Malicious
Classifications
Injector Spyware
Threat Names
Mal/Generic-S
Dynamic Analysis Report
Created on 2022-08-05T08:06:49+00:00
0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe
Windows Exe (x86-32)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "3 days, 18 hours, 56 minutes, 24 seconds" to "1 minute, 50 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x00649C3E |
Size Of Code | 0x00247E00 |
Size Of Initialized Data | 0x0000FE00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2022-08-05 03:21 (UTC+2) |
Version Information (11)
»
Comments | Proxifier Setup |
CompanyName | Initex |
FileDescription | Proxifier Setup |
FileVersion | 4.7.0.1 |
InternalName | Proforma Invoice INV-87634543-7.exe |
LegalCopyright | Copyright © 2003-2021 Initex. All rights reserved. |
LegalTrademarks | |
OriginalFilename | Proforma Invoice INV-87634543-7.exe |
ProductName | Proxifier |
ProductVersion | 4.7.0.1 |
Assembly Version | 4.7.0.1 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00247C44 | 0x00247E00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.26 |
.rsrc | 0x0064A000 | 0x0000FC00 | 0x0000FC00 | 0x00248000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.47 |
.reloc | 0x0065A000 | 0x0000000C | 0x00000200 | 0x00257C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x00249C14 | 0x00247E14 | 0x00000000 |
Memory Dumps (3)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe | 1 | 0x00400000 | 0x0065BFFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x04A10000 | 0x04C56FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
0fabbda008ee7544a4f2d1bdaf5621f19bc41e82740f293dfe1644fc0af9230b.exe | 1 | 0x00400000 | 0x0065BFFF | Process Termination | 32-bit | - |
...
|
C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Windows\Templates\credentials.txt | Dropped File | Text |
Clean
|
...
|
»
3e2295054b4cebf66a3a8e31769262d5dc6bf6055474d5e64a60ebaf33329e03 | Downloaded File | Unknown |
Clean
|
...
|
»
7085940e70a2b46c4d33da5534fa834dd61bee3659f2864d36b6621cd05d9a99 | Downloaded File | Unknown |
Clean
|
...
|
»
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
Clean
|
...
|
»
a1f0941f6d396adbc7170999351cb26f694a6dede11ef3a99f4c962914b1d846 | Extracted File | Image |
Clean
|
...
|
»