639bd88a...5f94 | Files
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Spyware
Threat Names:
Gen:Variant.Zusy.305535
Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\qPp5UU0Zt1HNYJXn.exe Sample File Binary
Malicious
»
Mime Type application/vnd.microsoft.portable-executable
File Size 347.50 KB
MD5 07cd559a06fa9d014a31131cb225a7f4 Copy to Clipboard
SHA1 9350cc08be170087a79b21bebbf41c6dfa111690 Copy to Clipboard
SHA256 639bd88a73154bd38aa18eaea3e968b76f4431ade64d25936cc7e34509075f94 Copy to Clipboard
SSDeep 6144:P/GF7UKJQ4a26VPGk2TGFKq9MuolhzjE8YgxxSXHaLyF7KHDDXg/n/ddNNTp:P/w1+Psy9MuolZ5Ygx/uF74vg5r Copy to Clipboard
ImpHash c62170d29e98a4f36b2a74ba018472d6 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4446b4
Size Of Code 0x47a00
Size Of Initialized Data 0x10a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-06-18 18:48:06+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x47889 0x47a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.7
.rdata 0x449000 0xad8e 0xae00 0x47e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.68
.data 0x454000 0x1ffc 0x600 0x52c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.43
.reloc 0x456000 0x3abc 0x3c00 0x53200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.7
Imports (19)
»
KERNEL32.dll (87)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCurrentProcess 0x0 0x44900c 0x527d8 0x515d8 0x217
WriteFile 0x0 0x449010 0x527dc 0x515dc 0x612
LeaveCriticalSection 0x0 0x449014 0x527e0 0x515e0 0x3bd
SetFilePointer 0x0 0x449018 0x527e4 0x515e4 0x522
InitializeCriticalSectionEx 0x0 0x44901c 0x527e8 0x515e8 0x360
CreateMutexA 0x0 0x449020 0x527ec 0x515ec 0xd7
UnmapViewOfFile 0x0 0x449024 0x527f0 0x515f0 0x5b0
HeapSize 0x0 0x449028 0x527f4 0x515f4 0x34e
MultiByteToWideChar 0x0 0x44902c 0x527f8 0x515f8 0x3ef
Sleep 0x0 0x449030 0x527fc 0x515fc 0x57d
GetFileInformationByHandle 0x0 0x449034 0x52800 0x51600 0x247
GetLastError 0x0 0x449038 0x52804 0x51604 0x261
CreateFileA 0x0 0x44903c 0x52808 0x51608 0xc3
FileTimeToSystemTime 0x0 0x449040 0x5280c 0x5160c 0x16a
LoadLibraryA 0x0 0x449044 0x52810 0x51610 0x3c1
LockResource 0x0 0x449048 0x52814 0x51614 0x3db
HeapReAlloc 0x0 0x44904c 0x52818 0x51618 0x34c
CloseHandle 0x0 0x449050 0x5281c 0x5161c 0x86
RaiseException 0x0 0x449054 0x52820 0x51620 0x462
GetSystemInfo 0x0 0x449058 0x52824 0x51624 0x2e3
FindResourceExW 0x0 0x44905c 0x52828 0x51628 0x195
LoadResource 0x0 0x449060 0x5282c 0x5162c 0x3c7
FindResourceW 0x0 0x449064 0x52830 0x51630 0x196
HeapAlloc 0x0 0x449068 0x52834 0x51634 0x345
GetLocalTime 0x0 0x44906c 0x52838 0x51638 0x262
HeapDestroy 0x0 0x449070 0x5283c 0x5163c 0x348
GetProcAddress 0x0 0x449074 0x52840 0x51640 0x2ae
CreateFileMappingA 0x0 0x449078 0x52844 0x51644 0xc4
GetFileSize 0x0 0x44907c 0x52848 0x51648 0x24b
DeleteCriticalSection 0x0 0x449080 0x5284c 0x5164c 0x110
GetProcessHeap 0x0 0x449084 0x52850 0x51650 0x2b4
SystemTimeToFileTime 0x0 0x449088 0x52854 0x51654 0x588
