7852b47e...5125 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Trojan, Ransomware

7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125 (SHA256)

pchgdage.exe

Windows Exe (x86-32)

Created at 2019-02-09 12:20:00

...

Notifications (2/2)

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Remarks

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Filters:
Filename Category Type Severity Actions
C:\Users\CIiHmnxMn6Ps\Desktop\pchgdage.exe Sample File Binary
Suspicious
...
»
Mime Type application/x-dosexec
File Size 1.22 MB
MD5 b3d3da12ca3b9efd042953caa6c3b8cd Copy to Clipboard
SHA1 34fb03a35e723d27e99776ed3e81967229b3afe1 Copy to Clipboard
SHA256 7852b47e7a9e3f792755395584c64dd81b68ab3cbcdf82f60e50dc5fa7385125 Copy to Clipboard
SSDeep 24576:Id2D4s/6j4pvOmB5h8DlVeZUEJt90nPx103CdnKQOds8EDJK5:FDH6k1jZUElqg3zQOds8EDJK5 Copy to Clipboard
ImpHash 27f610a2966ffaa9958098af7bf71994 Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2019-02-07 01:53 (UTC+1)
Last Seen 2019-02-09 08:32 (UTC+1)
Names Win32.Trojan.Lockergoga
Families Lockergoga
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x4986d4
Size Of Code 0xe3e00
Size Of Initialized Data 0x54600
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2019-02-03 15:32:47+00:00
Version Information (8)
»
LegalCopyright Copyright (C) KITTY'S LTD 2019
InternalName pchgdage
FileVersion 1.2.0.0
CompanyName KITTY'S LTD
ProductName Service pchgdage
ProductVersion 1.2.0.0
FileDescription Host Process for Windows Tasks
OriginalFilename pchgdage
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xe3df2 0xe3e00 0x400 cnt_code, mem_execute, mem_read 6.62
.rdata 0x4e5000 0x37ada 0x37c00 0xe4200 cnt_initialized_data, mem_read 4.94
.data 0x51d000 0xd020 0xaa00 0x11be00 cnt_initialized_data, mem_read, mem_write 4.94
.rsrc 0x52b000 0x5e0 0x600 0x126800 cnt_initialized_data, mem_read 4.41
.reloc 0x52c000 0xf194 0xf200 0x126e00 cnt_initialized_data, mem_discardable, mem_read 6.56
Imports (5)
»
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathIsNetworkPathA 0x0 0x4e5294 0x11bdc8 0x11afc8 0x60
KERNEL32.dll (156)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseHandle 0x0 0x4e5018 0x11bb4c 0x11ad4c 0x52
DuplicateHandle 0x0 0x4e501c 0x11bb50 0x11ad50 0xe8
UnmapViewOfFile 0x0 0x4e5020 0x11bb54 0x11ad54 0x4d6
CreateFileMappingA 0x0 0x4e5024 0x11bb58 0x11ad58 0x89
MapViewOfFileEx 0x0 0x4e5028 0x11bb5c 0x11ad5c 0x358
CreateFileA 0x0 0x4e502c 0x11bb60 0x11ad60 0x88
GetSystemInfo 0x0 0x4e5030 0x11bb64 0x11ad64 0x273
FormatMessageA 0x0 0x4e5034 0x11bb68 0x11ad68 0x15d
LocalFree 0x0 0x4e5038 0x11bb6c 0x11ad6c 0x348
GetProcAddress 0x0 0x4e503c 0x11bb70 0x11ad70 0x245
GetModuleHandleA 0x0 0x4e5040 0x11bb74 0x11ad74 0x215
GetExitCodeProcess 0x0 0x4e5044 0x11bb78 0x11ad78 0x1df
CreateProcessW 0x0 0x4e5048 0x11bb7c 0x11ad7c 0xa8
TerminateProcess 0x0 0x4e504c 0x11bb80 0x11ad80 0x4c0
WaitForSingleObjectEx 0x0 0x4e5050 0x11bb84 0x11ad84 0x4fa
WaitForSingleObject 0x0 0x4e5054 0x11bb88 0x11ad88 0x4f9
CreateEventA 0x0 0x4e5058 0x11bb8c 0x11ad8c 0x82
SetEvent 0x0 0x4e505c 0x11bb90 0x11ad90 0x459
CreateSemaphoreA 0x0 0x4e5060 0x11bb94 0x11ad94 0xab
