8e775324...2393 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Dropper
Threat Names:
Trojan.MSIL.Basic.6.Gen
Mal/Generic-S

bbc.exe

Windows Exe (x86-32)

Created at 2021-01-22T15:11:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\bbc.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 88.48 KB
MD5 19f207b20b1d2a05aba1a1eb59da54d2 Copy to Clipboard
SHA1 8d75108ec34fd79f8336041d5ff31443cc527add Copy to Clipboard
SHA256 8e775324fc69a677394cf6d079d1d45bf53af10acd683bda53e5f86a8a192393 Copy to Clipboard
SSDeep 1536:eXoKlnzpMyqDQ+IJDDctJUX0DKR+cQpOJ0ILn6Cw+9WdlIgoAG4FbrZvJdEwP9dI:uomnzVincQDKgcQpHIbHIlDRrZRdp9dI Copy to Clipboard
ImpHash e9c0657252137ac61c1eeeba4c021000 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x40326b
Size Of Code 0x6400
Size Of Initialized Data 0x27c00
Size Of Uninitialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-12-16 00:50:56+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x62ff 0x6400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.46
.rdata 0x408000 0x134a 0x1400 0x6800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.24
.data 0x40a000 0x25518 0x600 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.05
.ndata 0x430000 0x8000 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x438000 0xa60 0xc00 0x8200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.2
Imports (7)
»
KERNEL32.dll (61)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTempPathA 0x0 0x408070 0x864c 0x6e4c 0x1d5
GetFileSize 0x0 0x408074 0x8650 0x6e50 0x163
GetModuleFileNameA 0x0 0x408078 0x8654 0x6e54 0x17d
GetCurrentProcess 0x0 0x40807c 0x8658 0x6e58 0x142
CopyFileA 0x0 0x408080 0x865c 0x6e5c 0x43
ExitProcess 0x0 0x408084 0x8660 0x6e60 0xb9
SetEnvironmentVariableA 0x0 0x408088 0x8664 0x6e64 0x313
Sleep 0x0 0x40808c 0x8668 0x6e68 0x356
GetTickCount 0x0 0x408090 0x866c 0x6e6c 0x1df
GetCommandLineA 0x0 0x408094 0x8670 0x6e70 0x110
lstrlenA 0x0 0x408098 0x8674 0x6e74 0x3cc
GetVersion 0x0 0x40809c 0x8678 0x6e78 0x1e8
SetErrorMode 0x0 0x4080a0 0x867c 0x6e7c 0x315
lstrcpynA 0x0 0x4080a4 0x8680 0x6e80 0x3c9
GetDiskFreeSpaceA 0x0 0x4080a8 0x8684 0x6e84 0x14d
GlobalUnlock 0x0 0x4080ac 0x8688 0x6e88 0x20a
GetWindowsDirectoryA 0x0 0x4080b0 0x868c 0x6e8c 0x1f3
SetFileAttributesA 0x0 0x4080b4 0x8690 0x6e90 0x319
GetLastError 0x0 0x4080b8 0x8694 0x6e94 0x171
CreateDirectoryA 0x0 0x4080bc 0x8698 0x6e98 0x4b
CreateProcessA 0x0 0x4080c0 0x869c 0x6e9c 0x66
RemoveDirectoryA 0x0 0x4080c4 0x86a0 0x6ea0 0x2c4
CreateFileA 0x0 0x4080c8 0x86a4 0x6ea4 0x53
GetTempFileNameA 0x0 0x4080cc 0x86a8 0x6ea8 0x1d3
ReadFile 0x0 0x4080d0 0x86ac 0x6eac 0x2b5
WriteFile 0x0 0x4080d4 0x86b0 0x6eb0 0x3a4
lstrcpyA 0x0 0x4080d8 0x86b4 0x6eb4 0x3c6