FreeLibrary 0x0 0x44908c 0x52858 0x51658 0x1ab
WideCharToMultiByte 0x0 0x449090 0x5285c 0x5165c 0x5fe
EnterCriticalSection 0x0 0x449094 0x52860 0x51660 0x131
GetTickCount 0x0 0x449098 0x52864 0x51664 0x307
IsWow64Process 0x0 0x44909c 0x52868 0x51668 0x391
AreFileApisANSI 0x0 0x4490a0 0x5286c 0x5166c 0x23
GetFullPathNameW 0x0 0x4490a4 0x52870 0x51670 0x259
LockFile 0x0 0x4490a8 0x52874 0x51674 0x3d9
InitializeCriticalSection 0x0 0x4490ac 0x52878 0x51678 0x35e
GetFullPathNameA 0x0 0x4490b0 0x5287c 0x5167c 0x256
SetEndOfFile 0x0 0x4490b4 0x52880 0x51680 0x510
GetTempPathW 0x0 0x4490b8 0x52884 0x51684 0x2f6
CreateFileW 0x0 0x4490bc 0x52888 0x51688 0xcb
GetFileAttributesW 0x0 0x4490c0 0x5288c 0x5168c 0x245
GetCurrentThreadId 0x0 0x4490c4 0x52890 0x51690 0x21c
GetTempPathA 0x0 0x4490c8 0x52894 0x51694 0x2f5
GetFileAttributesA 0x0 0x4490cc 0x52898 0x51698 0x240
GetVersionExA 0x0 0x4490d0 0x5289c 0x5169c 0x31a
DeleteFileA 0x0 0x4490d4 0x528a0 0x516a0 0x112
DeleteFileW 0x0 0x4490d8 0x528a4 0x516a4 0x115
LoadLibraryW 0x0 0x4490dc 0x528a8 0x516a8 0x3c4
UnlockFile 0x0 0x4490e0 0x528ac 0x516ac 0x5ae
LockFileEx 0x0 0x4490e4 0x528b0 0x516b0 0x3da
GetCurrentProcessId 0x0 0x4490e8 0x528b4 0x516b4 0x218
GetSystemTimeAsFileTime 0x0 0x4490ec 0x528b8 0x516b8 0x2e9
GetSystemTime 0x0 0x4490f0 0x528bc 0x516bc 0x2e7
FormatMessageA 0x0 0x4490f4 0x528c0 0x516c0 0x1a6
QueryPerformanceCounter 0x0 0x4490f8 0x528c4 0x516c4 0x44d
FlushFileBuffers 0x0 0x4490fc 0x528c8 0x516c8 0x19f
GetCurrentDirectoryW 0x0 0x449100 0x528cc 0x516cc 0x211
CreateDirectoryW 0x0 0x449104 0x528d0 0x516d0 0xba
FindClose 0x0 0x449108 0x528d4 0x516d4 0x175
FindFirstFileExW 0x0 0x44910c 0x528d8 0x516d8 0x17b
FindNextFileW 0x0 0x449110 0x528dc 0x516dc 0x18c
GetFileAttributesExW 0x0 0x449114 0x528e0 0x516e0 0x242
RemoveDirectoryW 0x0 0x449118 0x528e4 0x516e4 0x4b9
HeapFree 0x0 0x44911c 0x528e8 0x516e8 0x349
SizeofResource 0x0 0x449120 0x528ec 0x516ec 0x57c
MapViewOfFile 0x0 0x449124 0x528f0 0x516f0 0x3de
ReadFile 0x0 0x449128 0x528f4 0x516f4 0x473
SetLastError 0x0 0x44912c 0x528f8 0x516f8 0x532
GetModuleHandleW 0x0 0x449130 0x528fc 0x516fc 0x278
CopyFileW 0x0 0x449134 0x52900 0x51700 0xad
IsDebuggerPresent 0x0 0x449138 0x52904 0x51704 0x37f
OutputDebugStringW 0x0 0x44913c 0x52908 0x51708 0x419
InitializeCriticalSectionAndSpinCount 0x0 0x449140 0x5290c 0x5170c 0x35f
SetEvent 0x0 0x449144 0x52910 0x51710 0x516
ResetEvent 0x0 0x449148 0x52914 0x51714 0x4c6
WaitForSingleObjectEx 0x0 0x44914c 0x52918 0x51718 0x5d8
CreateEventW 0x0 0x449150 0x5291c 0x5171c 0xbf
UnhandledExceptionFilter 0x0 0x449154 0x52920 0x51720 0x5ad
SetUnhandledExceptionFilter 0x0 0x449158 0x52924 0x51724 0x56d
IsProcessorFeaturePresent 0x0 0x44915c 0x52928 0x51728 0x386
InitializeSListHead 0x0 0x449160 0x5292c 0x5172c 0x363
TerminateProcess 0x0 0x449164 0x52930 0x51730 0x58c
USER32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDC 0x0 0x4491d0 0x5299c 0x5179c 0x140
