NanoCore | 8222127c77b4

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\xErAccEJcQLD.exe (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	1.51 MB
MD5	4f0f86315b42b8dad8a1b430d5ac084a
SHA1	e50192512d5cf87ece05a1b3974fccc652eff93b
SHA256	8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d
SSDeep	12288:jfuyMJL4xqDGHF3rzbMfOhVr0I1hwd3o+VJNMzh4FmKinjIRsjr:HMy2YqfOL4ahwdYEnMzhE
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	malicious
Names	Mal/Generic-S

PE Information

Image Base	0x400000
Entry Point	0x583f8e
Size Of Code	0x182000
Size Of Initialized Data	0x800
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-09-28 08:02:24+00:00

Version Information (11)

Comments	-
CompanyName	Nickerson Farms
FileDescription	Huyler's
FileVersion	1.6.4.6
InternalName	Ue1vZiW.exe
LegalCopyright	Copyright © Nickerson Farms
LegalTrademarks	-
OriginalFilename	Ue1vZiW.exe
ProductName	Huyler's2
ProductVersion	1.6.4.6
Assembly Version	1.2.7.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x181f94	0x182000	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.29
.rsrc	0x584000	0x5d8	0x600	0x182200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.22
.reloc	0x586000	0xc	0x200	0x182800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x402000	0x183f64	0x182164	0x0

Memory Dumps (29)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
8222127c77b4f83832246e9ce96da7741f1352da9d3548ad8b959b2e00b54c0d.exe	1	0x00400000	0x00587FFF	Relevant Image	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C30178	0x08C3017F	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C301A0	0x08C301A7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C301C8	0x08C301CF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08CB4C5E	0x08CB4C68	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08CB4C52	0x08CB4C5C	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C30208	0x08C3024F	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C80780	0x08C80783	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807A4	0x08C807AB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807AC	0x08C807AF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807B0	0x08C807B7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807B8	0x08C807BB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807BC	0x08C807BF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807C0	0x08C807C3	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807C4	0x08C807CB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807CC	0x08C807CF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807D0	0x08C807D7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807D8	0x08C807DB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807DC	0x08C807DF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807E0	0x08C807E7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807E8	0x08C807EB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807EC	0x08C807EF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C807F0	0x08C807F7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C80800	0x08C80807	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C80814	0x08C8081B	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C80824	0x08C8082B	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C8082C	0x08C8082F	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x08C80830	0x08C80833	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	5	0x00400000	0x00437FFF	Content Changed	32-bit	-	... Memory Dump Actions Go to Process Go to AV Match Go to YARA Matches Download Dump

C:\Users\RDhJ0CNFevzX\AppData\Roaming\03845CB8-7441-4A2F-8C0F-C90408AF5778\run.dat

Dropped File

Stream

MIME Type	application/octet-stream
File Size	8 Bytes
MD5	9582d88e85d33b6eda9fc6e4939a1b0c
SHA1	0587df03b229d63f688693bdc1cdc7cf4fa252bb
SHA256	5d83dbb5913fdf20100349066ec06a422feced21773dd30d3628d1a3a1e5d370
SSDeep	3:011:011
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Roaming\03845CB8-7441-4A2F-8C0F-C90408AF5778\settings.bin

Dropped File

Stream

MIME Type	application/octet-stream
File Size	8 Bytes
MD5	cdbed468f133c3bafff2bb301c37800a
SHA1	01cd45c2244c66eb201a3bbb2b44b8db3753c910
SHA256	3c099e8a656f6d63978ecb6dd8d4c8eacdb689bb2f748314550dc78a05f30d95
SSDeep	3:2b:2b
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp2010.tmp

Dropped File

Text

MIME Type	text/xml
File Size	1.61 KB
MD5	bedc52f36cbc687e8faf6f7cdf07f61f
SHA1	00065168710cc59ff85d0ce16a6d2b2e058297d1
SHA256	0ff264e72d7749cd90a16b0e022350a16a31bdf37819583022963441cf103e30
SSDeep	24:2dH4+SEqC9Y7JlNMFV/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBVtn:cbh27JlNQV/rydbz9I3YODOLNdq3N
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After