49a56e06...a322

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\FD1HVy\Desktop\brjujs.exe

Sample File

Binary

Malicious

Mime Type	application/vnd.microsoft.portable-executable
File Size	665.38 KB
MD5	70e863fb5753b95b4bb7d8c746ae4b94
SHA1	40bdba0699a9e2b003f929717c14b5b3966ff9f4
SHA256	49a56e067a73bb6f553b8df8a354d3b3328b8fffb64a459a1e719d86df89a322
SSDeep	12288:GhDP5VS0Hnj+ERfJwHIxqhynh99RkJM8234v8wPilfsjsStp:GhvVHnjtRfJwHI3n8M8BRPiTStp
ImpHash	b55129d987b823c62b9e7b15a43444fb

PE Information

Image Base	0x400000
Entry Point	0x488c65
Size Of Code	0x8d200
Size Of Initialized Data	0x18800
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2020-06-02 15:41:24+00:00

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x8d17f	0x8d200	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.23
.rdata	0x48f000	0xd27a	0xd400	0x8d600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.22
.data	0x49d000	0x20f0	0x600	0x9aa00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.34
.reloc	0x4a0000	0x9164	0x9200	0x9b000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.8

Imports (19)

KERNEL32.dll (87)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetCurrentProcess	0x0	0x48f00c	0x9ac80	0x99280	0x217
WriteFile	0x0	0x48f010	0x9ac84	0x99284	0x612
LeaveCriticalSection	0x0	0x48f014	0x9ac88	0x99288	0x3bd
SetFilePointer	0x0	0x48f018	0x9ac8c	0x9928c	0x522
InitializeCriticalSectionEx	0x0	0x48f01c	0x9ac90	0x99290	0x360
CreateMutexA	0x0	0x48f020	0x9ac94	0x99294	0xd7
UnmapViewOfFile	0x0	0x48f024	0x9ac98	0x99298	0x5b0
HeapSize	0x0	0x48f028	0x9ac9c	0x9929c	0x34e
MultiByteToWideChar	0x0	0x48f02c	0x9aca0	0x992a0	0x3ef
Sleep	0x0	0x48f030	0x9aca4	0x992a4	0x57d
GetFileInformationByHandle	0x0	0x48f034	0x9aca8	0x992a8	0x247
GetLastError	0x0	0x48f038	0x9acac	0x992ac	0x261
CreateFileA	0x0	0x48f03c	0x9acb0	0x992b0	0xc3
FileTimeToSystemTime	0x0	0x48f040	0x9acb4	0x992b4	0x16a
LoadLibraryA	0x0	0x48f044	0x9acb8	0x992b8	0x3c1
LockResource	0x0	0x48f048	0x9acbc	0x992bc	0x3db
HeapReAlloc	0x0	0x48f04c	0x9acc0	0x992c0	0x34c
CloseHandle	0x0	0x48f050	0x9acc4	0x992c4	0x86
RaiseException	0x0	0x48f054	0x9acc8	0x992c8	0x462
GetSystemInfo	0x0	0x48f058	0x9accc	0x992cc	0x2e3
FindResourceExW	0x0	0x48f05c	0x9acd0	0x992d0	0x195
LoadResource	0x0	0x48f060	0x9acd4	0x992d4	0x3c7
FindResourceW	0x0	0x48f064	0x9acd8	0x992d8	0x196
HeapAlloc	0x0	0x48f068	0x9acdc	0x992dc	0x345
GetLocalTime	0x0	0x48f06c	0x9ace0	0x992e0	0x262
HeapDestroy	0x0	0x48f070	0x9ace4	0x992e4	0x348
GetProcAddress	0x0	0x48f074	0x9ace8	0x992e8	0x2ae
CreateFileMappingA	0x0	0x48f078	0x9acec	0x992ec	0xc4
GetFileSize	0x0	0x48f07c	0x9acf0	0x992f0	0x24b
DeleteCriticalSection	0x0	0x48f080	0x9acf4	0x992f4	0x110
GetProcessHeap	0x0	0x48f084	0x9acf8	0x992f8	0x2b4
SystemTimeToFileTime	0x0	0x48f088	0x9acfc	0x992fc	0x588
FreeLibrary	0x0	0x48f08c	0x9ad00	0x99300	0x1ab
