Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Lokibot Mal/Generic-S C2/Generic-A Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2022-01-14T06:29:00

95f5680fe4d7830a393aa84b2278051638f3c8105766c47a68c1f8981f38932b.exe

Windows Exe (x86-32)
...

Remarks

(0x0200004A): One dump of 8 MB was skipped because it exceeded the maximum dump size of 7 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\95f5680fe4d7830a393aa84b2278051638f3c8105766c47a68c1f8981f38932b.exe Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 241.23 KB
MD5 d62b8a5fdb90e9241ff0eef6ea035e32 Copy to Clipboard
SHA1 4e9e38dc4d01a649d927a933488477c5980fcb18 Copy to Clipboard
SHA256 95f5680fe4d7830a393aa84b2278051638f3c8105766c47a68c1f8981f38932b Copy to Clipboard
SSDeep 6144:kw/b88QHR5lvQ2urEmJzKlf78z1++UPkq4Y1ROwy:HoRbQ2ugoz87oUPkqEwy Copy to Clipboard
ImpHash 099c0646ea7282d232219f8807883be0 Copy to Clipboard
File Reputation Information
»
Verdict
malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x403225
Size Of Code 0x5a00
Size Of Initialized Data 0x1d400
Size Of Uninitialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2008-10-10 21:48:57+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x5976 0x5a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.47
.rdata 0x407000 0x1190 0x1200 0x5e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.18
.data 0x409000 0x1af98 0x400 0x7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.69
.ndata 0x424000 0x8000 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x42c000 0x2528 0x2600 0x7400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.36
Imports (8)
»
KERNEL32.dll (59)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CompareFileTime - 0x407060 0x74b8 0x62b8 0x33
SearchPathA - 0x407064 0x74bc 0x62bc 0x2d0
GetShortPathNameA - 0x407068 0x74c0 0x62c0 0x1ad
GetFullPathNameA - 0x40706c 0x74c4 0x62c4 0x161
MoveFileA - 0x407070 0x74c8 0x62c8 0x264
SetCurrentDirectoryA - 0x407074 0x74cc 0x62cc 0x2ff
GetFileAttributesA - 0x407078 0x74d0 0x62d0 0x156
GetLastError - 0x40707c 0x74d4 0x62d4 0x169
CreateDirectoryA - 0x407080 0x74d8 0x62d8 0x45
SetFileAttributesA - 0x407084 0x74dc 0x62dc 0x30e
Sleep - 0x407088 0x74e0 0x62e0 0x349
GetTickCount - 0x40708c 0x74e4 0x62e4 0x1d5
CreateFileA - 0x407090 0x74e8 0x62e8 0x4d
GetFileSize - 0x407094 0x74ec 0x62ec 0x15b
GetModuleFileNameA - 0x407098 0x74f0 0x62f0 0x175
GetCurrentProcess - 0x40709c 0x74f4 0x62f4 0x13a
CopyFileA - 0x4070a0 0x74f8 0x62f8 0x3d
ExitProcess - 0x4070a4 0x74fc 0x62fc 0xaf
SetFileTime - 0x4070a8 0x7500 0x6300 0x314
GetTempPathA - 0x4070ac 0x7504 0x6304 0x1cb
GetCommandLineA - 0x4070b0 0x7508 0x6308 0x108
SetErrorMode - 0x4070b4 0x750c 0x630c 0x30a
LoadLibraryA - 0x4070b8 0x7510 0x6310 0x248
lstrcpynA - 0x4070bc 0x7514 0x6314 0x3bc
GetDiskFreeSpaceA - 0x4070c0 0x7518 0x6318 0x145
GlobalUnlock - 0x4070c4 0x751c 0x631c 0x200
GlobalLock - 0x4070c8 0x7520 0x6320 0x1f9
CreateThread - 0x4070cc 0x7524 0x6324 0x69
CreateProcessA - 0x4070d0 0x7528 0x6328 0x60
RemoveDirectoryA - 0x4070d4 0x752c 0x632c 0x2ba
GetTempFileNameA - 0x4070d8 0x7530 0x6330 0x1c9
lstrlenA - 0x4070dc 0x7534 0x6334 0x3bf
lstrcatA - 0x4070e0 0x7538 0x6338 0x3b0
