VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: Keylogger, Spyware, Trojan |
nqmdwcixbxs.exe
Windows Exe (x86-32)
Created at 2019-07-21T23:34:00
Remarks (1/1)
(0x2000010): The operating system was rebooted during the analysis.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nqmdwcixbxs.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Severity |
Blacklisted
|
First Seen | 2017-06-12 21:11 (UTC+2) |
Last Seen | 2019-03-01 17:38 (UTC+1) |
Names | ByteCode-MSIL.Trojan.Injector |
Families | Injector |
Classification | Trojan |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x43607e |
Size Of Code | 0x35000 |
Size Of Initialized Data | 0x38000 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2017-06-12 08:13:26+00:00 |
Version Information (10)
»
Assembly Version | 1.0.17.17 |
Comments | Wrq is a Enco. |
CompanyName | Wrq corp. |
FileDescription | Wrq |
FileVersion | 7.14.19.15 |
InternalName | today.exe |
LegalCopyright | Wrq 2016 |
OriginalFilename | today.exe |
ProductName | Wrq Enco |
ProductVersion | 7.14.19.15 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x34084 | 0x35000 | 0x1000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.41 |
.rsrc | 0x438000 | 0x36f20 | 0x37000 | 0x36000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.0 |
.reloc | 0x470000 | 0xc | 0x1000 | 0x6d000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.02 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | 0x0 | 0x402000 | 0x36058 | 0x35058 | 0x0 |
Memory Dumps (40)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
system.drawing.ni.dll | 1 | 0x73E70000 | 0x73FF7FFF | Content Changed | - | 32-bit | 0x73EA6078, 0x73EBA5E0 |
...
|
||
system.drawing.ni.dll | 1 | 0x73E70000 | 0x73FF7FFF | Content Changed | - | 32-bit | 0x73EBFEDC |
...
|
||
system.drawing.ni.dll | 1 | 0x73E70000 | 0x73FF7FFF | Content Changed | - | 32-bit | 0x73EBBB90, 0x73EB9940 |
...
|
||
system.drawing.ni.dll | 1 | 0x73E70000 | 0x73FF7FFF | Content Changed | - | 32-bit | 0x73EB8690 |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x748B62B0, 0x7480CAB0 |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x748B11C4 |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x748BA025, 0x748B9DF8, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x748BC078, 0x748CB090, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x7490A650, 0x748B29D1, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x748CD000 |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x748D99AC, 0x748D8800 |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x74937313, 0x748D61C4 |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x748C9B60 |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x74936C58, 0x748D2EF4, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x747E0000 | 0x7497AFFF | Content Changed | - | 32-bit | 0x748D06C8, 0x748D56B0 |
...
|
||
system.drawing.ni.dll | 1 | 0x73E70000 | 0x73FF7FFF | Content Changed | - | 32-bit | 0x73EB1FAC |
...
|
||
custommarshalers.ni.dll | 2 | 0x74710000 | 0x74749FFF | Content Changed | - | 32-bit | 0x74730E64 |
...
|
||
custommarshalers.ni.dll | 2 | 0x74710000 | 0x74749FFF | Content Changed | - | 32-bit | 0x74735920 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73B6F158, 0x73BD3F00, ... |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73C07874, 0x73BD4608, ... |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73BCC558, 0x73BCFB2B, ... |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73BD94F0, 0x73BD01D0 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73BD8E08, 0x73C04B38 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73BD2800, 0x73C0535C, ... |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73C0CDC4 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73C0E000, 0x73C0D00D |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73C19590 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73BCE2A0 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73BDB320 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73BCC524 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73B6DA64 |
...
|
||
system.management.ni.dll | 2 | 0x73B50000 | 0x73C53FFF | Content Changed | - | 32-bit | 0x73BDB000, 0x73BDAF84, ... |
...
|
||
buffer | 2 | 0x006E0000 | 0x006E0FFF | First Execution | - | 32-bit | 0x006E0638, 0x006E09C4, ... |
...
|
||
system.configuration.ni.dll | 2 | 0x73A50000 | 0x73B40FFF | Content Changed | - | 32-bit | 0x73A7D073 |
...
|
||
system.configuration.ni.dll | 2 | 0x73A50000 | 0x73B40FFF | Content Changed | - | 32-bit | 0x73A7E149 |
...
|
||
system.configuration.ni.dll | 2 | 0x73A50000 | 0x73B40FFF | Content Changed | - | 32-bit | 0x73A80050 |
...
|
||
system.configuration.ni.dll | 2 | 0x73A50000 | 0x73B40FFF | Content Changed | - | 32-bit | 0x73A81000 |
...
|
||
system.configuration.ni.dll | 2 | 0x73A50000 | 0x73B40FFF | Content Changed | - | 32-bit | 0x73A78650, 0x73A7A320, ... |
...
|
||
system.xml.ni.dll | 2 | 0x71100000 | 0x71635FFF | Content Changed | - | 32-bit | 0x711AF780 |
...
|
||
system.xml.ni.dll | 2 | 0x71100000 | 0x71635FFF | Content Changed | - | 32-bit | 0x7117E1A0, 0x71199290, ... |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Gen:Variant.MSIL.Packy.1 |
Malicious
|