91650006...577e | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Dropper, Trojan

firefox.exe

Windows Exe (x86-32)

Created at 2019-11-04T12:31:00

...

Remarks (1/1)

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\firefox.exe Sample File Binary
Blacklisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 400.00 KB
MD5 491c40e1f849527baea747a308bf04c6 Copy to Clipboard
SHA1 fdcbc58b0fbe6e22160277fef9d2fba417bd964e Copy to Clipboard
SHA256 916500065fb0037de6e95bdbeafaa69a8d3932af10e81acb02f88c6a65cb577e Copy to Clipboard
SSDeep 6144:NbfHHgLW7wnfBISNxZ0KENaCdYnGuzSTg1Dj:t4WeImE8COGu+6Dj Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-03 09:56 (UTC+1)
Last Seen 2019-11-03 10:00 (UTC+1)
Names Win32.Trojan.Generic
Families Generic
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x409ef9
Size Of Code 0x8000
Size Of Initialized Data 0x5be00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-11-02 11:00:35+00:00
Version Information (10)
»
Assembly Version 4.5.0.0
CompanyName h1YaxkV24 Hr6uSVxiA
FileDescription Google Chrome
FileVersion 4.5.0.0
InternalName FaJvPkMPn
LegalCopyright Copyright 2018 SM0H8YWAv
LegalTrademarks E2b1prAaD 75I2eQSj7
OriginalFilename ka39EwyQA
ProductName KbHCINh0a
ProductVersion 4.5.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x7eff 0x8000 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.98
.rsrc 0x40a000 0x5bbaa 0x5bc00 0x8200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.53
.reloc 0x466000 0xc 0x200 0x63e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x9ed7 0x80d7 0x0
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
firefox.exe 1 0x00ED0000 0x00F37FFF Relevant Image - 64-bit - False False
...
firefox.exe 1 0x00ED0000 0x00F37FFF Final Dump - 64-bit - False False
...
firefox.exe 1 0x00ED0000 0x00F37FFF Process Termination - 64-bit - False False
...
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\qaopj445.exe Dropped File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 29.50 KB
MD5 65162d7b00692c6321575e9a305a26a9 Copy to Clipboard
SHA1 493526133607927e023bfa1e48fb27470add1b82 Copy to Clipboard
SHA256 932c4196357e5b557e8849354cbe01520342aa2dff5212559b7f4f9f9a8d7a69 Copy to Clipboard
SSDeep 384:08k9QU5aMNmO2kYIxSWrw5FIH6JHcysrJbw7hiJ6EKJ+iQY:fwaIbxSW89FsJw77nV Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
PE Information
»
Image Base 0x140000000
Size Of Code 0x6e00
Size Of Initialized Data 0x600
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2067-02-07 11:41:53+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription SharpExec
FileVersion 1.0.0.0
InternalName SharpExec.exe
LegalCopyright Copyright © 2019
LegalTrademarks -
OriginalFilename SharpExec.exe
ProductName SharpExec
ProductVersion 1.0.0.0
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140002000 0x6d52 0x6e00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.29
.rsrc 0x14000a000 0x5ac 0x600 0x7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.08
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image