MoveFileExA 0x0 0x4080dc 0x86b8 0x6eb8 0x26f
lstrcatA 0x0 0x4080e0 0x86bc 0x6ebc 0x3bd
GetSystemDirectoryA 0x0 0x4080e4 0x86c0 0x6ec0 0x1c1
GetProcAddress 0x0 0x4080e8 0x86c4 0x6ec4 0x1a0
GetExitCodeProcess 0x0 0x4080ec 0x86c8 0x6ec8 0x15a
WaitForSingleObject 0x0 0x4080f0 0x86cc 0x6ecc 0x390
CompareFileTime 0x0 0x4080f4 0x86d0 0x6ed0 0x39
SetFileTime 0x0 0x4080f8 0x86d4 0x6ed4 0x31f
GetFileAttributesA 0x0 0x4080fc 0x86d8 0x6ed8 0x15e
SetCurrentDirectoryA 0x0 0x408100 0x86dc 0x6edc 0x30a
MoveFileA 0x0 0x408104 0x86e0 0x6ee0 0x26e
GetFullPathNameA 0x0 0x408108 0x86e4 0x6ee4 0x169
GetShortPathNameA 0x0 0x40810c 0x86e8 0x6ee8 0x1b5
SearchPathA 0x0 0x408110 0x86ec 0x6eec 0x2db
CloseHandle 0x0 0x408114 0x86f0 0x6ef0 0x34
lstrcmpiA 0x0 0x408118 0x86f4 0x6ef4 0x3c3
CreateThread 0x0 0x40811c 0x86f8 0x6ef8 0x6f
GlobalLock 0x0 0x408120 0x86fc 0x6efc 0x203
lstrcmpA 0x0 0x408124 0x8700 0x6f00 0x3c0
DeleteFileA 0x0 0x408128 0x8704 0x6f04 0x83
FindFirstFileA 0x0 0x40812c 0x8708 0x6f08 0xd2
FindNextFileA 0x0 0x408130 0x870c 0x6f0c 0xdc
FindClose 0x0 0x408134 0x8710 0x6f10 0xce
SetFilePointer 0x0 0x408138 0x8714 0x6f14 0x31b
GetPrivateProfileStringA 0x0 0x40813c 0x8718 0x6f18 0x19c
WritePrivateProfileStringA 0x0 0x408140 0x871c 0x6f1c 0x3a9
MulDiv 0x0 0x408144 0x8720 0x6f20 0x274
MultiByteToWideChar 0x0 0x408148 0x8724 0x6f24 0x275
FreeLibrary 0x0 0x40814c 0x8728 0x6f28 0xf8
LoadLibraryExA 0x0 0x408150 0x872c 0x6f2c 0x253
GetModuleHandleA 0x0 0x408154 0x8730 0x6f30 0x17f
GlobalAlloc 0x0 0x408158 0x8734 0x6f34 0x1f8
GlobalFree 0x0 0x40815c 0x8738 0x6f38 0x1ff
ExpandEnvironmentStringsA 0x0 0x408160 0x873c 0x6f3c 0xbc
USER32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSystemMenu 0x0 0x408184 0x8760 0x6f60 0x15c
SetClassLongA 0x0 0x408188 0x8764 0x6f64 0x247
EnableMenuItem 0x0 0x40818c 0x8768 0x6f68 0xc2
IsWindowEnabled 0x0 0x408190 0x876c 0x6f6c 0x1ae
SetWindowPos 0x0 0x408194 0x8770 0x6f70 0x283
GetSysColor 0x0 0x408198 0x8774 0x6f74 0x15a
GetWindowLongA 0x0 0x40819c 0x8778 0x6f78 0x16e
SetCursor 0x0 0x4081a0 0x877c 0x6f7c 0x24d
LoadCursorA 0x0 0x4081a4 0x8780 0x6f80 0x1ba
CheckDlgButton 0x0 0x4081a8 0x8784 0x6f84 0x38
GetMessagePos 0x0 0x4081ac 0x8788 0x6f88 0x13c
CallWindowProcA 0x0 0x4081b0 0x878c 0x6f8c 0x1b
IsWindowVisible 0x0 0x4081b4 0x8790 0x6f90 0x1b1
CloseClipboard 0x0 0x4081b8 0x8794 0x6f94 0x42
SetClipboardData 0x0 0x4081bc 0x8798 0x6f98 0x24a
EmptyClipboard 0x0 0x4081c0 0x879c 0x6f9c 0xc1
OpenClipboard 0x0 0x4081c4 0x87a0 0x6fa0 0x1f6
ScreenToClient 0x0 0x4081c8 0x87a4 0x6fa4 0x231
GetWindowRect 0x0 0x4081cc 0x87a8 0x6fa8 0x174
GetDlgItem 0x0 0x4081d0 0x87ac 0x6fac 0x111
GetSystemMetrics 0x0 0x4081d4 0x87b0 0x6fb0 0x15d
SetDlgItemTextA 0x0 0x4081d8 0x87b4 0x6fb4 0x253