ReleaseSemaphore 0x0 0x4e5064 0x11bb98 0x11ad98 0x3fe
AreFileApisANSI 0x0 0x4e5068 0x11bb9c 0x11ad9c 0x15
ReadFile 0x0 0x4e506c 0x11bba0 0x11ada0 0x3c0
WriteFile 0x0 0x4e5070 0x11bba4 0x11ada4 0x525
MultiByteToWideChar 0x0 0x4e5074 0x11bba8 0x11ada8 0x367
WideCharToMultiByte 0x0 0x4e5078 0x11bbac 0x11adac 0x511
GetSystemDirectoryW 0x0 0x4e507c 0x11bbb0 0x11adb0 0x270
CreatePipe 0x0 0x4e5080 0x11bbb4 0x11adb4 0xa1
SetHandleInformation 0x0 0x4e5084 0x11bbb8 0x11adb8 0x470
GetProcessHeap 0x0 0x4e5088 0x11bbbc 0x11adbc 0x24a
HeapAlloc 0x0 0x4e508c 0x11bbc0 0x11adc0 0x2cb
GetCurrentProcess 0x0 0x4e5090 0x11bbc4 0x11adc4 0x1c0
GetLogicalDriveStringsW 0x0 0x4e5094 0x11bbc8 0x11adc8 0x208
GetCommandLineW 0x0 0x4e5098 0x11bbcc 0x11adcc 0x187
GetDriveTypeW 0x0 0x4e509c 0x11bbd0 0x11add0 0x1d3
GetWindowsDirectoryW 0x0 0x4e50a0 0x11bbd4 0x11add4 0x2af
Wow64DisableWow64FsRedirection 0x0 0x4e50a4 0x11bbd8 0x11add8 0x513
Wow64RevertWow64FsRedirection 0x0 0x4e50a8 0x11bbdc 0x11addc 0x517
QueryPerformanceCounter 0x0 0x4e50ac 0x11bbe0 0x11ade0 0x3a7
QueryPerformanceFrequency 0x0 0x4e50b0 0x11bbe4 0x11ade4 0x3a8
ResetEvent 0x0 0x4e50b4 0x11bbe8 0x11ade8 0x40f
WaitForMultipleObjectsEx 0x0 0x4e50b8 0x11bbec 0x11adec 0x4f8
OpenEventA 0x0 0x4e50bc 0x11bbf0 0x11adf0 0x374
SetWaitableTimer 0x0 0x4e50c0 0x11bbf4 0x11adf4 0x4ac
GetCurrentProcessId 0x0 0x4e50c4 0x11bbf8 0x11adf8 0x1c1
GetCurrentThreadId 0x0 0x4e50c8 0x11bbfc 0x11adfc 0x1c5
ResumeThread 0x0 0x4e50cc 0x11bc00 0x11ae00 0x413
TlsAlloc 0x0 0x4e50d0 0x11bc04 0x11ae04 0x4c5
TlsGetValue 0x0 0x4e50d4 0x11bc08 0x11ae08 0x4c7
TlsSetValue 0x0 0x4e50d8 0x11bc0c 0x11ae0c 0x4c8
TlsFree 0x0 0x4e50dc 0x11bc10 0x11ae10 0x4c6
CreateWaitableTimerA 0x0 0x4e50e0 0x11bc14 0x11ae14 0xbf
SetLastError 0x0 0x4e50e4 0x11bc18 0x11ae18 0x473
GetCurrentThread 0x0 0x4e50e8 0x11bc1c 0x11ae1c 0x1c4
GetThreadTimes 0x0 0x4e50ec 0x11bc20 0x11ae20 0x291
FindNextFileA 0x0 0x4e50f0 0x11bc24 0x11ae24 0x143
FindFirstFileExA 0x0 0x4e50f4 0x11bc28 0x11ae28 0x133
GetTimeZoneInformation 0x0 0x4e50f8 0x11bc2c 0x11ae2c 0x298
HeapSize 0x0 0x4e50fc 0x11bc30 0x11ae30 0x2d4
FreeEnvironmentStringsW 0x0 0x4e5100 0x11bc34 0x11ae34 0x161
GetLastError 0x0 0x4e5104 0x11bc38 0x11ae38 0x202
SwitchToThread 0x0 0x4e5108 0x11bc3c 0x11ae3c 0x4bc
Sleep 0x0 0x4e510c 0x11bc40 0x11ae40 0x4b2
WriteConsoleW 0x0 0x4e5110 0x11bc44 0x11ae44 0x524
HeapFree 0x0 0x4e5114 0x11bc48 0x11ae48 0x2cf
GetStringTypeW 0x0 0x4e5118 0x11bc4c 0x11ae4c 0x269
FormatMessageW 0x0 0x4e511c 0x11bc50 0x11ae50 0x15e
GetExitCodeThread 0x0 0x4e5120 0x11bc54 0x11ae54 0x1e0
EnterCriticalSection 0x0 0x4e5124 0x11bc58 0x11ae58 0xee
LeaveCriticalSection 0x0 0x4e5128 0x11bc5c 0x11ae5c 0x339
TryEnterCriticalSection 0x0 0x4e512c 0x11bc60 0x11ae60 0x4ce
DeleteCriticalSection 0x0 0x4e5130 0x11bc64 0x11ae64 0xd1
CreateFileW 0x0 0x4e5134 0x11bc68 0x11ae68 0x8f
FindClose 0x0 0x4e5138 0x11bc6c 0x11ae6c 0x12e
FindFirstFileExW 0x0 0x4e513c 0x11bc70 0x11ae70 0x134
FindNextFileW 0x0 0x4e5140 0x11bc74 0x11ae74 0x145
GetDiskFreeSpaceExW 0x0 0x4e5144 0x11bc78 0x11ae78 0x1ce
GetFileAttributesExW 0x0 0x4e5148 0x11bc7c 0x11ae7c 0x1e7
