Try VMRay Platform
Malicious
Classifications

-

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created on 2022-08-05T16:28:51+00:00

21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "49 days, 17 hours, 8 minutes, 57 seconds" to "20 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe Sample File Binary
Malicious
...
»
Also Known As C:\Boot\de-DE\lsm.exe (Dropped File, Accessed File)
C:\Boot\ko-KR\WmiPrvSE.exe (Dropped File, Accessed File)
C:\MSOCache\All Users\lsass.exe (Dropped File, Accessed File)
C:\Program Files (x86)\MSBuild\Microsoft\explorer.exe (Dropped File, Accessed File)
C:\Program Files (x86)\Windows Portable Devices\yahoomessenger.exe (Dropped File, Accessed File)
C:\Program Files\Windows Defender\en-US\WmiPrvSE.exe (Dropped File, Accessed File)
C:\Recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\congress.exe (Dropped File, Accessed File)
C:\Recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\smartftp.exe (Dropped File, Accessed File)
C:\Users\All Users\Microsoft\WwanSvc\fling.exe (Accessed File)
C:\Users\kEecfMwgj\Downloads\System.exe (Dropped File, Accessed File)
C:\Users\kEecfMwgj\NetHood\fling.exe (Accessed File)
C:\Windows\Help\Windows\isspos.exe (Dropped File, Accessed File)
C:\Windows\Offline Web Pages\smartftp.exe (Dropped File, Accessed File)
C:\Windows\en-US\flashfxp.exe (Dropped File, Accessed File)
c:\programdata\microsoft\wwansvc\fling.exe (Dropped File, VM File)
c:\users\keecfmwgj\appdata\roaming\microsoft\windows\network shortcuts\fling.exe (Dropped File, VM File)
MIME Type application/vnd.microsoft.portable-executable
File Size 2.47 MB
MD5 0d32ff3680a716fd66cb9ab0e3ebc763 Copy to Clipboard
SHA1 2aa356f14a156bf56efc66e39e0654bddb4fd95a Copy to Clipboard
SHA256 21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71 Copy to Clipboard
SSDeep 49152:5Ad/na1hwN3zHvJB4x365neVoe51QDr67tUKR8jJLYPYI553bpGes:5cG6N3kBoi1QDr6RwjNYP15VVs Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x00675C1E
Size Of Code 0x00273E00
Size Of Initialized Data 0x00003600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-05-04 18:03 (UTC+2)
Version Information (4)
»
FileVersion 5.15.2.0
OriginalFilename libGLESv2.dll
ProductName libGLESv2
ProductVersion 5.15.2.0
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x00273C24 0x00273E00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.66
.sdata 0x00676000 0x00002FDF 0x00003000 0x00274200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.24
.rsrc 0x0067A000 0x00000218 0x00000400 0x00277200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.84
.reloc 0x0067C000 0x0000000C 0x00000200 0x00277600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x00275BF8 0x00273FF8 0x00000000
Memory Dumps (45)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe 1 0x01300000 0x0157DFFF Relevant Image False 64-bit - False
...
buffer 1 0x005B0000 0x005C4FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x005D0000 0x005E0FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x005F0000 0x005F4FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00600000 0x0064FFFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00650000 0x0065BFFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00660000 0x00664FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00C20000 0x00C28FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00660000 0x00664FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00C30000 0x00C31FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00C20000 0x00C28FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00660000 0x00664FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x01250000 0x01255FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00C30000 0x00C31FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00C20000 0x00C28FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00660000 0x00664FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x01260000 0x01261FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x01250000 0x01255FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00C30000 0x00C31FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00C20000 0x00C28FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x00660000 0x00664FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 1 0x01270000 0x01275FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe 1 0x01300000 0x0157DFFF Final Dump False 64-bit - False
...
21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe 1 0x01300000 0x0157DFFF Process Termination False 64-bit - False
...
explorer.exe 60 0x00C50000 0x00ECDFFF Relevant Image False 64-bit - False
...
wmiprvse.exe 74 0x00F50000 0x011CDFFF Relevant Image False 64-bit - False