GetDlgItemTextA 0x0 0x4081dc 0x87b8 0x6fb8 0x113
MessageBoxIndirectA 0x0 0x4081e0 0x87bc 0x6fbc 0x1e2
CharPrevA 0x0 0x4081e4 0x87c0 0x6fc0 0x2d
DispatchMessageA 0x0 0x4081e8 0x87c4 0x6fc4 0xa1
PeekMessageA 0x0 0x4081ec 0x87c8 0x6fc8 0x200
GetDC 0x0 0x4081f0 0x87cc 0x6fcc 0x10c
ReleaseDC 0x0 0x4081f4 0x87d0 0x6fd0 0x22a
EnableWindow 0x0 0x4081f8 0x87d4 0x6fd4 0xc4
InvalidateRect 0x0 0x4081fc 0x87d8 0x6fd8 0x193
SendMessageA 0x0 0x408200 0x87dc 0x6fdc 0x23b
DefWindowProcA 0x0 0x408204 0x87e0 0x6fe0 0x8e
BeginPaint 0x0 0x408208 0x87e4 0x6fe4 0xd
GetClientRect 0x0 0x40820c 0x87e8 0x6fe8 0xff
FillRect 0x0 0x408210 0x87ec 0x6fec 0xe2
EndDialog 0x0 0x408214 0x87f0 0x6ff0 0xc6
RegisterClassA 0x0 0x408218 0x87f4 0x6ff4 0x216
SystemParametersInfoA 0x0 0x40821c 0x87f8 0x6ff8 0x299
CreateWindowExA 0x0 0x408220 0x87fc 0x6ffc 0x60
GetClassInfoA 0x0 0x408224 0x8800 0x7000 0xf6
DialogBoxParamA 0x0 0x408228 0x8804 0x7004 0x9e
CharNextA 0x0 0x40822c 0x8808 0x7008 0x2a
ExitWindowsEx 0x0 0x408230 0x880c 0x700c 0xe1
LoadImageA 0x0 0x408234 0x8810 0x7010 0x1c0
CreateDialogParamA 0x0 0x408238 0x8814 0x7014 0x55
SetTimer 0x0 0x40823c 0x8818 0x7018 0x27a
SetWindowTextA 0x0 0x408240 0x881c 0x701c 0x286
SetForegroundWindow 0x0 0x408244 0x8820 0x7020 0x257
ShowWindow 0x0 0x408248 0x8824 0x7024 0x292
SetWindowLongA 0x0 0x40824c 0x8828 0x7028 0x280
SendMessageTimeoutA 0x0 0x408250 0x882c 0x702c 0x23e
FindWindowExA 0x0 0x408254 0x8830 0x7030 0xe4
IsWindow 0x0 0x408258 0x8834 0x7034 0x1ad
AppendMenuA 0x0 0x40825c 0x8838 0x7038 0x8
TrackPopupMenu 0x0 0x408260 0x883c 0x703c 0x2a4
CreatePopupMenu 0x0 0x408264 0x8840 0x7040 0x5e
DrawTextA 0x0 0x408268 0x8844 0x7044 0xbc
EndPaint 0x0 0x40826c 0x8848 0x7048 0xc8
DestroyWindow 0x0 0x408270 0x884c 0x704c 0x99
wsprintfA 0x0 0x408274 0x8850 0x7050 0x2d7
PostQuitMessage 0x0 0x408278 0x8854 0x7054 0x204
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SelectObject 0x0 0x40804c 0x8628 0x6e28 0x20e
SetTextColor 0x0 0x408050 0x862c 0x6e2c 0x23c
SetBkMode 0x0 0x408054 0x8630 0x6e30 0x216
CreateFontIndirectA 0x0 0x408058 0x8634 0x6e34 0x3a
CreateBrushIndirect 0x0 0x40805c 0x8638 0x6e38 0x29
DeleteObject 0x0 0x408060 0x863c 0x6e3c 0x8f
GetDeviceCaps 0x0 0x408064 0x8640 0x6e40 0x16b
SetBkColor 0x0 0x408068 0x8644 0x6e44 0x215
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation 0x0 0x408168 0x8744 0x6f44 0xc3
ShellExecuteExA 0x0 0x40816c 0x8748 0x6f48 0x109
SHGetPathFromIDListA 0x0 0x408170 0x874c 0x6f4c 0xbc
SHBrowseForFolderA 0x0 0x408174 0x8750 0x6f50 0x79
SHGetFileInfoA 0x0 0x408178 0x8754 0x6f54 0xac
SHFileOperationA 0x0 0x40817c 0x8758 0x6f58 0x9a
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustTokenPrivileges 0x0 0x408000 0x85dc 0x6ddc 0x1c
