98f260b5...6e12 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: -

$RJD3Z6K.TMP.exe

Windows Exe (x86-32)

Created at 2019-10-05T01:01:00

...

Remarks (1/1)

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\$RJD3Z6K.TMP.exe Sample File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 234.84 KB
MD5 3e6672a68447e4e7c297e4dd7171b906 Copy to Clipboard
SHA1 72a1af262187ac809a3c6395e5f3f3f5804e51e3 Copy to Clipboard
SHA256 98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12 Copy to Clipboard
SSDeep 3072:ksmXOzmGeqemo4K/eGemvUu7i35UUuEx3E13ZLjfWvM5ANom/OU1gidk3sspswF+:oGeJ3eGVOSUuEx3ExlA3/2L3hTFzgPf Copy to Clipboard
ImpHash 7e3e3817a3d49b513e2918ffbb77c173 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x403203
Size Of Code 0x8000
Size Of Initialized Data 0xe000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-10-04 07:56:21+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x7e21 0x8000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.61
.rdata 0x409000 0xe74 0x1000 0x9000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.03
.data 0x40a000 0xabf4 0xa000 0xa000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.38
.rsrc 0x415000 0x1058 0x2000 0x14000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.03
Imports (8)
»
KERNEL32.dll (48)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LCMapStringA 0x0 0x409038 0x96cc 0x96cc 0x1bf
GetOEMCP 0x0 0x40903c 0x96d0 0x96d0 0x131
GetACP 0x0 0x409040 0x96d4 0x96d4 0xb9
GetCPInfo 0x0 0x409044 0x96d8 0x96d8 0xbf
SetFilePointer 0x0 0x409048 0x96dc 0x96dc 0x26a
FlushFileBuffers 0x0 0x40904c 0x96e0 0x96e0 0xaa
SetStdHandle 0x0 0x409050 0x96e4 0x96e4 0x27c
GetStringTypeW 0x0 0x409054 0x96e8 0x96e8 0x156
GetStringTypeA 0x0 0x409058 0x96ec 0x96ec 0x153
MultiByteToWideChar 0x0 0x40905c 0x96f0 0x96f0 0x1e4
RtlUnwind 0x0 0x409060 0x96f4 0x96f4 0x22f
LCMapStringW 0x0 0x409064 0x96f8 0x96f8 0x1c0
GetStdHandle 0x0 0x409068 0x96fc 0x96fc 0x152
SetHandleCount 0x0 0x40906c 0x9700 0x9700 0x26d
GetEnvironmentStringsW 0x0 0x409070 0x9704 0x9704 0x108
GetEnvironmentStrings 0x0 0x409074 0x9708 0x9708 0x106
WideCharToMultiByte 0x0 0x409078 0x970c 0x970c 0x2d2
GetProcAddress 0x0 0x40907c 0x9710 0x9710 0x13e
FreeEnvironmentStringsA 0x0 0x409080 0x9714 0x9714 0xb2
UnhandledExceptionFilter 0x0 0x409084 0x9718 0x9718 0x2ad
GetCurrentProcess 0x0 0x409088 0x971c 0x971c 0xf7
TerminateProcess 0x0 0x40908c 0x9720 0x9720 0x29e
GetLastError 0x0 0x409090 0x9724 0x9724 0x11a
GetModuleFileNameA 0x0 0x409094 0x9728 0x9728 0x124
FreeLibrary 0x0 0x409098 0x972c 0x972c 0xb4
GetUserDefaultLangID 0x0 0x40909c 0x9730 0x9730 0x172
GetFileType 0x0 0x4090a0 0x9734 0x9734 0x115
GetModuleHandleA 0x0 0x4090a4 0x9738 0x9738 0x126
HeapReAlloc 0x0 0x4090a8 0x973c 0x973c 0x1a2
LoadLibraryA 0x0 0x4090ac 0x9740 0x9740 0x1c2
CreateThread 0x0 0x4090b0 0x9744 0x9744 0x4a
CreateFileA 0x0 0x4090b4 0x9748 0x9748 0x34
GetFileSize 0x0 0x4090b8 0x974c 0x974c 0x112
ReadFile 0x0 0x4090bc 0x9750 0x9750 0x218
CloseHandle 0x0 0x4090c0 0x9754 0x9754 0x1b
VirtualAlloc 0x0 0x4090c4 0x9758 0x9758 0x2bb
VirtualFree 0x0 0x4090c8 0x975c 0x975c 0x2bf
HeapCreate 0x0 0x4090cc 0x9760 0x9760 0x19b
HeapDestroy 0x0 0x4090d0 0x9764 0x9764 0x19d
