6d365f79...9487 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win7_64_sp1 | windows_script_file
Classification: Trojan, Dropper

6d365f7901cd47dd0f1169c656d2e442ffabbc3197f0a6d056aee9471e9d9487 (SHA256)

Scan92933944.js

JScript

Created at 2018-05-23 13:36:00

...

Files Information

Number of sample files submitted for analysis 1
Number of files created and extracted during analysis 5
Number of files modified and extracted during analysis 0
c:\users\5p5nrg~1\appdata\local\temp\hsbftstclaogdeeotf.exe, ...
Blacklisted
»
File Properties
Names c:\users\5p5nrg~1\appdata\local\temp\hsbftstclaogdeeotf.exe (Created File)
c:\program files (x86)\imap service\imapsv.exe (Created File)
Size 924.00 KB
Hash Values MD5: f6cb9cb7189e5b3311511a09bf49bc60
SHA1: 70c3264ed1ffd592e278bf27a3d255eab895f40d
SHA256: 1730ee105ce0df308f6b0fa8b0ee508ad863210a124627bd6e246502ce88ef3a
Actions
...
File Reputation Information
»
Information Value
Severity
Blacklisted
Names Win32.Trojan.Injector
Families Injector
Classification Trojan
PE Information
»
Information Value
Image Base 0x400000
Entry Point 0x401240
Size Of Code 0xd7000
Size Of Initialized Data 0x11000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2012-07-17 19:37:00
Compiler/Packer Unknown
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xd654c 0xd7000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 6.57
.data 0x4d8000 0x2134 0x1000 0xd8000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.0
.rsrc 0x4db000 0xd3d0 0xe000 0xd9000 CNT_INITIALIZED_DATA, MEM_READ 6.08
Imports (48)
»
MSVBVM60.DLL (48)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_CIcos 0x0 0x401000 0xd71dc 0xd71dc
_adj_fptan 0x0 0x401004 0xd71e0 0xd71e0
__vbaFreeVar 0x0 0x401008 0xd71e4 0xd71e4
__vbaFreeVarList 0x0 0x40100c 0xd71e8 0xd71e8
__vbaEnd 0x0 0x401010 0xd71ec 0xd71ec
_adj_fdiv_m64 0x0 0x401014 0xd71f0 0xd71f0
_adj_fprem1 0x0 0x401018 0xd71f4 0xd71f4
(by ordinal) 0x274 0x40101c 0xd71f8 0xd71f8
__vbaSetSystemError 0x0 0x401020 0xd71fc 0xd71fc
__vbaHresultCheckObj 0x0 0x401024 0xd7200 0xd7200
_adj_fdiv_m32 0x0 0x401028 0xd7204 0xd7204
_adj_fdiv_m16i 0x0 0x40102c 0xd7208 0xd7208
__vbaObjSetAddref 0x0 0x401030 0xd720c 0xd720c
(by ordinal) 0x255 0x401034 0xd7210 0xd7210
_adj_fdivr_m16i 0x0 0x401038 0xd7214 0xd7214
_CIsin 0x0 0x40103c 0xd7218 0xd7218
__vbaChkstk 0x0 0x401040 0xd721c 0xd721c
EVENT_SINK_AddRef 0x0 0x401044 0xd7220 0xd7220
__vbaStrCmp 0x0 0x401048 0xd7224 0xd7224
(by ordinal) 0x230 0x40104c 0xd7228 0xd7228
__vbaObjVar 0x0 0x401050 0xd722c 0xd722c
DllFunctionCall 0x0 0x401054 0xd7230 0xd7230
_adj_fpatan 0x0 0x401058 0xd7234 0xd7234
EVENT_SINK_Release 0x0 0x40105c 0xd7238 0xd7238
_CIsqrt 0x0 0x401060 0xd723c 0xd723c
EVENT_SINK_QueryInterface 0x0 0x401064 0xd7240 0xd7240