GetSystemDirectoryA - 0x4070e4 0x753c 0x633c 0x1b9
GetVersion - 0x4070e8 0x7540 0x6340 0x1de
CloseHandle - 0x4070ec 0x7544 0x6344 0x2e
lstrcmpiA - 0x4070f0 0x7548 0x6348 0x3b6
lstrcmpA - 0x4070f4 0x754c 0x634c 0x3b3
ExpandEnvironmentStringsA - 0x4070f8 0x7550 0x6350 0xb2
GlobalFree - 0x4070fc 0x7554 0x6354 0x1f5
GlobalAlloc - 0x407100 0x7558 0x6358 0x1ee
WaitForSingleObject - 0x407104 0x755c 0x635c 0x385
GetExitCodeProcess - 0x407108 0x7560 0x6360 0x152
GetModuleHandleA - 0x40710c 0x7564 0x6364 0x177
LoadLibraryExA - 0x407110 0x7568 0x6368 0x249
GetProcAddress - 0x407114 0x756c 0x636c 0x198
FreeLibrary - 0x407118 0x7570 0x6370 0xef
MultiByteToWideChar - 0x40711c 0x7574 0x6374 0x26b
WritePrivateProfileStringA - 0x407120 0x7578 0x6378 0x39c
GetPrivateProfileStringA - 0x407124 0x757c 0x637c 0x194
WriteFile - 0x407128 0x7580 0x6380 0x397
ReadFile - 0x40712c 0x7584 0x6384 0x2ab
MulDiv - 0x407130 0x7588 0x6388 0x26a
SetFilePointer - 0x407134 0x758c 0x638c 0x310
FindClose - 0x407138 0x7590 0x6390 0xc5
FindNextFileA - 0x40713c 0x7594 0x6394 0xd3
FindFirstFileA - 0x407140 0x7598 0x6398 0xc9
DeleteFileA - 0x407144 0x759c 0x639c 0x7c
GetWindowsDirectoryA - 0x407148 0x75a0 0x63a0 0x1e9
USER32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EndDialog - 0x40716c 0x75c4 0x63c4 0xc6
ScreenToClient - 0x407170 0x75c8 0x63c8 0x230
GetWindowRect - 0x407174 0x75cc 0x63cc 0x174
EnableMenuItem - 0x407178 0x75d0 0x63d0 0xc2
GetSystemMenu - 0x40717c 0x75d4 0x63d4 0x15c
SetClassLongA - 0x407180 0x75d8 0x63d8 0x246
IsWindowEnabled - 0x407184 0x75dc 0x63dc 0x1ae
SetWindowPos - 0x407188 0x75e0 0x63e0 0x282
GetSysColor - 0x40718c 0x75e4 0x63e4 0x15a
GetWindowLongA - 0x407190 0x75e8 0x63e8 0x16e
SetCursor - 0x407194 0x75ec 0x63ec 0x24c
LoadCursorA - 0x407198 0x75f0 0x63f0 0x1b9
CheckDlgButton - 0x40719c 0x75f4 0x63f4 0x38
GetMessagePos - 0x4071a0 0x75f8 0x63f8 0x13c
LoadBitmapA - 0x4071a4 0x75fc 0x63fc 0x1b7
CallWindowProcA - 0x4071a8 0x7600 0x6400 0x1b
IsWindowVisible - 0x4071ac 0x7604 0x6404 0x1b1
CloseClipboard - 0x4071b0 0x7608 0x6408 0x42
SetClipboardData - 0x4071b4 0x760c 0x640c 0x249
EmptyClipboard - 0x4071b8 0x7610 0x6410 0xc1
RegisterClassA - 0x4071bc 0x7614 0x6414 0x215
TrackPopupMenu - 0x4071c0 0x7618 0x6418 0x2a3
AppendMenuA - 0x4071c4 0x761c 0x641c 0x8
CreatePopupMenu - 0x4071c8 0x7620 0x6420 0x5e
GetSystemMetrics - 0x4071cc 0x7624 0x6424 0x15d
SetDlgItemTextA - 0x4071d0 0x7628 0x6428 0x252
GetDlgItemTextA - 0x4071d4 0x762c 0x642c 0x113
MessageBoxIndirectA - 0x4071d8 0x7630 0x6430 0x1e1
CharPrevA - 0x4071dc 0x7634 0x6434 0x2d
DispatchMessageA - 0x4071e0 0x7638 0x6438 0xa1
PeekMessageA - 0x4071e4 0x763c 0x643c 0x1ff
DestroyWindow - 0x4071e8 0x7640 0x6440 0x99
CreateDialogParamA - 0x4071ec 0x7644 0x6444 0x55
SetTimer - 0x4071f0 0x7648 0x6448 0x279
SetWindowTextA - 0x4071f4 0x764c 0x644c 0x285
PostQuitMessage - 0x4071f8 0x7650 0x6450 0x203
SetForegroundWindow - 0x4071fc 0x7654 0x6454 0x256
wsprintfA - 0x407200 0x7658 0x6458 0x2d5
SendMessageTimeoutA - 0x407204 0x765c 0x645c 0x23d
FindWindowExA - 0x407208 0x7660 0x6460 0xe4
SystemParametersInfoA - 0x40720c 0x7664 0x6464 0x298
CreateWindowExA - 0x407210 0x7668 0x6468 0x60
