Malicious
Classifications
Injector
Threat Names
Mal/Generic-S
Dynamic Analysis Report
Created on 2022-03-21T13:15:00
99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770.exe | Sample File | Binary |
malicious
|
...
|
»
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 4.14 MB |
| MD5 |
7700a0d1b07e63f054a730fbf9156ef0
|
| SHA1 |
6995f2e5f4544b3e99489364bccc56084198c61d
|
| SHA256 |
99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770
|
| SSDeep |
98304:IDWrdQJJ6qOobDtlLCSvKBXRAtiX2CVQmYRx6uiNnA9gEEtwPpAK3q2M:D6KPktlvIAtSNn6gFtYrzM
|
| ImpHash |
99c2cae0b7316add27de679470515124
|
File Reputation Information
»
| Verdict |
malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x400000 |
| Entry Point | 0x40953b |
| Size Of Code | 0x40ee00 |
| Size Of Initialized Data | 0x13c00 |
| File Type | FileType.executable |
| Subsystem | Subsystem.windows_cui |
| Machine Type | MachineType.i386 |
| Compile Timestamp | 2022-03-21 11:33:31+00:00 |
Sections (5)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x401000 | 0x23fe5 | 0x24000 | 0x400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.59 |
| .iXgHkK | 0x425000 | 0x3eac39 | 0x3eae00 | 0x24400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.76 |
| .rdata | 0x810000 | 0xf8d8 | 0xfa00 | 0x40f200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.65 |
| .data | 0x820000 | 0x1ce8 | 0x1000 | 0x41ec00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.04 |
| .pyX$d | 0x822000 | 0x910 | 0xa00 | 0x41fc00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.4 |
Imports (2)
»
USER32.dll (5)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| GetSysColorBrush | - | 0x81013c | 0x41f2a4 | 0x41e4a4 | 0x1c2 |
| MessageBeep | - | 0x810140 | 0x41f2a8 | 0x41e4a8 | 0x280 |
| MessageBoxA | - | 0x810144 | 0x41f2ac | 0x41e4ac | 0x281 |
| GetSystemMetrics | - | 0x810148 | 0x41f2b0 | 0x41e4b0 | 0x1c5 |
| SendNotifyMessageA | - | 0x81014c | 0x41f2b4 | 0x41e4b4 | 0x315 |
KERNEL32.dll (78)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| TlsSetValue | - | 0x810000 | 0x41f168 | 0x41e368 | 0x5a5 |
| CreateFileW | - | 0x810004 | 0x41f16c | 0x41e36c | 0xce |
| HeapSize | - | 0x810008 | 0x41f170 | 0x41e370 | 0x351 |
| GetProcessHeap | - | 0x81000c | 0x41f174 | 0x41e374 | 0x2b7 |
| SetStdHandle | - | 0x810010 | 0x41f178 | 0x41e378 | 0x54e |
| SetEnvironmentVariableW | - | 0x810014 | 0x41f17c | 0x41e37c | 0x516 |
| GetLastError | - | 0x810018 | 0x41f180 | 0x41e380 | 0x264 |
| GetCurrentProcessId | - | 0x81001c | 0x41f184 | 0x41e384 | 0x21b |
| GetCurrentThreadId | - | 0x810020 | 0x41f188 | 0x41e388 | 0x21f |
| GetModuleHandleA | - | 0x810024 | 0x41f18c | 0x41e38c | 0x278 |
| GetProcAddress | - | 0x810028 | 0x41f190 | 0x41e390 | 0x2b1 |
| MultiByteToWideChar | - | 0x81002c | 0x41f194 | 0x41e394 | 0x3f3 |
| FreeConsole | - | 0x810030 | 0x41f198 | 0x41e398 | 0x1ab |
