Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Trojan.GenericKDZ.76753 Gen:Variant.Mikey.113998

Dynamic Analysis Report

Created on 2021-09-28T09:14:00

96705595655fd817156073e3d3efde3338e24c3afaef13e517153ae4b5218fc9.exe.dll

Windows DLL (x86-64)
...

Remarks (2/3)

(0x02000046): The maximum binlog size was reached. The analysis was terminated prematurely.

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 hours, 13 minutes, 18 seconds" to "1 minute, 10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\96705595655fd817156073e3d3efde3338e24c3afaef13e517153ae4b5218fc9.exe.dll Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 2.13 MB
MD5 f8295446e335b679641637334c99242d Copy to Clipboard
SHA1 18b9a40791f1a52c70507b29d0b631510f2e33c6 Copy to Clipboard
SHA256 96705595655fd817156073e3d3efde3338e24c3afaef13e517153ae4b5218fc9 Copy to Clipboard
SSDeep 12288:/VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:2fP7fWsK5z9A+WGAW+V5SB6Ct4bnb Copy to Clipboard
ImpHash 6668be91e2c948b183827f040944057f Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKDZ.76753
malicious
PE Information
»
Image Base 0x140000000
Entry Point 0x140041070
Size Of Code 0x41000
Size Of Initialized Data 0x1df000
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2020-02-20 08:35:24+00:00
Version Information (8)
»
CompanyName Microsoft Corporati
FileDescription Background Intellig
FileVersion 7.5.7600.16385 (win7_rtm.090713-
InternalName bitsp
LegalCopyright © Microsoft Corporation. All rights reserv
OriginalFilename kbdy
ProductName Microsoft® Windows® Operating S
ProductVersion 6.1.7600
Sections (58)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x40796 0x41000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.73
.rdata 0x140042000 0x64fd0 0x65000 0x42000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.87
.data 0x1400a7000 0x178b8 0x18000 0xa7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.32
.pdata 0x1400bf000 0x12c 0x1000 0xbf000 IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.58
.rsrc 0x1400c0000 0x880 0x1000 0xc0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.24
.reloc 0x1400c1000 0x2324 0x3000 0xc1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.65
.qkm 0x1400c4000 0x74a 0x1000 0xc4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.cvjb 0x1400c5000 0x1e66 0x2000 0xc5000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.tlmkv 0x1400c7000 0xbde 0x1000 0xc7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wucsxe 0x1400c8000 0x45174 0x46000 0xc8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.fltwtj 0x14010e000 0x1267 0x2000 0x10e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.sfplio 0x140110000 0x736 0x1000 0x110000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.rpg 0x140111000 0x45174 0x46000 0x111000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.bewzc 0x140157000 0x1124 0x2000 0x157000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.vksvaw 0x140159000 0x736 0x1000 0x159000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wmhg 0x14015a000 0x1278 0x2000 0x15a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.kswemc 0x14015c000 0x36d 0x1000 0x15c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.kaxfk 0x14015d000 0x197d 0x2000 0x15d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wualk 0x14015f000 0xbde 0x1000 0x15f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.qdxz 0x140160000 0xbde 0x1000 0x160000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.rkyg 0x140161000 0x1af 0x1000 0x161000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.psul 0x140162000 0x1af 0x1000 0x162000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.pyjm 0x140163000 0x1f7 0x1000 0x163000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.eoadme 0x140164000 0x7fd 0x1000 0x164000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.fnz 0x140165000 0x389 0x1000 0x165000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.gwheg 0x140166000 0x45174 0x46000 0x166000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.fcd 0x1401ac000 0x322 0x1000 0x1ac000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.dwk 0x1401ad000 0x9cd 0x1000 0x1ad000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.hgy 0x1401ae000 0xae7 0x1000 0x1ae000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.nfm 0x1401af000 0x46e 0x1000 0x1af000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.qmfqd 0x1401b0000 0xd57 0x1000 0x1b0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.buzyfh 0x1401b1000 0xbde 0x1000 0x1b1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.towo 0x1401b2000 0x2da 0x1000 0x1b2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.omwdbg 0x1401b3000 0x1f7 0x1000 0x1b3000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.virw 0x1401b4000 0x6cd0 0x7000 0x1b4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.bck 0x1401bb000 