__vbaExceptHandler 0x0 0x401068 0xd7244 0xd7244
_adj_fprem 0x0 0x40106c 0xd7248 0xd7248
_adj_fdivr_m64 0x0 0x401070 0xd724c 0xd724c
(by ordinal) 0x2cc 0x401074 0xd7250 0xd7250
__vbaFPException 0x0 0x401078 0xd7254 0xd7254
_CIlog 0x0 0x40107c 0xd7258 0xd7258
__vbaNew2 0x0 0x401080 0xd725c 0xd725c
_adj_fdiv_m32i 0x0 0x401084 0xd7260 0xd7260
(by ordinal) 0x23c 0x401088 0xd7264 0xd7264
_adj_fdivr_m32i 0x0 0x40108c 0xd7268 0xd7268
__vbaFreeStrList 0x0 0x401090 0xd726c 0xd726c
_adj_fdivr_m32 0x0 0x401094 0xd7270 0xd7270
_adj_fdiv_r 0x0 0x401098 0xd7274 0xd7274
(by ordinal) 0x64 0x40109c 0xd7278 0xd7278
__vbaVarDup 0x0 0x4010a0 0xd727c 0xd727c
_CIatan 0x0 0x4010a4 0xd7280 0xd7280
__vbaStrMove 0x0 0x4010a8 0xd7284 0xd7284
_allmul 0x0 0x4010ac 0xd7288 0xd7288
_CItan 0x0 0x4010b0 0xd728c 0xd728c
_CIexp 0x0 0x4010b4 0xd7290 0xd7290
__vbaFreeStr 0x0 0x4010b8 0xd7294 0xd7294
__vbaFreeObj 0x0 0x4010bc 0xd7298 0xd7298
Icons (5)
»
c:\users\5p5nrgjn0js halpmcxz\desktop\Scan92933944.js
»
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\desktop\Scan92933944.js (Sample File)
Size 1.22 MB
Hash Values MD5: ac1ba1a84d57cee3c0cd47f2f84620c1
SHA1: f4e408b3e3d2c2a8f5a0d90c9682f3cfce0d28a5
SHA256: 6d365f7901cd47dd0f1169c656d2e442ffabbc3197f0a6d056aee9471e9d9487
Actions
...
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\0303d5b4-ffe9-470e-9dd8-7d9ec416e53f\run.dat
»
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\0303d5b4-ffe9-470e-9dd8-7d9ec416e53f\run.dat (Created File)
Size 0.01 KB
Hash Values MD5: f8515e5af248bb586dc0076394d3e1f1
SHA1: 1390d19ffdb556b1902774c7b815eb710f0166a3
SHA256: 5c7bddde92eb51c5fbd7be4899b490b648af98bf78442a64430b2fc5e052df97
Actions
...
c:\program files (x86)\imap service\imapsv.exe, ...
»
File Properties
Names c:\program files (x86)\imap service\imapsv.exe (Created File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\tmp4ef.tmp (Created File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\tmpd88.tmp (Created File)
Size 0.00 KB
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\0303d5b4-ffe9-470e-9dd8-7d9ec416e53f\task.dat
»
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\0303d5b4-ffe9-470e-9dd8-7d9ec416e53f\task.dat (Created File)
Size 0.07 KB
Hash Values MD5: e158eaad635b1f58020f876361f528e6
SHA1: ffa5c8dbf3986c39fc0a75e3ac167151a4b5093b
SHA256: ef700c5e55f6738cfd53390b4cb1c153fc5283d5b38da2cd84d5662b496e479e
Actions
...
c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\tmpd88.tmp
»
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\temp\tmpd88.tmp (Created File)
Size 1.28 KB
Hash Values MD5: 266ebd097e1267e63a5abfc1dededae8
SHA1: b619bdaa65cbb17c86da3744e566e6a66c7057b4
SHA256: b3689f65cd1048f673cda43b0f93ffddb45bc67da94a62335b7c75ba0f0b2852
Actions
...
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image