| GetConsoleWindow | - | 0x810034 | 0x41f19c | 0x41e39c | 0x20a |
| WideCharToMultiByte | - | 0x810038 | 0x41f1a0 | 0x41e3a0 | 0x602 |
| EnterCriticalSection | - | 0x81003c | 0x41f1a4 | 0x41e3a4 | 0x134 |
| LeaveCriticalSection | - | 0x810040 | 0x41f1a8 | 0x41e3a8 | 0x3c1 |
| InitializeCriticalSectionEx | - | 0x810044 | 0x41f1ac | 0x41e3ac | 0x363 |
| DeleteCriticalSection | - | 0x810048 | 0x41f1b0 | 0x41e3b0 | 0x113 |
| EncodePointer | - | 0x81004c | 0x41f1b4 | 0x41e3b4 | 0x130 |
| DecodePointer | - | 0x810050 | 0x41f1b8 | 0x41e3b8 | 0x10c |
| LCMapStringEx | - | 0x810054 | 0x41f1bc | 0x41e3bc | 0x3b4 |
| GetStringTypeW | - | 0x810058 | 0x41f1c0 | 0x41e3c0 | 0x2da |
| GetCPInfo | - | 0x81005c | 0x41f1c4 | 0x41e3c4 | 0x1c4 |
| UnhandledExceptionFilter | - | 0x810060 | 0x41f1c8 | 0x41e3c8 | 0x5b1 |
| SetUnhandledExceptionFilter | - | 0x810064 | 0x41f1cc | 0x41e3cc | 0x571 |
| GetCurrentProcess | - | 0x810068 | 0x41f1d0 | 0x41e3d0 | 0x21a |
| TerminateProcess | - | 0x81006c | 0x41f1d4 | 0x41e3d4 | 0x590 |
| IsProcessorFeaturePresent | - | 0x810070 | 0x41f1d8 | 0x41e3d8 | 0x389 |
| QueryPerformanceCounter | - | 0x810074 | 0x41f1dc | 0x41e3dc | 0x44f |
| GetSystemTimeAsFileTime | - | 0x810078 | 0x41f1e0 | 0x41e3e0 | 0x2ec |
| InitializeSListHead | - | 0x81007c | 0x41f1e4 | 0x41e3e4 | 0x366 |
| IsDebuggerPresent | - | 0x810080 | 0x41f1e8 | 0x41e3e8 | 0x382 |
| GetStartupInfoW | - | 0x810084 | 0x41f1ec | 0x41e3ec | 0x2d3 |
| GetModuleHandleW | - | 0x810088 | 0x41f1f0 | 0x41e3f0 | 0x27b |
| FreeEnvironmentStringsW | - | 0x81008c | 0x41f1f4 | 0x41e3f4 | 0x1ad |
| RaiseException | - | 0x810090 | 0x41f1f8 | 0x41e3f8 | 0x464 |
| RtlUnwind | - | 0x810094 | 0x41f1fc | 0x41e3fc | 0x4d5 |
| SetLastError | - | 0x810098 | 0x41f200 | 0x41e400 | 0x534 |
| InitializeCriticalSectionAndSpinCount | - | 0x81009c | 0x41f204 | 0x41e404 | 0x362 |
| TlsAlloc | - | 0x8100a0 | 0x41f208 | 0x41e408 | 0x5a2 |
| TlsGetValue | - | 0x8100a4 | 0x41f20c | 0x41e40c | 0x5a4 |
| WriteConsoleW | - | 0x8100a8 | 0x41f210 | 0x41e410 | 0x615 |
| TlsFree | - | 0x8100ac | 0x41f214 | 0x41e414 | 0x5a3 |
| FreeLibrary | - | 0x8100b0 | 0x41f218 | 0x41e418 | 0x1ae |
| LoadLibraryExW | - | 0x8100b4 | 0x41f21c | 0x41e41c | 0x3c7 |
| GetStdHandle | - | 0x8100b8 | 0x41f220 | 0x41e420 | 0x2d5 |
| WriteFile | - | 0x8100bc | 0x41f224 | 0x41e424 | 0x616 |
| GetModuleFileNameW | - | 0x8100c0 | 0x41f228 | 0x41e428 | 0x277 |
| ExitProcess | - | 0x8100c4 | 0x41f22c | 0x41e42c | 0x161 |
| GetModuleHandleExW | - | 0x8100c8 | 0x41f230 | 0x41e430 | 0x27a |
| GetCommandLineA | - | 0x8100cc | 0x41f234 | 0x41e434 | 0x1d9 |
| GetCommandLineW | - | 0x8100d0 | 0x41f238 | 0x41e438 | 0x1da |
| HeapAlloc | - | 0x8100d4 | 0x41f23c | 0x41e43c | 0x348 |
| HeapFree | - | 0x8100d8 | 0x41f240 | 0x41e440 | 0x34c |
| CompareStringW | - | 0x8100dc | 0x41f244 | 0x41e444 | 0x9e |