GetDesktopWindow 0x0 0x4491d4 0x529a0 0x517a0 0x143
FindWindowA 0x0 0x4491d8 0x529a4 0x517a4 0x111
GetSystemMetrics 0x0 0x4491dc 0x529a8 0x517a8 0x1c4
ShowWindow 0x0 0x4491e0 0x529ac 0x517ac 0x380
ReleaseDC 0x0 0x4491e4 0x529b0 0x517b0 0x2f5
GDI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteObject 0x0 0x449000 0x527cc 0x515cc 0x17f
GetObjectA 0x0 0x449004 0x527d0 0x515d0 0x2a6
MSVCP140.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z 0x0 0x44916c 0x52938 0x51738 0xb1
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z 0x0 0x449170 0x5293c 0x5173c 0x1b8
?narrow@?$ctype@_W@std@@QBEPB_WPB_W0DPAD@Z 0x0 0x449174 0x52940 0x51740 0x42c
??Bid@locale@std@@QAEIXZ 0x0 0x449178 0x52944 0x51744 0x131
?_Getname@_Locinfo@std@@QBEPBDXZ 0x0 0x44917c 0x52948 0x51748 0x1de
??1_Locinfo@std@@QAE@XZ 0x0 0x449180 0x5294c 0x5174c 0xa4
??0_Locinfo@std@@QAE@HPBD@Z 0x0 0x449184 0x52950 0x51750 0x6b
??1_Lockit@std@@QAE@XZ 0x0 0x449188 0x52954 0x51754 0xa5
??0_Lockit@std@@QAE@H@Z 0x0 0x44918c 0x52958 0x51758 0x6d
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z 0x0 0x449190 0x5295c 0x5175c 0x1a6
?_Xruntime_error@std@@YAXPBD@Z 0x0 0x449194 0x52960 0x51760 0x292
?_Syserror_map@std@@YAPBDH@Z 0x0 0x449198 0x52964 0x51764 0x273
?_Xlength_error@std@@YAXPBD@Z 0x0 0x44919c 0x52968 0x51768 0x28e
?_Winerror_map@std@@YAHH@Z 0x0 0x4491a0 0x5296c 0x5176c 0x285
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z 0x0 0x4491a4 0x52970 0x51770 0x23a
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z 0x0 0x4491a8 0x52974 0x51774 0x243
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ 0x0 0x4491ac 0x52978 0x51778 0x1d5
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z 0x0 0x4491b0 0x5297c 0x5177c 0x20f
?_Winerror_message@std@@YAKKPADK@Z 0x0 0x4491b4 0x52980 0x51780 0x286
?id@?$ctype@_W@std@@2V0locale@2@A 0x0 0x4491b8 0x52984 0x51784 0x3d1
?_Xout_of_range@std@@YAXPBD@Z 0x0 0x4491bc 0x52988 0x51788 0x28f
SHLWAPI.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathFindExtensionW 0x0 0x4491c4 0x52990 0x51790 0x4b
PathFindExtensionA 0x0 0x4491c8 0x52994 0x51794 0x4a
gdiplus.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdiplusStartup 0x0 0x44937c 0x52b48 0x51948 0x275
GdipCreateBitmapFromHBITMAP 0x0 0x449380 0x52b4c 0x5194c 0x4d
GdipGetImageEncoders 0x0 0x449384 0x52b50 0x51950 0x11e
GdiplusShutdown 0x0 0x449388 0x52b54 0x51954 0x274
GdipDisposeImage 0x0 0x44938c 0x52b58 0x51958 0x98
GdipGetImageEncodersSize 0x0 0x449390 0x52b5c 0x5195c 0x11f
GdipCreateBitmapFromScan0 0x0 0x449394 0x52b60 0x51960 0x50
GdipSaveImageToFile 0x0 0x449398 0x52b64 0x51964 0x1f0
WININET.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HttpEndRequestA 0x0 0x449228 0x529f4 0x517f4 0x71
HttpSendRequestExA 0x0 0x44922c 0x529f8 0x517f8 0x80
InternetCloseHandle 0x0 0x449230 0x529fc 0x517fc 0x95
InternetConnectA 0x0 0x449234 0x52a00 0x51800 0x9b
InternetWriteFile 0x0 0x449238 0x52a04 0x51804 0xef
InternetOpenA 0x0 0x44923c 0x52a08 0x51808 0xc6
