Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Trojan.GenericKDZ.76753 Gen:Variant.Mikey.113998

Dynamic Analysis Report

Created on 2021-09-28T10:41:00

8bcde178298b0263ce7cb8e4c6a5ef4d0fcea9729a21e2cef4eaec3f2ad27bc8.exe.dll

Windows DLL (x86-64)
...

Remarks (2/2)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "25 minutes" to "8 minutes" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\8bcde178298b0263ce7cb8e4c6a5ef4d0fcea9729a21e2cef4eaec3f2ad27bc8.exe.dll Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.19 MB
MD5 cbaf988697e5794257533479c39ed20a Copy to Clipboard
SHA1 02d31d47c4bcb4285e847634be7483a31986b29e Copy to Clipboard
SHA256 8bcde178298b0263ce7cb8e4c6a5ef4d0fcea9729a21e2cef4eaec3f2ad27bc8 Copy to Clipboard
SSDeep 12288:qVI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:3fP7fWsK5z9A+WGAW+V5SB6Ct4bnb Copy to Clipboard
ImpHash 6668be91e2c948b183827f040944057f Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKDZ.76753
malicious
PE Information
»
Image Base 0x140000000
Entry Point 0x140041070
Size Of Code 0x41000
Size Of Initialized Data 0xef000
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2020-02-20 08:35:24+00:00
Version Information (8)
»
CompanyName Microsoft Corporati
FileDescription Background Intellig
FileVersion 7.5.7600.16385 (win7_rtm.090713-
InternalName bitsp
LegalCopyright © Microsoft Corporation. All rights reserv
OriginalFilename kbdy
ProductName Microsoft® Windows® Operating S
ProductVersion 6.1.7600
Sections (39)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x40796 0x41000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.73
.rdata 0x140042000 0x64fcb 0x65000 0x42000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.87
.data 0x1400a7000 0x178b8 0x18000 0xa7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.32
.pdata 0x1400bf000 0x12c 0x1000 0xbf000 IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.58
.rsrc 0x1400c0000 0x880 0x1000 0xc0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.24
.reloc 0x1400c1000 0x2324 0x3000 0xc1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.65
.qkm 0x1400c4000 0x74a 0x1000 0xc4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.cvjb 0x1400c5000 0x1e66 0x2000 0xc5000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.tlmkv 0x1400c7000 0xbde 0x1000 0xc7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wucsxe 0x1400c8000 0x45174 0x46000 0xc8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wnx 0x14010e000 0x8fe 0x1000 0x10e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.weqy 0x14010f000 0x8fe 0x1000 0x10f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.yby 0x140110000 0x1278 0x2000 0x110000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ormx 0x140112000 0xbde 0x1000 0x112000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.dhclu 0x140113000 0x23b 0x1000 0x113000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.xmiul 0x140114000 0x23b 0x1000 0x114000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.tlwcxe 0x140115000 0x13e 0x1000 0x115000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.get 0x140116000 0xbde 0x1000 0x116000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.hzrd 0x140117000 0x1124 0x2000 0x117000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.qzu 0x140119000 0x736 0x1000 0x119000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.nhglos 0x14011a000 0x1af 0x1000 0x11a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.itzo 0x14011b000 0x23b 0x1000 0x11b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.nmsaom 0x14011c000 0x23b 0x1000 0x11c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.rvhi 0x14011d000 0x1af 0x1000 0x11d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ucrzce 0x14011e000 0x389 0x1000 0x11e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ijc 0x14011f000 0xbf6 0x1000 0x11f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ohvs 0x140120000 0x13e 0x1000 0x120000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.rlvrc 0x140121000 0x1ee 0x1000 0x121000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.yjv 0x140122000 0xbde 0x1000 0x122000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.clbcyy 0x140123000 0x13e 0x1000 0x123000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.xcyn 0x140124000 0x8fe 0x1000 0x124000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.boqx 0x140125000 0x389 0x1000 0x125000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.yprnqb 0x140126000 0x543 0x1000 0x126000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.jywdw 0x140127000 0x1f2a 0x2000 0x127000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ozgm 0x140129000 0x1ee 0x1000 0x129000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.lfsh 0x14012a000 0x197d 0x2000 0x12a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.orl 0x14012c000 0x197d 0x2000 0x12c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.nhhd 0x14012e000 0x1f2a 0x2000 0x12e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.npgiw 0x140130000 0x23b 0x1000 0x130000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.1
Imports (7)
»
USER32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LookupIconIdFromDirectoryEx - 0x140042098 0xa64c8 0xa64c8 0x205
WaitForInputIdle - 0x1400420a0 0xa64d0 0xa64d0 0x32e
GetParent - 0x1400420a8 0xa64d8 0xa64d8 0x166
GetFocus - 0x1400420b0 0xa64e0 0xa64e0 0x12e
SETUPAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CM_Get_Resource_Conflict_DetailsW - 0x140042078 0xa64a8 0xa64a8 0x8a
KERNEL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection - 0x140042038 0xa6468 0xa6468 0xd2
DeleteTimerQueue - 0x140042040 0xa6470 0xa6470 0xd9
TerminateJobObject - 0x140042048 0xa6478 0xa6478 0x4cd
GetFileInformationByHandle - 0x140042050 0xa6480 0xa6480 0x1f3
GetThreadLocale - 0x140042058 0xa6488 0xa6488 0x293
GetNamedPipeServerProcessId - 0x140042060 0xa6490 0xa6490 0x229
GetConsoleFontSize - 0x140042068 0xa6498 0xa6498 0x1aa
GDI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateBitmapIndirect - 0x140042020 0xa6450 0xa6450 0x2b
GetPolyFillMode - 0x140042028 0xa6458 0xa6458 0x206
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CertGetCTLContextProperty - 0x140042010 0xa6440 0xa6440 0x44
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AddAccessDeniedObjectAce - 0x140042000 0xa6430 0xa6430 0x15
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChrCmpIW - 0x140042088 0xa64b8 0xa64b8 0xa
Exports (17)
»
Api name EAT Address Ordinal
GetFileVersionInfoA 0x211f0 0x1
GetFileVersionInfoByHandle 0x131f4 0x2
GetFileVersionInfoExA 0x26a4c 0x3
GetFileVersionInfoExW 0x7a40 0x4
GetFileVersionInfoSizeA 0x384bc 0x5
GetFileVersionInfoSizeExA 0x14b58 0x6
GetFileVersionInfoSizeExW 0x34b08 0x7
GetFileVersionInfoSizeW 0x2cde8 0x8
GetFileVersionInfoW 0xe048 0x9
VerFindFileA 0x240d0 0xa
VerFindFileW 0xbf44 0xb
VerInstallFileA 0x39f34 0xc
VerInstallFileW 0xbd54 0xd
VerLanguageNameA 0x39060 0xe
VerLanguageNameW 0x1e230 0xf
VerQueryValueA 0x161cc 0x10
VerQueryValueW 0x37b00 0x11
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image