Malicious
Classifications
Wiper PUA Ransomware Spyware
Threat Names
App/Generic-AB
Dynamic Analysis Report
Created on 2022-02-15T09:36:00
69811a6c9376b219b335a055cfa970d38cd768abeca7138a2c1905560d468fef.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\69811a6c9376b219b335a055cfa970d38cd768abeca7138a2c1905560d468fef.exe | Sample File | Binary |
malicious
|
...
|
»
File Reputation Information
»
Verdict |
suspicious
|
Names | App/Generic-AB |
Classification | PUA |
PE Information
»
Entry Point | 0x693e |
Size Of Code | 0x5000 |
Size Of Initialized Data | 0x2000 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2022-02-13 14:18:36+00:00 |
Version Information (8)
»
FileDescription | TRS |
FileVersion | 1.0.8079.11358 |
InternalName | EvilNominatusCrypto.exe |
LegalCopyright | Copyright 2022 |
OriginalFilename | EvilNominatusCrypto.exe |
ProductName | TRS |
ProductVersion | 1.0.8079.11358 |
Assembly Version | 1.0.8079.11358 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x2000 | 0x4944 | 0x5000 | 0x1000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.53 |
.rsrc | 0x8000 | 0x820 | 0x1000 | 0x6000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 3.05 |
.reloc | 0xa000 | 0xc | 0x1000 | 0x7000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.01 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x2000 | 0x6914 | 0x5914 | 0x0 |
Memory Dumps (1)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
69811a6c9376b219b335a055cfa970d38cd768abeca7138a2c1905560d468fef.exe | 1 | 0x00010000 | 0x0001BFFF | Relevant Image | 32-bit | - |
...
|
C:\Users\RDhJ0CNFevzX\Desktop\BGQh9XM98-F_E sIj\YZL8R176sHB.swf-Locked-Locked-Locked | Dropped File | Unknown |
clean
|
...
|
»