3f83fd42...c020 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Wiper
Threat Names:
Gen:Heur.Ransom.Imps.3
Mal/Generic-S

server.exe

Windows Exe (x86-32)

Created at 2020-02-17T13:24:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\server.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 7.00 KB
MD5 f967147bced6384ece805fcdbc5a6321 Copy to Clipboard
SHA1 1a9a2d7365666f1f4ba1a49ae3f1a596fb7c237c Copy to Clipboard
SHA256 3f83fd42af95185e19e537708dccdf1539dcab1ce73783c2741b4c1929dcc020 Copy to Clipboard
SSDeep 96:aRjrpEyc8JJTU6JjrrT8079yWYbM8GJe19z5LbTkJzNt:aRjrpEh8BVHTF9n8qe9L8r Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x40307e
Size Of Code 0x1200
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-02-16 21:35:38+00:00
Version Information (7)
»
Assembly Version 0.0.0.0
FileDescription
FileVersion 0.0.0.0
InternalName server.exe
LegalCopyright
OriginalFilename server.exe
ProductVersion 0.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x1084 0x1200 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.07
.rsrc 0x404000 0x4d8 0x600 0x1400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.69
.reloc 0x406000 0xc 0x200 0x1a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x3050 0x1250 0x0
Memory Dumps (1)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
server.exe 1 0x00820000 0x00827FFF Relevant Image True 64-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.Imps.3
Malicious
C:\Users\FD1HVy\Desktop\2Hg5l.gif.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.12 KB
MD5 a3a945ecd7a88b9dda9058518beab43e Copy to Clipboard
SHA1 a385b882b9d0efe95a054ed9f9b3685973050cce Copy to Clipboard
SHA256 4258d1d619323fcc2ead32892e678d2cb5040b7a6c67dcf0ac83d5be81724259 Copy to Clipboard
SSDeep 1536:lPY1sfpsyFosRfmylZk/HOqwUs3/FrP5DDcUXr+4py6BKitp:l5fps2RL6/Fy3t9DcU06N3 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\DFjzzJpyhgWZUBvwACh.gif.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 75.91 KB
MD5 19ee632ed772f0fd30503de7974aee1c Copy to Clipboard
SHA1 946424d0ff244a6c3358f729a64f63ce3e6ea33a Copy to Clipboard
SHA256 add232f1064dbd14661acee6e66b131bdca67bd59aaf3a3b7fc3d8c98579a525 Copy to Clipboard
SSDeep 1536:+hrqKTQERAra1xEPe543tN9bNZjhs4nditVh30jtGqquaru1VGAGZiHKxCVLE:SqKTQERB43H9bNwEMtP8pqlru+5Ziqx9 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\mvO-F_9WXmNrgc9I ZIF.gif.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 6.28 KB
MD5 f9ff6dd7dbb09055a3b68f437eae22c1 Copy to Clipboard
SHA1 1dd1c00f40ee240f0337cd1c708bddb7fadd9551 Copy to Clipboard
SHA256 3b76d2cbeb0a5bba9d08a29b200f82667fb249156de6c70d9d9fc15c6f257309 Copy to Clipboard
SSDeep 192:l64U1ph4RYS07kbxd4CTypnH+V8Q7zTT+QlkPUh7QUL9um/:wh4kkbD45pnHULzTT+QlkPUh7Mi Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\eQq0M5fMwGq3zz4_\beYTvemo WHyub.gif.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 32.39 KB
MD5 4ebc35e6b30a84798439667cbab24f7e Copy to Clipboard
SHA1 bf4f4e51b60598f18825e30f1ca4ae958b15bdfa Copy to Clipboard