WideCharToMultiByte	0x0	0x48f090	0x9ad04	0x99304	0x5fe
EnterCriticalSection	0x0	0x48f094	0x9ad08	0x99308	0x131
GetTickCount	0x0	0x48f098	0x9ad0c	0x9930c	0x307
IsWow64Process	0x0	0x48f09c	0x9ad10	0x99310	0x391
AreFileApisANSI	0x0	0x48f0a0	0x9ad14	0x99314	0x23
GetFullPathNameW	0x0	0x48f0a4	0x9ad18	0x99318	0x259
LockFile	0x0	0x48f0a8	0x9ad1c	0x9931c	0x3d9
InitializeCriticalSection	0x0	0x48f0ac	0x9ad20	0x99320	0x35e
GetFullPathNameA	0x0	0x48f0b0	0x9ad24	0x99324	0x256
SetEndOfFile	0x0	0x48f0b4	0x9ad28	0x99328	0x510
GetTempPathW	0x0	0x48f0b8	0x9ad2c	0x9932c	0x2f6
CreateFileW	0x0	0x48f0bc	0x9ad30	0x99330	0xcb
GetFileAttributesW	0x0	0x48f0c0	0x9ad34	0x99334	0x245
GetCurrentThreadId	0x0	0x48f0c4	0x9ad38	0x99338	0x21c
GetTempPathA	0x0	0x48f0c8	0x9ad3c	0x9933c	0x2f5
GetFileAttributesA	0x0	0x48f0cc	0x9ad40	0x99340	0x240
GetVersionExA	0x0	0x48f0d0	0x9ad44	0x99344	0x31a
DeleteFileA	0x0	0x48f0d4	0x9ad48	0x99348	0x112
DeleteFileW	0x0	0x48f0d8	0x9ad4c	0x9934c	0x115
LoadLibraryW	0x0	0x48f0dc	0x9ad50	0x99350	0x3c4
UnlockFile	0x0	0x48f0e0	0x9ad54	0x99354	0x5ae
LockFileEx	0x0	0x48f0e4	0x9ad58	0x99358	0x3da
GetCurrentProcessId	0x0	0x48f0e8	0x9ad5c	0x9935c	0x218
GetSystemTimeAsFileTime	0x0	0x48f0ec	0x9ad60	0x99360	0x2e9
GetSystemTime	0x0	0x48f0f0	0x9ad64	0x99364	0x2e7
FormatMessageA	0x0	0x48f0f4	0x9ad68	0x99368	0x1a6
QueryPerformanceCounter	0x0	0x48f0f8	0x9ad6c	0x9936c	0x44d
FlushFileBuffers	0x0	0x48f0fc	0x9ad70	0x99370	0x19f
GetCurrentDirectoryW	0x0	0x48f100	0x9ad74	0x99374	0x211
CreateDirectoryW	0x0	0x48f104	0x9ad78	0x99378	0xba
FindClose	0x0	0x48f108	0x9ad7c	0x9937c	0x175
FindFirstFileExW	0x0	0x48f10c	0x9ad80	0x99380	0x17b
FindNextFileW	0x0	0x48f110	0x9ad84	0x99384	0x18c
GetFileAttributesExW	0x0	0x48f114	0x9ad88	0x99388	0x242
RemoveDirectoryW	0x0	0x48f118	0x9ad8c	0x9938c	0x4b9
HeapFree	0x0	0x48f11c	0x9ad90	0x99390	0x349
SizeofResource	0x0	0x48f120	0x9ad94	0x99394	0x57c
MapViewOfFile	0x0	0x48f124	0x9ad98	0x99398	0x3de
ReadFile	0x0	0x48f128	0x9ad9c	0x9939c	0x473
SetLastError	0x0	0x48f12c	0x9ada0	0x993a0	0x532
GetModuleHandleW	0x0	0x48f130	0x9ada4	0x993a4	0x278
CopyFileW	0x0	0x48f134	0x9ada8	0x993a8	0xad
IsDebuggerPresent	0x0	0x48f138	0x9adac	0x993ac	0x37f
OutputDebugStringW	0x0	0x48f13c	0x9adb0	0x993b0	0x419
InitializeCriticalSectionAndSpinCount	0x0	0x48f140	0x9adb4	0x993b4	0x35f
SetEvent	0x0	0x48f144	0x9adb8	0x993b8	0x516
ResetEvent	0x0	0x48f148	0x9adbc	0x993bc	0x4c6
WaitForSingleObjectEx	0x0	0x48f14c	0x9adc0	0x993c0	0x5d8
CreateEventW	0x0	0x48f150	0x9adc4	0x993c4	0xbf
UnhandledExceptionFilter	0x0	0x48f154	0x9adc8	0x993c8	0x5ad
SetUnhandledExceptionFilter	0x0	0x48f158	0x9adcc	0x993cc	0x56d
IsProcessorFeaturePresent	0x0	0x48f15c	0x9add0	0x993d0	0x386
InitializeSListHead	0x0	0x48f160	0x9add4	0x993d4	0x363
TerminateProcess	0x0	0x48f164	0x9add8	0x993d8	0x58c

