6f0f6aca...e8a2 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -
Threat Names:
Gen:Heur.Ransom.REntS.Gen.1
Mal/Generic-S

compito italiano.doc.exe

Windows Exe (x86-32)

Created at 2020-04-02T22:14:00

...

Remarks (1/1)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\compito italiano.doc.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 101.00 KB
MD5 b4072f2e79001d2f9cff96270e5cd91d Copy to Clipboard
SHA1 15251f6c3f2c262accede16fa227715c23e5b3cc Copy to Clipboard
SHA256 6f0f6aca74ef30dad3620ec27c972926f4dceff332c5ea22c5ddbd7b44ace8a2 Copy to Clipboard
SSDeep 1536:eOh+gjJxzDaaJjwpjPnrT/j1voIS4J6ZwICyuoCra7uyx3L1k51YwgRUsV4:eOIyJJrJjwpzHjVoIMZz+w3jo Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x41059e
Size Of Code 0xe600
Size Of Initialized Data 0xac00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2042-06-11 08:59:26+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription compito italiano.doc
FileVersion 1.0.0.0
InternalName compito italiano.doc.exe
LegalCopyright Copyright © 2020
LegalTrademarks -
OriginalFilename compito italiano.doc.exe
ProductName compito italiano.doc
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
- 0x402000 0xe5a4 0xe600 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.74
- 0x412000 0xa8a0 0xaa00 0xe800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.18
- 0x41e000 0xc 0x200 0x19200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x1056c 0xe76c 0x0
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
compito italiano.doc.exe 1 0x00830000 0x0084FFFF Relevant Image True 32-bit - True False
...
compito italiano.doc.exe 1 0x00830000 0x0084FFFF Process Termination True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.REntS.Gen.1
Malicious
c:\programdata\microsoft\windows\wer\temp\wer1e66.tmp.dmp Dropped File Unknown
Unknown
...
»
Mime Type application/x-dmp
File Size 125.36 KB
MD5 d6bf58fe8e4eb8764a659f81d17bd019 Copy to Clipboard
SHA1 f70dc5ef2f588bcf4f9e2c1c44675428e81b4225 Copy to Clipboard
SHA256 0d49fe5eb4916516ee276b0c57f4ccf3bddf40ba512ef373a8d60cb2f70fb3fa Copy to Clipboard
SSDeep 1536:wHm8ijCv2Hw0raYDqj+zN7XbDckbWnKdD:ayHlejUN7XbDckbbd Copy to Clipboard
ImpHash -
c:\programdata\microsoft\windows\wer\temp\wer3b65.tmp.werinternalmetadata.xml Dropped File Text
Unknown
...
»
Mime Type text/xml
File Size 7.71 KB
MD5 7d64470ccad54d1430133290e628b57f Copy to Clipboard
SHA1 d6b8e872c8c28e1ba731860b36d91315466e41cb Copy to Clipboard
SHA256 ca79f36d75d1bcdaa3c0fe9d74dc8b9d2633397a7947c4bcba226f2d6379e1a3 Copy to Clipboard
SSDeep 192:Ryl7vrNi5mKi6YBkSUe7gmfU4KdDjUrV89vMOhPm:RylXNiIKi6YSSUygmfU4KdE Copy to Clipboard
ImpHash -
c:\programdata\microsoft\windows\wer\temp\wer3b65.tmp Dropped File Unknown
Not Queried
...
»
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image