RegCreateKeyExA 0x0 0x408004 0x85e0 0x6de0 0x1d1
RegOpenKeyExA 0x0 0x408008 0x85e4 0x6de4 0x1ec
SetFileSecurityA 0x0 0x40800c 0x85e8 0x6de8 0x22e
OpenProcessToken 0x0 0x408010 0x85ec 0x6dec 0x1ac
LookupPrivilegeValueA 0x0 0x408014 0x85f0 0x6df0 0x14f
RegEnumValueA 0x0 0x408018 0x85f4 0x6df4 0x1e1
RegDeleteKeyA 0x0 0x40801c 0x85f8 0x6df8 0x1d4
RegDeleteValueA 0x0 0x408020 0x85fc 0x6dfc 0x1d8
RegCloseKey 0x0 0x408024 0x8600 0x6e00 0x1cb
RegSetValueExA 0x0 0x408028 0x8604 0x6e04 0x204
RegQueryValueExA 0x0 0x40802c 0x8608 0x6e08 0x1f7
RegEnumKeyA 0x0 0x408030 0x860c 0x6e0c 0x1dd
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Create 0x0 0x408038 0x8614 0x6e14 0x37
ImageList_AddMasked 0x0 0x40803c 0x8618 0x6e18 0x34
(by ordinal) 0x11 0x408040 0x861c 0x6e1c -
ImageList_Destroy 0x0 0x408044 0x8620 0x6e20 0x38
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUninitialize 0x0 0x408280 0x885c 0x705c 0x105
OleInitialize 0x0 0x408284 0x8860 0x7060 0xee
CoTaskMemFree 0x0 0x408288 0x8864 0x7064 0x65
CoCreateInstance 0x0 0x40828c 0x8868 0x7068 0x10
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
bbc.exe 1 0x00400000 0x00438FFF Relevant Image True 32-bit 0x004063A8 False False
...
bbc.exe 1 0x00400000 0x00438FFF Process Termination True 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.MSIL.Basic.6.Gen
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Programs\Temp\wqm58yk7.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 104.00 KB
MD5 48ea3794091a9f17e12f5c1a90e1f7d7 Copy to Clipboard
SHA1 1bb17eef59764e84f95b7a5c0aad649b8517ee43 Copy to Clipboard
SHA256 dcd725c415cebc7df170edf49af18d6f86e76ef75185737de5959405f4aecc56 Copy to Clipboard
SSDeep 3072:otcvKR5Kkzk1s6eKSEqlcRHG9fHdJM9F+f:JoFEqlc09fd6U Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x41b59e
Size Of Code 0x19600
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-01-21 09:14:39+00:00
Version Information (7)
»
Assembly Version 0.0.0.0
FileDescription
FileVersion 0.0.0.0
InternalName Client-kildef2.exe
LegalCopyright
OriginalFilename Client-kildef2.exe
ProductVersion 0.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x195a4 0x19600 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.25
.rsrc 0x41c000 0x5e5 0x600 0x19800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.47
.reloc 0x41e000 0xc 0x200 0x19e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x1b57c 0x1977c 0x0
Memory Dumps (1)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
wqm58yk7.exe 2 0x003D0000 0x003EFFFF Relevant Image True 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.MSIL.Basic.6.Gen
Malicious
C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg Modified File Stream
Unknown
...