GetFileInformationByHandle 0x0 0x4e514c 0x11bc80 0x11ae80 0x1ec
SetEndOfFile 0x0 0x4e5150 0x11bc84 0x11ae84 0x453
SetFileAttributesW 0x0 0x4e5154 0x11bc88 0x11ae88 0x461
SetFilePointerEx 0x0 0x4e5158 0x11bc8c 0x11ae8c 0x467
GetTempPathW 0x0 0x4e515c 0x11bc90 0x11ae90 0x285
DeleteFileW 0x0 0x4e5160 0x11bc94 0x11ae94 0xd6
GetFileAttributesW 0x0 0x4e5164 0x11bc98 0x11ae98 0x1ea
RemoveDirectoryW 0x0 0x4e5168 0x11bc9c 0x11ae9c 0x403
GetModuleHandleW 0x0 0x4e516c 0x11bca0 0x11aea0 0x218
MoveFileExW 0x0 0x4e5170 0x11bca4 0x11aea4 0x360
GetCPInfo 0x0 0x4e5174 0x11bca8 0x11aea8 0x172
EncodePointer 0x0 0x4e5178 0x11bcac 0x11aeac 0xea
DecodePointer 0x0 0x4e517c 0x11bcb0 0x11aeb0 0xca
InitializeCriticalSectionAndSpinCount 0x0 0x4e5180 0x11bcb4 0x11aeb4 0x2e3
CreateEventW 0x0 0x4e5184 0x11bcb8 0x11aeb8 0x85
GetSystemTimeAsFileTime 0x0 0x4e5188 0x11bcbc 0x11aebc 0x279
GetTickCount 0x0 0x4e518c 0x11bcc0 0x11aec0 0x293
CompareStringW 0x0 0x4e5190 0x11bcc4 0x11aec4 0x64
LCMapStringW 0x0 0x4e5194 0x11bcc8 0x11aec8 0x32d
GetLocaleInfoW 0x0 0x4e5198 0x11bccc 0x11aecc 0x206
InitializeSListHead 0x0 0x4e519c 0x11bcd0 0x11aed0 0x2e7
IsProcessorFeaturePresent 0x0 0x4e51a0 0x11bcd4 0x11aed4 0x304
IsDebuggerPresent 0x0 0x4e51a4 0x11bcd8 0x11aed8 0x300
UnhandledExceptionFilter 0x0 0x4e51a8 0x11bcdc 0x11aedc 0x4d3
SetUnhandledExceptionFilter 0x0 0x4e51ac 0x11bce0 0x11aee0 0x4a5
GetStartupInfoW 0x0 0x4e51b0 0x11bce4 0x11aee4 0x263
CreateTimerQueue 0x0 0x4e51b4 0x11bce8 0x11aee8 0xbc
SignalObjectAndWait 0x0 0x4e51b8 0x11bcec 0x11aeec 0x4b0
CreateThread 0x0 0x4e51bc 0x11bcf0 0x11aef0 0xb5
SetThreadPriority 0x0 0x4e51c0 0x11bcf4 0x11aef4 0x499
GetThreadPriority 0x0 0x4e51c4 0x11bcf8 0x11aef8 0x28e
GetLogicalProcessorInformation 0x0 0x4e51c8 0x11bcfc 0x11aefc 0x20a
CreateTimerQueueTimer 0x0 0x4e51cc 0x11bd00 0x11af00 0xbd
ChangeTimerQueueTimer 0x0 0x4e51d0 0x11bd04 0x11af04 0x48
DeleteTimerQueueTimer 0x0 0x4e51d4 0x11bd08 0x11af08 0xda
GetNumaHighestNodeNumber 0x0 0x4e51d8 0x11bd0c 0x11af0c 0x229
GetProcessAffinityMask 0x0 0x4e51dc 0x11bd10 0x11af10 0x246
SetThreadAffinityMask 0x0 0x4e51e0 0x11bd14 0x11af14 0x490
RegisterWaitForSingleObject 0x0 0x4e51e4 0x11bd18 0x11af18 0x3f5
UnregisterWait 0x0 0x4e51e8 0x11bd1c 0x11af1c 0x4da
FreeLibrary 0x0 0x4e51ec 0x11bd20 0x11af20 0x162
FreeLibraryAndExitThread 0x0 0x4e51f0 0x11bd24 0x11af24 0x163
GetModuleFileNameW 0x0 0x4e51f4 0x11bd28 0x11af28 0x214
LoadLibraryExW 0x0 0x4e51f8 0x11bd2c 0x11af2c 0x33e
GetVersionExW 0x0 0x4e51fc 0x11bd30 0x11af30 0x2a4
VirtualAlloc 0x0 0x4e5200 0x11bd34 0x11af34 0x4e9
VirtualProtect 0x0 0x4e5204 0x11bd38 0x11af38 0x4ef
VirtualFree 0x0 0x4e5208 0x11bd3c 0x11af3c 0x4ec
InterlockedPopEntrySList 0x0 0x4e520c 0x11bd40 0x11af40 0x2f0
InterlockedPushEntrySList 0x0 0x4e5210 0x11bd44 0x11af44 0x2f1
InterlockedFlushSList 0x0 0x4e5214 0x11bd48 0x11af48 0x2ee
QueryDepthSList 0x0 0x4e5218 0x11bd4c 0x11af4c 0x39e
UnregisterWaitEx 0x0 0x4e521c 0x11bd50 0x11af50 0x4db
LoadLibraryW 0x0 0x4e5220 0x11bd54 0x11af54 0x33f
RaiseException 0x0 0x4e5224 0x11bd58 0x11af58 0x3b1
RtlUnwind 0x0 0x4e5228 0x11bd5c 0x11af5c 0x418
GetCommandLineA 0x0 0x4e522c 0x11bd60 0x11af60 0x186
