8ebf2ae4...291e | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Wiper, Ransomware

8ebf2ae4c362f76d402703efe3dc095901f2d78917f88a520b67584a7d8f291e (SHA256)

LIGMA.exe

Windows Exe (x86-32)

Created at 2018-09-08 08:53:00

...

Notifications (2/3)

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

The overall sleep time of all monitored processes was truncated from "1 minute, 15 seconds" to "30 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

Remarks

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Master Boot Record Changes
»
Sector Number Sector Size Actions
0 512 bytes
...
Filters:
Filename Category Type Severity Actions
C:\Users\CIiHmnxMn6Ps\Desktop\LIGMA.exe Sample File Binary
Blacklisted
...
»
Mime Type application/x-dosexec
File Size 56.50 KB
MD5 598e8e939e1ed451c3e32d9192c23450 Copy to Clipboard
SHA1 60dfa2628428c77d8f161cc1bd62c88c2e6f6248 Copy to Clipboard
SHA256 8ebf2ae4c362f76d402703efe3dc095901f2d78917f88a520b67584a7d8f291e Copy to Clipboard
SSDeep 1536:1lah78nRF8GLsXyv1SUm88CL5JsuccSDlDSxl:1lah78R1Le5pCL5JscAle7 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-08-29 23:05 (UTC+2)
Last Seen 2018-09-05 00:19 (UTC+2)
Names ByteCode-MSIL.Trojan.Genasom
Families Genasom
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x40ea62
Size Of Code 0xcc00
Size Of Initialized Data 0x1400
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-08-29 19:55:00+00:00
Version Information (11)
»
Assembly Version 0.0.0.0
LegalCopyright Copyright © 2018
InternalName LIGMA.exe
FileVersion 0.0.0.0
CompanyName -
LegalTrademarks -
Comments -
ProductName LIGMA
ProductVersion 0.0.0.0
FileDescription LIGMA
OriginalFilename LIGMA.exe
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0xca70 0xcc00 0x200 cnt_code, mem_execute, mem_read 6.56
.rsrc 0x410000 0x10e0 0x1200 0xce00 cnt_initialized_data, mem_read 4.91
.reloc 0x412000 0xc 0x200 0xe000 cnt_initialized_data, mem_discardable, mem_read 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0xea38 0xcc38 0x0
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerRegistration.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.94 KB
MD5 e867729a36210750c21419ba51950b48 Copy to Clipboard
SHA1 70363669ceee640d92824337faf37f9ffaff9428 Copy to Clipboard
SHA256 81f513af1306c24d7fb7e79bb03c6514f2ee20559c6122b789d77d571b40bc3d Copy to Clipboard
SSDeep 48:c/8nA3YkIOSYCoPbWEEqJ90iDRlbExsbiRT5tysBr9yKK9PQZ8Yz6ep3qXBmE5bf:c/8nA3fr6oJ90IRlIx7qnazjJEluXJxs Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeBackgroundTaskHandlerLogon.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.77 KB
MD5 7491a0177771535ebe4947b4e011592c Copy to Clipboard
SHA1 deb6bea6c49d60fe958cb747016813fd1fdd7ab5 Copy to Clipboard
SHA256 9e721b6a9c69187a3bc84e0e4b0482cd30cc4e985dc32b3e5d9e759a4f42ffe6 Copy to Clipboard
SSDeep 48:EuAEenbxlpVFNb+1o/0lcogrAJ8n+nL0UPyRQmdeAJa2y+F6PKVZJinb5VxAUoxf:EuAR9h7b+u/0le3n+nI0yWmva2y6mrnO Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\Stream.Platform.Culture.man.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.73 MB
MD5 505b56f5b9c6a74bf29d2f3146bca577 Copy to Clipboard
SHA1 922f42151f69e4fc5c0606b1bade31c3f1c7e4d1 Copy to Clipboard
SHA256 7c2a1623fdc1244c0c07b03d8e038c70178f8b82e6b3b1f95ea60a2cd506e26f Copy to Clipboard
SSDeep 49152:fNrFEjLvERUP8lvzvJU7kMLU3nDk3DqPuDw:lruZ89zvJUXU3Q3D5w Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeOsfInstaller.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 3.52 KB
MD5 49c358d29d2cc7a850bc5c3d76fba9ec Copy to Clipboard
SHA1 37b266b5524f1d7f0ced1cf2c1e75b1896eec311 Copy to Clipboard
SHA256 bc92c1c4e497592b747f692ed4c2fa9b33806deed96e2f391f1bd66b2f439d8c Copy to Clipboard
SSDeep 96:CYKfopIvFUPxiW1FvmDfWFhErwIQRaKsQ8W:CDdvFUPxTH6WPIsH Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\8DAs79 _K.doc.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 34.89 KB
MD5 4bc6a57ee31c96a6ecb004284a0858dc Copy to Clipboard
SHA1 5a15d938d564aa002b2df3b30dece1848df6b9d0 Copy to Clipboard
SHA256 44dabfafc06081694952896b5594e67f2575d3abb461bab236e8075177c93d85 Copy to Clipboard
SSDeep 768:b8M8gvJ4mai6fi9g5uhKozRZWdGSgfdGZbEdUD:bZxvvajfGg5uhjzzHdswA Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\-v8NyVF6Hq8N 4.flv.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.42 KB
MD5 b33449b261d27bafe96de10115d7f274 Copy to Clipboard
SHA1 793c4d6122fe59c75734373c7c766e43789046ab Copy to Clipboard
SHA256 408bcef2390829e52d49bce9f829256c627e53f0da215d31f4c330935ca07d6d Copy to Clipboard
SSDeep 96:uuih5AL82wdthVyq/DFe4yN2C+dAJIklTmiugxPT9BqG+emLd8A7xN:uua577/Aw7gIklTmoPTKp3d8AH Copy to Clipboard
C:\WinWOW32\icon.ico Created File Image
Unknown
...