SHA256 38b9d64b85b506f72f4121c623838ed253e9d33a708862ed81525c7147e78c3f Copy to Clipboard
SSDeep 768:4S5OreCT6hscT/30jCyoUfjLR+WNuowbKgkWBnDxlVrcRftm:4Jrb+SE/EF3gWMnKC Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\J3raR3n8dk7ENtsBj8F.png.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 7.39 KB
MD5 b803e2e816a4e43015d732fdb4e65607 Copy to Clipboard
SHA1 fdf09513a7456e35e1468941aa40cd216d255cf8 Copy to Clipboard
SHA256 71785568d983922e402e35404f259cd06df5eecbb2fab3aa10c7c4e01aadde01 Copy to Clipboard
SSDeep 192:HTYS7kFFtgvfArIpaFNLQujxGclnw/o64QrLsVWT+:zYS7kLtcArIgNLQdclwnbMg+ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\4x-aHVjSuhGt\_uQQT\5wCk2jY-mhp 4kf.png.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 20.33 KB
MD5 e16b81682cbb9b598ada4c2878e09795 Copy to Clipboard
SHA1 e2b9accb2a632e777f8138d305b81d5da449fffd Copy to Clipboard
SHA256 37c86fb1ba5b26bd1c22c898a1f9712795ccead1b49c4fb00a806996ed0032f3 Copy to Clipboard
SSDeep 384:QyzCEBBcFUQptz3VDwjyH/2jX+GqIwGMDHGxF8fC+3f3HVgBsZExhfGjY69El:7CEBBMUQptzlsE/kkH5fCeCBsZE/OjYL Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\4x-aHVjSuhGt\_uQQT\iAsPdh\eAS hfLZwYJsat.png.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 89.45 KB
MD5 51a52a88cdb0c519aa32445d529d83be Copy to Clipboard
SHA1 6bf0bb64ec988f651752d39bd6e780078b06166d Copy to Clipboard
SHA256 dd59ceaf2eeff363430e396d1ec3f45afbfed931ef6e17059ac0d9c53ea87746 Copy to Clipboard
SSDeep 1536:UrUT4x+NCx7os6wZIFXMSZp3i8ibX1nYrRQHW1fmssltP0tZZw:qx+NCxFIFXPZpW6rqmfmnWw Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\eQq0M5fMwGq3zz4_\eVui.docx.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 42.23 KB
MD5 8d2915ea193c636eb777aa5931de1e1b Copy to Clipboard
SHA1 04b929655911b2eae965d1bb70752615d5c1ff04 Copy to Clipboard
SHA256 54ea5540db19334d09617f859cfc6e0b9a50a78b12b33bca40192dbbe959e811 Copy to Clipboard
SSDeep 768:H8tX+qy3JrbBI3sIJgKU9h28NN6eHoPQMp/xaf8POrlazy658J5qd2iYCsVh:H8tPGPBI3pOKGh28NNnHooPOOrl+8JUa Copy to Clipboard
ImpHash -
c:\users\fd1hvy\desktop\potyy.avi.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 30.34 KB
MD5 d191bb35b4a24c2f070cc0d28a12e331 Copy to Clipboard
SHA1 23d833b2f9dca507741fcc0a9ff76e57e13a7696 Copy to Clipboard
SHA256 0d17e014675a71fc4f42c2c6fd773ef412dbcccc67ff1ff54b68033fa8d35aaf Copy to Clipboard
SSDeep 768:AnNRsFGXyEdkw1UWbIAvctBbumCc1dxjh6U5RzpGOs3o7MZIO/Aix:IztB1UgIAvuBplIUDpWW6A2 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\zP30mJFNxuSE8wXDofC.avi.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.95 KB
MD5 4665fbb1f468308c14351906d6fddfaa Copy to Clipboard
SHA1 d99805db1101631eab37d0f38a1a12987a3c718f Copy to Clipboard
SHA256 513636279a2606317047e3b0584c9ed1736ca5d9686dc37482f702f6b39ce3dc Copy to Clipboard
SSDeep 1536:3Y1olRJjoGXD27SpmhP7d2EVPR4qRqupk2:3wtGS7SQzUEVzRquk2 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\3H9gaz7jvQxnR.mp4.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 12.25 KB
MD5 a3eb552c896b2ac78db8c3f9e0aa3b59 Copy to Clipboard