ExitThread 0x0 0x4e5230 0x11bd64 0x11af64 0x11a
GetModuleHandleExW 0x0 0x4e5234 0x11bd68 0x11af68 0x217
SetEnvironmentVariableA 0x0 0x4e5238 0x11bd6c 0x11af6c 0x456
ExitProcess 0x0 0x4e523c 0x11bd70 0x11af70 0x119
GetModuleFileNameA 0x0 0x4e5240 0x11bd74 0x11af74 0x213
GetStdHandle 0x0 0x4e5244 0x11bd78 0x11af78 0x264
GetACP 0x0 0x4e5248 0x11bd7c 0x11af7c 0x168
HeapReAlloc 0x0 0x4e524c 0x11bd80 0x11af80 0x2d2
GetDateFormatW 0x0 0x4e5250 0x11bd84 0x11af84 0x1c8
GetTimeFormatW 0x0 0x4e5254 0x11bd88 0x11af88 0x297
IsValidLocale 0x0 0x4e5258 0x11bd8c 0x11af8c 0x30c
GetUserDefaultLCID 0x0 0x4e525c 0x11bd90 0x11af90 0x29b
EnumSystemLocalesW 0x0 0x4e5260 0x11bd94 0x11af94 0x10f
GetFileType 0x0 0x4e5264 0x11bd98 0x11af98 0x1f3
FlushFileBuffers 0x0 0x4e5268 0x11bd9c 0x11af9c 0x157
GetConsoleCP 0x0 0x4e526c 0x11bda0 0x11afa0 0x19a
GetConsoleMode 0x0 0x4e5270 0x11bda4 0x11afa4 0x1ac
ReadConsoleW 0x0 0x4e5274 0x11bda8 0x11afa8 0x3be
SetStdHandle 0x0 0x4e5278 0x11bdac 0x11afac 0x487
IsValidCodePage 0x0 0x4e527c 0x11bdb0 0x11afb0 0x30a
GetOEMCP 0x0 0x4e5280 0x11bdb4 0x11afb4 0x237
GetEnvironmentStringsW 0x0 0x4e5284 0x11bdb8 0x11afb8 0x1da
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW 0x0 0x4e528c 0x11bdc0 0x11afc0 0xc3
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance 0x0 0x4e529c 0x11bdd0 0x11afd0 0x10
CoUninitialize 0x0 0x4e52a0 0x11bdd4 0x11afd4 0x6c
CoInitialize 0x0 0x4e52a4 0x11bdd8 0x11afd8 0x3e
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptReleaseContext 0x0 0x4e5000 0x11bb34 0x11ad34 0xcb
CryptAcquireContextA 0x0 0x4e5004 0x11bb38 0x11ad38 0xb0
SetSecurityDescriptorDacl 0x0 0x4e5008 0x11bb3c 0x11ad3c 0x2b6
InitializeSecurityDescriptor 0x0 0x4e500c 0x11bb40 0x11ad40 0x177
CryptGenRandom 0x0 0x4e5010 0x11bb44 0x11ad44 0xc1
Digital Signatures (3)
»
Certificate: KITTY'S LTD
»
Issued by KITTY'S LTD
Parent Certificate Sectigo RSA Code Signing CA
Country Name GB
Valid From 2019-02-01 00:00:00+00:00
Valid Until 2020-02-01 23:59:59+00:00
Algorithm sha256_rsa
Serial Number 37 8D 55 43 04 8E 58 3A 06 A0 81 9F 25 BD 9E 85
Thumbprint CF 93 3A 62 95 98 E5 E1 92 DA 20 86 E6 11 0A D1 97 4F 8E C3
Certificate: Sectigo RSA Code Signing CA
»
Issued by Sectigo RSA Code Signing CA
Parent Certificate USERTrust RSA Certification Authority
Country Name GB
Valid From 2018-11-02 00:00:00+00:00
Valid Until 2030-12-31 23:59:59+00:00
Algorithm sha384_rsa
Serial Number 1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A
Thumbprint 94 C9 5D A1 E8 50 BD 85 20 9A 4A 2A F3 E1 FB 16 04 F9 BB 66
Certificate: USERTrust RSA Certification Authority
»
Issued by USERTrust RSA Certification Authority
Country Name US
Valid From 2000-05-30 10:48:38+00:00
Valid Until 2020-05-30 10:48:38+00:00
Algorithm sha384_rsa
Serial Number 13 EA 28 70 5B F4 EC ED 0C 36 63 09 80 61 43 36
Thumbprint EA B0 40 68 9A 0D 80 5B 5D 6F D6 54 FC 16 8C FF 00 B7 8B E3
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.13 MB
MD5 0be43352de453d1604e7afb7111de24b Copy to Clipboard
SHA1 1174f6e5aaf243170bfe42a117803dc0c3b7f859 Copy to Clipboard
SHA256 bc4685dd71ec82b3cde5cbab5734882a98204cf0b0a4cec2565c65c9d6072c43 Copy to Clipboard