»
Mime Type image/x-icon
File Size 7.51 KB
MD5 95517dfad14dfb29e883df2e94f901bc Copy to Clipboard
SHA1 9625e5ad8aed308b686dc544a6a37eb064a08527 Copy to Clipboard
SHA256 8d38171ee9927844d2abf2f77685f6ad4dd877fbfdccc1c969da7e3d13340a60 Copy to Clipboard
SSDeep 192:xs3n7O1cWLZ6LyDcpZoLygjmUtWTbDx7hUh:uX7JiSyDc7omAmnTbDxNUh Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\dIzOux_V.png.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 50.33 KB
MD5 79638dbd69aa8868a01ece88642465ba Copy to Clipboard
SHA1 a0e12563f5bc9afcc28ec8e3cd73bf933f6b1ef4 Copy to Clipboard
SHA256 fba6a9a5dee5f261bfd96a3cc5d60a6aaedf35b2637c8b05da942376e61d6934 Copy to Clipboard
SSDeep 1536:R/ZFkrmNnywmeXIvtCcrNPaxHx3QD6CKxPiHR:R/Lpyw9ytCsNPSH+6LxPIR Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.visiomui.msi.16.en-us.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.10 MB
MD5 a1a5f8c37b9eb80caa9777379e375447 Copy to Clipboard
SHA1 c39184ae75054526b066a946f384ec30e5b8dc96 Copy to Clipboard
SHA256 daf65ccacc7460b68661aa233023948a010a14e85d372705fb5f5027f62fa877 Copy to Clipboard
SSDeep 24576:BG9+eCSzRwf0v7CEq10Ol2kyXdzEao7n105NtBK3aIVTrIKEJCO6WG:Bg+twRDnq10OutzEao7105NrB8TstG Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.officemui.msi.16.en-us.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 123.88 KB
MD5 caf69a92f4a787c028ee8aea7d82cead Copy to Clipboard
SHA1 02439351a79e47b6e05a0409dd5f23f4363763a0 Copy to Clipboard
SHA256 4be59941e6bab182f7d606816c49413440718eda7170f6693183764b44d5c91e Copy to Clipboard
SSDeep 3072:wNWZTYPQzpHnMlfk/JZgecsgNf2R+DV/xfGB1ewpQCr/:YiYPQ1Hn2s/JSecdw+DbmBGU Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\CZiQMWk.avi.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 53.33 KB
MD5 ad53ef0e762040b8f9b2879892f04cf9 Copy to Clipboard
SHA1 3096830822957b06bdc2228d6f36a2fa00030f80 Copy to Clipboard
SHA256 2968bedb499b161735757be411b0f9f929d8a8942171c4ea4ae34c3122586117 Copy to Clipboard
SSDeep 1536:k1aifg3Ks5cMp0/xebK8rGFQvrvlSD+AWZB9:QaYg3ZCR2GUksr9 Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.77 MB
MD5 0c7fc54b273e2d86874247a8c42abd95 Copy to Clipboard
SHA1 8f62c756d83373ffffc4961dcf31ccb234cc9f8a Copy to Clipboard
SHA256 8b581ba17fa336b728825808232300975fc8efd7f6014acc3ba6d26d8c080a66 Copy to Clipboard
SSDeep 98304:AcSpr+s+uKVczSCcE/e3cH0sumAB1rnyjW9JKcF3EBSykCV1cK7eweOLzRSlQ:b2r+XuKVczh/QcIryaTHFmS1KKweO5Z Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 96.14 KB
MD5 95fc3205577226aa97c445e15373e8e9 Copy to Clipboard
SHA1 79f59b466e28a9dce46371ed1ea4b634c99efab2 Copy to Clipboard
SHA256 5bc0677a7fcdae9add9cde1df94333458981698aadb66d68be78ac8d3ec54027 Copy to Clipboard
SSDeep 1536:speVMwYzrWE0UChSGIbZlA23kQ6IOJQmuy+7hdFxF1UYWCjLGTis5BNXBer66:speJV9UC5IVT6p+r3PjCGsb3p6 Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\ED8z5hvaRbfKFmQSj.mp3.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 84.33 KB