»
Also Known As C:\Users\Public\Pictures\Sample Pictures\Chrysanthemum.jpg.0l0lqq (Dropped File)
Mime Type application/octet-stream
File Size 858.78 KB
MD5 7d01ac6050d17b4f1150266f78c7c23d Copy to Clipboard
SHA1 fc55b7c7995630e6f534bfec6c607d5a542bc39b Copy to Clipboard
SHA256 828c01f4fd3f0627103777f0060133d6652e173c84896ed0fdc06daaf0517941 Copy to Clipboard
SSDeep 24576:Utet4BPsy/wIf7/91RUgTQ2jkEGqcujfKjt:Uq3FIfx1RUeTkSD4t Copy to Clipboard
ImpHash -
C:\Users\Public\Pictures\Sample Pictures\Desert.jpg.0l0lqq Dropped File Stream
Unknown
...
»
Also Known As C:\Users\Public\Pictures\Sample Pictures\Desert.jpg (Modified File)
Mime Type application/octet-stream
File Size 826.11 KB
MD5 54d63d01512760dd8c64799419eee691 Copy to Clipboard
SHA1 833cb55eee64886a1545f2b2b506cbc0e2ec733a Copy to Clipboard
SHA256 e40710c2aeabbcf59130ccf16d9391bb3fcc27607f13f875bef3bcf755c2f7eb Copy to Clipboard
SSDeep 12288:5168t/LqZASEgTY3wwDxhu86G5Tn5lOIjkgl7gI4znFmbgFE92+5roQV2L:5Q8NS3+AwS86G5TnGIjgfzCibeO Copy to Clipboard
ImpHash -
C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg Modified File Stream
Unknown
...
»
Also Known As C:\Users\Public\Pictures\Sample Pictures\Hydrangeas.jpg.0l0lqq (Dropped File)
Mime Type application/octet-stream
File Size 581.33 KB
MD5 3fe6de9d544f9a8c85d47e60c606ad34 Copy to Clipboard
SHA1 c730d2e5b3f17b7038b54c17968155657c818f4a Copy to Clipboard
SHA256 9c6341591e3b539f464582876e41a2d9bb567aafa2744751d49b54bc17c3de0c Copy to Clipboard
SSDeep 12288:nDXtlZlH/H+2XSXRdfT7JNKphdMRa2itB05cTi5/AOpw3qN6GmNiF:DXtM2XWbNNghd4a45cm5/Fw3qJmNW Copy to Clipboard
ImpHash -
C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg Modified File Stream
Unknown
...
»
Also Known As C:\Users\Public\Pictures\Sample Pictures\Jellyfish.jpg.0l0lqq (Dropped File)
Mime Type application/octet-stream
File Size 757.52 KB
MD5 a617b873a298b42e1ff8b85f8942091b Copy to Clipboard
SHA1 6d633fe76f2954bc5cd0400c074b46b2a455bb8e Copy to Clipboard
SHA256 87e702be8608415613cc248ea9369035057e2fb7232ff60af22d781f01a53226 Copy to Clipboard
SSDeep 12288:4jvTi6RX+i0fOOeXgckmdb4KCdZulDQREu2wV7nMxqfn2H0Lfmtwhpm9MUco:iTiCX+i0Mwckmdb6E86u2wDOH0LbhpW1 Copy to Clipboard
ImpHash -
C:\Users\Public\Music\Sample Music\Kalimba.mp3 Modified File Stream
Unknown
...