GetClassInfoA - 0x407214 0x766c 0x646c 0xf6
DialogBoxParamA - 0x407218 0x7670 0x6470 0x9e
CharNextA - 0x40721c 0x7674 0x6474 0x2a
OpenClipboard - 0x407220 0x7678 0x6478 0x1f5
ExitWindowsEx - 0x407224 0x767c 0x647c 0xe1
IsWindow - 0x407228 0x7680 0x6480 0x1ad
GetDlgItem - 0x40722c 0x7684 0x6484 0x111
SetWindowLongA - 0x407230 0x7688 0x6488 0x27f
LoadImageA - 0x407234 0x768c 0x648c 0x1bf
GetDC - 0x407238 0x7690 0x6490 0x10c
EnableWindow - 0x40723c 0x7694 0x6494 0xc4
InvalidateRect - 0x407240 0x7698 0x6498 0x193
SendMessageA - 0x407244 0x769c 0x649c 0x23a
DefWindowProcA - 0x407248 0x76a0 0x64a0 0x8e
BeginPaint - 0x40724c 0x76a4 0x64a4 0xd
GetClientRect - 0x407250 0x76a8 0x64a8 0xff
FillRect - 0x407254 0x76ac 0x64ac 0xe2
DrawTextA - 0x407258 0x76b0 0x64b0 0xbc
EndPaint - 0x40725c 0x76b4 0x64b4 0xc8
ShowWindow - 0x407260 0x76b8 0x64b8 0x291
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetBkColor - 0x40703c 0x7494 0x6294 0x215
GetDeviceCaps - 0x407040 0x7498 0x6298 0x16b
DeleteObject - 0x407044 0x749c 0x629c 0x8f
CreateBrushIndirect - 0x407048 0x74a0 0x62a0 0x29
CreateFontIndirectA - 0x40704c 0x74a4 0x62a4 0x3a
SetBkMode - 0x407050 0x74a8 0x62a8 0x216
SetTextColor - 0x407054 0x74ac 0x62ac 0x23c
SelectObject - 0x407058 0x74b0 0x62b0 0x20e
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetPathFromIDListA - 0x407150 0x75a8 0x63a8 0xbc
SHBrowseForFolderA - 0x407154 0x75ac 0x63ac 0x79
SHGetFileInfoA - 0x407158 0x75b0 0x63b0 0xac
ShellExecuteA - 0x40715c 0x75b4 0x63b4 0x107
SHFileOperationA - 0x407160 0x75b8 0x63b8 0x9a
SHGetSpecialFolderLocation - 0x407164 0x75bc 0x63bc 0xc3
ADVAPI32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA - 0x407000 0x7458 0x6258 0x1ec
RegSetValueExA - 0x407004 0x745c 0x625c 0x1f9
RegEnumKeyA - 0x407008 0x7460 0x6260 0x1d5
RegEnumValueA - 0x40700c 0x7464 0x6264 0x1d9
RegOpenKeyExA - 0x407010 0x7468 0x6268 0x1e2
RegDeleteKeyA - 0x407014 0x746c 0x626c 0x1d0
RegDeleteValueA - 0x407018 0x7470 0x6270 0x1d2
RegCloseKey - 0x40701c 0x7474 0x6274 0x1c9
RegCreateKeyExA - 0x407020 0x7478 0x6278 0x1cd
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_AddMasked - 0x407028 0x7480 0x6280 0x34
ImageList_Destroy - 0x40702c 0x7484 0x6284 0x38
(by ordinal) 0x11 0x407030 0x7488 0x6288 -
ImageList_Create - 0x407034 0x748c 0x628c 0x37
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemFree - 0x407278 0x76d0 0x64d0 0x64
OleInitialize - 0x40727c 0x76d4 0x64d4 0xed
OleUninitialize - 0x407280 0x76d8 0x64d8 0x104
CoCreateInstance - 0x407284 0x76dc 0x64dc 0x10
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x407268 0x76c0 0x64c0 0x1
GetFileVersionInfoA - 0x40726c 0x76c4 0x64c4 0x0
VerQueryValueA - 0x407270 0x76c8 0x64c8 0xa
Memory Dumps (28)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
95f5680fe4d7830a393aa84b2278051638f3c8105766c47a68c1f8981f38932b.exe 1 0x00400000 0x0042EFFF Relevant Image False 32-bit 0x00405DA3 False
...
buffer 1 0x0019E440 0x0019F7AB First Execution False 32-bit 0x0019E440 False
...
buffer 2 0x00400000 0x004A1FFF First Execution False 32-bit 0x004139DE True
...
buffer 1 0x01F80000 0x01FB5FFF Image In Buffer False 32-bit - True
...