SSDeep 49152:bhsD+TKDSHmTi1ErrJI8pv7AnkD8ubZb2jZ4sM7biZyXr3nF1Y852/aTJaIPevpO:bOym4PoRLe7KrX7PevpO Copy to Clipboard
C:\Program Files\Microsoft Office\root\Office16\ACCICONS.EXE.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.58 MB
MD5 354ac712082dbbd7c1e8630f6579cc54 Copy to Clipboard
SHA1 fbfc7c8c954a8c34ee56b25b38ee5575671f7e21 Copy to Clipboard
SHA256 4a7e166148b24e98624f58adaaa022f93a67a25d27e9e4500ad18456012c85af Copy to Clipboard
SSDeep 24576:QoFuf15P37tpyZGzsa5tiE33PuQdswAaC6hsPTuH5gog6f6da3:QoEfrvRsCiEFdKBPTuZgog6f6da3 Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Resources\1033\msmdsrvi_xl.rll.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.24 MB
MD5 04dcdca55100d97d39b2287e3e5fd4f5 Copy to Clipboard
SHA1 7fd7b108751df0d4bd835def1f50e06b174b50ff Copy to Clipboard
SHA256 1b5f466cdb17660f31aabf546efdfbeb448cd0b2a3ebde81c2eaa2c5b8da814a Copy to Clipboard
SSDeep 24576:jCi3YAQtKZ8e+M9x9GugmFVZK9r2aryORGw/CfQ9:P/Z8hEsugmOr2AyO3D9 Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.14 MB
MD5 b86ce5ece0394803119381846b3dc61c Copy to Clipboard
SHA1 298f94f9cbdc36e3a9a8f5f9752789653d00cfcd Copy to Clipboard
SHA256 7c8e47160eddc8d81a888721e578e38d5443ec93204431c4acd112806271b8b3 Copy to Clipboard
SSDeep 49152:IK/cD2pIaaBhaFYENHvUiTTHl4qn9vx9Kfr4tciENv1wuNME:IKhPIgXJTlRnxq Copy to Clipboard
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.42 MB
MD5 3761450eda4f5e88efa43fef7a337b24 Copy to Clipboard
SHA1 444f2b10a342e4786bfb53ec9318126a03fdb8fe Copy to Clipboard
SHA256 57faf5a14ae2ac78d9678bf67dc42927106f0fedafc2b4a04b63285b1e101ba8 Copy to Clipboard
SSDeep 49152:JMv3hpW/zTT/4om69DVq/8oWvLeqIJzz+KIJ+JJiRTjndNr1ISdeUN:Kv3hMbvWWvil1hJit/1ISdeUN Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.14 MB
MD5 4c188e287c49c91b837d5e42da18e2e4 Copy to Clipboard
SHA1 c7d99614eab7e1d21795973067fb647204acb8c6 Copy to Clipboard
SHA256 087e0d7490a0de35cb26e3189ef6394a0e2c70aece82fbd7f32349722047fdd3 Copy to Clipboard
SSDeep 49152:IK/cD2pIaaBhaFYENHvUiTTHl4qn9vx9Kfr4tciENv1wOQD:IKhPIgXJTlRnxOA Copy to Clipboard
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.42 MB
MD5 ea3dc624b9684eec45b7f5d9d390ead5 Copy to Clipboard
SHA1 c6e5d21a3d2d163a26518fd612070feefab75244 Copy to Clipboard
SHA256 b13556cde6b1310d1cbb22566d04230cfe69fb88aef50d6d91298535e94f37a8 Copy to Clipboard
SSDeep 49152:JMv3hpW/zTT/4om69DVq/8oWvLeqIJzz+KIJ+JJiRTjndNBb:Kv3hMbvWWvil1hJitF Copy to Clipboard
C:\Program Files\Microsoft Office\root\Templates\1033\Access\accessparts.xml.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 4be5671f6d1229ce16cdb2eec5154fdd Copy to Clipboard
SHA1 e59821c85fe86b7a1f10bb6b33e0758f0e35384f Copy to Clipboard
SHA256 cbda5f6a90470dbdcb3e295cb02418313aecc6c3a73854fba89a85e15538647c Copy to Clipboard
SSDeep 24576:ghMyDZAQ15IZAdKbjvLBa9IFnSh3NTjSJK:aH5uA8bDLM9IFnSh3NSU Copy to Clipboard
C:\Program Files\Microsoft Office\root\Office16\ACCICONS.EXE.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.58 MB
MD5 a594b69546ad80e78fb8b74b90b19cb0 Copy to Clipboard
SHA1 a604f9468595f1290fbd8bdd752a4b8ff4076b19 Copy to Clipboard
SHA256 30a8b64790f049e0e3faae0865eecd5a8abfbeea6e88a3620254c9f0e187f72a Copy to Clipboard
