Try VMRay Platform
Malicious
Classifications

Injector

Threat Names

-

Dynamic Analysis Report

Created on 2021-09-28T06:38:00

8b971c2c4c9a020eb274c36db20bc0e1b203a7909d63f48f99bef5594110929f.exe.dll

Windows DLL (x86-64)
...

Remarks (2/2)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "7 hours, 50 minutes, 34 seconds" to "30 seconds" to reveal dormant functionality.

Remarks

(0x0200004A): 28 dumps were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 21 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\8b971c2c4c9a020eb274c36db20bc0e1b203a7909d63f48f99bef5594110929f.exe.dll Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.26 MB
MD5 fd6992463689acf855ef55d06a01061a Copy to Clipboard
SHA1 d8b3968a08b12e8ce4b1eec04eb5c86ad910145c Copy to Clipboard
SHA256 8b971c2c4c9a020eb274c36db20bc0e1b203a7909d63f48f99bef5594110929f Copy to Clipboard
SSDeep 24576:TqSPG9Jg6TYbmGBtf9efojVpVwKYs1tRCS7SPFL3EOGTWqG5QVEzAJ24GOy2ioLi:TyWbmGBtf9efojVpVwKYs1tR/7SPFL3H Copy to Clipboard
ImpHash 126feacb5b6732ad1a4ed77f47cf4f6d Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x1800d7cec
Size Of Code 0xf9000
Size Of Initialized Data 0x49a00
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2021-09-27 11:59:27+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0xf8f20 0xf9000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.63
.rdata 0x1800fa000 0x174b0 0x17600 0xf9400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.58
.data 0x180112000 0x2c110 0x2b000 0x110a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.27
.pdata 0x18013f000 0x5478 0x5600 0x13ba00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.82
_RDATA 0x180145000 0xf4 0x200 0x141000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.45
.reloc 0x180146000 0x9bc 0xa00 0x141200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.39
Imports (1)
»
KERNEL32.dll (79)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VirtualAlloc - 0x1800fa000 0x110c58 0x110058 0x5d9
VirtualProtect - 0x1800fa008 0x110c60 0x110060 0x5df
GetProcAddress - 0x1800fa010 0x110c68 0x110068 0x2b8
LoadLibraryA - 0x1800fa018 0x110c70 0x110070 0x3c8
QueryPerformanceCounter - 0x1800fa020 0x110c78 0x110078 0x452
QueryPerformanceFrequency - 0x1800fa028 0x110c80 0x110080 0x453
RtlCaptureContext - 0x1800fa030 0x110c88 0x110088 0x4d5
RtlLookupFunctionEntry - 0x1800fa038 0x110c90 0x110090 0x4dc
RtlVirtualUnwind - 0x1800fa040 0x110c98 0x110098 0x4e3
UnhandledExceptionFilter - 0x1800fa048 0x110ca0 0x1100a0 0x5c0
SetUnhandledExceptionFilter - 0x1800fa050 0x110ca8 0x1100a8 0x57f
GetCurrentProcess - 0x1800fa058 0x110cb0 0x1100b0 0x220
TerminateProcess - 0x1800fa060 0x110cb8 0x1100b8 0x59e
IsProcessorFeaturePresent - 0x1800fa068 0x110cc0 0x1100c0 0x38c
GetCurrentProcessId - 0x1800fa070 0x110cc8 0x1100c8 0x221
GetCurrentThreadId - 0x1800fa078 0x110cd0 0x1100d0 0x225
GetSystemTimeAsFileTime - 0x1800fa080 0x110cd8 0x1100d8 0x2f3
InitializeSListHead - 0x1800fa088 0x110ce0 0x1100e0 0x36f
