.34 KB Deflate False 2020-10-05 18:43 (UTC+2)
...
Dirs\Pictures.txt 515 Bytes 799 Bytes Deflate False 2020-10-05 18:43 (UTC+2)
...
Dirs\Downloads.txt 28 Bytes 26 Bytes Deflate False 2020-10-05 18:43 (UTC+2)
...
Hardware & Soft.txt 720 Bytes 1.77 KB Deflate False 2020-10-05 18:44 (UTC+2)
...
Others.txt 114 Bytes 140 Bytes Deflate False 2020-10-05 18:43 (UTC+2)
...
Cookies.txt 80 Bytes 79 Bytes Deflate False 2020-10-05 18:43 (UTC+2)
...
Dirs\Desktop.txt 683 Bytes 1007 Bytes Deflate False 2020-10-05 18:43 (UTC+2)
...
Dirs\Temp.txt 707 Bytes 1.16 KB Deflate False 2020-10-05 18:43 (UTC+2)
...
DBs\Google\Login Data 817 Bytes 18.00 KB Deflate False 2017-06-05 11:53 (UTC+2)
...
DBs\Google\Local State 48.96 KB 66.04 KB Deflate False 2017-06-05 11:54 (UTC+2)
...
DBs\Google\Cookies 1018 Bytes 7.00 KB Deflate False 2017-06-05 11:53 (UTC+2)
...
processes.txt 520 Bytes 2.67 KB Deflate False 2020-10-05 18:43 (UTC+2)
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image