USER32.dll (6)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetDC	0x0	0x48f1d0	0x9ae44	0x99444	0x140
GetDesktopWindow	0x0	0x48f1d4	0x9ae48	0x99448	0x143
FindWindowA	0x0	0x48f1d8	0x9ae4c	0x9944c	0x111
GetSystemMetrics	0x0	0x48f1dc	0x9ae50	0x99450	0x1c4
ShowWindow	0x0	0x48f1e0	0x9ae54	0x99454	0x380
ReleaseDC	0x0	0x48f1e4	0x9ae58	0x99458	0x2f5

GDI32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DeleteObject	0x0	0x48f000	0x9ac74	0x99274	0x17f
GetObjectA	0x0	0x48f004	0x9ac78	0x99278	0x2a6

MSVCP140.dll (21)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z	0x0	0x48f16c	0x9ade0	0x993e0	0xb1
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z	0x0	0x48f170	0x9ade4	0x993e4	0x1b8
?narrow@?$ctype@_W@std@@QBEPB_WPB_W0DPAD@Z	0x0	0x48f174	0x9ade8	0x993e8	0x42c
??Bid@locale@std@@QAEIXZ	0x0	0x48f178	0x9adec	0x993ec	0x131
?_Getname@_Locinfo@std@@QBEPBDXZ	0x0	0x48f17c	0x9adf0	0x993f0	0x1de
??1_Locinfo@std@@QAE@XZ	0x0	0x48f180	0x9adf4	0x993f4	0xa4
??0_Locinfo@std@@QAE@HPBD@Z	0x0	0x48f184	0x9adf8	0x993f8	0x6b
??1_Lockit@std@@QAE@XZ	0x0	0x48f188	0x9adfc	0x993fc	0xa5
??0_Lockit@std@@QAE@H@Z	0x0	0x48f18c	0x9ae00	0x99400	0x6d
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z	0x0	0x48f190	0x9ae04	0x99404	0x1a6
?_Xruntime_error@std@@YAXPBD@Z	0x0	0x48f194	0x9ae08	0x99408	0x292
?_Syserror_map@std@@YAPBDH@Z	0x0	0x48f198	0x9ae0c	0x9940c	0x273
?_Xlength_error@std@@YAXPBD@Z	0x0	0x48f19c	0x9ae10	0x99410	0x28e
?_Winerror_map@std@@YAHH@Z	0x0	0x48f1a0	0x9ae14	0x99414	0x285
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z	0x0	0x48f1a4	0x9ae18	0x99418	0x23a
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z	0x0	0x48f1a8	0x9ae1c	0x9941c	0x243
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ	0x0	0x48f1ac	0x9ae20	0x99420	0x1d5
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z	0x0	0x48f1b0	0x9ae24	0x99424	0x20f
?_Winerror_message@std@@YAKKPADK@Z	0x0	0x48f1b4	0x9ae28	0x99428	0x286
?id@?$ctype@_W@std@@2V0locale@2@A	0x0	0x48f1b8	0x9ae2c	0x9942c	0x3d1
?_Xout_of_range@std@@YAXPBD@Z	0x0	0x48f1bc	0x9ae30	0x99430	0x28f