IsDebuggerPresent - 0x1800fa090 0x110ce8 0x1100e8 0x385
GetStartupInfoW - 0x1800fa098 0x110cf0 0x1100f0 0x2da
GetModuleHandleW - 0x1800fa0a0 0x110cf8 0x1100f8 0x281
SetEndOfFile - 0x1800fa0a8 0x110d00 0x110100 0x520
RtlPcToFileHeader - 0x1800fa0b0 0x110d08 0x110108 0x4de
RaiseException - 0x1800fa0b8 0x110d10 0x110110 0x468
RtlUnwindEx - 0x1800fa0c0 0x110d18 0x110118 0x4e2
InterlockedFlushSList - 0x1800fa0c8 0x110d20 0x110120 0x373
GetLastError - 0x1800fa0d0 0x110d28 0x110128 0x26a
SetLastError - 0x1800fa0d8 0x110d30 0x110130 0x541
EncodePointer - 0x1800fa0e0 0x110d38 0x110138 0x134
EnterCriticalSection - 0x1800fa0e8 0x110d40 0x110140 0x138
LeaveCriticalSection - 0x1800fa0f0 0x110d48 0x110148 0x3c4
DeleteCriticalSection - 0x1800fa0f8 0x110d50 0x110150 0x114
InitializeCriticalSectionAndSpinCount - 0x1800fa100 0x110d58 0x110158 0x36b
TlsAlloc - 0x1800fa108 0x110d60 0x110160 0x5b0
TlsGetValue - 0x1800fa110 0x110d68 0x110168 0x5b2
TlsSetValue - 0x1800fa118 0x110d70 0x110170 0x5b3
TlsFree - 0x1800fa120 0x110d78 0x110178 0x5b1
FreeLibrary - 0x1800fa128 0x110d80 0x110180 0x1b4
LoadLibraryExW - 0x1800fa130 0x110d88 0x110188 0x3ca
ExitProcess - 0x1800fa138 0x110d90 0x110190 0x167
GetModuleHandleExW - 0x1800fa140 0x110d98 0x110198 0x280
GetStdHandle - 0x1800fa148 0x110da0 0x1101a0 0x2dc
GetFileType - 0x1800fa150 0x110da8 0x1101a8 0x258
GetModuleFileNameW - 0x1800fa158 0x110db0 0x1101b0 0x27d
WriteConsoleW - 0x1800fa160 0x110db8 0x1101b8 0x624
ReadFile - 0x1800fa168 0x110dc0 0x1101c0 0x479
HeapFree - 0x1800fa170 0x110dc8 0x1101c8 0x355
HeapAlloc - 0x1800fa178 0x110dd0 0x1101d0 0x351
HeapReAlloc - 0x1800fa180 0x110dd8 0x1101d8 0x358
CompareStringW - 0x1800fa188 0x110de0 0x1101e0 0x9e
LCMapStringW - 0x1800fa190 0x110de8 0x1101e8 0x3b8
FlushFileBuffers - 0x1800fa198 0x110df0 0x1101f0 0x1a8
WriteFile - 0x1800fa1a0 0x110df8 0x1101f8 0x625
GetConsoleOutputCP - 0x1800fa1a8 0x110e00 0x110200 0x209
GetConsoleMode - 0x1800fa1b0 0x110e08 0x110208 0x205
GetFileSizeEx - 0x1800fa1b8 0x110e10 0x110210 0x256
SetFilePointerEx - 0x1800fa1c0 0x110e18 0x110218 0x533
ReadConsoleW - 0x1800fa1c8 0x110e20 0x110220 0x476
OutputDebugStringW - 0x1800fa1d0 0x110e28 0x110228 0x41e
CloseHandle - 0x1800fa1d8 0x110e30 0x110230 0x89
FindClose - 0x1800fa1e0 0x110e38 0x110238 0x17e
FindFirstFileExW - 0x1800fa1e8 0x110e40 0x110240 0x184
FindNextFileW - 0x1800fa1f0 0x110e48 0x110248 0x195
IsValidCodePage - 0x1800fa1f8 0x110e50 0x110250 0x392
GetACP - 0x1800fa200 0x110e58 0x110258 0x1bb
GetOEMCP - 0x1800fa208 0x110e60 0x110260 0x2a1
GetCPInfo - 0x1800fa210 0x110e68 0x110268 0x1ca
GetCommandLineA - 0x1800fa218 0x110e70 0x110270 0x1df
GetCommandLineW - 0x1800fa220 0x110e78 0x110278 0x1e0
MultiByteToWideChar - 0x1800fa228 0x110e80 0x110280 0x3f6
WideCharToMultiByte - 0x1800fa230 0x110e88 0x110288 0x611
GetEnvironmentStringsW - 0x1800fa238 0x110e90 0x110290 0x241
FreeEnvironmentStringsW - 0x1800fa240 0x110e98 0x110298 0x1b3