HttpOpenRequestA 0x0 0x449240 0x52a0c 0x5180c 0x78
InternetReadFile 0x0 0x449244 0x52a10 0x51810 0xce
HttpSendRequestA 0x0 0x449248 0x52a14 0x51814 0x7f
VCRUNTIME140.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CxxThrowException 0x0 0x4491ec 0x529b8 0x517b8 0x1
__CxxFrameHandler3 0x0 0x4491f0 0x529bc 0x517bc 0x10
__std_exception_destroy 0x0 0x4491f4 0x529c0 0x517c0 0x22
memmove 0x0 0x4491f8 0x529c4 0x517c4 0x47
__current_exception 0x0 0x4491fc 0x529c8 0x517c8 0x1c
memcpy 0x0 0x449200 0x529cc 0x517cc 0x46
__std_exception_copy 0x0 0x449204 0x529d0 0x517d0 0x21
memcmp 0x0 0x449208 0x529d4 0x517d4 0x45
__current_exception_context 0x0 0x44920c 0x529d8 0x517d8 0x1d
_except_handler3 0x0 0x449210 0x529dc 0x517dc 0x34
memchr 0x0 0x449214 0x529e0 0x517e0 0x44
_except_handler4_common 0x0 0x449218 0x529e4 0x517e4 0x35
__std_terminate 0x0 0x44921c 0x529e8 0x517e8 0x23
memset 0x0 0x449220 0x529ec 0x517ec 0x48
api-ms-win-crt-runtime-l1-1-0.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_configure_narrow_argv 0x0 0x44929c 0x52a68 0x51868 0x19
_initialize_narrow_environment 0x0 0x4492a0 0x52a6c 0x5186c 0x35
_invalid_parameter_noinfo_noreturn 0x0 0x4492a4 0x52a70 0x51870 0x3b
_register_onexit_function 0x0 0x4492a8 0x52a74 0x51874 0x3e
_crt_atexit 0x0 0x4492ac 0x52a78 0x51878 0x1f
_cexit 0x0 0x4492b0 0x52a7c 0x5187c 0x17
_seh_filter_exe 0x0 0x4492b4 0x52a80 0x51880 0x42
_errno 0x0 0x4492b8 0x52a84 0x51884 0x23
terminate 0x0 0x4492bc 0x52a88 0x51888 0x6a
_get_initial_narrow_environment 0x0 0x4492c0 0x52a8c 0x5188c 0x2a
_initterm 0x0 0x4492c4 0x52a90 0x51890 0x38
_initterm_e 0x0 0x4492c8 0x52a94 0x51894 0x39
_exit 0x0 0x4492cc 0x52a98 0x51898 0x25
_invalid_parameter_noinfo 0x0 0x4492d0 0x52a9c 0x5189c 0x3a
__p___argc 0x0 0x4492d4 0x52aa0 0x518a0 0x5
__p___argv 0x0 0x4492d8 0x52aa4 0x518a4 0x6
_c_exit 0x0 0x4492dc 0x52aa8 0x518a8 0x16
_register_thread_local_exe_atexit_callback 0x0 0x4492e0 0x52aac 0x518ac 0x3f
exit 0x0 0x4492e4 0x52ab0 0x518b0 0x58
_resetstkoflw 0x0 0x4492e8 0x52ab4 0x518b4 0x40
_set_app_type 0x0 0x4492ec 0x52ab8 0x518b8 0x44
_controlfp_s 0x0 0x4492f0 0x52abc 0x518bc 0x1d
_initialize_onexit_table 0x0 0x4492f4 0x52ac0 0x518c0 0x36
api-ms-win-crt-time-l1-1-0.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
clock 0x0 0x449358 0x52b24 0x51924 0x45
asctime 0x0 0x44935c 0x52b28 0x51928 0x43
_time64 0x0 0x449360 0x52b2c 0x5192c 0x30
_localtime64 0x0 0x449364 0x52b30 0x51930 0x23
api-ms-win-crt-string-l1-1-0.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wcscspn 0x0 0x449320 0x52aec 0x518ec 0xa2
strlen 0x0 0x449324 0x52af0 0x518f0 0x8b
isspace 0x0 0x449328 0x52af4 0x518f4 0x6e
isalnum 0x0 0x44932c 0x52af8 0x518f8 0x64
isdigit 0x0 0x449330 0x52afc 0x518fc 0x68
wcsspn 0x0 0x449334 0x52b00 0x51900 0xab
strcmp 0x0 0x449338 0x52b04 0x51904 0x86
wcslen 0x0 0x44933c 0x52b08 0x51908 0xa3
tolower 0x0 0x449340 0x52b0c 0x5190c 0x97
isxdigit 0x0 0x449344 0x52b10 0x51910 0x7e