MD5 4198c1753b472e53bdafaf4e10d6455c Copy to Clipboard
SHA1 b9679883ca089bf89a59b2f3715745985bc7cde8 Copy to Clipboard
SHA256 3e76b7be7caba54b34adefca637c0ca57fb62a251e5ee44dba8c9c28d4101e67 Copy to Clipboard
SSDeep 1536:13MI6kJo9f3PckZ3TdashzcPiNAG4cQVa6xkuqshqOC5ZnGroVZb+P4kwoN68:Juqo9/E0jka46Sauqsh3oTe7Rt Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 103.61 KB
MD5 c8b99fb9a65ae9d00cf9885fad2de561 Copy to Clipboard
SHA1 4996ac5d325ba76829be644f141c76e4f94335f4 Copy to Clipboard
SHA256 b49012069861a2f47b2b8a47478b3c66f62a28be4540d3058f60cbcfb4d6a4a2 Copy to Clipboard
SSDeep 1536:a/I+MRHM+dTFlkUAHCIEm76+k+EmDri6ROxfelnYzKaO+Zoh0lAca:abAR7AF2L/mLEVK63Cca Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\en-us.16\stream.x64.en-us.man.dat.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 861.95 KB
MD5 5cf2582d9c520a2d2ea214b7cb695442 Copy to Clipboard
SHA1 b2dd51670f74605649dfec0edbcfcde99aab9fed Copy to Clipboard
SHA256 51c2ce23bc5149ab908e5971fcb012c29955eebd97ac46b6a86fb231184b6bfe Copy to Clipboard
SSDeep 24576:l/rUrsnwXPNxvCJ5S9hVo/Z9AV1BtG9Az:ZUrYwXlxI5S9TEHI1Cyz Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\x-none.16\stream.x64.x-none.man.dat.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.07 MB
MD5 e18e45d0fa1e0ab370146c63414192d5 Copy to Clipboard
SHA1 481bc2a6c4ce9049cd8d8b561d3fd4ced18bee12 Copy to Clipboard
SHA256 dc2316f3597f94e1554afcab05510895eae54e9890880f9fd9e8e9d3c946d0a6 Copy to Clipboard
SSDeep 98304:kaq3/9czv8QwuYNx4rl5kRdSgIwHwDe/GKdHeSH9U6uBccGwB977Q6ZVvT:u98v8bxAlSBIx0GKNwXB9nQ6r Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 794.55 KB
MD5 43988012562c29b4900e5dd018ff8e67 Copy to Clipboard
SHA1 1f47589b94f6ec89fc9eff3ebba51048b0f55655 Copy to Clipboard
SHA256 33cd8f01c03d51083a4b5e3c45fc6556a182a0f06fb9e1722567e5296e091add Copy to Clipboard
SSDeep 12288:FBOX4C+guBhNhsrmYnVFVSdyz2pHGIGtu8SdrCTZeGlJJw+vMOr+Ju:CX49NhNyrmeqiEmc8SNCTjo+vUJu Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.outlookmui.msi.16.en-us.xml.ForgiveME Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 94.62 KB
MD5 a1f7c67ee6e4cf94de52c98a934d7fe2 Copy to Clipboard
SHA1 3fd3177323ed41912c6a529b74777db1fb544ccd Copy to Clipboard
SHA256 356e1d0f01aaa2f5b9709ad871b095ae6157163b427ada9cbeebfd065c4060b7 Copy to Clipboard
SSDeep 1536:MDFZuUkMuDXrAXah5Vs1bAfuGlmLHQWO5dMrc59yAb73CE+qTuhOn:MykubrQa14cu00HiX5/b7lTz Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.Platform.x-none.man.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 10.00 MB
MD5 e509aab2e5ed4d2ed6ac0f9fe1a7beb7 Copy to Clipboard
SHA1 4ab403dc710bfe386fdf6bc8f95d4cc1c36b4230 Copy to Clipboard
SHA256 ff7d2ab6fc10fc60c6229b5c6c6083f3455a6ff473420543967f54b8b553eb3f Copy to Clipboard
SSDeep 196608:cnu03cRFzJW/c8/L76GXPy5X7InGGB5DfG512tIanN/1kXuXkobXTvJN35:ET3cRDW08TetIGGDDFIanc2bjbPp Copy to Clipboard
C:\WinWOW32\work.bat Created File Text
Not Queried
...