95f5680fe4d7830a393aa84b2278051638f3c8105766c47a68c1f8981f38932b.exe 1 0x00400000 0x0042EFFF Process Termination False 32-bit - False
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00414059 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412FEB True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004092CC True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040C9C2 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00407AA2 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00408952 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040DB78 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00410676 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040F44A True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040ED17 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00411954 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00401BBD True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x004048AE True
...
buffer 2 0x0019B000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x00743E30 0x00744037 First Network Behavior False 32-bit - False
...
buffer 2 0x00745040 0x007463C7 First Network Behavior False 32-bit - False
...
buffer 2 0x00748178 0x0074837F First Network Behavior False 32-bit - False
...
buffer 2 0x0074A5A8 0x0074A74C First Network Behavior False 32-bit - False
...
buffer 2 0x0074B578 0x0074C8FF First Network Behavior False 32-bit - False
...
buffer 2 0x0074D2E8 0x0074D4F9 First Network Behavior False 32-bit - False
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00412FEB True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x0040F980 True
...
buffer 2 0x00400000 0x004A1FFF Content Changed False 32-bit 0x00410000 True
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\nsq8E2.tmp Dropped File Unknown
clean
...
  • Actions
»
MIME Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\nnrr3w4buo Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 213.75 KB
MD5 50a68ba520b64a2483798c97e223435f Copy to Clipboard
SHA1 cbeab844a1c3eac2eb8abe5def847a05ff9f7d5b Copy to Clipboard
SHA256 cd06a2c3858ac3b1bc6d06816dd2966154eabab479c4b305521a84a5b409d6d7 Copy to Clipboard
SSDeep 6144:V9SOcYwR2fG8tEOnw6X/7CZJTrxSciuvI:DwEfLw6TCZpEyg Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\urpwvqane Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 4.86 KB
MD5 c7420c4bf0d9b154af363b48cc160ad0 Copy to Clipboard
SHA1 d3c95a22a44e515830b925a2fc30b5fa6a0c628e Copy to Clipboard
SHA256 caf8f4ffca95fe9a5336a64b83554aea6d37586a159f467d868e25f3737b4fb4 Copy to Clipboard
SSDeep 96:Qm5+Ry+S1+aC5s+wjskAi0eXcKm5Z3p/yEaMr1L7h0MQOYRzJNUxwKjj:QmEI+S1dUs+hkAixMKA3padOYBJNUuKn Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\nsq8E2.tmp\ibqwlwmewvj.dll Dropped File Binary
clean
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.50 KB
MD5 b70aac2ffa041468d92918145535c5c7 Copy to Clipboard
SHA1 26f134e72d8e5c86209a54e0d05d801c1b193059 Copy to Clipboard
SHA256 97accd2e535507eead8da6ccdb641907134e527b19f9c64d6ef9071bfa508d66 Copy to Clipboard
SSDeep 48:SpozIU0jblvgiPtv6UIkuW2yH+ZsQMR7/iItlRuqS:ZzWdvZNFuoH+Zdc5x Copy to Clipboard
ImpHash d29f94913598add04ccb03ba30291f17 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Size Of Code 0x400
Size Of Initialized Data 0xa00
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2022-01-14 05:21:07+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x2b0 0x400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 4.23
.rdata 0x10002000 0x568 0x600 0x800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.46
.rsrc 0x10003000 0x1e0 0x200 0xe00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.7
.reloc 0x10004000 0x5c 0x200 0x1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 1.36
Imports (8)
»
KERNEL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTempPathW - 0x10002018 0x21e4 0x9e4 0x2f6