SHLWAPI.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PathFindExtensionW	0x0	0x48f1c4	0x9ae38	0x99438	0x4b
PathFindExtensionA	0x0	0x48f1c8	0x9ae3c	0x9943c	0x4a

gdiplus.dll (11)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GdiplusStartup	0x0	0x48f380	0x9aff4	0x995f4	0x275
GdipCreateBitmapFromHBITMAP	0x0	0x48f384	0x9aff8	0x995f8	0x4d
GdipGetImageEncoders	0x0	0x48f388	0x9affc	0x995fc	0x11e
GdipCloneImage	0x0	0x48f38c	0x9b000	0x99600	0x36
GdipAlloc	0x0	0x48f390	0x9b004	0x99604	0x21
GdiplusShutdown	0x0	0x48f394	0x9b008	0x99608	0x274
GdipDisposeImage	0x0	0x48f398	0x9b00c	0x9960c	0x98
GdipFree	0x0	0x48f39c	0x9b010	0x99610	0xed
GdipGetImageEncodersSize	0x0	0x48f3a0	0x9b014	0x99614	0x11f
GdipCreateBitmapFromScan0	0x0	0x48f3a4	0x9b018	0x99618	0x50
GdipSaveImageToFile	0x0	0x48f3a8	0x9b01c	0x9961c	0x1f0

WININET.dll (9)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
HttpEndRequestA	0x0	0x48f228	0x9ae9c	0x9949c	0x71
HttpSendRequestExA	0x0	0x48f22c	0x9aea0	0x994a0	0x80
InternetCloseHandle	0x0	0x48f230	0x9aea4	0x994a4	0x95
InternetConnectA	0x0	0x48f234	0x9aea8	0x994a8	0x9b
InternetWriteFile	0x0	0x48f238	0x9aeac	0x994ac	0xef
InternetOpenA	0x0	0x48f23c	0x9aeb0	0x994b0	0xc6
HttpOpenRequestA	0x0	0x48f240	0x9aeb4	0x994b4	0x78
InternetReadFile	0x0	0x48f244	0x9aeb8	0x994b8	0xce
HttpSendRequestA	0x0	0x48f248	0x9aebc	0x994bc	0x7f

VCRUNTIME140.dll (14)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CxxThrowException	0x0	0x48f1ec	0x9ae60	0x99460	0x1
__CxxFrameHandler3	0x0	0x48f1f0	0x9ae64	0x99464	0x10
__std_exception_destroy	0x0	0x48f1f4	0x9ae68	0x99468	0x22
memmove	0x0	0x48f1f8	0x9ae6c	0x9946c	0x47
__current_exception	0x0	0x48f1fc	0x9ae70	0x99470	0x1c
memcpy	0x0	0x48f200	0x9ae74	0x99474	0x46
__std_exception_copy	0x0	0x48f204	0x9ae78	0x99478	0x21
memcmp	0x0	0x48f208	0x9ae7c	0x9947c	0x45
__current_exception_context	0x0	0x48f20c	0x9ae80	0x99480	0x1d
_except_handler3	0x0	0x48f210	0x9ae84	0x99484	0x34
memchr	0x0	0x48f214	0x9ae88	0x99488	0x44
_except_handler4_common	0x0	0x48f218	0x9ae8c	0x9948c	0x35
__std_terminate	0x0	0x48f21c	0x9ae90	0x99490	0x23
memset	0x0	0x48f220	0x9ae94	0x99494	0x48

