51e91780...a8bb

Remarks

Max Dump Size Reached (0x0200000C): The maximum memory dump size was exceeded. Some dumps may be missing in the report.

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\FD1HVy\Desktop\FeeLmebq987g92.exe

Sample File

Binary

Malicious

Mime Type	application/vnd.microsoft.portable-executable
File Size	2.28 MB
MD5	dc1f1308759847a3e7161f284431cc5b
SHA1	7eec4c3e46e3c39e21d0bec2897ce3da261310f9
SHA256	51e917806f84d3035b2d94cb3701b07ec47b3dc07a5b3e4dd38a5c552482a8bb
SSDeep	49152:iBH1WCsqatXAeD8w+CV6INnAsg9rtpyIDEN:iBH1WvttAC4IFAsSC
ImpHash	3ceeed2554ab5ae383b2f2f427b06317

PE Information

Image Base	0x400000
Entry Point	0x84cc08
Size Of Code	0x8d200
Size Of Initialized Data	0x151e00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2020-06-02 15:41:24+00:00

Version Information (11)

Assembly Version	1.0.0.0
Comments	Vortex Software
CompanyName	Vortex Software
FileDescription	Vortex Software
FileVersion	1.0.0.0
InternalName	FeeLmebq987g92.exe
LegalCopyright	Copyright © Vortex Software 2020
LegalTrademarks	Vortex Software
OriginalFilename	FeeLmebq987g92.exe
ProductName	Vortex Software
ProductVersion	1.0.0.0

Sections (13)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x8d17f	0x8d200	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.23
.rdata	0x48f000	0xd27a	0xd400	0x8d600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.68
.data	0x49d000	0x20f0	0x600	0x9aa00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.34
.reloc	0x4a0000	0x9164	0x9200	0x9b000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.8
	0x4aa000	0x1395a6	0x53e71	0xa4200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	8.0
.imports	0x5e4000	0x1000	0x600	0xf8200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.99
.tls	0x5e5000	0x1000	0x200	0xf8800	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.18
.vmp0	0x5e6000	0x40000	0x40000	0xf8a00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	8.0
.themida	0x626000	0x226000	0x0	0x0	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.boot	0x84c000	0xc9e00	0xc9e00	0x138a00	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.95
.vmp1	0x916000	0x5d0	0x600	0x202800	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.53
.reloc	0x917000	0x10	0x200	0x202e00	IMAGE_SCN_MEM_READ	0.17
.rsrc	0x918000	0x3ff36	0x40000	0x203000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.09

Imports (19)

kernel32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetModuleHandleA	0x0	0x5e4488	0x1e4488	0xf8688	0x0

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetDC	0x0	0x5e4490	0x1e4490	0xf8690	0x0

GDI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
DeleteObject	0x0	0x5e4498	0x1e4498	0xf8698	0x0

MSVCP140.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z	0x0	0x5e44a0	0x1e44a0	0xf86a0	0x0

SHLWAPI.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PathFindExtensionW	0x0	0x5e44a8	0x1e44a8	0xf86a8	0x0

gdiplus.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GdiplusStartup	0x0	0x5e44b0	0x1e44b0	0xf86b0	0x0

WININET.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
HttpEndRequestA	0x0	0x5e44b8	0x1e44b8	0xf86b8	0x0

VCRUNTIME140.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CxxThrowException	0x0	0x5e44c0	0x1e44c0	0xf86c0	0x0

api-ms-win-crt-runtime-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_configure_narrow_argv	0x0	0x5e44c8	0x1e44c8	0xf86c8	0x0

api-ms-win-crt-time-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
clock	0x0	0x5e44d0	0x1e44d0	0xf86d0	0x0

api-ms-win-crt-string-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
wcscspn	0x0	0x5e44d8	0x1e44d8	0xf86d8	0x0

api-ms-win-crt-heap-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_recalloc	0x0	0x5e44e0	0x1e44e0	0xf86e0	0x0

api-ms-win-crt-utility-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
srand	0x0	0x5e44e8	0x1e44e8	0xf86e8	0x0

