9ca0776e...72c0

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\FD1HVy\Desktop\defrag.exe

Sample File

Binary

Malicious

Mime Type	application/vnd.microsoft.portable-executable
File Size	513.00 KB
MD5	fb2dc7eccfa938149161caf3c7c16b58
SHA1	854c7ef9e0c541dce0df6a9aea7568207046511e
SHA256	9ca0776e3c226e4ebb4c8c08ea750e6dbc22e447dea68e1e8795b5d5691472c0
SSDeep	12288:naaL/TQWJagCvpaUuRlVo8LPdWZ/59+TOUIHO1hm6a5dWVP1gND:aaTQskaRRlVf0/jm1hJidWxQ
ImpHash	85561b2e917de65a78f9c5ee23713b1b

File Reputation Information

Severity	Blacklisted
Names	Mal/Generic-S

PE Information

Image Base	0x400000
Entry Point	0x560650
Size Of Code	0x80000
Size Of Initialized Data	0x1000
Size Of Uninitialized Data	0xe0000
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2020-03-09 22:47:23+00:00

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
UPX0	0x401000	0xe0000	0x0	0x400	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
UPX1	0x4e1000	0x80000	0x7fa00	0x400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.93
.rsrc	0x561000	0x1000	0x600	0x7fe00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.88

Imports (9)

ADVAPI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegCloseKey	0x0	0x5612a4	0x1612a4	0x800a4	0x0

IPHLPAPI.DLL (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetAdaptersInfo	0x0	0x5612ac	0x1612ac	0x800ac	0x0

KERNEL32.DLL (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LoadLibraryA	0x0	0x5612b4	0x1612b4	0x800b4	0x0
ExitProcess	0x0	0x5612b8	0x1612b8	0x800b8	0x0
GetProcAddress	0x0	0x5612bc	0x1612bc	0x800bc	0x0
VirtualProtect	0x0	0x5612c0	0x1612c0	0x800c0	0x0

NETAPI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
NetShareEnum	0x0	0x5612c8	0x1612c8	0x800c8	0x0

ntdll.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
NtQueryObject	0x0	0x5612d0	0x1612d0	0x800d0	0x0

PSAPI.DLL (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
EnumProcesses	0x0	0x5612d8	0x1612d8	0x800d8	0x0

RstrtMgr.DLL (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RmGetList	0x0	0x5612e0	0x1612e0	0x800e0	0x0

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ShowWindow	0x0	0x5612e8	0x1612e8	0x800e8	0x0

WS2_32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
select	0x12	0x5612f0	0x1612f0	0x800f0	-

Memory Dumps (49)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
defrag.exe	1	0x00400000	0x00561FFF	First Execution	32-bit	0x00560650	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004BDCF5	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004AB09B	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00401CD0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004B40AD	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00426450	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00402C50	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00457E60	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004A4188	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0040BED0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00410EC0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004BF130	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004ABB05	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0046E000	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0047A010	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00423260	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00411080	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00436E90	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00437000	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004184D0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0046D7D7	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00456F90	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0045FF30	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00416000	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00423A10	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00410A40	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0040F590	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0043A000	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004B7AE5	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004A878D	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004B789D	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00424960	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00422000	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004146E0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004AAC90	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00418DA0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00409010	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0042D750	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00415394	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00419000	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00474D70	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0044A870	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004BF130	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0047F000	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004114E0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x00415FD0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x0049A000	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Content Changed	32-bit	0x004110A0	... Memory Dump Actions Go to Process Download Dump
defrag.exe	1	0x00400000	0x00561FFF	Final Dump	32-bit	0x0043FB00	... Memory Dump Actions Go to Process Download Dump

Local AV Matches (1)

Threat Name	Severity
Gen:Variant.Ransom.Ouroboros.29	Malicious

\\?\c:\588bce7c90097ed212\netfx_Extended.mzz

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	41.13 MB
MD5	877aecf026c05f9cd97d44584d93fa02
SHA1	35249ea385643b0e112bd3d2186257e675c65b8f
SHA256	62ab04b6cce5517c51a61236d0e42238e83c8b6b3ae69e94d7e2955d060154c8
SSDeep	196608:MwSiYAvqKdB7jVpMpbDBovRGIaqMaU9s9VN4g4ElHDJ074/VWeI:MbAvLdB7jVeBovHMaj1N0U/VY
ImpHash	-

\\?\c:\Program Files\Java\jre1.8.0_144\lib\rt.jar

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	52.03 MB
MD5	a5ef95cf66230c283130e7e64b2c01a9
SHA1	20bd5d2d0f36474e434256eb6055d606e2d19123
SHA256	569c53a8a09dc70cbab59fe0bf7918f481fa7e1a293147595540c49e4bb63c7c
SSDeep	196608:D3nv41VRucGBUWuV90T7L8JfRlQ1Xe/DzkZ5f5ZHeR77WWA8ZDEXiq:jvuucGBbQ0T7L8JfRoX4D4X7HwWr8qXF
ImpHash	-

