Malicious
Classifications
Injector
Threat Names
Mal/Generic-S
Dynamic Analysis Report
Created on 2022-03-21T13:15:00
99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770.exe | Sample File | Binary |
malicious
|
...
|
»
File Reputation Information
»
Verdict |
malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x40953b |
Size Of Code | 0x40ee00 |
Size Of Initialized Data | 0x13c00 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_cui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2022-03-21 11:33:31+00:00 |
Sections (5)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x401000 | 0x23fe5 | 0x24000 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.59 |
.iXgHkK | 0x425000 | 0x3eac39 | 0x3eae00 | 0x24400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.76 |
.rdata | 0x810000 | 0xf8d8 | 0xfa00 | 0x40f200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.65 |
.data | 0x820000 | 0x1ce8 | 0x1000 | 0x41ec00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.04 |
.pyX$d | 0x822000 | 0x910 | 0xa00 | 0x41fc00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.4 |
Imports (2)
»
USER32.dll (5)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetSysColorBrush | - | 0x81013c | 0x41f2a4 | 0x41e4a4 | 0x1c2 |
MessageBeep | - | 0x810140 | 0x41f2a8 | 0x41e4a8 | 0x280 |
MessageBoxA | - | 0x810144 | 0x41f2ac | 0x41e4ac | 0x281 |
GetSystemMetrics | - | 0x810148 | 0x41f2b0 | 0x41e4b0 | 0x1c5 |
SendNotifyMessageA | - | 0x81014c | 0x41f2b4 | 0x41e4b4 | 0x315 |
KERNEL32.dll (78)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
TlsSetValue | - | 0x810000 | 0x41f168 | 0x41e368 | 0x5a5 |
CreateFileW | - | 0x810004 | 0x41f16c | 0x41e36c | 0xce |
HeapSize | - | 0x810008 | 0x41f170 | 0x41e370 | 0x351 |
GetProcessHeap | - | 0x81000c | 0x41f174 | 0x41e374 | 0x2b7 |
SetStdHandle | - | 0x810010 | 0x41f178 | 0x41e378 | 0x54e |
SetEnvironmentVariableW | - | 0x810014 | 0x41f17c | 0x41e37c | 0x516 |
GetLastError | - | 0x810018 | 0x41f180 | 0x41e380 | 0x264 |
GetCurrentProcessId | - | 0x81001c | 0x41f184 | 0x41e384 | 0x21b |
GetCurrentThreadId | - | 0x810020 | 0x41f188 | 0x41e388 | 0x21f |
GetModuleHandleA | - | 0x810024 | 0x41f18c | 0x41e38c | 0x278 |
GetProcAddress | - | 0x810028 | 0x41f190 | 0x41e390 | 0x2b1 |
MultiByteToWideChar | - | 0x81002c | 0x41f194 | 0x41e394 | 0x3f3 |
FreeConsole | - | 0x810030 | 0x41f198 | 0x41e398 | 0x1ab |
GetConsoleWindow | - | 0x810034 | 0x41f19c | 0x41e39c | 0x20a |
WideCharToMultiByte | - | 0x810038 | 0x41f1a0 | 0x41e3a0 | 0x602 |
EnterCriticalSection | - | 0x81003c | 0x41f1a4 | 0x41e3a4 | 0x134 |
LeaveCriticalSection | - | 0x810040 | 0x41f1a8 | 0x41e3a8 | 0x3c1 |