_wcsicmp 0x0 0x449348 0x52b14 0x51914 0x4a
wmemcpy_s 0x0 0x44934c 0x52b18 0x51918 0xb0
strcpy 0x0 0x449350 0x52b1c 0x5191c 0x88
api-ms-win-crt-heap-l1-1-0.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_recalloc 0x0 0x449260 0x52a2c 0x5182c 0x15
free 0x0 0x449264 0x52a30 0x51830 0x18
_set_new_mode 0x0 0x449268 0x52a34 0x51834 0x16
calloc 0x0 0x44926c 0x52a38 0x51838 0x17
realloc 0x0 0x449270 0x52a3c 0x5183c 0x1a
_callnewh 0x0 0x449274 0x52a40 0x51840 0x8
malloc 0x0 0x449278 0x52a44 0x51844 0x19
api-ms-win-crt-utility-l1-1-0.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
srand 0x0 0x44936c 0x52b38 0x51938 0x1d
rand 0x0 0x449370 0x52b3c 0x5193c 0x1b
labs 0x0 0x449374 0x52b40 0x51940 0x15
api-ms-win-crt-stdio-l1-1-0.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
fopen 0x0 0x4492fc 0x52ac8 0x518c8 0x7d
__stdio_common_vsprintf 0x0 0x449300 0x52acc 0x518cc 0xd
feof 0x0 0x449304 0x52ad0 0x518d0 0x75
fclose 0x0 0x449308 0x52ad4 0x518d4 0x74
__p__commode 0x0 0x44930c 0x52ad8 0x518d8 0x1
_set_fmode 0x0 0x449310 0x52adc 0x518dc 0x54
fread 0x0 0x449314 0x52ae0 0x518e0 0x83
fwrite 0x0 0x449318 0x52ae4 0x518e4 0x8a
api-ms-win-crt-multibyte-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_mbsicmp 0x0 0x449294 0x52a60 0x51860 0x6b
api-ms-win-crt-environment-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
getenv 0x0 0x449258 0x52a24 0x51824 0x10
api-ms-win-crt-convert-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
atoi 0x0 0x449250 0x52a1c 0x5181c 0x50
api-ms-win-crt-locale-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_configthreadlocale 0x0 0x449280 0x52a4c 0x5184c 0x8
___lc_codepage_func 0x0 0x449284 0x52a50 0x51850 0x0
api-ms-win-crt-math-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__setusermatherr 0x0 0x44928c 0x52a58 0x51858 0x2e
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
qpp5uu0zt1hnyjxn.exe 1 0x001C0000 0x00219FFF Relevant Image True 32-bit 0x001DDE90 True False
qpp5uu0zt1hnyjxn.exe 1 0x001C0000 0x00219FFF Process Termination True 32-bit - True False
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Zusy.305535
Malicious
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP Dropped File Sqlite
Whitelisted
»
Also Known As C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type application/x-sqlite3
File Size 18.00 KB
MD5 5c2161fc7b16d12b45b3e53d56fad16a Copy to Clipboard
SHA1 06a317f3d6519cf226db3ab029a212293d318a1b Copy to Clipboard
SHA256 cdad85eefaeee766286a12d8c4039c819a3515170da3070967a7f5198119b35a Copy to Clipboard
SSDeep 24:LLUH0KL7G0TMJHUyyJtmCm0XKY6lOKQAE9V8MffD4fOzeCmly6Uwc6FZW:Uz+JH3yJUheCVE9V8MX0PFlNU12ZW Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat Modified File Stream
Unknown
»
Mime Type application/octet-stream
File Size 128 Bytes
MD5 f3344e084c76cf0e0a3ad5bacde88678 Copy to Clipboard
SHA1 7609c6b4fe4da79d21ddea0cbc56b9e0ce5822a7 Copy to Clipboard
SHA256 67a2c36c1223e17b98b6114a85c345a63696aabb2d8225e7c3423762f7109ed7 Copy to Clipboard