»
Also Known As C:\Users\Public\Music\Sample Music\Kalimba.mp3.0l0lqq (Dropped File)
Mime Type application/octet-stream
File Size 8.02 MB
MD5 625ba380ed3c8ae041cfa05fa33bb3f2 Copy to Clipboard
SHA1 938c2f694594a8908f93159ed416823d9db8d3be Copy to Clipboard
SHA256 e605989631e1a5d6874f56fe9603a41fc6d1cd43e33ff5d4edb7c3404d43128e Copy to Clipboard
SSDeep 196608:p784iJqxXeDldahuK0HG2wj3qEnTHvpIX1XvGZi8ZqVmyy8tG2k78S:R4ceDlkkHG2wbPTHxMGZlqY1r2kH Copy to Clipboard
ImpHash -
C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3.0l0lqq Dropped File Stream
Unknown
...
»
Also Known As C:\Users\Public\Music\Sample Music\Maid with the Flaxen Hair.mp3 (Modified File)
Mime Type application/octet-stream
File Size 3.92 MB
MD5 f5b21aedde61e7443c3d49449d1b0538 Copy to Clipboard
SHA1 8210e88c4014278ddc9c998daa041b17312edc6e Copy to Clipboard
SHA256 045c6a951603afbd8a04e8572be8f150f0cb50aed31900f7f506d4f113b5b477 Copy to Clipboard
SSDeep 98304:jE0UyVPMeuVmNOI1dR7xywLeZffloj9bsCCaSPa8IZ0hwpkbC/KJO7iO10c11:jEUPMxVmNOidRdywLe9flohbsC8aR0Ji Copy to Clipboard
ImpHash -
C:\Users\Public\Music\Sample Music\Sleep Away.mp3.0l0lqq Dropped File Stream
Unknown
...
»
Also Known As C:\Users\Public\Music\Sample Music\Sleep Away.mp3 (Modified File)
Mime Type application/octet-stream
File Size 4.62 MB
MD5 5aff3a514e77b5f6fef84a1d612fe231 Copy to Clipboard
SHA1 17f91ff9d69d2ca142aae57aec7a4c82a7e5aacc Copy to Clipboard
SHA256 940e0f4b261d2ef07e6303b52f29b9eadf95b0437283a12906559d35d838b19d Copy to Clipboard
SSDeep 98304:LLFsSdBlqqEXUzpBCUpJ9oPP3Ab00/0y1Y+W3nxslZvMCVkf1QD:VsSdZEXUzprJGnOdMyyNxTAkfi Copy to Clipboard
ImpHash -
c:\programdata\microsoft\search\data\applications\windows\windows.edb.0l0lqq Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 72.06 MB
MD5 028c9d829e61fc0233ebbb1952ec3f54 Copy to Clipboard
SHA1 5c9476b9ae86a3c6639931de003fee52d7d1f558 Copy to Clipboard
SHA256 ea62d1b196e8d7f76157e7856cf60b7c85a8fe70e463af0ba82a56bb2f5b8ff5 Copy to Clipboard
SSDeep 196608:4m4xJ816X0dF17QgNIIPHsz5JMyMsALMZB62eEIxmf:2xa1nbQXmsz5OPsAL+zzIK Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vdITubh\wKltG-gZSXrJ9THv7zME.jpg.0l0lqq Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vdITubh\wKltG-gZSXrJ9THv7zME.jpg (Modified File)
Mime Type application/octet-stream
File Size 63.27 KB
MD5 0b4e9ef4fadb61efff69cc83e4b6e928 Copy to Clipboard
SHA1 23d6d3b874196df650e7baf723db8025bd73b37c Copy to Clipboard
SHA256 f830cae5afc59e15900c289ee1c19e39e0dd5a90d8a01bd2e0b1ab92b18b6fef Copy to Clipboard
SSDeep 1536:xQTiFksASEJ/o9R88PkcL6Fu//TkXZq2bfuP2iSDKYkpQDFQDItMtyw:+iTAS8/H8McL6U/kZhpisKYKZDftyw Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vdITubh\yvssvet7S.png.0l0lqq Dropped File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Pictures\vdITubh\yvssvet7S.png (Modified File)
Mime Type application/octet-stream
File Size 86.24 KB
