VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: Spyware, Keylogger |
nrpswgral.exe
Windows Exe (x86-32)
Created at 2019-08-14T19:30:00
Remarks (1/1)
(0x200000e): The overall sleep time of all monitored processes was truncated from "47 seconds" to "10 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
File Reputation Information
»
Severity |
Blacklisted
|
First Seen | 2019-08-14 03:07 (UTC+2) |
Last Seen | 2019-08-14 07:16 (UTC+2) |
Names | Win32.Infostealer.Strictor |
Families | Strictor |
Classification | Spyware |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x4a3cee |
Size Of Code | 0xa1e00 |
Size Of Initialized Data | 0x1ac00 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2019-08-13 20:46:26+00:00 |
Version Information (11)
»
Assembly Version | 1.0.0.0 |
Comments | - |
CompanyName | - |
FileDescription | Minesweeper |
FileVersion | 1.0.0.0 |
InternalName | Minesweeper.exe |
LegalCopyright | Copyright © 2017 |
LegalTrademarks | - |
OriginalFilename | Minesweeper.exe |
ProductName | Minesweeper |
ProductVersion | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0xa1cf4 | 0xa1e00 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.91 |
.rsrc | 0x4a4000 | 0x1a9b0 | 0x1aa00 | 0xa2000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.75 |
.reloc | 0x4c0000 | 0xc | 0x200 | 0xbca00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | 0x0 | 0x402000 | 0xa3cc0 | 0xa1ec0 | 0x0 |
Memory Dumps (34)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Points | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
buffer | 1 | 0x07CC0178 | 0x07CC017F | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07CC01A0 | 0x07CC01A7 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07CC01C8 | 0x07CC01CF | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D2CFCE | 0x07D2CFD8 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D2CFC2 | 0x07D2CFCC | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07CC0208 | 0x07CC024F | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21AD8 | 0x07D21ADB | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21AFC | 0x07D21B03 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B04 | 0x07D21B07 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B08 | 0x07D21B0F | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B10 | 0x07D21B13 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B14 | 0x07D21B17 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B18 | 0x07D21B1B | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B1C | 0x07D21B23 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B24 | 0x07D21B27 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B28 | 0x07D21B2F | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B30 | 0x07D21B33 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B34 | 0x07D21B37 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B38 | 0x07D21B3F | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B40 | 0x07D21B43 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B44 | 0x07D21B47 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B48 | 0x07D21B4F | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B50 | 0x07D21B53 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B54 | 0x07D21B57 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B58 | 0x07D21B5F | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B60 | 0x07D21B63 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B64 | 0x07D21B67 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B68 | 0x07D21B6B | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B6C | 0x07D21B73 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B74 | 0x07D21B77 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B78 | 0x07D21B7B | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B7C | 0x07D21B83 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B84 | 0x07D21B87 | Marked Executable | - | 32-bit | - |
...
|
||
buffer | 1 | 0x07D21B88 | 0x07D21B8B | Marked Executable | - | 32-bit | - |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Gen:Variant.Strictor.98713 |
Malicious
|
C:\Users\FD1HVy\AppData\Roaming\hdqye3l4.01h\Chrome\Default\Cookies | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Roaming\hdqye3l4.01h\Firefox\Profiles\w7cr0hor.default\cookies.sqlite | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Roaming\hdqye3l4.01h.zip | Dropped File | Unknown |
Unknown
|
...
|
»