api-ms-win-crt-runtime-l1-1-0.dll (23)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_configure_narrow_argv	0x0	0x48f29c	0x9af10	0x99510	0x19
_initialize_narrow_environment	0x0	0x48f2a0	0x9af14	0x99514	0x35
_invalid_parameter_noinfo_noreturn	0x0	0x48f2a4	0x9af18	0x99518	0x3b
_register_onexit_function	0x0	0x48f2a8	0x9af1c	0x9951c	0x3e
_crt_atexit	0x0	0x48f2ac	0x9af20	0x99520	0x1f
_cexit	0x0	0x48f2b0	0x9af24	0x99524	0x17
_seh_filter_exe	0x0	0x48f2b4	0x9af28	0x99528	0x42
_errno	0x0	0x48f2b8	0x9af2c	0x9952c	0x23
terminate	0x0	0x48f2bc	0x9af30	0x99530	0x6a
_get_initial_narrow_environment	0x0	0x48f2c0	0x9af34	0x99534	0x2a
_initterm	0x0	0x48f2c4	0x9af38	0x99538	0x38
_initterm_e	0x0	0x48f2c8	0x9af3c	0x9953c	0x39
_exit	0x0	0x48f2cc	0x9af40	0x99540	0x25
_invalid_parameter_noinfo	0x0	0x48f2d0	0x9af44	0x99544	0x3a
__p___argc	0x0	0x48f2d4	0x9af48	0x99548	0x5
__p___argv	0x0	0x48f2d8	0x9af4c	0x9954c	0x6
_c_exit	0x0	0x48f2dc	0x9af50	0x99550	0x16
_register_thread_local_exe_atexit_callback	0x0	0x48f2e0	0x9af54	0x99554	0x3f
exit	0x0	0x48f2e4	0x9af58	0x99558	0x58
_resetstkoflw	0x0	0x48f2e8	0x9af5c	0x9955c	0x40
_set_app_type	0x0	0x48f2ec	0x9af60	0x99560	0x44
_controlfp_s	0x0	0x48f2f0	0x9af64	0x99564	0x1d
_initialize_onexit_table	0x0	0x48f2f4	0x9af68	0x99568	0x36

api-ms-win-crt-time-l1-1-0.dll (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
clock	0x0	0x48f35c	0x9afd0	0x995d0	0x45
asctime	0x0	0x48f360	0x9afd4	0x995d4	0x43
_time64	0x0	0x48f364	0x9afd8	0x995d8	0x30
_localtime64	0x0	0x48f368	0x9afdc	0x995dc	0x23

api-ms-win-crt-string-l1-1-0.dll (14)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
wcscspn	0x0	0x48f320	0x9af94	0x99594	0xa2
strlen	0x0	0x48f324	0x9af98	0x99598	0x8b
isspace	0x0	0x48f328	0x9af9c	0x9959c	0x6e
isalnum	0x0	0x48f32c	0x9afa0	0x995a0	0x64
isdigit	0x0	0x48f330	0x9afa4	0x995a4	0x68
wcsspn	0x0	0x48f334	0x9afa8	0x995a8	0xab
strcmp	0x0	0x48f338	0x9afac	0x995ac	0x86
wcslen	0x0	0x48f33c	0x9afb0	0x995b0	0xa3
strcat	0x0	0x48f340	0x9afb4	0x995b4	0x84
tolower	0x0	0x48f344	0x9afb8	0x995b8	0x97
isxdigit	0x0	0x48f348	0x9afbc	0x995bc	0x7e
_wcsicmp	0x0	0x48f34c	0x9afc0	0x995c0	0x4a
wmemcpy_s	0x0	0x48f350	0x9afc4	0x995c4	0xb0
strcpy	0x0	0x48f354	0x9afc8	0x995c8	0x88