»
Mime Type text/x-msdos-batch
File Size 0.78 KB
MD5 c02c8d9ca4ddd23a8a8f606410114164 Copy to Clipboard
SHA1 185a3bd73be1b99a73a7f78922b6f8fc3a6ab3ec Copy to Clipboard
SHA256 38e2a3524b7ba05729037911be32598a324eb99c6857cfd93b28115804d089ee Copy to Clipboard
SSDeep 24:CLJepAC4PwxOi+flYtTH4UV4Qh9iwubER4ul8aLZ+c:yJeKC48+fl6TH4M4wYwuwxlhLZ+c Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Visio.Visio.x-none.msi.16.x-none.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 188.36 KB
MD5 3876150dada949f27028ab5d87164f61 Copy to Clipboard
SHA1 60587cb00b089f7bc5261adbb6dbcea6cccda815 Copy to Clipboard
SHA256 5c659864f1e058740513a5a32b6eb135829f17b64ca9f9f7f89aca470c909534 Copy to Clipboard
SSDeep 3072:nBInJWVH1Pi9r3TOg/Dh+Oo/9BVORxLSLN/iydXvlRTzB0+uz/0cyW829rjzPWX+:nGnJWVH1P6zKmh+OwBESLXl1mpvyWFr5 Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\3nApnpXou.rtf.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 22.78 KB
MD5 b6a0fa89b87588189578de2531ab9e91 Copy to Clipboard
SHA1 9ffe3e188310a243e9fbd3b09fc2a67b5c7991fd Copy to Clipboard
SHA256 c35a8695d4b69b45b0844e8bb6288fe08209735cb38c70e60c211ee1643ab10f Copy to Clipboard
SSDeep 384:Crq8k9IZjHGwbiV9LQ+sGxIzd9T1WAq32+vtUYsbDy856HvVwnzBL:C+ZQHRbiV90+JIzD1WAq37tUYsbm856e Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\4tl50FkWgJm.bmp.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 28.23 KB
MD5 aeca23349eca4d8522f6dc82ef649e02 Copy to Clipboard
SHA1 6a34e855bb52290a364c9a08c9f7cfa0770e4111 Copy to Clipboard
SHA256 32a3a5cf7be4299e9011d7fae90e18918c93f9f2f0cd4e7fcfb1f3839ada4eb8 Copy to Clipboard
SSDeep 768:vQYn2AybuP4YNzcT+inDjOkdGzxoAkCiriHc/MqEFR9wG:YgUuvMpDfczxoAkntZEFRT Copy to Clipboard
C:\WinWOW32\mbr.bin Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 0.50 KB
MD5 4efb0f32bf5badbfe4bafad794384600 Copy to Clipboard
SHA1 dc02ea8204956a486ed7fa0ad00b265a2a88fc8c Copy to Clipboard
SHA256 18d91faaaba711c880cacbf87ccb9874fe4b9225aa15c91905d90fec3fe9ee05 Copy to Clipboard
SSDeep 6:M00XVih+SF1AfncBu2WUuaP7U06Ko+FDsXC1mCez:gXV01AfcBZWU1A0zD2Pz Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\9D76938C-943D-439F-A135-26D02821EE05\x-none.16\stream.x64.x-none.man.dat.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 3.52 MB
MD5 ddf2029436068f0e32264a63e8107274 Copy to Clipboard
SHA1 5c5560144d7dd58b84638ee0431632915ee31960 Copy to Clipboard
SHA256 e55e01e2e680924ae340175b73252d358c1d10b27377a298fccbb599994af36d Copy to Clipboard
SSDeep 98304:p46ErQyP3dT8i0XW4UnyQF5Bbgj4LqtLRzulv27hGzTM3Sd:p46EvhG+Ffgrd18v2EHgSd Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\4D-RXRdL_2N.mp3.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 19.36 KB
MD5 53328c6c835ca779280f3f9f6846e761 Copy to Clipboard
SHA1 5d7e34f0d98122316f2a8186f07e1ebbd65ec88a Copy to Clipboard
SHA256 d98716c50494cc482bd8f0ed81b595e02ef997dd705f90a342fb18c927938799 Copy to Clipboard
SSDeep 384:Q0SZZqJjBp2NVTsaOE8VqeDLCddEHRxmhlr3ZoH3GUJ4dKiNWi:Q0Sr8jBp2/PeDLCdK7mGXrZwF Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\CnWmKSFK768cf2Qzf.m4a.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 35.03 KB