\\?\c:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	32.85 MB
MD5	9ceaba2c918ee7b16c325613e6e28907
SHA1	3f3f7d77bbfa05c903fe8194b980049df48ec12b
SHA256	22280921edf840de011f762395b78c5a8b69a38f376cc17565825677e4f8d961
SSDeep	196608:K+loJLQ8dPayvvdjTeEvGezvcUM9h0d9GooP9eM3QDA1eNXXgUzg1Qp/wn:K+iVdCyvlD+N/PU0hz3uxvNe
ImpHash	-

\\?\c:\Program Files\Microsoft Office\root\Office16\MSOCRRES.ORP

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	36.76 MB
MD5	805755dbbb5ad8ca68d12990ed01b89c
SHA1	44ca3092b2acef86dbb1f7db2d184d77344c7d81
SHA256	de852cee74963fa2ff5e91620d3d142f88fe7d97348f995ea00325d9400a608c
SSDeep	196608:OurNvrY43cu7v6mbiVVz3lsLSUnP8VJWcrQPK8CW4Kzzk4tObIkmv:OCNvrZn7vDiVULStVNsdn4K/kxIkmv
ImpHash	-

\\?\c:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

Modified File

Stream

Unknown

Mime Type	application/octet-stream
File Size	33.17 MB
MD5	2bf6a53fd1405043647a7e0b35b921ba
SHA1	93bace466facd3cb2b87701e3529335f12925cab
SHA256	5816dcf1c0c27af109535aec78ce160af63fca0448ce95f8943ab5699f0be3fe
SSDeep	196608:ItbVWQ/sBUW8H6byFu1PQhsGyW5g0i/EnpD2LsVty/e:Q9/ob8H6bhqhsPsg0i8npny/e
ImpHash	-

\\?\c:\teslarvng\tempkey.teslarvngkeys

Dropped File

Stream

Unknown

Also Known As	\\?\c:\ProgramData\datakeys\tempkey.teslarvngkeys (Dropped File)
Mime Type	application/octet-stream
File Size	483 Bytes
MD5	372076cec62bca98d95256f8957b37d7
SHA1	9ced670d36a8df49d471afc13b7827c3d012e8f3
SHA256	fc110e2f33bc5c6b436db2838ead813bcafc976df01eb319aeafb6a9cb75bd96
SSDeep	12:+x6Rc+32OgblUF6ZkUo/q5oh87N86JmfTasgIn2i:hV2ZblUFoFwV4uTaVIn1
ImpHash	-

\\?\c:\ProgramData\datakeys\pos.txt

Dropped File

Stream

Unknown

Mime Type	application/octet-stream
File Size	6 Bytes
MD5	7493d8cbb0315336e669479de9481bf9
SHA1	4e552ad713849f7588b307a2f1bce31b31b7c568
SHA256	045467a8279abdf2244f3e8cbba37b7c7e1eca18aab2b830ff45c0987c7bebfc
SSDeep	3:un:un
ImpHash	-

\\?\c:\teslarvng\How To Recover.txt

Dropped File

Text

Unknown

Mime Type	text/plain
File Size	1.31 KB
MD5	01f0f661bd6934069a138d18083e751b
SHA1	14952ca10faf37b4ebd91a8c11c12baf2ee48315
SHA256	51ec3e2adbc38865d96f221aef0e6481443a17c2c71f248c6f7c2a7d2c72cd52
SSDeep	24:0OI7xRyLzw6dChyjXExJan+NnMf/muiADEgb8XgKKVtSNAUTmeICEVB6bcAls:0JdILbsU0xJai17gb8wKhg5ib4
ImpHash	-

\\?\c:\ProgramData\Adobe\Extension Manager CC\Logs\fails.txt

Dropped File

Stream

Unknown

Mime Type	application/octet-stream
File Size	444 Bytes
MD5	257b2b49d6bec5f82ac8f1aeb62be0f5
SHA1	268594807a366106a7b19c4140f3979b08aa4706
SHA256	e07d8a3f18b8123ab4cdfa942302523cb57b15a88767ba1a8f96f478b7bb3988
SSDeep	6:uRYbigy5TlTl7juYFjRBYN8FYoc+XlpVIVyGRYbi0uplgIl76FjRBYN8FYoc+Xlz:u6+b7j1F+oc+Ryd6+0uplgU6F+oc+RyY
ImpHash	-

19122

Dropped File

Unknown

Not Queried

Mime Type	-
File Size	0 Bytes
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After