api-ms-win-crt-stdio-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
fopen	0x0	0x5e44f0	0x1e44f0	0xf86f0	0x0

api-ms-win-crt-multibyte-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_mbsicmp	0x0	0x5e44f8	0x1e44f8	0xf86f8	0x0

api-ms-win-crt-environment-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
getenv	0x0	0x5e4500	0x1e4500	0xf8700	0x0

api-ms-win-crt-convert-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
atoi	0x0	0x5e4508	0x1e4508	0xf8708	0x0

api-ms-win-crt-locale-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_configthreadlocale	0x0	0x5e4510	0x1e4510	0xf8710	0x0

api-ms-win-crt-math-l1-1-0.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
__setusermatherr	0x0	0x5e4518	0x1e4518	0xf8718	0x0

Digital Signatures (4)

Certificate: Comodo Security Solutions, Inc.

Issued by	Comodo Security Solutions, Inc.
Parent Certificate	COMODO RSA Extended Validation Code Signing CA
Country Name	US
Valid From	2018-12-04 00:00:00+00:00
Valid Until	2021-12-03 23:59:59+00:00
Algorithm	sha256_rsa
Serial Number	1B 42 7B 06 0E 28 66 BF B5 86 CC 26 7E 1C 3E AA
Thumbprint	31 D0 19 FC 7A B6 97 D5 7D 9C 4A FB 34 0E D7 C4 D1 04 00 DF

Certificate: COMODO RSA Extended Validation Code Signing CA

Issued by	COMODO RSA Extended Validation Code Signing CA
Parent Certificate	COMODO RSA Certification Authority
Country Name	GB
Valid From	2014-12-03 00:00:00+00:00
Valid Until	2029-12-02 23:59:59+00:00
Algorithm	sha384_rsa
Serial Number	6D D4 72 EB 02 AE 04 06 E3 DD 84 3F 5F E1 45 E1
Thumbprint	35 1A 78 EB C1 B4 BB 6D C3 66 72 8D 33 42 31 AB A9 AE 3E A7

Certificate: COMODO RSA Certification Authority

Issued by	COMODO RSA Certification Authority
Parent Certificate	AddTrust External CA Root
Country Name	GB
Valid From	2000-05-30 10:48:38+00:00
Valid Until	2020-05-30 10:48:38+00:00
Algorithm	sha384_rsa
Serial Number	27 66 EE 56 EB 49 F3 8E AB D7 70 A2 FC 84 DE 22
Thumbprint	F5 AD 0B CC 1A D5 6C D1 50 72 5B 1C 86 6C 30 AD 92 EF 21 B0

Certificate: AddTrust External CA Root

Issued by	AddTrust External CA Root
Country Name	SE
Valid From	2013-08-15 20:26:30+00:00
Valid Until	2023-08-15 20:36:30+00:00
Algorithm	sha1_rsa
Serial Number	33 00 00 00 35 D8 D5 59 5B 06 71 41 2B 00 00 00 00 00 35
Thumbprint	A7 5A C6 57 AA 7A 4C DF E5 F9 DE 39 3E 69 EF CA B6 59 D2 50

Memory Dumps (19)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	First Execution	32-bit	0x00C7CC08	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AA51E4	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AA51E4	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AA6DDC	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AA51E4	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AB51B4	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00BF3959	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00B5833D	... Memory Dump Actions Go to Process Download Dump
ntdll.dll	1	0x77970000	0x77AFDFFF	First Execution	32-bit	0x779E2070	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00B5208D	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AB2EED	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AAF42E	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AB7304	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AC83C6	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AA51E4	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AB7304	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AC8B92	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AA6BF2	... Memory Dump Actions Go to Process Download Dump
feelmebq987g92.exe	1	0x00830000	0x00D87FFF	Content Changed	32-bit	0x00AA51E4	... Memory Dump Actions Go to Process Download Dump

Local AV Matches (1)