SSDeep 3:iu/B:i Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP Dropped File Sqlite
Unknown
»
Also Known As C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type application/x-sqlite3
File Size 7.00 KB
MD5 5437864c133f53e6a43fc8678fee8ca9 Copy to Clipboard
SHA1 383ed41171772885ecedac3639de19c6d4024b57 Copy to Clipboard
SHA256 037369299fe8f3e3755fd3d7b421ae7676b1d713d948a4bf02ac138aaea55748 Copy to Clipboard
SSDeep 24:rid5UcYQ2yZTPaFpEvg3obNmQMOypv6UoF:+decYFgPOpEveoJNCoUc Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP Dropped File Sqlite
Unknown
»
Also Known As C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type application/x-sqlite3
File Size 7.00 KB
MD5 70e12cac31a061c18c2330867a11905a Copy to Clipboard
SHA1 490060d53743d4a0c5018c6ce1ccd4a32e9540e9 Copy to Clipboard
SHA256 c8944acce930591044bae29b93f05a9dc7efa86485c22d9cc8ee2f7e0b062192 Copy to Clipboard
SSDeep 24:r+iw5Uc5Q2yZTPaFpEvg3obNmQMOypv6UoF:yrec5FgPOpEveoJNCoUc Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP Dropped File Sqlite
Unknown
»
Also Known As C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type application/x-sqlite3
File Size 28.00 KB
MD5 164f4ab18544aae9d15a13d4515bd3dc Copy to Clipboard
SHA1 78c8d3bdd34ba554fd077b0a126f01c6e877b1ae Copy to Clipboard
SHA256 fcbf28e532103aee92e2e1d0ca8e96e7c1387fb6654566078362623a0c893129 Copy to Clipboard
SSDeep 48:T1L/ecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:FHSNDJAAvfbc Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP Dropped File Sqlite
Unknown
»
Also Known As C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type application/x-sqlite3
File Size 28.00 KB
MD5 e8af740fbd1c52f0eb5d39deceb363b4 Copy to Clipboard
SHA1 933cf6fd1466505acd481220a56daed3587f769a Copy to Clipboard
SHA256 62e2a4e55f4a335fadaa542ff834be3e3d938c7a4c6ed5334b408966737ed887 Copy to Clipboard
SSDeep 48:TS4aecVTgPOpEveoJZFrU1cQBAxPsuNfRlc9:mpSNDJAAvfbc Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\DNKQWP.EWOBKKWOTL Dropped File Text
Unknown
»
Also Known As Browser/Coookies/[old][FD1HVy]-[Google_1]_cookies.txt (Embedded File)
Mime Type text/plain
File Size 103 Bytes
MD5 c2ab6992976dabee5c3da36cb11ce933 Copy to Clipboard
SHA1 08601effeb5c842d9151d3559cbaaf41c1c101ee Copy to Clipboard
SHA256 d7f1e913d2c0c2636321dafc1577cb3be3ca9367506f8839caaba9fd880ca6c2 Copy to Clipboard
SSDeep 3:vGWJ3uopHrsJXOWXcVUcd7s3AEmtVNof4iCLHK0v:F+opYZOQcVFdm+f6QrLHKW Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\JLIBUEONUL.COYQJDGQP Dropped File Sqlite
Unknown
»
Also Known As C:\\Users\FD1HVy\AppData\Local\Adobe\AcroCef\DC\Acrobat\Cookie\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Cookies (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File)
C:\\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\Web Data (Dropped File)
Mime Type application/x-sqlite3
File Size 64.00 KB
MD5 e3a002935a782f75c8ac7f3f0505d7f2 Copy to Clipboard