MD5 64717b8d532540487415529c68726417 Copy to Clipboard
SHA1 24dc20a44849918e8f359519badae3108f1126e8 Copy to Clipboard
SHA256 a26375b635d2c34ad28ac4e06fe17a92bb4f91d3a1b6277cac2c2a674d422e79 Copy to Clipboard
SSDeep 768:kKrZfOvVqC58RYlrongvBOtlriyeV1lWsWA2Dh1+msj95kWW/XK3VCdOb:XrZmvVq08RYVerifVPWjL+98P/XKlSC Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Outlook.Outlook.x-none.msi.16.x-none.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 95.69 KB
MD5 d5463fc03939b9f4098557b6d5817a15 Copy to Clipboard
SHA1 f8638bee90898f7d4c770732edf8645d9ee49270 Copy to Clipboard
SHA256 a099a7d71fcc0ee2586c68f400eafadba59a6a4182bb8ba90ec481b28af01568 Copy to Clipboard
SSDeep 1536:sscpe4fZPJ37GshyGEDBsYuITD1xOXfRTiAqezzsBN2b4HcfpxkacTxWn4:Zcpe0VVGshuP7DDKRmvdIbXRxk1TxWn4 Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.x64.en-us.man.dat.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 1.07 MB
MD5 cd0d5a17d13786081fccf23cd4c38311 Copy to Clipboard
SHA1 a1da4ba278aae7e8886ec824422e10fc4582094c Copy to Clipboard
SHA256 f17719dc85a3408dc84e6a3e358e7de9e64eb9e2d5f5daf4adbef989327d77e0 Copy to Clipboard
SSDeep 24576:icWlh0Qn2dTSIsqLBYqDRBsMaL5aSdKTjNC7PU+b580bpi89BQC5G:iln2ku4NhcjNC7BbTpz40G Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.office32ww.msi.16.x-none.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 335.83 KB
MD5 8ea789f982b5fee45490e4e109427bd0 Copy to Clipboard
SHA1 5287a99892dc8fc348bd3a74f4ecc58525e63899 Copy to Clipboard
SHA256 537d28fe6ed2de62b33ddab8f8e6a392b8b31c1d23b61e03a81ce5b7bf246809 Copy to Clipboard
SSDeep 6144:8STadE2gePrizUM0rA/mG4yxdzICl1RPqZAKKWI2P7TOsD1JE8Y0UzfR5MSpbZ/V:8SGvgxzUMmWT46wZAKUs5m50gRZzJ Copy to Clipboard
C:\WinWOW32\Payloads.dll Created File Binary
Not Queried
...
»
Mime Type application/x-dosexec
File Size 14.00 KB
MD5 d476188465a17118dbfedf72189f8240 Copy to Clipboard
SHA1 570398ef3b4a5a07f054c9a7da96a6e708c2bcf2 Copy to Clipboard
SHA256 1a7d479053a05c167a9d79222582d6a4f45f65bfc3689d7ef2084f7366963dcb Copy to Clipboard
SSDeep 192:u4uqCRNBCuYsXYUhE4oUe0a8EW5ZnJlbh/v3hrnT41DDVv9N5dAFjN:JcFhhOUexwFJv3hr81fVL5d+ Copy to Clipboard
ImpHash ca7b12624c1bcd9701e7bcdf1fa70dee Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10001e38
Size Of Code 0x1a00
Size Of Initialized Data 0x1e00
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-08-21 01:12:24+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x18e5 0x1a00 0x400 cnt_code, mem_execute, mem_read 6.04
.rdata 0x10003000 0x10fc 0x1200 0x1e00 cnt_initialized_data, mem_read 4.67
.data 0x10005000 0x410 0x200 0x3000 cnt_initialized_data, mem_read, mem_write 1.83
.rsrc 0x10006000 0x1e0 0x200 0x3200 cnt_initialized_data, mem_read 4.7
.reloc 0x10007000 0x324 0x400 0x3400 cnt_initialized_data, mem_discardable, mem_read 5.65
Imports (7)
»
KERNEL32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IsDebuggerPresent 0x0 0x10003024 0x3b64 0x2964 0x37a
InitializeSListHead 0x0 0x10003028 0x3b68 0x2968 0x35e
