VTI SCORE: 93/100
Dynamic Analysis Report |
Classification: Trojan, Wiper, Downloader |
75620d6ae02a9a3beb5eb47020012eee52001bf434304f4e77b43011a6e5595a (SHA256)
CrazyCrypt.exe
Windows Exe (x86-32)
Created at 2019-02-28 11:07:00
This is a filtered view
This list contains only the embedded files and created files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\CrazyCrypt.exe | Sample File | Binary |
Suspicious
|
...
|
»
File Reputation Information
»
Severity |
Suspicious
|
First Seen | 2019-02-22 01:57 (UTC+1) |
Last Seen | 2019-02-24 14:18 (UTC+1) |
Names | ByteCode-MSIL.Trojan.Genasom |
Families | Genasom |
Classification | Trojan |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x41a652 |
Size Of Code | 0x18800 |
Size Of Initialized Data | 0x1400 |
File Type | executable |
Subsystem | windows_gui |
Machine Type | i386 |
Compile Timestamp | 2019-02-19 15:16:52+00:00 |
Version Information (11)
»
Assembly Version | 2.0.0.0 |
LegalCopyright | Copyright © 2019 |
InternalName | CrazyCrypt.exe |
FileVersion | 2.0.0.0 |
CompanyName | CrazyCrypt |
LegalTrademarks | - |
Comments | CrazyCrypt |
ProductName | CrazyCrypt |
ProductVersion | 2.0.0.0 |
FileDescription | CrazyCrypt |
OriginalFilename | CrazyCrypt.exe |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x18658 | 0x18800 | 0x200 | cnt_code, mem_execute, mem_read | 5.35 |
.rsrc | 0x41c000 | 0x1054 | 0x1200 | 0x18a00 | cnt_initialized_data, mem_read | 4.81 |
.reloc | 0x41e000 | 0xc | 0x200 | 0x19c00 | cnt_initialized_data, mem_discardable, mem_read | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | 0x0 | 0x402000 | 0x1a625 | 0x18825 | 0x0 |
c:\users\5p5nrgjn0js halpmcxz\appdata\local\gdipfontcachev1.dat | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Y90-.mp4.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Music\IoTrl5QTOTSX6.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\342WkTEC8.png.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Music\MCEh.wav.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\frCI.jpg.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\FILES ENCRYPTED.txt | Created File | Text |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xeoTJv4Tf_T FQ6GC.png.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\YEzJBw.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Music\GB8gg.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Music\-FfGLM.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NAdu7zq2Ultdz.mp3.id.9C354B42.[buykey@decryptionsales.online].crazy | Created File | Stream |
Unknown
|
...
|
»