5d4e22be...6c81

VMRay Threat Indicators (18 rules, 60 matches)

Severity	Category	Operation	Count	Classification
5/5	OS	Obscures a file's origin	1	-
Tries to delete zone identifier of file "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Java\JavaUpdtr.exe". ... VTI Actions Go to Behavior Go to file details
5/5	Local AV	Malicious content was detected by heuristic scan	1	-
Local AV detected the sample itself as "Gen:Variant.MSIL.Packy.1". ... VTI Actions Go to AV match Go to file details
5/5	Reputation	Known malicious file	1	Trojan
File "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nqmdwcixbxs.exe" is a known malicious file. ... VTI Actions Go to file details
4/5	Information Stealing	Exhibits Spyware behavior	1	Spyware
Tries to read sensitive data of: SeaMonkey, Google Chrome, Mozilla Firefox, Opera, Yandex Browser, Internet Explorer / Edge. ... VTI Actions
4/5	Reputation	Known malicious URL	1	-
Contacted URL "www.vacanzaimmobiliare.it/testla/WebPanel/post.php" is a known malicious URL. ... VTI Actions Go to Behavior
3/5	Device	Monitors keyboard input	1	Keylogger
Installs system wide "WH_KEYBOARD_LL" hook(s) to monitor keystrokes. ... VTI Actions Go to Behavior
3/5	Network	Reads network adapter information	1	-
Reads the network adapters' addresses by API. ... VTI Actions Go to Behavior
2/5	Anti Analysis	Resolves APIs dynamically to possibly evade static detection	1	-
Resolves an unusually high number of APIs. ... VTI Actions Go to Behavior
2/5	Information Stealing	Reads sensitive browser data	9	-
Trying to read sensitive data of web browser "Google Chrome" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Mozilla Firefox" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Opera" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Yandex Browser" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Internet Explorer / Edge" by registry. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Comodo Dragon" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Flock" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Maple Studio" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of web browser "Chromium" by file. ... VTI Actions Go to Behavior
2/5	Information Stealing	Reads sensitive application data	6	-
Trying to read sensitive data of application "SeaMonkey" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of application "WinSCP" by registry. ... VTI Actions Go to Behavior
Trying to read sensitive data of application "DynDNS" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of application "Pidgin" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of application "Internet Download Manager" by registry. ... VTI Actions Go to Behavior
Trying to read sensitive data of application "jDownloader" by file. ... VTI Actions Go to Behavior
2/5	Information Stealing	Reads sensitive mail data	5	-
Trying to read sensitive data of mail application "Microsoft Outlook" by registry. ... VTI Actions Go to Behavior
Trying to read sensitive data of mail application "Mozilla Thunderbird" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of mail application "Opera Mail" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of mail application "Pocomail" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of mail application "The Bat!" by file. ... VTI Actions Go to Behavior
2/5	Information Stealing	Reads sensitive ftp data	5	-
Trying to read sensitive data of ftp application "FileZilla" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of ftp application "Ipswitch WS_FTP" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of ftp application "CoreFTP" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of ftp application "FlashFXP" by file. ... VTI Actions Go to Behavior
Trying to read sensitive data of ftp application "Total Commander" by file. ... VTI Actions Go to Behavior
1/5	Process	Creates system object	1	-
Creates mutex with name "Global\.net clr networking". ... VTI Actions Go to Behavior
1/5	Network	Performs DNS request	1	-
Resolves host name "www.vacanzaimmobiliare.it". ... VTI Actions Go to Behavior
1/5	Information Stealing	Possibly does reconnaissance	21	-
Possibly trying to gather information about application "Mozilla Firefox" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Safari" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "SeaMonkey" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Flock" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Mozilla Thunderbird" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Foxmail" by registry. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Opera Mail" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Pocomail" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Qualcomm Eudora" by registry. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "The Bat!" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "FileZilla" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "WS_FTP" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "WinSCP" by registry. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "CoreFTP" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "DynDNS" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "FlashFXP" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Paltalk" by registry. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "Pidgin" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "SmartFTP" by file. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "No-IP DUC" by registry. ... VTI Actions Go to Behavior
Possibly trying to gather information about application "jDownloader" by file. ... VTI Actions Go to Behavior
1/5	Network	Connects to remote host	2	-
Outgoing TCP connection to host "185.81.4.56:80". ... VTI Actions Go to Behavior
Outgoing TCP connection to host "185.81.4.56:443". ... VTI Actions Go to Behavior
1/5	Network	Connects to HTTP server	1	-
URL "www.vacanzaimmobiliare.it/testla/WebPanel/post.php". ... VTI Actions Go to Behavior
1/5	Static	Unparsable sections in file	1	-
Static analyzer was unable to completely parse the analyzed file: C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\nqmdwcixbxs.exe. ... VTI Actions Go to file details

Screenshots

Monitored Processes

Sample Information

ID	#117847
MD5	ef234f23724dc00e693bdb1b1218c1e8
SHA1	27f0ca2bf23aca5bf4c737480038f23c7eea5b96
SHA256	5d4e22be32dce5474b61e0df305861f2c07b10ddadbc2dc937481c7d2b736c81
SSDeep	6144:gzxCyj385/GUCdxzGrGHqveLAS1aP4vAvKhAp081nNVjqKoe:gw8RxSle7AP4oy6nnjqKoe
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744
Filename	nqmdwcixbxs.exe
File Size	440.00 KB
Sample Type	Windows Exe (x86-32)

Analysis Information

Creation Time	2019-07-22 01:34 (UTC+2)
Analysis Duration	00:02:29
Number of Monitored Processes	2
Execution Successful
Reputation Enabled
WHOIS Enabled
Local AV Enabled
YARA Enabled
Number of AV Matches	1
Number of YARA Matches	0
Termination Reason	Timeout
Tags

Remarks (1/1)

VMRay Threat Indicators (18 rules, 60 matches)

Screenshots

Monitored Processes

Sample Information

Analysis Information

Before

After