GetSystemTimeAsFileTime 0x0 0x1000302c 0x3b6c 0x296c 0x2e5
GetCurrentThreadId 0x0 0x10003030 0x3b70 0x2970 0x21a
GetCurrentProcessId 0x0 0x10003034 0x3b74 0x2974 0x216
Sleep 0x0 0x10003038 0x3b78 0x2978 0x575
IsProcessorFeaturePresent 0x0 0x1000303c 0x3b7c 0x297c 0x381
TerminateProcess 0x0 0x10003040 0x3b80 0x2980 0x584
GetCurrentProcess 0x0 0x10003044 0x3b84 0x2984 0x215
SetUnhandledExceptionFilter 0x0 0x10003048 0x3b88 0x2988 0x565
UnhandledExceptionFilter 0x0 0x1000304c 0x3b8c 0x298c 0x5a5
GetProcAddress 0x0 0x10003050 0x3b90 0x2990 0x2aa
LoadLibraryA 0x0 0x10003054 0x3b94 0x2994 0x3bc
CloseHandle 0x0 0x10003058 0x3b98 0x2998 0x86
WriteFile 0x0 0x1000305c 0x3b9c 0x299c 0x60a
ReadFile 0x0 0x10003060 0x3ba0 0x29a0 0x46c
GetFileSize 0x0 0x10003064 0x3ba4 0x29a4 0x247
QueryPerformanceCounter 0x0 0x10003068 0x3ba8 0x29a8 0x446
CreateFileW 0x0 0x1000306c 0x3bac 0x29ac 0xca
USER32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCursorPos 0x0 0x10003074 0x3bb4 0x29b4 0x141
GetWindowRect 0x0 0x10003078 0x3bb8 0x29b8 0x1e8
GetWindowDC 0x0 0x1000307c 0x3bbc 0x29bc 0x1da
LoadIconW 0x0 0x10003080 0x3bc0 0x29c0 0x250
GetDesktopWindow 0x0 0x10003084 0x3bc4 0x29c4 0x145
EnumChildWindows 0x0 0x10003088 0x3bc8 0x29c8 0xf9
GetSystemMetrics 0x0 0x1000308c 0x3bcc 0x29cc 0x1c1
SendMessageTimeoutW 0x0 0x10003090 0x3bd0 0x29d0 0x31b
DrawIcon 0x0 0x10003094 0x3bd4 0x29d4 0xd7
GetWindowThreadProcessId 0x0 0x10003098 0x3bd8 0x29d8 0x1f0
SetWindowPos 0x0 0x1000309c 0x3bdc 0x29dc 0x377
ExitWindowsEx 0x0 0x100030a0 0x3be0 0x29e0 0x111
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteObject 0x0 0x10003000 0x3b40 0x2940 0x175
SelectObject 0x0 0x10003004 0x3b44 0x2944 0x353
CreateCompatibleBitmap 0x0 0x10003008 0x3b48 0x2948 0x30
BitBlt 0x0 0x1000300c 0x3b4c 0x294c 0x13
StretchBlt 0x0 0x10003010 0x3b50 0x2950 0x390
SetBkColor 0x0 0x10003014 0x3b54 0x2954 0x35a
CreateCompatibleDC 0x0 0x10003018 0x3b58 0x2958 0x31
DeleteDC 0x0 0x1000301c 0x3b5c 0x295c 0x172
VCRUNTIME140.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_except_handler4_common 0x0 0x100030a8 0x3be8 0x29e8 0x35
memset 0x0 0x100030ac 0x3bec 0x29ec 0x48
__std_type_info_destroy_list 0x0 0x100030b0 0x3bf0 0x29f0 0x25
__std_exception_copy 0x0 0x100030b4 0x3bf4 0x29f4 0x21
_CxxThrowException 0x0 0x100030b8 0x3bf8 0x29f8 0x1
__std_exception_destroy 0x0 0x100030bc 0x3bfc 0x29fc 0x22
api-ms-win-crt-utility-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
rand 0x0 0x100030f8 0x3c38 0x2a38 0x1b
api-ms-win-crt-runtime-l1-1-0.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_initterm 0x0 0x100030d4 0x3c14 0x2a14 0x38
_cexit 0x0 0x100030d8 0x3c18 0x2a18 0x17
_initialize_onexit_table 0x0 0x100030dc 0x3c1c 0x2a1c 0x36
_initialize_narrow_environment 0x0 0x100030e0 0x3c20 0x2a20 0x35
_configure_narrow_argv 0x0 0x100030e4 0x3c24 0x2a24 0x19
_seh_filter_dll 0x0 0x100030e8 0x3c28 0x2a28 0x41
_execute_onexit_table 0x0 0x100030ec 0x3c2c 0x2a2c 0x24
_initterm_e 0x0 0x100030f0 0x3c30 0x2a30 0x39
api-ms-win-crt-heap-l1-1-0.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
