Malicious
Classifications
Backdoor
Threat Names
NanoCore Mal/Generic-S Mal/HTMLGen-A Gen:Variant.Cerbu.11615
Dynamic Analysis Report
Created on 2021-09-28T11:40:00
8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe | Sample File | Binary |
malicious
|
...
|
»
File Reputation Information
»
Verdict |
malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x583f8e |
Size Of Code | 0x182000 |
Size Of Initialized Data | 0x800 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2021-09-28 08:02:24+00:00 |
Version Information (11)
»
Comments | - |
CompanyName | Nickerson Farms |
FileDescription | Huyler's |
FileVersion | 1.6.4.6 |
InternalName | Ue1vZiW.exe |
LegalCopyright | Copyright © Nickerson Farms |
LegalTrademarks | - |
OriginalFilename | Ue1vZiW.exe |
ProductName | Huyler's2 |
ProductVersion | 1.6.4.6 |
Assembly Version | 1.2.7.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x181f94 | 0x182000 | 0x200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.29 |
.rsrc | 0x584000 | 0x5d8 | 0x600 | 0x182200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.22 |
.reloc | 0x586000 | 0xc | 0x200 | 0x182800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x402000 | 0x183f64 | 0x182164 | 0x0 |
Memory Dumps (29)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe | 1 | 0x00400000 | 0x00587FFF | Relevant Image | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C30178 | 0x08C3017F | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C301A0 | 0x08C301A7 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C301C8 | 0x08C301CF | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08CB4C5E | 0x08CB4C68 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08CB4C52 | 0x08CB4C5C | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C30208 | 0x08C3024F | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C80780 | 0x08C80783 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807A4 | 0x08C807AB | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807AC | 0x08C807AF | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807B0 | 0x08C807B7 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807B8 | 0x08C807BB | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807BC | 0x08C807BF | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807C0 | 0x08C807C3 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807C4 | 0x08C807CB | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807CC | 0x08C807CF | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807D0 | 0x08C807D7 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807D8 | 0x08C807DB | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807DC | 0x08C807DF | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807E0 | 0x08C807E7 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807E8 | 0x08C807EB | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807EC | 0x08C807EF | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C807F0 | 0x08C807F7 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C80800 | 0x08C80807 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C80814 | 0x08C8081B | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C80824 | 0x08C8082B | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C8082C | 0x08C8082F | Marked Executable | 32-bit | - |
...
|
|||
buffer | 1 | 0x08C80830 | 0x08C80833 | Marked Executable | 32-bit | - |
...
|
|||
buffer | 5 | 0x00400000 | 0x00437FFF | Content Changed | 32-bit | - |
...
|
C:\Users\RDhJ0CNFevzX\AppData\Roaming\03845CB8-7441-4A2F-8C0F-C90408AF5778\run.dat | Dropped File | Stream |
clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\AppData\Roaming\03845CB8-7441-4A2F-8C0F-C90408AF5778\settings.bin | Dropped File | Stream |
clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp2010.tmp | Dropped File | Text |
clean
|
...
|
»