| LCMapStringW | - | 0x8100e0 | 0x41f248 | 0x41e448 | 0x3b5 |
| GetLocaleInfoW | - | 0x8100e4 | 0x41f24c | 0x41e44c | 0x268 |
| IsValidLocale | - | 0x8100e8 | 0x41f250 | 0x41e450 | 0x391 |
| GetUserDefaultLCID | - | 0x8100ec | 0x41f254 | 0x41e454 | 0x315 |
| EnumSystemLocalesW | - | 0x8100f0 | 0x41f258 | 0x41e458 | 0x157 |
| GetFileType | - | 0x8100f4 | 0x41f25c | 0x41e45c | 0x251 |
| CloseHandle | - | 0x8100f8 | 0x41f260 | 0x41e460 | 0x89 |
| FlushFileBuffers | - | 0x8100fc | 0x41f264 | 0x41e464 | 0x1a2 |
| GetConsoleOutputCP | - | 0x810100 | 0x41f268 | 0x41e468 | 0x203 |
| GetConsoleMode | - | 0x810104 | 0x41f26c | 0x41e46c | 0x1ff |
| ReadFile | - | 0x810108 | 0x41f270 | 0x41e470 | 0x475 |
| GetFileSizeEx | - | 0x81010c | 0x41f274 | 0x41e474 | 0x24f |
| SetFilePointerEx | - | 0x810110 | 0x41f278 | 0x41e478 | 0x525 |
| ReadConsoleW | - | 0x810114 | 0x41f27c | 0x41e47c | 0x472 |
| HeapReAlloc | - | 0x810118 | 0x41f280 | 0x41e480 | 0x34f |
| FindClose | - | 0x81011c | 0x41f284 | 0x41e484 | 0x178 |
| FindFirstFileExW | - | 0x810120 | 0x41f288 | 0x41e488 | 0x17e |
| FindNextFileW | - | 0x810124 | 0x41f28c | 0x41e48c | 0x18f |
| IsValidCodePage | - | 0x810128 | 0x41f290 | 0x41e490 | 0x38f |
| GetACP | - | 0x81012c | 0x41f294 | 0x41e494 | 0x1b5 |
| GetOEMCP | - | 0x810130 | 0x41f298 | 0x41e498 | 0x29a |
| GetEnvironmentStringsW | - | 0x810134 | 0x41f29c | 0x41e49c | 0x23a |
Digital Signature Information
»
| Verification Status | Failed |
| Verification Error | The signer certificate was revoked |
Certificate: Nvidia Corporation
»
| Issued by | Nvidia Corporation |
| Parent Certificate | DigiCert SHA2 Assured ID Code Signing CA |
| Country Name | US |
| Valid From | 2021-04-14 02:00 (UTC+2) |
| Valid Until | 2024-04-17 01:59 (UTC+2) |
| Algorithm | sha256_rsa |
| Serial Number | 02 66 AD FA 17 63 89 D9 B4 30 1A C8 7E FD 6A 96 |
| Thumbprint | F5 18 FA D5 DE C9 E0 50 0D A1 C1 59 8C 4B 0F FC 02 68 B2 D0 |
| Revoked Since | 2022-02-20 13:00 (UTC+1) |
Certificate: DigiCert SHA2 Assured ID Code Signing CA
»
| Issued by | DigiCert SHA2 Assured ID Code Signing CA |
| Country Name | US |
| Valid From | 2013-10-22 14:00 (UTC+2) |
| Valid Until | 2028-10-22 14:00 (UTC+2) |
| Algorithm | sha256_rsa |
| Serial Number | 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08 |
| Thumbprint | 92 C1 58 8E 85 AF 22 01 CE 79 15 E8 53 8B 49 2F 60 5B 80 C6 |
Memory Dumps (4)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770.exe | 1 | 0x00400000 | 0x00822FFF | Relevant Image |
|
32-bit | 0x0040BE2E |
|
...
|
| buffer | 1 | 0x0019F7B4 | 0x0019FF31 | First Execution |
|
32-bit | 0x0019F935 |
|
...
|
| buffer | 1 | 0x02230000 | 0x022C1FFF | Content Changed |
|
32-bit | - |
|
...
|
| 99b4df04fc5236a12bcf96a4c6ec797b2555189915050d7a0a1704f4f69ab770.exe | 1 | 0x00400000 | 0x00822FFF | Process Termination |
|
32-bit | - |
|
...
|