ExitProcess 0x0 0x4090d4 0x9768 0x9768 0x7d
GetVersion 0x0 0x4090d8 0x976c 0x976c 0x174
GetCommandLineA 0x0 0x4090dc 0x9770 0x9770 0xca
GetStartupInfoA 0x0 0x4090e0 0x9774 0x9774 0x150
HeapAlloc 0x0 0x4090e4 0x9778 0x9778 0x199
HeapFree 0x0 0x4090e8 0x977c 0x977c 0x19f
WriteFile 0x0 0x4090ec 0x9780 0x9780 0x2df
FreeEnvironmentStringsW 0x0 0x4090f0 0x9784 0x9784 0xb3
SetEndOfFile 0x0 0x4090f4 0x9788 0x9788 0x261
USER32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wsprintfA 0x0 0x409118 0x97ac 0x97ac 0x2ac
LoadStringA 0x0 0x40911c 0x97b0 0x97b0 0x1ab
SetDlgItemTextA 0x0 0x409120 0x97b4 0x97b4 0x22c
SendMessageA 0x0 0x409124 0x97b8 0x97b8 0x214
DestroyWindow 0x0 0x409128 0x97bc 0x97bc 0x8e
CreateDialogParamA 0x0 0x40912c 0x97c0 0x97c0 0x4f
GetWindowRect 0x0 0x409130 0x97c4 0x97c4 0x15c
ScreenToClient 0x0 0x409134 0x97c8 0x97c8 0x20a
ShowWindow 0x0 0x409138 0x97cc 0x97cc 0x26a
UpdateWindow 0x0 0x40913c 0x97d0 0x97d0 0x291
SetWindowTextA 0x0 0x409140 0x97d4 0x97d4 0x25e
GetSystemMenu 0x0 0x409144 0x97d8 0x97d8 0x145
EnableMenuItem 0x0 0x409148 0x97dc 0x97dc 0xb5
EndDialog 0x0 0x40914c 0x97e0 0x97e0 0xb9
DialogBoxParamA 0x0 0x409150 0x97e4 0x97e4 0x93
DrawTextA 0x0 0x409154 0x97e8 0x97e8 0xaf
SetWindowPos 0x0 0x409158 0x97ec 0x97ec 0x25b
CheckDlgButton 0x0 0x40915c 0x97f0 0x97f0 0x33
IsDlgButtonChecked 0x0 0x409160 0x97f4 0x97f4 0x18a
GetParent 0x0 0x409164 0x97f8 0x97f8 0x135
MessageBoxA 0x0 0x409168 0x97fc 0x97fc 0x1be
GetDlgItemTextA 0x0 0x40916c 0x9800 0x9800 0x104
GetDlgItem 0x0 0x409170 0x9804 0x9804 0x102
GDI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetObjectA 0x0 0x409020 0x96b4 0x96b4 0x14f
CreateFontIndirectA 0x0 0x409024 0x96b8 0x96b8 0x37
SelectObject 0x0 0x409028 0x96bc 0x96bc 0x1c7
DeleteObject 0x0 0x40902c 0x96c0 0x96c0 0x53
SetTextColor 0x0 0x409030 0x96c4 0x96c4 0x1f3
comdlg32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSaveFileNameA 0x0 0x409178 0x980c 0x980c 0xb
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x409000 0x9694 0x9694 0x15b
RegQueryValueExA 0x0 0x409004 0x9698 0x9698 0x17b
RegOpenKeyExA 0x0 0x409008 0x969c 0x969c 0x172
RegCreateKeyExA 0x0 0x40900c 0x96a0 0x96a0 0x15f
RegSetValueExA 0x0 0x409010 0x96a4 0x96a4 0x186
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DragQueryFileA 0x0 0x4090fc 0x9790 0x9790 0x14
ShellExecuteA 0x0 0x409100 0x9794 0x9794 0x72
SHBrowseForFolderA 0x0 0x409104 0x9798 0x9798 0x39
SHGetPathFromIDListA 0x0 0x409108 0x979c 0x979c 0x50
SHGetMalloc 0x0 0x40910c 0x97a0 0x97a0 0x4b
DragFinish 0x0 0x409110 0x97a4 0x97a4 0x12
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize 0x0 0x409180 0x9814 0x9814 0x2d
CoUninitialize 0x0 0x409184 0x9818 0x9818 0x53
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x409018 0x96ac 0x96ac -
Icons (1)
»
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Points AV YARA Actions
$rjd3z6k.tmp.exe 1 0x00400000 0x00416FFF Relevant Image - 32-bit 0x0040A7D4 False False
...
$rjd3z6k.tmp.exe 1 0x00400000 0x00416FFF Content Changed - 32-bit 0x0040B1AE False False
...
$rjd3z6k.tmp.exe 1 0x00400000 0x00416FFF Final Dump - 32-bit - False False
...
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image