InitializeCriticalSectionEx | - | 0x810044 | 0x41f1ac | 0x41e3ac | 0x363 |
DeleteCriticalSection | - | 0x810048 | 0x41f1b0 | 0x41e3b0 | 0x113 |
EncodePointer | - | 0x81004c | 0x41f1b4 | 0x41e3b4 | 0x130 |
DecodePointer | - | 0x810050 | 0x41f1b8 | 0x41e3b8 | 0x10c |
LCMapStringEx | - | 0x810054 | 0x41f1bc | 0x41e3bc | 0x3b4 |
GetStringTypeW | - | 0x810058 | 0x41f1c0 | 0x41e3c0 | 0x2da |
GetCPInfo | - | 0x81005c | 0x41f1c4 | 0x41e3c4 | 0x1c4 |
UnhandledExceptionFilter | - | 0x810060 | 0x41f1c8 | 0x41e3c8 | 0x5b1 |
SetUnhandledExceptionFilter | - | 0x810064 | 0x41f1cc | 0x41e3cc | 0x571 |
GetCurrentProcess | - | 0x810068 | 0x41f1d0 | 0x41e3d0 | 0x21a |
TerminateProcess | - | 0x81006c | 0x41f1d4 | 0x41e3d4 | 0x590 |
IsProcessorFeaturePresent | - | 0x810070 | 0x41f1d8 | 0x41e3d8 | 0x389 |
QueryPerformanceCounter | - | 0x810074 | 0x41f1dc | 0x41e3dc | 0x44f |
GetSystemTimeAsFileTime | - | 0x810078 | 0x41f1e0 | 0x41e3e0 | 0x2ec |
InitializeSListHead | - | 0x81007c | 0x41f1e4 | 0x41e3e4 | 0x366 |
IsDebuggerPresent | - | 0x810080 | 0x41f1e8 | 0x41e3e8 | 0x382 |
GetStartupInfoW | - | 0x810084 | 0x41f1ec | 0x41e3ec | 0x2d3 |
GetModuleHandleW | - | 0x810088 | 0x41f1f0 | 0x41e3f0 | 0x27b |
FreeEnvironmentStringsW | - | 0x81008c | 0x41f1f4 | 0x41e3f4 | 0x1ad |
RaiseException | - | 0x810090 | 0x41f1f8 | 0x41e3f8 | 0x464 |
RtlUnwind | - | 0x810094 | 0x41f1fc | 0x41e3fc | 0x4d5 |
SetLastError | - | 0x810098 | 0x41f200 | 0x41e400 | 0x534 |
InitializeCriticalSectionAndSpinCount | - | 0x81009c | 0x41f204 | 0x41e404 | 0x362 |
TlsAlloc | - | 0x8100a0 | 0x41f208 | 0x41e408 | 0x5a2 |
TlsGetValue | - | 0x8100a4 | 0x41f20c | 0x41e40c | 0x5a4 |
WriteConsoleW | - | 0x8100a8 | 0x41f210 | 0x41e410 | 0x615 |
TlsFree | - | 0x8100ac | 0x41f214 | 0x41e414 | 0x5a3 |
FreeLibrary | - | 0x8100b0 | 0x41f218 | 0x41e418 | 0x1ae |
LoadLibraryExW | - | 0x8100b4 | 0x41f21c | 0x41e41c | 0x3c7 |
GetStdHandle | - | 0x8100b8 | 0x41f220 | 0x41e420 | 0x2d5 |
WriteFile | - | 0x8100bc | 0x41f224 | 0x41e424 | 0x616 |
GetModuleFileNameW | - | 0x8100c0 | 0x41f228 | 0x41e428 | 0x277 |
ExitProcess | - | 0x8100c4 | 0x41f22c | 0x41e42c | 0x161 |
GetModuleHandleExW | - | 0x8100c8 | 0x41f230 | 0x41e430 | 0x27a |
GetCommandLineA | - | 0x8100cc | 0x41f234 | 0x41e434 | 0x1d9 |
GetCommandLineW | - | 0x8100d0 | 0x41f238 | 0x41e438 | 0x1da |
HeapAlloc | - | 0x8100d4 | 0x41f23c | 0x41e43c | 0x348 |
HeapFree | - | 0x8100d8 | 0x41f240 | 0x41e440 | 0x34c |
CompareStringW | - | 0x8100dc | 0x41f244 | 0x41e444 | 0x9e |
LCMapStringW | - | 0x8100e0 | 0x41f248 | 0x41e448 | 0x3b5 |
GetLocaleInfoW | - | 0x8100e4 | 0x41f24c | 0x41e44c | 0x268 |