malloc 0x0 0x100030c4 0x3c04 0x2a04 0x19
_callnewh 0x0 0x100030c8 0x3c08 0x2a08 0x8
free 0x0 0x100030cc 0x3c0c 0x2a0c 0x18
Exports (13)
»
Api name EAT Address Ordinal
?ChangeAllText@Payloads@1@QAEXXZ 0x11f0 0x1
?DrawIcons@Payloads@1@QAEXXZ 0x1760 0x2
?FastTunnel@Payloads@1@QAEXXZ 0x1a70 0x3
?FlipScreen@Payloads@1@QAEXXZ 0x12f0 0x4
?InvertScreen@Payloads@1@QAEXXZ 0x1380 0x5
?MeltScreen@Payloads@1@QAEXXZ 0x1410 0x6
?MoveScreen@Payloads@1@QAEXXZ 0x15f0 0x7
?MoveUp@Payloads@1@QAEXXZ 0x18c0 0x8
?RandomIcons@Payloads@1@QAEXXZ 0x1800 0x9
?ScreenGlitches@Payloads@1@QAEXXZ 0x1680 0xa
?ShowAllWindows@Payloads@1@QAEXXZ 0x1270 0xb
?forcebsod@Payloads@1@QAEXXZ 0x1160 0xc
?mbr@Payloads@1@QAEXXZ 0x10c0 0xd
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.wordmui.msi.16.en-us.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 76.36 KB
MD5 8eaa7045f17eafe853f20b19ed179294 Copy to Clipboard
SHA1 8baf54c61922eb2e04c032194e30d8940701d641 Copy to Clipboard
SHA256 e5a5f01f5821ee46be56814430ef627fd77ada1aa9b8a3e74ba4db15665f4c0b Copy to Clipboard
SSDeep 1536:Dew7U8rl0xw5pFL1ILWOe3kdcrJ+7sz9V3hDSAm4nJ3S0uqgo1M7JEJHWUCsk:Dew7/reS5p11IXwrc7+JSA/3VNgahCsk Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 89.92 KB
MD5 c56a6198571e95f3543aa691b42941b7 Copy to Clipboard
SHA1 7a4751a939caf247d1a815f151e4862ed6015efb Copy to Clipboard
SHA256 d9cbda78053c39d338d3fd1b3b52d7dd078cc31a3693ca836f6cf8d5831bcc2a Copy to Clipboard
SSDeep 1536:+REDL9kjvj2iGV3UwL4DShrJCf+iGdIsUlKOPmQ2LbaNTDvGHr:+6VkloLCStJ47GqsUMjnaNXGHr Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\x-none.16\stream.x64.x-none.man.dat.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 5.83 MB
MD5 a7cb5ec8620af864f0362693742b1841 Copy to Clipboard
SHA1 02d61ab0fc3c61ff8b4b38d466e5a86f27973c74 Copy to Clipboard
SHA256 b5fb6e0a2a75846002a32b9dd5f3f9876345d4438c2ead8d22679734c580be32 Copy to Clipboard
SSDeep 98304:xz4V0QB+EMhUgaXBgUEKXNXwNZsvcOsr5Fj8c9pYgUDFnQ92LdGp8YGNIr0zGwvw:xz4V4UXJvcOuP3jYgUDu92g8Y6IJwvCl Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Documents\My Shapes\_private\folder.ico.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 29.23 KB
MD5 8caf9364d863630e25da1dcc70603525 Copy to Clipboard
SHA1 60db4ceff40d46300cff3d9350e7b3cb784f2641 Copy to Clipboard
SHA256 65dd605668ac3acc6c49aaf8d32090ec6bd2e4832711119f88913eb032738f3f Copy to Clipboard
SSDeep 768:jT52gN96sjGFrlUkrdNklONzA5aTLj8HL7kb3VtKrhNLVhlh03pfiH:jT5xH6GGFrlUkP/9lTLj8HL7kbltihNr Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\-hrD ctZ_IvrK7s.gif.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.61 KB
MD5 427c6703ea65f2f90b79ee2a826d8178 Copy to Clipboard
SHA1 42afe7cbac735ee85c1da4269b41aebcb57270fa Copy to Clipboard
SHA256 b8bed6746283b6ba27f9e921d67aabb0e673c196ff77bcd66f015ff2e45668b4 Copy to Clipboard
SSDeep 48:lZuyZtRlVeFnLkKkw2hFJImEPB4US3Fp7vuNtjwEy7NAku+3MKhKN0pusbATJCrN:iKERiJImoYh+Bjy5npusbATJoN Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 540.14 KB
MD5 95a78a2faab0c9e91980544fc41456dd Copy to Clipboard
