75620d6a...595a | Files
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Trojan, Wiper, Downloader

75620d6ae02a9a3beb5eb47020012eee52001bf434304f4e77b43011a6e5595a (SHA256)

CrazyCrypt.exe

Windows Exe (x86-32)

Created at 2019-02-28 11:07:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CrazyCrypt.exe Sample File Binary
Suspicious
...
»
Mime Type application/x-dosexec
File Size 103.50 KB
MD5 8f5ef61b30555d6273a715a7ad8e3f11 Copy to Clipboard
SHA1 7b212d2cac2f413faf2f30e5dfca7f3793cf0b17 Copy to Clipboard
SHA256 75620d6ae02a9a3beb5eb47020012eee52001bf434304f4e77b43011a6e5595a Copy to Clipboard
SSDeep 3072:Ff1L7b7jrT7kerbrDbDGIfvjDvXbU9VF9wSFduuDOgkYEHLuQGx4KWqAn+Ie3bjJ:FjiC+I2bP9FYb Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Suspicious
First Seen 2019-02-22 01:57 (UTC+1)
Last Seen 2019-02-24 14:18 (UTC+1)
Names ByteCode-MSIL.Trojan.Genasom
Families Genasom
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x41a652
Size Of Code 0x18800
Size Of Initialized Data 0x1400
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2019-02-19 15:16:52+00:00
Version Information (11)
»
Assembly Version 2.0.0.0
LegalCopyright Copyright © 2019
InternalName CrazyCrypt.exe
FileVersion 2.0.0.0
CompanyName CrazyCrypt
LegalTrademarks -
Comments CrazyCrypt
ProductName CrazyCrypt
ProductVersion 2.0.0.0
FileDescription CrazyCrypt
OriginalFilename CrazyCrypt.exe
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x18658 0x18800 0x200 cnt_code, mem_execute, mem_read 5.35
.rsrc 0x41c000 0x1054 0x1200 0x18a00 cnt_initialized_data, mem_read 4.81
.reloc 0x41e000 0xc 0x200 0x19c00 cnt_initialized_data, mem_discardable, mem_read 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x1a625 0x18825 0x0
c:\users\5p5nrgjn0js halpmcxz\appdata\local\gdipfontcachev1.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 106.27 KB
MD5 92e128dcb152d05f07faf5da64bd1c91 Copy to Clipboard
SHA1 2174814ca563fc2b9679fffbf1b40bdf3ac9abec Copy to Clipboard
SHA256 11437a99f5f9c0a6df09c64abc8828ad3ecd8cf4fa601340ded86b8945edff43 Copy to Clipboard
SSDeep 768:i8HrbdvVyZHgTl7ho5sZWN/Ys9byFRQ+AwqGuGyZoVyOF7rrlqTIyMnm:/pVyZHgTl7h6tKR7AwqlGyZQVO1Mnm Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y90-.mp4.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 38.94 KB
MD5 c1c35eb01c2861ff86ec90105f1bc81e Copy to Clipboard
SHA1 88a547904bb677bbeef452689965314701facda6 Copy to Clipboard
SHA256 8a9f15d2c7484f79991a895fbb36dd6f545d416ce95bcaf64b25abe21b4c41f3 Copy to Clipboard
SSDeep 768:AH6GssmJPw0DoMk3BSAri2ZmIXvSRQmkZ0/b:AauMPw+oMk3BSU8IXNmRj Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\IoTrl5QTOTSX6.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 13.80 KB
MD5 18128070c2461ada059d23e34c46a083 Copy to Clipboard
SHA1 ef8d696ec368e7348213250b65504b37f3ca0d09 Copy to Clipboard
SHA256 bd7ab9395ceda84ff52dfeea8ec1ae0bbdc31f580b1eeaa22a8bd2773ef4697d Copy to Clipboard
SSDeep 192:8P5OYbH4yo2L96awK0xIXwDCYXh29kR4CUfs4ZMNt3INeYrtPKPAe/Dom6GGlTXj:IOmYxMnwpxIXXYQk344t4wuRKY+UVpLZ Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\342WkTEC8.png.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 28.14 KB
MD5 8080d206d26761c209fa253a022747e1 Copy to Clipboard
SHA1 3cd521d3d2791c959ccb81ead096ea7929301f2a Copy to Clipboard
SHA256 4dc10de2767c41086ef123a48e3b8fea7c06dda8f18e0604629baffe5d3f36ec Copy to Clipboard
SSDeep 768:mvVxs7Z1PJqsTTBz1JmfOqP8rYDslPMiTRfjIos9icMhPS:mvXs91PnN1JkBV0TtjI/9khS Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\MCEh.wav.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 47.19 KB