ReadFile - 0x1000201c 0x21e8 0x9e8 0x473
CreateFileW - 0x10002020 0x21ec 0x9ec 0xcb
SetProcessShutdownParameters - 0x10002024 0x21f0 0x9f0 0x545
MoveFileA - 0x10002028 0x21f4 0x9f4 0x3e6
VirtualProtect - 0x1000202c 0x21f8 0x9f8 0x5cc
GDI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetMiterLimit - 0x10002000 0x21cc 0x9cc 0x29f
RealizePalette - 0x10002004 0x21d0 0x9d0 0x316
FillPath - 0x10002008 0x21d4 0x9d4 0x1da
GetCharacterPlacementA - 0x1000200c 0x21d8 0x9d8 0x266
GetTextExtentPointA - 0x10002010 0x21dc 0x9dc 0x2ca
pdh.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PdhGetFormattedCounterArrayW - 0x100020a4 0x2270 0xa70 0x40
PdhIsRealTimeQuery - 0x100020a8 0x2274 0xa74 0x49
PdhParseInstanceNameA - 0x100020ac 0x2278 0xa78 0x5a
MSACM32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
acmDriverPriority - 0x10002034 0x2200 0xa00 0xa
acmFilterTagDetailsW - 0x10002038 0x2204 0xa04 0x13
acmFormatTagDetailsW - 0x1000203c 0x2208 0xa08 0x1e
XRegThunkEntry - 0x10002040 0x220c 0xa0c 0x0
acmDriverID - 0x10002044 0x2210 0xa10 0x7
acmFormatEnumW - 0x10002048 0x2214 0xa14 0x1b
WSOCK32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ord1116 0x45c 0x1000207c 0x2248 0xa48 -
ord1102 0x44e 0x10002080 0x224c 0xa4c -
listen 0xd 0x10002084 0x2250 0xa50 -
WSAGetLastError 0x6f 0x10002088 0x2254 0xa54 -
WSAAsyncGetProtoByName 0x69 0x1000208c 0x2258 0xa58 -
ord1130 0x46a 0x10002090 0x225c 0xa5c -
ord1103 0x44f 0x10002094 0x2260 0xa60 -
WSAUnhookBlockingHook 0x6e 0x10002098 0x2264 0xa64 -
ord1114 0x45a 0x1000209c 0x2268 0xa68 -
WININET.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateUrlCacheEntryA - 0x10002060 0x222c 0xa2c 0x18
SetUrlCacheEntryInfoA - 0x10002064 0x2230 0xa30 0x107
CreateUrlCacheEntryW - 0x10002068 0x2234 0xa34 0x1a
ShowClientAuthCerts - 0x1000206c 0x2238 0xa38 0x10d
FtpFindFirstFileA - 0x10002070 0x223c 0xa3c 0x44
ShowX509EncodedCertificate - 0x10002074 0x2240 0xa40 0x10f
ODBC32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0xfd 0x10002050 0x221c 0xa1c -
(by ordinal) 0x6e 0x10002054 0x2220 0xa20 -
(by ordinal) 0x7f 0x10002058 0x2224 0xa24 -
rtm.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtmDeregisterClient - 0x100020b4 0x2280 0xa80 0x35
RtmGetFirstRoute - 0x100020b8 0x2284 0xa84 0x46
RtmCreateEnumerationHandle - 0x100020bc 0x2288 0xa88 0x28
RtmLookupIPDestination - 0x100020c0 0x228c 0xa8c 0x5f
Exports (1)
»
Api name EAT Address Ordinal
icluciob 0x10a0 0x1
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 53 Bytes
MD5 9c3c1a69a3c43835d6a2579570e6aa0d Copy to Clipboard
SHA1 8af2c3b90473b35f1bb936de12a8bf72fe658468 Copy to Clipboard
SHA256 e641ff8107a4197ded9f558d1891e716811e9a7f109f14e876f5a8394844dc34 Copy to Clipboard
SSDeep 3:/l4l5mrc9l:e4rc9l Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.hdb Dropped File Text
clean
...
»
MIME Type text/plain
File Size 4 Bytes
MD5 90f2527e58191a885a8cc35c99b89ba8 Copy to Clipboard
SHA1 10455ce0eb31eead75481e75dcba232d28c7e4c7 Copy to Clipboard
SHA256 859ffdca62ee0971821a4b2dedfc023d0f9a021391b5ac336ddb49d53d28330e Copy to Clipboard
SSDeep 3:Kn:Kn Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.lck Dropped File Stream
clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 1 Bytes
MD5 c4ca4238a0b923820dcc509a6f75849b Copy to Clipboard
SHA1 356a192b7913b04c54574d18c28d46e6395428ab Copy to Clipboard
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Copy to Clipboard
SSDeep 3:U:U Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
Known to be clean.
...
»
MIME Type application/octet-stream
File Size 53 Bytes
MD5 eca0470178275ac94e5de381969ed232 Copy to Clipboard
SHA1 d6de27e734eec57d1dda73489b4a6d6eecae3038 Copy to Clipboard
SHA256 353fd628b7f6e7d426e5d6a27d1bc3ac22fa7f812e7594cf2ec5ca1175785b50 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image