8805ce23...f4e8 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -
Threat Names:
Gen:Variant.Ulise.103459
Mal/Generic-S

l7APAbdp1QTgRjcl.exe

Windows Exe (x86-32)

Created at 2020-04-02T06:24:00

...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 20 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\l7APAbdp1QTgRjcl.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 2.40 MB
MD5 9330544a69b499f9b2ea79fd5a57bccc Copy to Clipboard
SHA1 17cf9b71e0f8cf3068977c670499ed816e1b65ab Copy to Clipboard
SHA256 8805ce23c95a5049ca6d9678f419848b3ace3f1a0cdd36d3867d7d827ab5f4e8 Copy to Clipboard
SSDeep 24576:BoTrdf82VV8/JmlmKG5l+pdoEQXbpztsqxLU5yxl0L72M+mrGCeB9ijwEtqTM821:BoeT5lhEqxEIW7c67Mo8A8N4Gj Copy to Clipboard
ImpHash 91802a615b3a5c4bcc05bc5f66a5b219 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x457840
Size Of Code 0x11d400
Size Of Initialized Data 0x16400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 1970-01-01 00:00:00+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x11d295 0x11d400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.11
.rdata 0x51f000 0x132c97 0x132e00 0x11d800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.72
.data 0x652000 0x2b058 0x16400 0x250600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.09
.idata 0x67e000 0x3aa 0x400 0x266a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.53
.symtab 0x67f000 0x4 0x200 0x266e00 IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.02
Imports (1)
»
kernel32.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile 0x0 0x652020 0x27e312 0x266d12 0x0
WriteConsoleW 0x0 0x652024 0x27e316 0x266d16 0x0
WaitForMultipleObjects 0x0 0x652028 0x27e31a 0x266d1a 0x0
WaitForSingleObject 0x0 0x65202c 0x27e31e 0x266d1e 0x0
VirtualQuery 0x0 0x652030 0x27e322 0x266d22 0x0
VirtualFree 0x0 0x652034 0x27e326 0x266d26 0x0
VirtualAlloc 0x0 0x652038 0x27e32a 0x266d2a 0x0
SwitchToThread 0x0 0x65203c 0x27e32e 0x266d2e 0x0
SuspendThread 0x0 0x652040 0x27e332 0x266d32 0x0
SetWaitableTimer 0x0 0x652044 0x27e336 0x266d36 0x0
SetUnhandledExceptionFilter 0x0 0x652048 0x27e33a 0x266d3a 0x0
SetProcessPriorityBoost 0x0 0x65204c 0x27e33e 0x266d3e 0x0
SetEvent 0x0 0x652050 0x27e342 0x266d42 0x0
SetErrorMode 0x0 0x652054 0x27e346 0x266d46 0x0
SetConsoleCtrlHandler 0x0 0x652058 0x27e34a 0x266d4a 0x0
ResumeThread 0x0 0x65205c 0x27e34e 0x266d4e 0x0
PostQueuedCompletionStatus 0x0 0x652060 0x27e352 0x266d52 0x0
LoadLibraryA 0x0 0x652064 0x27e356 0x266d56 0x0
LoadLibraryW 0x0 0x652068 0x27e35a 0x266d5a 0x0
SetThreadContext 0x0 0x65206c 0x27e35e 0x266d5e 0x0
GetThreadContext 0x0 0x652070 0x27e362 0x266d62 0x0
GetSystemInfo 0x0 0x652074 0x27e366 0x266d66 0x0
GetSystemDirectoryA 0x0 0x652078 0x27e36a 0x266d6a 0x0
GetStdHandle 0x0 0x65207c 0x27e36e 0x266d6e 0x0
GetQueuedCompletionStatus 0x0 0x652080 0x27e372 0x266d72 0x0
GetProcessAffinityMask 0x0 0x652084 0x27e376 0x266d76 0x0
GetProcAddress 0x0 0x652088 0x27e37a 0x266d7a 0x0
GetEnvironmentStringsW 0x0 0x65208c 0x27e37e 0x266d7e 0x0
GetConsoleMode 0x0 0x652090 0x27e382 0x266d82 0x0
FreeEnvironmentStringsW 0x0 0x652094 0x27e386 0x266d86 0x0
ExitProcess 0x0 0x652098 0x27e38a 0x266d8a 0x0
DuplicateHandle 0x0 0x65209c 0x27e38e 0x266d8e 0x0
CreateThread 0x0 0x6520a0 0x27e392 0x266d92 0x0
CreateIoCompletionPort 0x0 0x6520a4 0x27e396 0x266d96 0x0
CreateEventA 0x0 0x6520a8 0x27e39a 0x266d9a 0x0
CloseHandle 0x0 0x6520ac 0x27e39e 0x266d9e 0x0
AddVectoredExceptionHandler 0x0 0x6520b0 0x27e3a2 0x266da2 0x0
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
l7apabdp1qtgrjcl.exe 1 0x00400000 0x0067FFFF Relevant Image True 32-bit 0x0043FC60 True False
...
l7apabdp1qtgrjcl.exe 1 0x00400000 0x0067FFFF Final Dump True 32-bit 0x004035D3 True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ulise.103459
Malicious
C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_nwyzpfcp.v3b.ps1 Dropped File Text
Whitelisted
...
»
Also Known As C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_shgafj41.m2j.ps1 (Dropped File)
C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_1xkv2x4g.ef0.psm1 (Dropped File)
C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_zyndrb5o.fdv.psm1 (Dropped File)
Mime Type text/x-powershell
File Size 1 Bytes
MD5 c4ca4238a0b923820dcc509a6f75849b Copy to Clipboard
SHA1 356a192b7913b04c54574d18c28d46e6395428ab Copy to Clipboard
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Copy to Clipboard
SSDeep 3:U:U Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
VMRay - Analyzer - www.vmray.com
Legal Note
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image