SHA1 5ec603207a726efa249b6ef575b2d03c64e928fd Copy to Clipboard
SHA256 912c041f1f45b8b817f94c84c15433a40463a8a56d6978cf08b7ed28996050a7 Copy to Clipboard
SSDeep 96:Ze3Zht6YnMvqI738Hsa/NTIdEFaEdUDSuKn8Y/qBOnxjyWTJereWb3Ds4Blr:ZkZLHMEhTJMb3D Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\IFMNPTSMFC.XYNWYSIBQ Dropped File Sqlite
Unknown
»
Also Known As C:\\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite (Dropped File)
Mime Type application/x-sqlite3
File Size 512.00 KB
MD5 8e7107bddd95522257907508a7f913a4 Copy to Clipboard
SHA1 716c603f5ce48315a81254eecd440db928aa5b0a Copy to Clipboard
SHA256 cd184b370c98dc7906d4bfd958ac0a22b64e0b70d0e096f0c655d6428d264932 Copy to Clipboard
SSDeep 192:VD/ApAhREKxiHpWXC1elNknfedN2F8870P98aA2ymwCtQMABwC7p:VDopgREIcrelKfe3WRmsM0p Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\IFMNPTSMFC.XYNWYSIBQ Dropped File Sqlite
Unknown
»
Also Known As C:\\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite (Dropped File)
Mime Type application/x-sqlite3
File Size 512.00 KB
MD5 3bede0d18bc45f433e846b52a7337f98 Copy to Clipboard
SHA1 5f1629753f79dba76210a669affa6996b25efa90 Copy to Clipboard
SHA256 f542d91096288d712dbdb38a061f9afd3784a2708377533955d45aaff69e71cd Copy to Clipboard
SSDeep 192:lD/ApAhREKxiHpWXC1elNknfedN2F8870P98aA2ymwCtQMABwC7p:lDopgREIcrelKfe3WRmsM0p Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\PNCWEC.JUGYDYGNFY Dropped File Text
Unknown
»
Also Known As Browser/Coookies/[FD1HVy]-[Mozilla_2]_cookies.txt (Embedded File)
Mime Type text/plain
File Size 5.69 KB
MD5 3fc640a45710bd566ae2803c6a23d25a Copy to Clipboard
SHA1 929d13577d3e4580b2ad0dfa8630b4ee1c2652ce Copy to Clipboard
SHA256 3572cde06e5415a27803b68d3978291db97ac8308bdc51076fbacf02af659beb Copy to Clipboard
SSDeep 96:YG98nNwSct0rt0Jt09BPHl8onelgN8IzzlIwPHqbqbdRiKbXbAZWYAa3GNtWzpJt:198888QNbeSWINDIaIzpJJRN3rBa2 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\EYOMIEVEUVPBHSRHJOV.KCFEUCGNKIVHGOLQ Dropped File Image
Unknown
»
Also Known As Screenshot.png (Embedded File)
Mime Type image/png
File Size 813.62 KB
MD5 9699e3ac11d9342ff1ef469cf1617601 Copy to Clipboard
SHA1 7961666e47d9db34ecd64b41212b18b9c68f41f8 Copy to Clipboard
SHA256 ca40f2a639b66af31ffc79af7d58fac0b6e5942107b9396372961686a30c107f Copy to Clipboard
SSDeep 24576:FgVx9avE5CMKX8utMty6Hgd4wkozZ6lf1:FYcE5CHZ8yVYozZC1 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\ERCYSUBLVBUOHHNEFMPP\KDYYPOLFJWSDSNEGVSIX.TQKT Dropped File Text
Unknown
»
Also Known As bDebug.txt (Embedded File)
Mime Type text/plain
File Size 920 Bytes
MD5 577e5cf6c9eaa3e8b7a7181e9eeda7b8 Copy to Clipboard
SHA1 4b36bb3248c5286f4378d6c36f85c300cfcc9c0a Copy to Clipboard
SHA256 87e70ca6d3c456d9be944716af6c5be3e30ec066e1834a74ad04e4b0d3acfa6e Copy to Clipboard
SSDeep 24:oJZHUFVZ5Kk/aRFVZ5Kk8hoFVZ5KkPrBVS5vuK:oJZ0jZUkSRjZUkiojZUkPrXSluK Copy to Clipboard
ImpHash -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image