8e6b8154...2342

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\FD1HVy\Desktop\CoronaCrypt0r.exe

Sample File

Binary

Malicious

Mime Type	application/vnd.microsoft.portable-executable
File Size	65.50 KB
MD5	8653e1e9ec6857a5a4dbd73ccdfb5948
SHA1	3c7fc5d079c65ce58c8e22e081ca05c094d60316
SHA256	8e6b81544f31d6edbe915b1448db58b7f1d11f46d1d5ab18cc5a7b5b12da2342
SSDeep	768:Pl7qdpKkcwkr6HEbNthZh875g4P1j1VjL/FMppWsXOX4pky25LokeTUj0Pbpmsj9:Pl7ckdt+gKj3fwNebtsIgTp/m/mYKV
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Severity	Blacklisted
Names	Mal/Generic-S

PE Information

Image Base	0x400000
Entry Point	0x411ade
Size Of Code	0xfc00
Size Of Initialized Data	0x800
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2105-07-19 01:09:25+00:00

Version Information (11)

Assembly Version	1.0.0.0
Comments	-
CompanyName	-
FileDescription	CoronaCrypt0r
FileVersion	1.0.0.0
InternalName	CoronaDecrypt0r.exe
LegalCopyright	Copyright © 2020
LegalTrademarks	-
OriginalFilename	CoronaDecrypt0r.exe
ProductName	CoronaCrypt0r
ProductVersion	1.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0xfae4	0xfc00	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.93
.rsrc	0x412000	0x5d4	0x600	0xfe00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.13
.reloc	0x414000	0xc	0x200	0x10400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	0x0	0x402000	0x11ab4	0xfcb4	0x0

Memory Dumps (26)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
coronacrypt0r.exe	1	0x00CF0000	0x00D05FFF	Relevant Image	64-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69655000	0x7FFC69655FFF	First Execution	64-bit	0x7FFC69655020	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69614000	0x7FFC69614FFF	First Execution	64-bit	0x7FFC69614250	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69660000	0x7FFC6966FFFF	First Execution	64-bit	0x7FFC69660080	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69614000	0x7FFC69614FFF	Content Changed	64-bit	0x7FFC696146E8	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69655000	0x7FFC69655FFF	Content Changed	64-bit	0x7FFC696552C0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69660000	0x7FFC6966FFFF	Content Changed	64-bit	0x7FFC69660160	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x1B812000	0x1B813FFF	First Execution	64-bit	0x1B813E8C	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69656000	0x7FFC69656FFF	First Execution	64-bit	0x7FFC69656032	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69657000	0x7FFC69657FFF	First Execution	64-bit	0x7FFC69657012	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69658000	0x7FFC69658FFF	First Execution	64-bit	0x7FFC69658060	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69659000	0x7FFC69659FFF	First Execution	64-bit	0x7FFC69659020	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6965A000	0x7FFC6965AFFF	First Execution	64-bit	0x7FFC6965A032	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69656000	0x7FFC69656FFF	Content Changed	64-bit	0x7FFC69656032	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6965B000	0x7FFC6965BFFF	First Execution	64-bit	0x7FFC6965B000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6965C000	0x7FFC6965CFFF	First Execution	64-bit	0x7FFC6965C040	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69614000	0x7FFC69614FFF	Content Changed	64-bit	0x7FFC69614750	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69655000	0x7FFC69655FFF	Content Changed	64-bit	0x7FFC69655020	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69658000	0x7FFC69658FFF	Content Changed	64-bit	0x7FFC69658CA0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6965C000	0x7FFC6965CFFF	Content Changed	64-bit	0x7FFC6965C660	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69659000	0x7FFC69659FFF	Content Changed	64-bit	0x7FFC69659100	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC69657000	0x7FFC69657FFF	Content Changed	64-bit	0x7FFC69657B20	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6965B000	0x7FFC6965BFFF	Content Changed	64-bit	0x7FFC6965B780	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6965A000	0x7FFC6965AFFF	Content Changed	64-bit	0x7FFC6965A032	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6965C000	0x7FFC6965CFFF	Content Changed	64-bit	0x7FFC6965C660	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6965C000	0x7FFC6965CFFF	Content Changed	64-bit	0x7FFC6965C660	... Memory Dump Actions Go to Process Download Dump

Local AV Matches (1)

Threat Name	Severity
Gen:Heur.Ransom.Imps.3	Malicious

C:\Users\FD1HVy\Desktop\-6ovIx7aguv.mkv.Lock

Dropped File

Text

Unknown

Mime Type	text/plain
File Size	99.99 KB
MD5	60a6f7a4763c43eb6ca34503bef011b4
SHA1	c45d4bf8462ceec4e094f4f411679d7721d497b5
SHA256	21806ab7f30dcab1df03f8d2d6d2530149cea1094d3c6b06bf1cbd0f4a10d2c2
SSDeep	3072:rpvFkAy0RD3rv2gxYCEI29XjC6ruk66LNMGHvEJDIsZ:rRVD3+U29XjC6r166LyGHv68sZ
ImpHash	-

C:\Users\FD1HVy\Desktop\-aDU.m4a.Lock

Dropped File

Text

Unknown

Mime Type	text/plain
File Size	211.67 KB
MD5	9ead21c597ddb3497c71c6149f74b846
SHA1	c8b9c1f4cf5fbc39c9e66f960f72f24db289f694
SHA256	c4496e49d2764e447df3c78957a34794705c868e7315f1176f99f93d74967d31
SSDeep	3072:agqBZPpbiyimjDzwqQINzGdaDcCRqq6/URdQ6y10sruds9o9NV6Nf3LB1M/hwypj:XqhbhPjDEqZ5cYdQQ/dtV6NDBW/h5
ImpHash	-

C:\Users\FD1HVy\Desktop\as0HMHVEymgiE6R6-V.bmp.Lock

Dropped File

Text

Unknown

Mime Type	text/plain
File Size	213.78 KB
MD5	e04a6b2548941eb70ebe622f45028635
SHA1	b684108a7307d33042edd63ccb7f52efbf9dbdc9
SHA256	eb9e2344452727abc0137206b5326799a190d34e5a9bf9035a0d654e10eab1f8
SSDeep	3072:Ug1N3MbjSHaIORmj/VCG879Sg5hwSWWoDMnFEj9RcbqWvChb+XsAf4VkQmFrF/6X:UxjUa2jtu7R5hwX3MOZkx85mFgieag
ImpHash	-

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After