458ad7362cfb

Classifications

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created on 2022-04-25T13:01:00

458ad7362cfb6980b9e7eb19ab83ddc6d261bf6b057f1892267dd55c656e9686.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\458ad7362cfb6980b9e7eb19ab83ddc6d261bf6b057f1892267dd55c656e9686.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	23.50 KB
MD5	6362ff59e775cca4d1da38cacaae58be
SHA1	2c992f5a53bbe80030604ea8f3d121eae6bb7432
SHA256	458ad7362cfb6980b9e7eb19ab83ddc6d261bf6b057f1892267dd55c656e9686
SSDeep	384:7XGEIh4HIHEKRXfQJ/1/1mORKun6psaJbKe8NebZ9WTq70piYSc:n72ol1eJbsML70QY9
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

PE Information

Image Base	0x400000
Entry Point	0x40732e
Size Of Code	0x5400
Size Of Initialized Data	0x800
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2020-01-24 15:10:07+00:00

Version Information (11)

Comments	-
CompanyName	-
FileDescription	crss
FileVersion	1.0.0.0
InternalName	crsss.exe
LegalCopyright	Copyright © Microsoft
LegalTrademarks	-
OriginalFilename	crsss.exe
ProductName	crss
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x5334	0x5400	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.25
.rsrc	0x408000	0x598	0x600	0x5600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.99
.reloc	0x40a000	0xc	0x200	0x5c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x402000	0x7304	0x5504	0x0

Memory Dumps (3)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
458ad7362cfb6980b9e7eb19ab83ddc6d261bf6b057f1892267dd55c656e9686.exe	1	0x00400000	0x0040BFFF	Relevant Image	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x1A65D000	0x1A65FFFF	First Network Behavior	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00145000	0x0014FFFF	First Network Behavior	64-bit	-	... Memory Dump Actions Go to Process Download Dump

C:\HOW TO RECOVER ENCRYPTED FILES.txt

Dropped File

Text

MIME Type	text/plain
File Size	2.00 KB
MD5	38cb33ea2f84c9fe9d0da3b7496f3715
SHA1	46925012ee009b1e750288ad03e62dac0feab8ce
SHA256	87c2b89a8dbe2c255f318138572b381c87274db5c9b49c8eb33d96adfa6ac5ef
SSDeep	48:WwEMhDcQwRryz4/pplhcCfu4t3xNWfEIoP8jMH:WwbTw84/blhcelLvpWe
ImpHash	-

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After