SHA1 5984e7bf00b8a93cea5731ff82ece80bd712229d Copy to Clipboard
SHA256 947f7203f8b94aa169cf983a673a26a3d02c2528a2d92117210f0a3043bffcfd Copy to Clipboard
SSDeep 384:a04wyjBd+45trRgTirTKevI/2XxJbG+2k7npCyL:SwkBrrRgTMTKevI/2BYFk7pJL Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\qZTD6h5E.mp4.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80.91 KB
MD5 64e0d2fcaddbea4f82cd25156aa052b7 Copy to Clipboard
SHA1 b88f61c46abd3d1b0d548f580813997634102811 Copy to Clipboard
SHA256 38758d3f027f8ca9aec215bdab48b5b673e9440fc7d5d5f6f10064545e50a7d9 Copy to Clipboard
SSDeep 1536:aWM41jDpgt9ntGWVlY3jNbIA9/jqelC2r9t6TXYs+nN34y9rKNykIf4b1JZ9eFk5:aWMWt0ntVlY3jNbI0j315t6TMxv/GN9x Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\4x-aHVjSuhGt\0DMmlx9_Xue2bwnQn.mp4.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 92.34 KB
MD5 6d3d8643e6d71166a79a5943b7e6f53e Copy to Clipboard
SHA1 3c70849af39a159291860b6b0cf1ab4b3fb718dd Copy to Clipboard
SHA256 8bf5c0e0fd177c0cdbdb6f7dcc0f52e5f660da0c9daabde253cc426b7120afa0 Copy to Clipboard
SSDeep 1536:cxDGczV4+JmQRnR1Pdqv+ox/PY1TmclnUHfjstV6E5amEcaZVJAkvWGaC5:6ty+JB1m+o+1ScCYtIEs6QVJAUtaI Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\4x-aHVjSuhGt\BauUvkVwffW\hlDtZz4UCp.mp4.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 15.78 KB
MD5 4b2d7f1d29470a83f6d54741a1509ef0 Copy to Clipboard
SHA1 df61bbc620fe4351809251a7ef3f624b4da05561 Copy to Clipboard
SHA256 504a605754d9355f3bb53ebe01f6adab77970f9cc95206e0910a3051b2d2a079 Copy to Clipboard
SSDeep 384:ExbtrWNvZ3dKltxmWQVUx99cWZZizM5MQ9PfzSVqL4x2ayqFrB7:ExbtIR3dKlurKx3XCg93zl4EaLFrZ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\4x-aHVjSuhGt\BauUvkVwffW\udDHWmLl.mp4.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 22.36 KB
MD5 403ecb7d38f52234cfda02f3b638c33b Copy to Clipboard
SHA1 7428a09239b81481a74cebf6cc8fb87d7accf920 Copy to Clipboard
SHA256 584a9917252d2c11124f312e76c6ec253223a0bb0da1fdfef4d0e8782f06d226 Copy to Clipboard
SSDeep 384:QzqdEpaa1k1ZGWxaZRZi2zL4XBrEMX53LphdS+E1cX/b08xOH13M7Q:iH1k1ZGjZRZiy4XS+5vETm7Q Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\eQq0M5fMwGq3zz4_\MWmNERoZILn0Ybcr4.mp4.gesd Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 61.58 KB
MD5 b5454126506cb970d137c5d78897f7b7 Copy to Clipboard
SHA1 f12e68fbc2c2d850fb7979a26cd9ed79879a7e0a Copy to Clipboard
SHA256 296ca8ada4f3a91331e01e299b4ec15c3ac283d83fbe01e9e055a239855b72e3 Copy to Clipboard
SSDeep 1536:UwpL5WiC8pFUZXYfpcr+rMYVgdqAaDGG09aCn21unGtzJmturQmjfR:1pYDZXYRcr3xf8CkkUEtuUifR Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\READ THIS!!!!.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 119 Bytes
MD5 26ebc994a912ebbd4667716803dd1781 Copy to Clipboard
SHA1 d3b37239e3ad29be7b144999930f9905faf78404 Copy to Clipboard
SHA256 f922f4ec1003efe1c7bf2e1fcf26e161961caf8b3659fe686a51d391f399d6f0 Copy to Clipboard
SSDeep 3:7dRisFE2Lmq9pW5axiJACJiG0AFKLQ4DXF84obv:/isFEsw47Cn5T6F84o Copy to Clipboard
ImpHash -
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image