SHA1 b4eb33f75782a1158152e3ccfafed72b3646d024 Copy to Clipboard
SHA256 84ebe7624535b52a6234441a1bb001ff38c238c3b9ee1840eb50aac449734dc5 Copy to Clipboard
SSDeep 12288:+v50BY5rOPEMufJGV+NeRKZGxzpZ6gRQriLz0Hd:+v5YY56PEnhGANepx1ZDRQr9d Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentLogOn2016.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 3.17 KB
MD5 91368a78b9605d02b10f8b8b756abbb3 Copy to Clipboard
SHA1 0f9937b88192ef79096f2f981605ae8a1ed8b09c Copy to Clipboard
SHA256 c4523de913ae16c20d0f8d9d3e567edb864b2d0911413c29e960628a52460a27 Copy to Clipboard
SSDeep 48:ERnx55Flr+BAtsxsHAqpRoC0Y820YENl/pSReXil8WRw8jpGhDhHM9NAQnAVr1Df:mx3ntACpREUQORNK8bpGLHguQn+f Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\Desktop\EB G6qCWqieCGCoHg.ppt.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 14.98 KB
MD5 982d9992975a9bc58dd97cd3944dc9da Copy to Clipboard
SHA1 9639c83601343f147ff12adc448f129da73f1d25 Copy to Clipboard
SHA256 6adfac9e4b0a810f1606ebebc403656d974a33be05c3acb4d37a78cbb81cb765 Copy to Clipboard
SSDeep 384:Ij+eUvVsWexowatEBwKP0tNmNAFjXrjIqAR2hnKbmFi:LeKvwjBwImNmexrjfAAsbmE Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\Microsoft_Office_OfficeTelemetryAgentFallBack2016.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 3.23 KB
MD5 965ecd8d87b623e9d3e5c0d8fa91db89 Copy to Clipboard
SHA1 ee7adb3e8d6feeb9ea604409db0993e35e60a8c4 Copy to Clipboard
SHA256 8c84f2b463ae26e98e15c5b46f93243eb5bc5b692a3d1b1ed3843ef9238919b5 Copy to Clipboard
SSDeep 96:FtHkIpPGvgaWUpAwtn1ectoPAA+pxu+ALgrZb3:FlpPGvvty61TaYAF+xVL Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\F227E87A-B6B1-42DD-93D7-CC66C1F69C7E\en-us.16\stream.x64.en-us.man.dat.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 0.99 MB
MD5 8403598b02b23453cfdbe4b645962d22 Copy to Clipboard
SHA1 87fc5b5e032ccef48da39828e81aae48a638969b Copy to Clipboard
SHA256 72afc3a945c02477ba7a3277baee9306e0c6d172cad55c21ce522ac216d106ff Copy to Clipboard
SSDeep 24576:FNgB4QAmhQPsRH0aSsEy/ZQUWUYSIC70gT40s1OqTHE:sBRtesbsMT4r1OUHE Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\ProductReleases\EDA58A0B-AD79-496A-8530-618D08767E60\en-us.16\stream.Platform.Culture.man.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 2.00 MB
MD5 c1ffb6363216778d0521b459d09695ee Copy to Clipboard
SHA1 3e2a9859bab20c222f9149ad668b0d0ad1666391 Copy to Clipboard
SHA256 d49fe1667a697ab7ed420c78ed15a79f94fd5c3b811e70837f4ed7bb2bb15db3 Copy to Clipboard
SSDeep 49152:QvN5Tva+c0LAKNqyHkB+JpukNYv27e7S4LQKYLz9/eHLe:sYuAKEyEB+dGv27uLIP1QLe Copy to Clipboard
C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.ForgiveME Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 106.41 KB
MD5 fd24f9466566443bcdfb2c43a58e20f1 Copy to Clipboard
SHA1 157702ea0c10a7c4930a545133df8e4c584183c6 Copy to Clipboard
SHA256 d2090d04349ed137c43abb56e3feb89db08a48d76557b960e24d9dfc2fc62b91 Copy to Clipboard
SSDeep 1536:HUn52WxGixvrOw2iTr+3s0MnsH1Cm5iewQWuowwlVSKkpTgqRepuv2AcMK7alNWh:HUwadOpD80osV/ZowNpTFRepMc4lEaNA Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image