Try VMRay Platform
Malicious
Classifications

Injector Spyware

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created on 2022-08-05T08:06:49+00:00

0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "3 days, 18 hours, 56 minutes, 24 seconds" to "1 minute, 50 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 2.34 MB
MD5 7278f8490937cab29d3dd5bc75cb52ab Copy to Clipboard
SHA1 69a0419c995fc139ea27e731a44205cb1b686f1d Copy to Clipboard
SHA256 0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b Copy to Clipboard
SSDeep 24576:l5niq2/Fw0WbSwK5QUhHcAxP0IXucQfPTO8k4TgjbTG7lVgFyHJSf2uwkYABYPzT:iMSH5DrPHX3wDgFmLIYPzR3nc89UZcn Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x00649C3E
Size Of Code 0x00247E00
Size Of Initialized Data 0x0000FE00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-08-05 03:21 (UTC+2)
Version Information (11)
»
Comments Proxifier Setup
CompanyName Initex
FileDescription Proxifier Setup
FileVersion 4.7.0.1
InternalName Proforma Invoice INV-87634543-7.exe
LegalCopyright Copyright © 2003-2021 Initex. All rights reserved.
LegalTrademarks
OriginalFilename Proforma Invoice INV-87634543-7.exe
ProductName Proxifier
ProductVersion 4.7.0.1
Assembly Version 4.7.0.1
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x00247C44 0x00247E00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.26
.rsrc 0x0064A000 0x0000FC00 0x0000FC00 0x00248000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.47
.reloc 0x0065A000 0x0000000C 0x00000200 0x00257C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x00249C14 0x00247E14 0x00000000
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe 1 0x00400000 0x0065BFFF Relevant Image False 32-bit - False
...
buffer 1 0x04A10000 0x04C56FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe 1 0x00400000 0x0065BFFF Process Termination False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Windows\Templates\credentials.txt Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 139 Bytes
MD5 f9ff73dbd5b47f3ff111281c362f0edd Copy to Clipboard
SHA1 d9dde1df142ad926f55f36d3e7ee08c9b0a15ec3 Copy to Clipboard
SHA256 235385bcf8ba82fbc14ee19911c0eaac089a7bfe51faff15bfdf6cece4eaa016 Copy to Clipboard
SSDeep 3:7F2ADMdmqMNm2KnJtvNDKJQeWEg+KJQbePtEWIpSAEGRy:7FnDMdtMNm2KLNWHyxFHmy Copy to Clipboard
ImpHash -
3e2295054b4cebf66a3a8e31769262d5dc6bf6055474d5e64a60ebaf33329e03 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 760 Bytes
MD5 2471c8ab4fa934f44492ef740ea605ff Copy to Clipboard
SHA1 96eb897b344b8d5b042a4953aa2bf20c45dcaeee Copy to Clipboard
SHA256 3e2295054b4cebf66a3a8e31769262d5dc6bf6055474d5e64a60ebaf33329e03 Copy to Clipboard
SSDeep 12:YKOHu/PItUVAhHTdAhka3ZApRCWEiRrVk5US0V4sBiDSnA25Fz5Tz52FHmm0JECb:YKOHftEAhzdAhkaJApRCW9R5sju4sBim Copy to Clipboard
ImpHash -
7085940e70a2b46c4d33da5534fa834dd61bee3659f2864d36b6621cd05d9a99 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 538 Bytes
MD5 590d2dc637be0f969efaa8abe8c27042 Copy to Clipboard
SHA1 660e948f10438537e523f0c2bc8d610d95730796 Copy to Clipboard
SHA256 7085940e70a2b46c4d33da5534fa834dd61bee3659f2864d36b6621cd05d9a99 Copy to Clipboard
SSDeep 12:YKOHu/PrFtUVAhHTdAhka3ZApRCWEiRHtqft9JDMm0T7Su6pK/z4ZV:YKOHetEAhzdAhkaJApRCW9RH4V9JQmqc Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
a1f0941f6d396adbc7170999351cb26f694a6dede11ef3a99f4c962914b1d846 Extracted File Image
Clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe
MIME Type image/png
File Size 42.45 KB
MD5 41e0a23ede3925de219f66a2c98edea0 Copy to Clipboard
SHA1 881ce8abf36f7adc5c45cd34122687b69b5cfbc4 Copy to Clipboard
SHA256 a1f0941f6d396adbc7170999351cb26f694a6dede11ef3a99f4c962914b1d846 Copy to Clipboard
SSDeep 768:3GnvgwvYTFrziCoZp1aSUaBYUfhNeFQ0yRRV/xWFu1jpoIwFNGasC9cwT:3Gnvlyr+CwaMYONe+b3SFu1AFNGaX9cy Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image