MD5 424aced1135c33b684305279dc9ae27d Copy to Clipboard
SHA1 0a3ab0032a21b0e4693d43b4acf7fd4602dae23e Copy to Clipboard
SHA256 cebafc11d3ad041a825c03c35c579760424442c4a6b9d8051ea8ee23e8905de5 Copy to Clipboard
SSDeep 768:oPUM+oicfCvqiCAgj1DXu7pdEeDl6mYoMhzsco9uHal6Lw9UpETvr3x/6BREQlAA:nB0iaVwqUMmYzs/9uHaULwipEXxixAc5 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\frCI.jpg.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 13.61 KB
MD5 92acaa352d334ff4704b001d4ca04da3 Copy to Clipboard
SHA1 4b2b96573241ce430a589b2b7da8e270c6e4e129 Copy to Clipboard
SHA256 5518673789ea0e870c7edc41d55d30fbc2f98ad4119d7ecd0022c9d86d29b799 Copy to Clipboard
SSDeep 192:cyt4RLplk43Hk6QHAWNzjbUsFgpnMHL6W97eVNBP8RHYs+2g4w3znK+mzOJTcHnc:cQ4TN3k65WadpD3BOH7t3w3m+KTW1+3s Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FILES ENCRYPTED.txt Created File Text
Unknown
...
»
Mime Type text/plain
File Size 0.13 KB
MD5 8e5c69f75f3c777976d23d86a0e064b8 Copy to Clipboard
SHA1 749505b24144c18c82bac300b7cfbd1e56dc7bf9 Copy to Clipboard
SHA256 9e24b551689370ed32f80713fda8c57e49b22d5317acb0372cd572b374f7d484 Copy to Clipboard
SSDeep 3:gJ9QVP9AuFJKZkFDSQFVFf2bj503G31LAlF+LDFc5Y0RXcT:gXGljJdjFvkAGRQQLDFqY0xcT Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xeoTJv4Tf_T FQ6GC.png.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 87.84 KB
MD5 86c523fbd2ae98614472fbe0b548ccd1 Copy to Clipboard
SHA1 a9d3a43196d5deb076ce794d9c13b7477ba27e60 Copy to Clipboard
SHA256 bbaba0b72fdc53659c39e3eaba2492102e4c6be9c487eb379b3d8ddc5a3e037b Copy to Clipboard
SSDeep 1536:1r47Ux4/lRnhM17F1q3DwgW5hO6dVobdfn9apTqsY95XnN845oYrlf:1rEUAwFbqi71dqR96+5Dealf Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YEzJBw.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 89.92 KB
MD5 2b2877db35cbe0ce9a1cde842635a4fc Copy to Clipboard
SHA1 c4e3b550f0dcc0e231b8f524c28cce5603f14d83 Copy to Clipboard
SHA256 dcf616c1501e7019af8e9c2fdc316f766148aeba0c94b29ff050f068a5ed0539 Copy to Clipboard
SSDeep 1536:E1UbXoNCYxHbIZD1f9Ngt4srFbjviOnNr/jeAC+XKIbFxAFsTTUVLLS2lI:E1NCYo1fAt4AyOBbRbFeFU4VblI Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\GB8gg.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 99.58 KB
MD5 a00317e365c069c3b1bb7543d02a0eb6 Copy to Clipboard
SHA1 c1c69a7174481b784e4506b919b7296310835158 Copy to Clipboard
SHA256 9c4ad045d65642a4f54d43b5e2525d323f47b7dd05304fce81b0d501a005d779 Copy to Clipboard
SSDeep 3072:4iimPChrT20oFVTj+F/xcIk+RucjD1mlWLQ3D/:4iZ6hrT27HT22+YRB/ Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Music\-FfGLM.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 79.38 KB
MD5 f932ec25c904286eb556915ae115acb5 Copy to Clipboard
SHA1 5a2bffe166a5a668d083b12a54d5be1159a11127 Copy to Clipboard
SHA256 957560d7521decd3e6b3d696d8daf70e22f6efbe61c892419779f646381c3c90 Copy to Clipboard
SSDeep 1536:sgGucVpNLqYTD06QJgyig345HOCOwE+zyXArdLvo75cXlg+5DQnGwIL:sgGXNL1AJTig3Hs2ArdLvCwlbQIL Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NAdu7zq2Ultdz.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 56.31 KB
MD5 daf5509c965617b67ce990560015126a Copy to Clipboard
SHA1 81a197751720c8d92d65f109fbfa0f2a1e474c6c Copy to Clipboard
SHA256 c064da1c8c0f885b93383b6adf5b8d9269da571ce89e73e38f4ba8618347b414 Copy to Clipboard
SSDeep 768:6kNQvNNn1CiU84d8+F9hHsD5Dury3AdHSwO9wcPutD0VL4lsQqhmN1TyaDdG:6kNm/4C8LM9cHSw5cfVL4eA1RpG Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image