MD5 1d60f6d16ffdc0975994c7299786e816 Copy to Clipboard
SHA1 82472ac19625044cbd3c70793ae51fd9c54b9262 Copy to Clipboard
SHA256 93b2af4755305c8ff57cc25d5bef503a8d8998aad1545b813df8c7872515cc4a Copy to Clipboard
SSDeep 1536:CsE6I/peFlS+PT3yd6qxWSFhRpFCmdleSYMTV1wf7qf9WZmLH+h6:CsEr2V3yYEWSF7rCO/V1wf7G9WZ+H+Y Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Music\2iawPQcoA3.mp3 Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Music\2iawPQcoA3.mp3.0l0lqq (Dropped File)
Mime Type application/octet-stream
File Size 37.23 KB
MD5 0ae9e94caf0bd47a800b83ba8345c79e Copy to Clipboard
SHA1 f61498ee35c2fded18e6d5cab5a1f4d93f3ea690 Copy to Clipboard
SHA256 ffee4b744d8e6854ef85951f842d8736b709fb26c433d554c6e895bf266a3bc2 Copy to Clipboard
SSDeep 768:FTxErkc0YQ5MIbXWGkyignfrs/eDoX9yL9Gx8CICEn50kwKMWR:FTq4JYQGIyvV8frcUKKCI1507KMWR Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\RESTORE_FILES_INFO.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.48 KB
MD5 5285b71a32886aa97bd78d056e403681 Copy to Clipboard
SHA1 003e425d9e62cd9054a533f4cbe79266cef671ba Copy to Clipboard
SHA256 81e7d82b48a51af9a014cc62ed17605f0939ffb76c2082f8a0a656bc26434812 Copy to Clipboard
SSDeep 24:6ClimHPnIekFQjhRe9bgnYp/kEo+WzbQsaYtVFYj5SIxS5rPb:6CImHfv0pp/kEvOMsaYt0j5nA Copy to Clipboard
ImpHash -
C:\Users\Public\Pictures\Sample Pictures\RESTORE_FILES_INFO.txt Dropped File Text
Unknown
...
»
Also Known As c:\programdata\microsoft\officesoftwareprotectionplatform\cache\restore_files_info.txt (Dropped File)
c:\programdata\microsoft\windows nt\msscan\restore_files_info.txt (Dropped File)
c:\programdata\microsoft\user account pictures\restore_files_info.txt (Dropped File)
C:\Users\Public\Pictures\Sample Pictures\RESTORE_FILES_INFO.txt (Dropped File)
C:\Users\Public\Music\Sample Music\RESTORE_FILES_INFO.txt (Dropped File)
c:\programdata\microsoft\windows\power efficiency diagnostics\restore_files_info.txt (Dropped File)
c:\programdata\microsoft\search\data\applications\windows\restore_files_info.txt (Dropped File)
c:\programdata\microsoft\network\downloader\restore_files_info.txt (Dropped File)
c:\programdata\microsoft\officesoftwareprotectionplatform\restore_files_info.txt (Dropped File)
c:\programdata\microsoft\device stage\device\{8702d817-5aad-4674-9ef3-4d3decd87120}\restore_files_info.txt (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\RESTORE_FILES_INFO.txt (Dropped File)
Mime Type text/plain
File Size 1.53 KB
MD5 214351708e49c2ce485d55caebdff008 Copy to Clipboard
SHA1 02c81738d17526690dddd21ddef881978b673257 Copy to Clipboard
SHA256 0ee637714eff9b24c84d28a3a78101d3ddb1ff8409e434eab3fd2c744fca7892 Copy to Clipboard
SSDeep 24:6ClimHPnIekFQjhRe9bgnYp/kEo+WzbQsaYtVFYj5SIxS5rP/:6CImHfv0pp/kEvOMsaYt0j5nS Copy to Clipboard
ImpHash -
C:\Users\5P5NRG~1\AppData\Local\Temp\nssB7AA.tmp Dropped File Unknown
Not Queried
...
»
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image