SSDeep 49152:QoEfrvRsCiEFdKBPTuZgog6fxwdbu2tiTqxa3:xEfbRZiEF6TAgovA9Fa3 Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.23 MB
MD5 16e98cee3ea1983cc43f15e659742d0f Copy to Clipboard
SHA1 0b3899379350e53b2650989a3b9698804611d412 Copy to Clipboard
SHA256 656c1f1bf048d882a4a393a6a7018a668e7d610ac21bfe7620c7b5a43c603133 Copy to Clipboard
SSDeep 24576:fQqnyZNEI7ywZh5yzMYKIxWyRsnR7ZkzkOxI9lHq08Jnq5FJtd+kwB/njgZx:IG4NB7/hczzKE1cZkzR+l4nuFiB/jgZx Copy to Clipboard
C:\Program Files\Microsoft Office\AppXManifest.xml.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.76 MB
MD5 8e1369baa9d8f65be7c65d84c818ea0a Copy to Clipboard
SHA1 1ba4e4e98dfe3eba374f00dbb1392328e5a8dcbc Copy to Clipboard
SHA256 1fc3d2410e422c2348fd164394b025cbc0f2f2fc59004311952836649c000356 Copy to Clipboard
SSDeep 49152:gXCkoKFBDGGXOj0MYDZcmBc3NI13NIwm8:vEAGejJSZLB5m8 Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.14 MB
MD5 0c3d43dd752a9d38e08bd0a8e36a6435 Copy to Clipboard
SHA1 9e3e0d7c7259cb776ab243690eeb466a3bdc9669 Copy to Clipboard
SHA256 99581a29191807509448d6576f4c14bccae9a8c7dfa63a8dc20c6310d81ab5f9 Copy to Clipboard
SSDeep 49152:QLQRuGLb+9Y6lnNHvUiTTczmmeW2z6vx9Kfr4tciENv1wuNMw:n+9YiJ+mDW2zg2 Copy to Clipboard
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.13 MB
MD5 6a759e0e3d7b3dfacf310ea10fe78c2b Copy to Clipboard
SHA1 31c8a83bc3128dfe8f74f07227fdb5dee3092dc6 Copy to Clipboard
SHA256 027d9184c1c807f4e3bab79569be8f777c8eedce95361337784834f2dc3e168a Copy to Clipboard
SSDeep 49152:bhsD+TKDSHmTi1ErrJI8pv7AnkD8ubZb2jZ4sMXYQv475MNY852/gEsP2N6YPZhy:bOym4PoRLeQfwZECt58QiXevpO Copy to Clipboard
C:\Program Files\Microsoft Office\AppXManifest.xml.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.76 MB
MD5 fea79071430b5b0f6ae02a322fc52fc8 Copy to Clipboard
SHA1 07a663e7fb58109f212da94de3c3e7e5708a1cfd Copy to Clipboard
SHA256 4861b6d6232438c1c9d95cb5f85edfb67f8ea11848400c4a3836c09a61b6df1b Copy to Clipboard
SSDeep 98304:vEAGejJSZLB+Cy5jOSczrLH9jwk18c0m8:/ZjJSZNbVScDyk18pm8 Copy to Clipboard
C:\Program Files\Microsoft Office\root\Office16\ACCICONS.EXE.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.58 MB
MD5 56b58429478fb107376b454becfb33c7 Copy to Clipboard
SHA1 66ba803265dbc92da3c8c114381f9a86548478a1 Copy to Clipboard
SHA256 f3972a873343a0d283fa98ad74390177f85f6118078a9540a628a3522f87472a Copy to Clipboard
SSDeep 49152:QoEfrvRsCiEFdKBPTuZgog6fxwdbu2tiTqxa0VOf8cPlgBGG:xEfbRZiEF6TAgovA9FayOf8ctgBGG Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Cultures\OFFICE.ODF.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.14 MB
MD5 1c3ba76982148701785f8b93a52b0da4 Copy to Clipboard
SHA1 8320876b522f01c567db8e3d8247f657968161cc Copy to Clipboard
SHA256 b974e06d75e0fa51af2d0346349461dc1a29b8c292aea4bc83eccd5ffef60d65 Copy to Clipboard
SSDeep 49152:QLQRuGLb+9Y6lnNHvUiTTczmmeW2z6vx9Kfr4tciENv1wIDQg:n+9YiJ+mDW2zgIDQg Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.58 MB
MD5 5183c479b08834c9d7b35dc40e04ce30 Copy to Clipboard
SHA1 7360e3ac180bac81d1b228bd04a3bb8b0d72d718 Copy to Clipboard
SHA256 d535a0f9ea23db1870656df25847a86687d861862c3dfd9cf74f05e01a59d1ab Copy to Clipboard