api-ms-win-crt-heap-l1-1-0.dll (7)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_recalloc	0x0	0x48f260	0x9aed4	0x994d4	0x15
free	0x0	0x48f264	0x9aed8	0x994d8	0x18
_set_new_mode	0x0	0x48f268	0x9aedc	0x994dc	0x16
calloc	0x0	0x48f26c	0x9aee0	0x994e0	0x17
realloc	0x0	0x48f270	0x9aee4	0x994e4	0x1a
_callnewh	0x0	0x48f274	0x9aee8	0x994e8	0x8
malloc	0x0	0x48f278	0x9aeec	0x994ec	0x19

api-ms-win-crt-utility-l1-1-0.dll (3)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
srand	0x0	0x48f370	0x9afe4	0x995e4	0x1d
rand	0x0	0x48f374	0x9afe8	0x995e8	0x1b
labs	0x0	0x48f378	0x9afec	0x995ec	0x15

api-ms-win-crt-stdio-l1-1-0.dll (8)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
fopen	0x0	0x48f2fc	0x9af70	0x99570	0x7d
__stdio_common_vsprintf	0x0	0x48f300	0x9af74	0x99574	0xd
feof	0x0	0x48f304	0x9af78	0x99578	0x75
fclose	0x0	0x48f308	0x9af7c	0x9957c	0x74
__p__commode	0x0	0x48f30c	0x9af80	0x99580	0x1
_set_fmode	0x0	0x48f310	0x9af84	0x99584	0x54
fread	0x0	0x48f314	0x9af88	0x99588	0x83
fwrite	0x0	0x48f318	0x9af8c	0x9958c	0x8a

api-ms-win-crt-multibyte-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_mbsicmp	0x0	0x48f294	0x9af08	0x99508	0x6b

api-ms-win-crt-environment-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
getenv	0x0	0x48f258	0x9aecc	0x994cc	0x10

api-ms-win-crt-convert-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
atoi	0x0	0x48f250	0x9aec4	0x994c4	0x50

api-ms-win-crt-locale-l1-1-0.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_configthreadlocale	0x0	0x48f280	0x9aef4	0x994f4	0x8
___lc_codepage_func	0x0	0x48f284	0x9aef8	0x994f8	0x0

api-ms-win-crt-math-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__setusermatherr	0x0	0x48f28c	0x9af00	0x99500	0x2e

Digital Signatures (2)

Certificate: Microsoft Corporation

Issued by	Microsoft Corporation
Parent Certificate	Microsoft Code Signing PCA 2011
Country Name	US
Valid From	2020-03-04 18:39:47+00:00
Valid Until	2021-03-03 18:39:47+00:00
Algorithm	sha256_rsa
Serial Number	33 00 00 01 87 72 17 72 15 59 40 C7 09 00 00 00 00 01 87
Thumbprint	24 85 A7 AF A9 8E 17 8C B8 F3 0C 98 38 34 6B 51 4A EA 47 69

Certificate: Microsoft Code Signing PCA 2011

Issued by	Microsoft Code Signing PCA 2011
Country Name	US
Valid From	2011-07-08 20:59:09+00:00
Valid Until	2026-07-08 21:09:09+00:00
Algorithm	sha256_rsa
Serial Number	61 0E 90 D2 00 00 00 00 00 03
Thumbprint	F2 52 E7 94 FE 43 8E 35 AC E6 E5 37 62 C0 A2 34 A2 C5 21 35

Memory Dumps (2)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	AV	YARA	Actions
brjujs.exe	1	0x00A40000	0x00AE9FFF	Relevant Image		32-bit	0x00A413DD			... Memory Dump Actions Go to Process Download Dump
brjujs.exe	1	0x00A40000	0x00AE9FFF	Process Termination		32-bit	-			... Memory Dump Actions Go to Process Download Dump