IsValidLocale | - | 0x8100e8 | 0x41f250 | 0x41e450 | 0x391 |
GetUserDefaultLCID | - | 0x8100ec | 0x41f254 | 0x41e454 | 0x315 |
EnumSystemLocalesW | - | 0x8100f0 | 0x41f258 | 0x41e458 | 0x157 |
GetFileType | - | 0x8100f4 | 0x41f25c | 0x41e45c | 0x251 |
CloseHandle | - | 0x8100f8 | 0x41f260 | 0x41e460 | 0x89 |
FlushFileBuffers | - | 0x8100fc | 0x41f264 | 0x41e464 | 0x1a2 |
GetConsoleOutputCP | - | 0x810100 | 0x41f268 | 0x41e468 | 0x203 |
GetConsoleMode | - | 0x810104 | 0x41f26c | 0x41e46c | 0x1ff |
ReadFile | - | 0x810108 | 0x41f270 | 0x41e470 | 0x475 |
GetFileSizeEx | - | 0x81010c | 0x41f274 | 0x41e474 | 0x24f |
SetFilePointerEx | - | 0x810110 | 0x41f278 | 0x41e478 | 0x525 |
ReadConsoleW | - | 0x810114 | 0x41f27c | 0x41e47c | 0x472 |
HeapReAlloc | - | 0x810118 | 0x41f280 | 0x41e480 | 0x34f |
FindClose | - | 0x81011c | 0x41f284 | 0x41e484 | 0x178 |
FindFirstFileExW | - | 0x810120 | 0x41f288 | 0x41e488 | 0x17e |
FindNextFileW | - | 0x810124 | 0x41f28c | 0x41e48c | 0x18f |
IsValidCodePage | - | 0x810128 | 0x41f290 | 0x41e490 | 0x38f |
GetACP | - | 0x81012c | 0x41f294 | 0x41e494 | 0x1b5 |
GetOEMCP | - | 0x810130 | 0x41f298 | 0x41e498 | 0x29a |
GetEnvironmentStringsW | - | 0x810134 | 0x41f29c | 0x41e49c | 0x23a |
Digital Signature Information
»
Verification Status | Failed |
Verification Error | The signer certificate was revoked |
Certificate: Nvidia Corporation
»
Issued by | Nvidia Corporation |
Parent Certificate | DigiCert SHA2 Assured ID Code Signing CA |
Country Name | US |
Valid From | 2021-04-14 02:00 (UTC+2) |
Valid Until | 2024-04-17 01:59 (UTC+2) |
Algorithm | sha256_rsa |
Serial Number | 02 66 AD FA 17 63 89 D9 B4 30 1A C8 7E FD 6A 96 |
Thumbprint | F5 18 FA D5 DE C9 E0 50 0D A1 C1 59 8C 4B 0F FC 02 68 B2 D0 |
Revoked Since | 2022-02-20 13:00 (UTC+1) |
Certificate: DigiCert SHA2 Assured ID Code Signing CA
»
Issued by | DigiCert SHA2 Assured ID Code Signing CA |
Country Name | US |
Valid From | 2013-10-22 14:00 (UTC+2) |
Valid Until | 2028-10-22 14:00 (UTC+2) |
Algorithm | sha256_rsa |
Serial Number | 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08 |
Thumbprint | 92 C1 58 8E 85 AF 22 01 CE 79 15 E8 53 8B 49 2F 60 5B 80 C6 |
Memory Dumps (4)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770.exe | 1 | 0x00400000 | 0x00822FFF | Relevant Image | 32-bit | 0x0040BE2E |
...
|
||
buffer | 1 | 0x0019F7B4 | 0x0019FF31 | First Execution | 32-bit | 0x0019F935 |
...
|
||
buffer | 1 | 0x02230000 | 0x022C1FFF | Content Changed | 32-bit | - |
...
|
||
99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770.exe | 1 | 0x00400000 | 0x00822FFF | Process Termination | 32-bit | - |
...
|