SSDeep 49152:a4Xhqa6iETuol2RPPLPog6fuuI2i8CfIO1EmkvtaO:a48a6iESM2xovmuTi8C9/caO Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\System\MSCOMCTL.OCX.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.62 MB
MD5 734264dd0b0d77050189f8eba9fd868c Copy to Clipboard
SHA1 8d0fc40ccdb8fe92e4b9d1604d703726839bf4c7 Copy to Clipboard
SHA256 ef0082ac110951dc1bcf9bb4cd7c6476c6b15af35cecedc07071442cfa1dbb28 Copy to Clipboard
SSDeep 24576:h55G1GFkMl+xT1VCPbW4Om2n5eG7MujUWEOMLoCag58eiIq8EsXWlLmUzukH:h55GGFlITmW4Omo6uBWeJH8EsX2mGukH Copy to Clipboard
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Javascripts\JSByteCodeWin.bin.locked Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.42 MB
MD5 e460af7a291cf674e0049c6ca47d8f60 Copy to Clipboard
SHA1 f364a94286a209e5cf0f736bca0d00867d9f2e04 Copy to Clipboard
SHA256 9e8d9ed80e26ef5e00ae63cbf8853c0e31900954fa4aac74e634f3494b11e8bc Copy to Clipboard
SSDeep 49152:JMv3hpW/zTT/4om69DVq/8oWvLeqIJzz+KIJlRy3zv3zZdNBb:Kv3hMbvWWvil1L Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.34 MB
MD5 1ec69c9f62d522928544833e70bf5317 Copy to Clipboard
SHA1 acc9e60e3a68608a4b89dee66ac9deaf9fdb2598 Copy to Clipboard
SHA256 57d6e6feebc7caa01d0c9db72545bcea6dd8cfbff46740cc9ffb4360515b1e27 Copy to Clipboard
SSDeep 24576:ShZrlLGAe/hnRP6cUHIhWgeVhP4YcDKDSopj2SRAvzPWG:86AohnRSjHIABhP4YcDUj2SuvzPWG Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 3.58 MB
MD5 69385090ddc853d236f03bd2f02ada1b Copy to Clipboard
SHA1 9f397f7f9290c17f82eb9a755979c299194118fd Copy to Clipboard
SHA256 6e7f73ad063acd69c843fd206f2483310d24ecfdb10782957a5987b62ae596e9 Copy to Clipboard
SSDeep 49152:a4Xhqa6iETuol2RPPLPog6fuuI2i8CfIO1Emkvtakxl+FeQ1p27o2K:a48a6iESM2xovmuTi8C9/ca44j27+ Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\accicons.exe.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 3.58 MB
MD5 62fe91cb720ca1d00972bf129e6e78f7 Copy to Clipboard
SHA1 4d30e7001805945aa97f8e636bb14a2c53155bd4 Copy to Clipboard
SHA256 76ee6a62fcc8c2edb73545a091c1acf4b769a218b95e9dd800477d82cd2a5f15 Copy to Clipboard
SSDeep 24576:1rFeQzQ++qXHy+Rhqaozl5tiE3Dt0bci4M82RPPj3pFog6f6daO:a4Xhqa6iETuol2RPPLPog6f6daO Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.23 MB
MD5 0b2e793a4feb772069a1d28ff54c6b2e Copy to Clipboard
SHA1 877702349902e2f8933b3e2eb928c9c22b69eef1 Copy to Clipboard
SHA256 26d96afcfc6d9d3fb01712c0adc567f2c76e73f56219f4e81a17d2179c306573 Copy to Clipboard
SSDeep 24576:fQqnyZNEI7ywZh5yzMYKIxWyRsnR7ZkzkOxI9lHq08Jnq5FJtd+kwBckE+:IG4NB7/hczzKE1cZkzR+l4nuFiBhN Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\msmdsrv.rll.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.34 MB
MD5 120c44ac96ea61404ea9ab901a64e51f Copy to Clipboard
SHA1 c293911fb70f3ba92ee7273611df76c2915e7451 Copy to Clipboard
SHA256 70e6d390baad586ebe9f3a871b3aae5223075b626b2091af5ae5ff8603327f36 Copy to Clipboard
SSDeep 12288:YAN1FQWTqIj3RrhiNjmhvmCy7S3oxuUvAMMeDsQb3+quyhPT/fQQRjnlHF2k2UD2:ZN/QqqefCK9ziADxmhhP8cFaUE05Rq Copy to Clipboard
C:\Program Files\Microsoft Office\AppXManifest.xml.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 5.76 MB
MD5 efca1f07da7e1337dc366b6b5de0d8a4 Copy to Clipboard
