VMRay Analyzer Report
Analysis Information
Creation Time2016-09-26 12:36 (UTC+2)
VM Analysis Duration Time00:02:38
Execution SuccessfulTrue
Sample Filename1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe
Command Line ParametersFalse
PrescriptFalse
Number of Processes104
Termination ReasonTimeout
Download Function Logfile Generic Logfile PCAP STIX/CybOX
RemarksControl flow obfuscation detected
Dump total size limit reached. Some memory dumps may be missing
Truncate overall sleep time from 3 minutes, 55 seconds to 0 seconds
VTI Information
VTI Score
77 / 100
VTI Database Version2.2
VTI Rule Match Count25
VTI Rule TypeDefault (PE, ...)
Tags
The tags feature is only available in the fully licensed version of VMRay Analyzer.
Screenshots
Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot
Monitored Processes
Process Graph


IDPIDMonitor ReasonImage NameCommand LineOrigin ID
#10xcc8Analysis Target1129c5049ff7842161800d20141de5848888ea44_(b-ware)_vt.malware.exe"C:\Users\WI2yhmtI onvScY7Pe\Desktop\1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe"
#20x7fcInjectionexplorer.exeC:\Windows\Explorer.EXE#1
#30xd54Child Processexplorer.exeexplorer.exe#1
#40x1170Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#1
#50x11acChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#60x11bcChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#5
#70x11c8Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#80x11d8Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#7
#90x11e4Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#100x11fcChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#9
#110x120cChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#120x1218Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#11
#130x1220Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#140x122cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#13
#150x1234Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#160x1240Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#170x124cChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#180x1258Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#190x1268Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#200x1274Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#15
#210x127cChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#220x1288Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#16
#230x1290Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#17
#240x1298Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#250x12a8Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#18
#260x12b4Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#270x12c0Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#280x12c8Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#19
#290x12d4Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#300x12e0Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#21
#310x12e8Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#24
#320x1310Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#26
#330x1318Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#340x1324Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#27
#350x1330Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#360x134cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#29
#370x1354Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#380x1360Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#390x136cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#33
#400x1378Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#410x1384Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#35
#420x1394Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#430x139cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#37
#440x13b0Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#38
#450x13b8Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#460x13c4Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#40
#470x13ccChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#480x13d8Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#490x13e0Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#42
#500x13ecChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#510x13f4Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#45
#520xd40Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#530xd38Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#47
#540x102cChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#550x434Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#48
#560x404Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#50
#570x7f4Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#580x1064Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#52
#590x1058Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#600x688Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#54
#610x510Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#620x70cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#57
#630x11a4Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#640xba0Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#59
#650x1164Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#660x1144Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#61
#670x84Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#680xce8Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#63
#690x84cChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#700x710Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#65
#710xd74Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#720xfbcChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#67
#730xcf0Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#740x1190Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#750x884Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#69
#760xc5cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#71
#770x980Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#780x12f4Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#73
#790x750Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#800x115cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#74
#810x1154Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#820x1150Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#77
#830x56cChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#840x11d0Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#79
#850xd50Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#860x4b4Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#81
#870x704Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#880x21cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#83
#890x8e0Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#900x8fcChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#910xb7cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#85
#920xa7cChild Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#930x1f4Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#87
#940xa54Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#950xb5cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#89
#960x218Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#970x8c4Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#90
#980x3e4Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#990xbd8Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#1000xb2cChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#94
#1010x4d0Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#1020x6dcChild Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#96
#1030x924Child Processsvhost.exe"C:\Windows\system32\install\svhost.exe" #3
#1040x1f8Child Processiexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"#99
Sample Information
ID#609219
MD5 Hash Value64699a728e510f29d578edaf3d3cd163
SHA1 Hash Value1129c5049ff7842161800d20141de5848888ea44
SHA256 Hash Value6449a8fbc725572f4f151017fc13dcf913b45fef7392e32f71df103efdb8c97f
Filename1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe
File Size1.47 MB (1544704 bytes)
File TypeWindows Exe (x86-32)
Analyzer and Virtual Machine Information
Analyzer Version1.11.0
Analyzer Build Date2016-09-19 10:58 (UTC+2)
VM Namewin10_64
VM DescriptionWindows 10 (64-bit)
VM Architecturex86 64-bit
VM OSWindows 10
VM Kernel Version10.0.10240.16384 (c68ee22f-dcf6-4778-95c5-4a862be16567)
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 
































Screenshot



Expand-Icon


Exit-Icon






icon_left




icon_left








image