Threat Name	Severity
Gen:Variant.Ursu.895492	Malicious

C:\Users\FD1HVy\AppData\Local\Temp\OQSIDRQUQRHQSPKEYKPY\VLECKIRDYJ.XSEDUSIPO

Dropped File

Sqlite

Whitelisted

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	18.00 KB
MD5	5c2161fc7b16d12b45b3e53d56fad16a
SHA1	06a317f3d6519cf226db3ab029a212293d318a1b
SHA256	cdad85eefaeee766286a12d8c4039c819a3515170da3070967a7f5198119b35a
SSDeep	24:LLUH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6FZW:Uz+JH3yJUheCVE9V8MX0PFlNU12ZW
ImpHash	-

File Reputation Information

Severity	Whitelisted

c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	128 Bytes
MD5	f3344e084c76cf0e0a3ad5bacde88678
SHA1	7609c6b4fe4da79d21ddea0cbc56b9e0ce5822a7
SHA256	67a2c36c1223e17b98b6114a85c345a63696aabb2d8225e7c3423762f7109ed7
SSDeep	3:iu/B:i
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\OQSIDRQUQRHQSPKEYKPY\VLECKIRDYJ.XSEDUSIPO

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	7.00 KB
MD5	5437864c133f53e6a43fc8678fee8ca9
SHA1	383ed41171772885ecedac3639de19c6d4024b57
SHA256	037369299fe8f3e3755fd3d7b421ae7676b1d713d948a4bf02ac138aaea55748
SSDeep	24:rid5UcYQ2yZTPaFpEvg3obNmQMOypv6UoF:+decYFgPOpEveoJNCoUc
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\OQSIDRQUQRHQSPKEYKPY\VLECKIRDYJ.XSEDUSIPO

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	28.00 KB
MD5	164f4ab18544aae9d15a13d4515bd3dc
SHA1	78c8d3bdd34ba554fd077b0a126f01c6e877b1ae
SHA256	fcbf28e532103aee92e2e1d0ca8e96e7c1387fb6654566078362623a0c893129
SSDeep	48:T1L/ecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:FHSNDJAAvfbc
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\OQSIDRQUQRHQSPKEYKPY\VLECKIRDYJ.XSEDUSIPO

Dropped File

Sqlite

Unknown

Also Known As	C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File) C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type	application/x-sqlite3
File Size	64.00 KB
MD5	e3a002935a782f75c8ac7f3f0505d7f2
SHA1	5ec603207a726efa249b6ef575b2d03c64e928fd
SHA256	912c041f1f45b8b817f94c84c15433a40463a8a56d6978cf08b7ed28996050a7
SSDeep	96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\OQSIDRQUQRHQSPKEYKPY\MBPYOSOUSCHFUBMYIQE.DONGRRSRLTUTWRHX

Dropped File

Image

Unknown

Also Known As	Screenshot.png (Embedded File)
Mime Type	image/png
File Size	811.38 KB
MD5	ad1aaa9debdf1b9d15327c0b42c58dd7
SHA1	e11b70bffbd937e26ea8daf60dc44fe062f9548b
SHA256	1342777f1973b91bb8fcc3c9d2f9305df4d470d1f865a14a109cc32ae294a4b8
SSDeep	24576:aKb8EPDDkJBjWayuZaVlUebPUvnx7rtIgFHhPShe:aQRDjanZaVl7mnV5HhPr
ImpHash	-

C:\Users\FD1HVy\AppData\Local\Temp\OQSIDRQUQRHQSPKEYKPY\TQTWTFWFSLNNKWQERGTK.IQTQ

Dropped File

Text

Unknown

Also Known As	information.txt (Embedded File)
Mime Type	text/plain
File Size	610 Bytes
MD5	c7acceb947c6f31e440601da7c1d0a49
SHA1	cf9d18451ad754195c6e6ccc4b4f012c0fb2c38f
SHA256	17078e9a7aeb495b6d7bbde03f42feefa2da78b13b8a10b4489a4c97ce1f46b8
SSDeep	6:q39NqxtFKGT+QcpSrQMnIIQTUrmSz3gDVUk5GUnKtZKdE7xRPzL72RHNx3Gsfoqj:U+xTKGvTlngBUiBns0dcz2Hz3RdXT
ImpHash	-

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After