SHA1 59b655a6769e54af587d363051552c7bd0dd59a8 Copy to Clipboard
SHA256 09b0d65b1dbe89ac2b37009bfda6027afd15a868c7a5778716ae1292d220071f Copy to Clipboard
SSDeep 49152:gXCkoKFBDGGXOj0MYDZcmBraCy5jOSc33NIEwSrLTYe9b3NIwm8:vEAGejJSZLB+Cy5jOSczrLH9xm8 Copy to Clipboard
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 4.13 MB
MD5 362b6421040f5ec73ea59c0f90f72271 Copy to Clipboard
SHA1 e83c0b4f2281c3a6c17585b65a5554dd23bd0d0e Copy to Clipboard
SHA256 948b35bcc63877903029b2553b62ef98a6a3e6551981bf997d36d9ba469ceeca Copy to Clipboard
SSDeep 49152:bhsD+TKDSHmTi1ErrJI8pv7AnkD8ubZb2jZ4sMXYQv475MNY852/aTJaIPevpO:bOym4PoRLeQfvPevpO Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\1033\ADO210.CHM.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.60 MB
MD5 7e0ab4634a102c152196f52a42484b9b Copy to Clipboard
SHA1 2d30a7e7e7bf0e838a414d192e2f11b02b04f14d Copy to Clipboard
SHA256 8d737fbc669fa6fbf2cc9c45a60b88693bf1db695750288b1189f1b2ee7b76a3 Copy to Clipboard
SSDeep 49152:fNv9kkmMVHgzmcgHa3f+jt6Nu8aFaYpVsx:B9rpgzm1HaPW8u8aFaYpOx Copy to Clipboard
C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.TXT.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.13 MB
MD5 f0698774e9db5d1fa1eaf471658c5b84 Copy to Clipboard
SHA1 13f344d9a07bb920995607054707c2a49ebf6852 Copy to Clipboard
SHA256 17d083b40f24a79e6926f108038a326e14d93355fb946ca5d009c91b9d4ea02c Copy to Clipboard
SSDeep 12288:/6nThExkBK55edlB65HiD095Eb8mTBi4NtJ3LxB64n/Lor3Z:/6ThESBK5il8q09aBli4pv7LorZ Copy to Clipboard
C:\Program Files\Microsoft Office\AppXManifest.xml.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 5.76 MB
MD5 6a618441dc0f450628883974f7919fba Copy to Clipboard
SHA1 ad0f3f28d543e0a888f04348288c84db861c35f6 Copy to Clipboard
SHA256 c346e46259ce56fd0275e62ceef3b59af872e76911cce82f37279b1194682f54 Copy to Clipboard
SSDeep 49152:gXCkoKFBDGGXOj0MYDZcmBraCy5jOSc33NI13NIwm8:vEAGejJSZLB+Cy5jOSc8m8 Copy to Clipboard
C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 4.13 MB
MD5 d00dfa68ceac647fd7ca002d1dd7a33b Copy to Clipboard
SHA1 c58c8ae64c8614071a96076c8e2306ae1eaae962 Copy to Clipboard
SHA256 6a68506bc1b8d67d0a1dead318f08486902c259fa8e86c1ec5f023d79aa00c7e Copy to Clipboard
SSDeep 49152:bhsD+TKDSHmTi1ErrJI8pv7AnkD8ubZb2jZ4sMXYQv475MNY852/gEsP2N6YPZhL:bOym4PoRLeQfwZECt58QiXevpX Copy to Clipboard
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 571.41 KB
MD5 94da587a9b3572632e30c0727cb89403 Copy to Clipboard
SHA1 99d3812d7089cfb891b6ece53eeb54566b447f0f Copy to Clipboard
SHA256 986a65b924db3d7cba67468a00d8f3c9341226e1d78d263639a91c0f04be20ff Copy to Clipboard
SSDeep 12288:vfil21q7ddsUB7lRYYYd7qMNMasmD1RCwmw7iceTgeC8Xa:H6QkddsUv0NTRJiceseCJ Copy to Clipboard
C:\Program Files\Microsoft Office\AppXManifest.xml.locked Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 5.76 MB
MD5 1b046822a2de609d18170db0595e0abb Copy to Clipboard
SHA1 5b1a5fe8946032e2044025654a8c37f8eb5dd29b Copy to Clipboard
SHA256 c8e512adc76a1847737e81069cd42760e63a51cea980cd0832381927658c672e Copy to Clipboard
SSDeep 98304:vEAGejJSZLB+Cy5jOSczrLH9jwk18c0PZQ7Vz:/ZjJSZNbVScDyk18psz Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image