69811a6c9376

Classifications

Wiper PUA Ransomware Spyware

Threat Names

App/Generic-AB

Dynamic Analysis Report

Created on 2022-02-15T09:36:00

69811a6c9376b219b335a055cfa970d38cd768abeca7138a2c1905560d468fef.exe

Windows Exe (x86-32)

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\69811a6c9376b219b335a055cfa970d38cd768abeca7138a2c1905560d468fef.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	32.00 KB
MD5	7cdf50ee4f3d0febc70dd36298ed07da
SHA1	0170c2deae4486a43894c202ea92d43556218e1c
SHA256	69811a6c9376b219b335a055cfa970d38cd768abeca7138a2c1905560d468fef
SSDeep	384:AjdXpgpMf76oJgkB4nokwFwA4Ep/0VUx/Nx9DPxmB++6iCjGnLBs0Rr:adZgpCOagkBRp/0ut9Y++6iCjs2wr
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	suspicious
Names	App/Generic-AB
Classification	PUA

PE Information

Entry Point	0x693e
Size Of Code	0x5000
Size Of Initialized Data	0x2000
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2022-02-13 14:18:36+00:00

Version Information (8)

FileDescription	TRS
FileVersion	1.0.8079.11358
InternalName	EvilNominatusCrypto.exe
LegalCopyright	Copyright 2022
OriginalFilename	EvilNominatusCrypto.exe
ProductName	TRS
ProductVersion	1.0.8079.11358
Assembly Version	1.0.8079.11358

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x2000	0x4944	0x5000	0x1000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.53
.rsrc	0x8000	0x820	0x1000	0x6000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.05
.reloc	0xa000	0xc	0x1000	0x7000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.01

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x2000	0x6914	0x5914	0x0

Memory Dumps (1)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	YARA	Actions
69811a6c9376b219b335a055cfa970d38cd768abeca7138a2c1905560d468fef.exe	1	0x00010000	0x0001BFFF	Relevant Image		32-bit	-		... Memory Dump Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\Desktop\BGQh9XM98-F_E sIj\YZL8R176sHB.swf-Locked-Locked-Locked

Dropped File

Unknown

MIME Type	-
File Size	0 Bytes
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

autorun.inf

Dropped File

Setup Script

MIME Type	application/x-setupscript
File Size	65 Bytes
MD5	fbefa88e6b51c05dd63d97dfdbeb3589
SHA1	67e09918d878c6615befab5dc9194439027f268d
SHA256	3861acedffd29452d2fdb96728f7347652bde9353915d3873a7414843f49b8b1
SSDeep	3:ItI6dFOcNt1HjWVFOcNtv:eIG1KVFv
ImpHash	-

WHOIS Domain Information

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After

Screenshot

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After