0x543 0x1000 0x1bb000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.mbhfb 0x1401bc000 0x573 0x1000 0x1bc000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.kix 0x1401bd000 0x896 0x1000 0x1bd000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.gurzs 0x1401be000 0x736 0x1000 0x1be000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.dzdoj 0x1401bf000 0x23b 0x1000 0x1bf000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.egret 0x1401c0000 0x1455 0x2000 0x1c0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ftpyc 0x1401c2000 0x736 0x1000 0x1c2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.qrc 0x1401c3000 0x3fe 0x1000 0x1c3000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.tnnx 0x1401c4000 0x389 0x1000 0x1c4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.vsjhk 0x1401c5000 0x23b 0x1000 0x1c5000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.fmswwe 0x1401c6000 0xd33 0x1000 0x1c6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.zfhn 0x1401c7000 0x6cd0 0x7000 0x1c7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ejdgrp 0x1401ce000 0x389 0x1000 0x1ce000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.soyat 0x1401cf000 0x13e 0x1000 0x1cf000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.jlil 0x1401d0000 0x1af 0x1000 0x1d0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.bojgf 0x1401d1000 0x13e 0x1000 0x1d1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.gvsnik 0x1401d2000 0x23b 0x1000 0x1d2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.lsc 0x1401d3000 0x45174 0x46000 0x1d3000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.uepvem 0x140219000 0x13e 0x1000 0x219000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.don 0x14021a000 0x197d 0x2000 0x21a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.dqju 0x14021c000 0x1e66 0x2000 0x21c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.qmgrql 0x14021e000 0x736 0x1000 0x21e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.cjrd 0x14021f000 0x128f 0x2000 0x21f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
Imports (7)
»
USER32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LookupIconIdFromDirectoryEx - 0x140042098 0xa64c8 0xa64c8 0x205
WaitForInputIdle - 0x1400420a0 0xa64d0 0xa64d0 0x32e
GetParent - 0x1400420a8 0xa64d8 0xa64d8 0x166
GetFocus - 0x1400420b0 0xa64e0 0xa64e0 0x12e
SETUPAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CM_Get_Resource_Conflict_DetailsW - 0x140042078 0xa64a8 0xa64a8 0x8a
KERNEL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection - 0x140042038 0xa6468 0xa6468 0xd2
DeleteTimerQueue - 0x140042040 0xa6470 0xa6470 0xd9
TerminateJobObject - 0x140042048 0xa6478 0xa6478 0x4cd
GetFileInformationByHandle - 0x140042050 0xa6480 0xa6480 0x1f3
GetThreadLocale - 0x140042058 0xa6488 0xa6488 0x293
GetNamedPipeServerProcessId - 0x140042060 0xa6490 0xa6490 0x229
GetConsoleFontSize - 0x140042068 0xa6498 0xa6498 0x1aa
GDI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateBitmapIndirect - 0x140042020 0xa6450 0xa6450 0x2b
GetPolyFillMode - 0x140042028 0xa6458 0xa6458 0x206
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CertGetCTLContextProperty - 0x140042010 0xa6440 0xa6440 0x44
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AddAccessDeniedObjectAce - 0x140042000 0xa6430 0xa6430 0x15
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChrCmpIW - 0x140042088 0xa64b8 0xa64b8 0xa
Exports (5)
»
Api name EAT Address Ordinal
DpxFreeMemory 0x14ad4 0x1
DpxNewJob 0xc684 0x2
DpxNewJobEx 0x24248 0x3
DpxRestoreJob 0x85e8 0x4
DpxRestoreJobEx 0x1b4d8 0x5
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 53 Bytes
MD5 9c3c1a69a3c43835d6a2579570e6aa0d Copy to Clipboard
SHA1 8af2c3b90473b35f1bb936de12a8bf72fe658468 Copy to Clipboard
SHA256 e641ff8107a4197ded9f558d1891e716811e9a7f109f14e876f5a8394844dc34 Copy to Clipboard
SSDeep 3:/l4l5mrc9l:e4rc9l Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 b08dd829d879c059de11ccedfd8a2241 Copy to Clipboard
SHA1 779b68764261afdd733fde61abb09f34efa54b09 Copy to Clipboard
SHA256 7c5c06b5ed49695fcd156c005970535abc60cfa5ae50f4bbee035717016437e7 Copy to Clipboard
SSDeep 24:ewy9L/HUgTvQjKODKjByKornifZQDIJnCWUdu09DIumvbdfhitgu2F66Uv+:x2LPUWOF29yKunZDVvdDIZdCJ2F65v+ Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 253250ecef24e59cbe308e437e2fef34 Copy to Clipboard
SHA1 cecf6a97c73c87eb8153ded4da6365f2f576a902 Copy to Clipboard
SHA256 4459de34f31d879717f63fcf0b48c4b322ee763c7e60d4b0e2a2a61a7805cf43 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 e6d233d700251c29b5a58f9b7d6529ef Copy to Clipboard
SHA1 2f494364e3952638700d5aa417b86893effebfa5 Copy to Clipboard
SHA256 33a74144f3a4f82bdf6f7c94a6639df405ed84200d2a88d6168b4aebc613ef6d Copy to Clipboard
SSDeep 24:ewy9L/HUggAnGdeJsMztvtthSoySlDmcqP9D+5qgUkIC1:x2LPUTAnGdeJ55vpSgE71Hk5 Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image