5d4e22be...6c81

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nqmdwcixbxs.exe

Sample File

Binary

Malicious

Also Known As	C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe (Dropped File) C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\\tmpG554.tmp (Dropped File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	440.00 KB
MD5	ef234f23724dc00e693bdb1b1218c1e8
SHA1	27f0ca2bf23aca5bf4c737480038f23c7eea5b96
SHA256	5d4e22be32dce5474b61e0df305861f2c07b10ddadbc2dc937481c7d2b736c81
SSDeep	6144:gzxCyj385/GUCdxzGrGHqveLAS1aP4vAvKhAp081nNVjqKoe:gw8RxSle7AP4oy6nnjqKoe
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744
Parser Error Remark	Static analyzer was unable to completely parse the analyzed file

File Reputation Information

Severity	Blacklisted
First Seen	2017-06-12 21:11 (UTC+2)
Last Seen	2019-03-01 17:38 (UTC+1)
Names	ByteCode-MSIL.Trojan.Injector
Families	Injector
Classification	Trojan

PE Information

Image Base	0x400000
Entry Point	0x43607e
Size Of Code	0x35000
Size Of Initialized Data	0x38000
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2017-06-12 08:13:26+00:00

Version Information (10)

Assembly Version	1.0.17.17
Comments	Wrq is a Enco.
CompanyName	Wrq corp.
FileDescription	Wrq
FileVersion	7.14.19.15
InternalName	today.exe
LegalCopyright	Wrq 2016
OriginalFilename	today.exe
ProductName	Wrq Enco
ProductVersion	7.14.19.15

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x34084	0x35000	0x1000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.41
.rsrc	0x438000	0x36f20	0x37000	0x36000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	6.0
.reloc	0x470000	0xc	0x1000	0x6d000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.02

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	0x0	0x402000	0x36058	0x35058	0x0

Memory Dumps (40)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
system.drawing.ni.dll	1	0x73E70000	0x73FF7FFF	Content Changed	-	32-bit	0x73EA6078, 0x73EBA5E0	... Memory Dump Actions Download Dump Go to process
system.drawing.ni.dll	1	0x73E70000	0x73FF7FFF	Content Changed	-	32-bit	0x73EBFEDC	... Memory Dump Actions Download Dump Go to process
system.drawing.ni.dll	1	0x73E70000	0x73FF7FFF	Content Changed	-	32-bit	0x73EBBB90, 0x73EB9940	... Memory Dump Actions Download Dump Go to process
system.drawing.ni.dll	1	0x73E70000	0x73FF7FFF	Content Changed	-	32-bit	0x73EB8690	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x748B62B0, 0x7480CAB0	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x748B11C4	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x748BA025, 0x748B9DF8, ...	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x748BC078, 0x748CB090, ...	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x7490A650, 0x748B29D1, ...	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x748CD000	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x748D99AC, 0x748D8800	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x74937313, 0x748D61C4	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x748C9B60	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x74936C58, 0x748D2EF4, ...	... Memory Dump Actions Download Dump Go to process
microsoft.visualbasic.ni.dll	1	0x747E0000	0x7497AFFF	Content Changed	-	32-bit	0x748D06C8, 0x748D56B0	... Memory Dump Actions Download Dump Go to process
system.drawing.ni.dll	1	0x73E70000	0x73FF7FFF	Content Changed	-	32-bit	0x73EB1FAC	... Memory Dump Actions Download Dump Go to process
custommarshalers.ni.dll	2	0x74710000	0x74749FFF	Content Changed	-	32-bit	0x74730E64	... Memory Dump Actions Download Dump Go to process
custommarshalers.ni.dll	2	0x74710000	0x74749FFF	Content Changed	-	32-bit	0x74735920	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73B6F158, 0x73BD3F00, ...	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73C07874, 0x73BD4608, ...	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73BCC558, 0x73BCFB2B, ...	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73BD94F0, 0x73BD01D0	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73BD8E08, 0x73C04B38	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73BD2800, 0x73C0535C, ...	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73C0CDC4	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73C0E000, 0x73C0D00D	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73C19590	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73BCE2A0	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73BDB320	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73BCC524	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73B6DA64	... Memory Dump Actions Download Dump Go to process
system.management.ni.dll	2	0x73B50000	0x73C53FFF	Content Changed	-	32-bit	0x73BDB000, 0x73BDAF84, ...	... Memory Dump Actions Download Dump Go to process
buffer	2	0x006E0000	0x006E0FFF	First Execution	-	32-bit	0x006E0638, 0x006E09C4, ...	... Memory Dump Actions Download Dump Go to process
system.configuration.ni.dll	2	0x73A50000	0x73B40FFF	Content Changed	-	32-bit	0x73A7D073	... Memory Dump Actions Download Dump Go to process
system.configuration.ni.dll	2	0x73A50000	0x73B40FFF	Content Changed	-	32-bit	0x73A7E149	... Memory Dump Actions Download Dump Go to process
system.configuration.ni.dll	2	0x73A50000	0x73B40FFF	Content Changed	-	32-bit	0x73A80050	... Memory Dump Actions Download Dump Go to process
system.configuration.ni.dll	2	0x73A50000	0x73B40FFF	Content Changed	-	32-bit	0x73A81000	... Memory Dump Actions Download Dump Go to process
system.configuration.ni.dll	2	0x73A50000	0x73B40FFF	Content Changed	-	32-bit	0x73A78650, 0x73A7A320, ...	... Memory Dump Actions Download Dump Go to process
system.xml.ni.dll	2	0x71100000	0x71635FFF	Content Changed	-	32-bit	0x711AF780	... Memory Dump Actions Download Dump Go to process
system.xml.ni.dll	2	0x71100000	0x71635FFF	Content Changed	-	32-bit	0x7117E1A0, 0x71199290, ...	... Memory Dump Actions Download Dump Go to process

Local AV Matches (1)

Threat Name	Severity
Gen:Variant.MSIL.Packy.1	Malicious

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After