SetEnvironmentVariableW - 0x1800fa248 0x110ea0 0x1102a0 0x524
GetProcessHeap - 0x1800fa250 0x110ea8 0x1102a8 0x2be
SetStdHandle - 0x1800fa258 0x110eb0 0x1102b0 0x55b
GetStringTypeW - 0x1800fa260 0x110eb8 0x1102b8 0x2e1
CreateFileW - 0x1800fa268 0x110ec0 0x1102c0 0xce
HeapSize - 0x1800fa270 0x110ec8 0x1102c8 0x35a
Exports (59)
»
Api name EAT Address Ordinal
DllRegisterServer 0x10d0 0x1
DllUnregisterServer 0x1160 0x2
PauseW 0x11f0 0x3
ResumeServer 0x1280 0x4
ResumeW 0x1310 0x5
StartServer 0x13a0 0x6
StartW 0x1430 0x7
StopServer 0x14c0 0x8
SuspendServer 0x1550 0x9
opj_codec_set_threads 0x89c10 0xa
opj_create_compress 0x8a210 0xb
opj_create_decompress 0x89710 0xc
opj_decode 0x89e50 0xd
opj_decode_tile_data 0x8a170 0xe
opj_destroy_codec 0x89a10 0xf
opj_destroy_cstr_index 0x8a910 0x10
opj_destroy_cstr_info 0x8a7e0 0x11
opj_dump_codec 0x8a840 0x12
opj_encode 0x8a760 0x13
opj_encoder_set_extra_options 0x8a600 0x14
opj_end_compress 0x8a6e0 0x15
opj_end_decompress 0x89a80 0x16
opj_get_cstr_index 0x8a8d0 0x17
opj_get_cstr_info 0x8a890 0x18
opj_get_decoded_tile 0x89ed0 0x19
opj_get_num_cpus 0xcecc0 0x1a
opj_has_thread_support 0xcecb0 0x1b
opj_image_create 0x634b0 0x1c
opj_image_data_alloc 0x89450 0x1d
opj_image_data_free 0x89480 0x1e
opj_image_destroy 0x63730 0x1f
opj_image_tile_create 0x637f0 0x20
opj_read_header 0x89c60 0x21
opj_read_tile_header 0x8a050 0x22
opj_set_MCT 0x8a950 0x23
opj_set_decode_area 0x89dc0 0x24
opj_set_decoded_components 0x89d00 0x25
opj_set_decoded_resolution_factor 0x89f60 0x26
opj_set_default_decoder_parameters 0x89b00 0x27
opj_set_default_encoder_parameters 0x8a420 0x28
opj_set_error_handler 0x896b0 0x29
opj_set_info_handler 0x895f0 0x2a
opj_set_warning_handler 0x89650 0x2b
opj_setup_decoder 0x89b80 0x2c
opj_setup_encoder 0x8a580 0x2d
opj_start_compress 0x8a660 0x2e
opj_stream_create 0x562e0 0x2f
opj_stream_create_default_file_stream 0x894a0 0x30
opj_stream_create_file_stream 0x894d0 0x31
opj_stream_default_create 0x562b0 0x32
opj_stream_destroy 0x56430 0x33
opj_stream_set_read_function 0x564a0 0x34
opj_stream_set_seek_function 0x56580 0x35
opj_stream_set_skip_function 0x56540 0x36
opj_stream_set_user_data 0x565c0 0x37
opj_stream_set_user_data_length 0x56610 0x38
opj_stream_set_write_function 0x564f0 0x39
opj_version 0x89440 0x3a
opj_write_tile 0x89fb0 0x3b
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\5A65.tmp Dropped File Unknown
clean
...
  • Actions
»
MIME Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\ma0k5hvd\0otu73hxkl[1] Downloaded File Stream
clean
...
»
MIME Type application/octet-stream
File Size 286.50 KB
MD5 e9de307670ee30a3f6b8ee82e6cfbe2c Copy to Clipboard
SHA1 eadac328e64b0d5f0d21dccfb4fa55dd3d55f4be Copy to Clipboard
SHA256 6412223cc43f3304f9b03d12e7dddc9de3c5d0f96b148f8007dca61130e788b0 Copy to Clipboard
SSDeep 6144:ww/QycYBWthNQgEghpBogNX3iuYDXMHLfWQ+BCHNDT2a:ww4xFN4gH+gIuQXULBvHNDH Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image