Local AV Matches (1)

Threat Name	Severity
Gen:Variant.Razy.680355	Malicious

C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\QJOBQLWYTL.ILQHNQOSO

Dropped File

Sqlite

Whitelisted

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	18.00 KB
MD5	5c2161fc7b16d12b45b3e53d56fad16a
SHA1	06a317f3d6519cf226db3ab029a212293d318a1b
SHA256	cdad85eefaeee766286a12d8c4039c819a3515170da3070967a7f5198119b35a
SSDeep	24:LLUH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6FZW:Uz+JH3yJUheCVE9V8MX0PFlNU12ZW
ImpHash	-

File Reputation Information

Severity	Whitelisted

c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	128 Bytes
MD5	f3344e084c76cf0e0a3ad5bacde88678
SHA1	7609c6b4fe4da79d21ddea0cbc56b9e0ce5822a7
SHA256	67a2c36c1223e17b98b6114a85c345a63696aabb2d8225e7c3423762f7109ed7
SSDeep	3:iu/B:i
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\QJOBQLWYTL.ILQHNQOSO

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	7.00 KB
MD5	5437864c133f53e6a43fc8678fee8ca9
SHA1	383ed41171772885ecedac3639de19c6d4024b57
SHA256	037369299fe8f3e3755fd3d7b421ae7676b1d713d948a4bf02ac138aaea55748
SSDeep	24:rid5UcYQ2yZTPaFpEvg3obNmQMOypv6UoF:+decYFgPOpEveoJNCoUc
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\QJOBQLWYTL.ILQHNQOSO

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	28.00 KB
MD5	164f4ab18544aae9d15a13d4515bd3dc
SHA1	78c8d3bdd34ba554fd077b0a126f01c6e877b1ae
SHA256	fcbf28e532103aee92e2e1d0ca8e96e7c1387fb6654566078362623a0c893129
SSDeep	48:T1L/ecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:FHSNDJAAvfbc
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\QJOBQLWYTL.ILQHNQOSO

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	64.00 KB
MD5	e3a002935a782f75c8ac7f3f0505d7f2
SHA1	5ec603207a726efa249b6ef575b2d03c64e928fd
SHA256	912c041f1f45b8b817f94c84c15433a40463a8a56d6978cf08b7ed28996050a7
SSDeep	96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\FDXRKMCXDCERKKCEPNR.LEFQGPDVSXGCCHGB

Dropped File

Image

Unknown

Also Known As	Screenshot.png (Embedded File)
Mime Type	image/png
File Size	812.64 KB
MD5	93e4a0712968ab755fcb8a66cdff93e3
SHA1	7d234268100650ff969ab1dff1948c67a3b2ec14
SHA256	00ff55fac095c1f8ed1625774ae2864566ac991c3fba4f95558bfa9a3235b7e7
SSDeep	24576:4iAximO5c3G0Qgs2MhCEklju5ekO2hgJNUwXdj2D1Y:vAJOOPQgLGCkhWNUwN2D1Y
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\YKPNDGYYFNJKWFEBNRQB\HVLCQIFFXYICOYNLCLWE.QLKM

Dropped File

Text

Unknown

Also Known As	information.txt (Embedded File)
Mime Type	text/plain
File Size	610 Bytes
MD5	1dd799e5708804141a3dc7c6b8621b86
SHA1	87bef9d8ec1ad27362e34be67f86ca0b3eeb61c2
SHA256	4cac997374b781b3101a614cadca764258bedf4d4cd8b53d9f7a2903d25ebdc4
SSDeep	6:q39NqxtgLGT+QcpSrQMnIIQTUrmSz3gDVUk5GUnKtZKdE7xRPzL72RHNx3Ke95E5:U+x8GvTlngBUiBns0dcz2Hz3fa
ImpHash	-

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After