4e38fd97...c4d3 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Spyware, Keylogger

nrpswgral.exe

Windows Exe (x86-32)

Created at 2019-08-14T19:30:00

...

Remarks (1/1)

(0x200000e): The overall sleep time of all monitored processes was truncated from "47 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\nrpswgral.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 755.00 KB
MD5 5584cd3c99cde56e459f30eec3bb470b Copy to Clipboard
SHA1 6b22373f655d9d25b3fd474597ac5933c2b4248c Copy to Clipboard
SHA256 4e38fd97f1d64237659653a6f82e1d144636e69671c7e07ca7137bc59823c4d3 Copy to Clipboard
SSDeep 12288:oTc5UVeRDe9L7KNpQZ8QYlSTyAkQ4T3Wy81rh9aI:oQEB7KlQDmAUDJ81j Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-08-14 03:07 (UTC+2)
Last Seen 2019-08-14 07:16 (UTC+2)
Names Win32.Infostealer.Strictor
Families Strictor
Classification Spyware
PE Information
»
Image Base 0x400000
Entry Point 0x4a3cee
Size Of Code 0xa1e00
Size Of Initialized Data 0x1ac00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-08-13 20:46:26+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription Minesweeper
FileVersion 1.0.0.0
InternalName Minesweeper.exe
LegalCopyright Copyright © 2017
LegalTrademarks -
OriginalFilename Minesweeper.exe
ProductName Minesweeper
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0xa1cf4 0xa1e00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.91
.rsrc 0x4a4000 0x1a9b0 0x1aa00 0xa2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.75
.reloc 0x4c0000 0xc 0x200 0xbca00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0xa3cc0 0xa1ec0 0x0
Memory Dumps (34)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
buffer 1 0x07CC0178 0x07CC017F Marked Executable - 32-bit - False False
...
buffer 1 0x07CC01A0 0x07CC01A7 Marked Executable - 32-bit - False False
...
buffer 1 0x07CC01C8 0x07CC01CF Marked Executable - 32-bit - False False
...
buffer 1 0x07D2CFCE 0x07D2CFD8 Marked Executable - 32-bit - False False
...
buffer 1 0x07D2CFC2 0x07D2CFCC Marked Executable - 32-bit - False False
...
buffer 1 0x07CC0208 0x07CC024F Marked Executable - 32-bit - False False
...
buffer 1 0x07D21AD8 0x07D21ADB Marked Executable - 32-bit - False False
...
buffer 1 0x07D21AFC 0x07D21B03 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B04 0x07D21B07 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B08 0x07D21B0F Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B10 0x07D21B13 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B14 0x07D21B17 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B18 0x07D21B1B Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B1C 0x07D21B23 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B24 0x07D21B27 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B28 0x07D21B2F Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B30 0x07D21B33 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B34 0x07D21B37 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B38 0x07D21B3F Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B40 0x07D21B43 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B44 0x07D21B47 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B48 0x07D21B4F Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B50 0x07D21B53 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B54 0x07D21B57 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B58 0x07D21B5F Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B60 0x07D21B63 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B64 0x07D21B67 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B68 0x07D21B6B Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B6C 0x07D21B73 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B74 0x07D21B77 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B78 0x07D21B7B Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B7C 0x07D21B83 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B84 0x07D21B87 Marked Executable - 32-bit - False False
...
buffer 1 0x07D21B88 0x07D21B8B Marked Executable - 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Strictor.98713
Malicious
C:\Users\FD1HVy\AppData\Roaming\hdqye3l4.01h\Chrome\Default\Cookies Dropped File Sqlite
Unknown
...
»
Mime Type application/x-sqlite3
File Size 28.00 KB
MD5 164f4ab18544aae9d15a13d4515bd3dc Copy to Clipboard
SHA1 78c8d3bdd34ba554fd077b0a126f01c6e877b1ae Copy to Clipboard
SHA256 fcbf28e532103aee92e2e1d0ca8e96e7c1387fb6654566078362623a0c893129 Copy to Clipboard
SSDeep 48:T1L/ecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:FHSNDJAAvfbc Copy to Clipboard
C:\Users\FD1HVy\AppData\Roaming\hdqye3l4.01h\Firefox\Profiles\w7cr0hor.default\cookies.sqlite Dropped File Sqlite
Unknown
...
»
Mime Type application/x-sqlite3
File Size 512.00 KB
MD5 123bb0d96e2bf3342a462c70cf2695ad Copy to Clipboard
SHA1 fa8091697602b9f748a1b3ca7b28b2c1be34f1dd Copy to Clipboard
SHA256 2434f6f5c2143b8bab6161fc1e5bed97282fdad54d7deb409248029a750de268 Copy to Clipboard
SSDeep 192:VD/ApAhREKxiHpWXC1elNknfedN2F887O988ymwCtQMABwC7p:VDopgREIcrelKfe3WZmsM0p Copy to Clipboard
C:\Users\FD1HVy\AppData\Roaming\hdqye3l4.01h.zip Dropped File Unknown
Unknown
...
»
Mime Type application/zip
File Size 7.71 KB
MD5 c20e15d79cdbb0f0f9bc21c06670d09b Copy to Clipboard
SHA1 9b525c3b7d2a95603a1f251572ff020170471b14 Copy to Clipboard
SHA256 3cd70c88732d682b19998725e9d77877582950460f5501ba272127aa9cecd983 Copy to Clipboard
SSDeep 192:0RfWMCXMa1xBMJEbWiqDMomvsQZeTfnOEcf8:01WMHa3aEbZomv4n Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image