...
flashfxp.exe 72 0x00EF0000 0x0116DFFF Relevant Image False 64-bit - False
...
lsm.exe 65 0x01250000 0x014CDFFF Relevant Image False 64-bit - False
...
yahoomessenger.exe 70 0x00A40000 0x00CBDFFF Relevant Image False 64-bit - False
...
smartftp.exe 64 0x01390000 0x0160DFFF Relevant Image False 64-bit - False
...
explorer.exe 63 0x002D0000 0x0054DFFF Relevant Image False 64-bit - False
...
system.exe 73 0x00F80000 0x011FDFFF Relevant Image False 64-bit - False
...
lsass.exe 67 0x013C0000 0x0163DFFF Relevant Image False 64-bit - False
...
congress.exe 68 0x01390000 0x0160DFFF Relevant Image False 64-bit - False
...
isspos.exe 71 0x00380000 0x005FDFFF Relevant Image False 64-bit - False
...
congress.exe 68 0x01390000 0x0160DFFF Final Dump False 64-bit - False
...
smartftp.exe 64 0x01390000 0x0160DFFF Final Dump False 64-bit - False
...
flashfxp.exe 72 0x00EF0000 0x0116DFFF Final Dump False 64-bit - False
...
explorer.exe 63 0x002D0000 0x0054DFFF Final Dump False 64-bit - False
...
wmiprvse.exe 74 0x00F50000 0x011CDFFF Final Dump False 64-bit - False
...
lsm.exe 65 0x01250000 0x014CDFFF Final Dump False 64-bit - False
...
lsass.exe 67 0x013C0000 0x0163DFFF Final Dump False 64-bit - False
...
yahoomessenger.exe 70 0x00A40000 0x00CBDFFF Final Dump False 64-bit - False
...
system.exe 73 0x00F80000 0x011FDFFF Final Dump False 64-bit - False
...
isspos.exe 71 0x00380000 0x005FDFFF Final Dump False 64-bit - False
...
C:\Windows\Offline Web Pages\757a39080a2975 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 982 Bytes
MD5 173523d7e11abd63bfd7ea65cb403adf Copy to Clipboard
SHA1 748266841efa40eb9ae06cd1d813d0cbbab50d92 Copy to Clipboard
SHA256 dab1a4d6da339000497233a4edd5a801b9a9f30bb0e84e7a5845a11920fc77b9 Copy to Clipboard
SSDeep 24:5O7v/QxR3BpkDG4OldlwJlqbOkBnpM6zessEEvxJdv:o7v/C3BY5ulwDCniQeswfdv Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\Downloads\27d1bcfc3c54e0 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 917 Bytes
MD5 64ed4b273326a25a743bbd2db0cded1b Copy to Clipboard
SHA1 3b9573a78db8291832a5c7658c4d8a191feec8b2 Copy to Clipboard
SHA256 b96d8300249cdc7be3c1e21fe180660217309fff9cf7bf86399315f38b511b00 Copy to Clipboard
SSDeep 24:TdAnz9ZHLFJ6iR6MPzmMDPYTCm0DoU9c8sp:TWHBQEVm+PE+oUG8o Copy to Clipboard
ImpHash -
C:\Program Files\Windows Defender\en-US\24dbde2999530e Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 872 Bytes
MD5 dd87e7f836b5fe5a48dd77903ba36e9f Copy to Clipboard
SHA1 d97e9c7d32ae709f4b00139b7a44bff9d1f97dfc Copy to Clipboard
SHA256 7732116ddb03778e4b052165d462fb0673b11169c67ae7cbca1d52a7e50e9a83 Copy to Clipboard
SSDeep 24:EQpHkx+1tmUgiXkdwMWyhYhCwNb1tt/f6Vpg:ECHI+1EfiXG5hMVLt/SPg Copy to Clipboard
ImpHash -
c:\programdata\microsoft\wwansvc\bceae2a2bde6c4 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 854 Bytes
MD5 51ea46b973030eefcf8f233fcf75aa16 Copy to Clipboard
SHA1 13a04e8125ea070c20f09e0ea63d676f1f27f9c9 Copy to Clipboard
SHA256 56bfed37762cb01dcf9f5c0e4191b7a258d73240d7262facc182daff386b0fe5 Copy to Clipboard
SSDeep 24:HVfDmG78KTnN9Veye26GyII+x++oqkqrdU:1frvnDpCGyIIjFqdrdU Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\roaming\microsoft\windows\network shortcuts\bceae2a2bde6c4 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 793 Bytes
MD5 9cb04d147c51f8da73593989b5a2a58c Copy to Clipboard
SHA1 6b847da33fa79ae4af2df611e2ec7d87cd2eb0c6 Copy to Clipboard
SHA256 03ddbf1a49253e134c529a5d836e6b74959ab2de0a76019c66721d0549ab0999 Copy to Clipboard
SSDeep 24:2bNiHzDFkfPk2sTItChIhUtPvn3M9nuWHNAZda:yUPFugh8yv3M9nRHyDa Copy to Clipboard
ImpHash -
C:\Recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\61ed18144b6802 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 782 Bytes
MD5 3dccf31e226982d92f68c91c20a33bcd Copy to Clipboard
SHA1 e4e27d1bc02105445dcf92add8acd559c1addd6b Copy to Clipboard
SHA256 e174bb4a62d510f5a7afa7fed5f7c53b761a1d7704c9bdde98ac374ebd592f6b Copy to Clipboard
SSDeep 24:fe0PEoZpcWv0xMPXET9slwwpu+zlsGflWxyYV4epn:G0PE+pBeMP0T90zlsGmln Copy to Clipboard
ImpHash -
C:\Recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\757a39080a2975 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 652 Bytes
MD5 03c5a7f123d0d63887fcc07f6665a9b5 Copy to Clipboard
SHA1 b0c5a824a255eae0693c7cac588042b0dc09c02f Copy to Clipboard
SHA256 5424a5ea68f81e5bb924f102d0fe12d286b86f23f295effd53e412f24e79c19c Copy to Clipboard
SSDeep 12:E2z4d9SQ1IqDaLCaft5Ts21SQWeo9YgHYWg+PScHrPpH4TVApe3T:Y3D1wCafthX1SQWxYgL9T5pW Copy to Clipboard
ImpHash -
C:\Windows\Help\Windows\4863bbf8905744 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 544 Bytes
MD5 50c8ba2ed8198f9a7531ac92e79dcd42 Copy to Clipboard
SHA1 bebc9ba67f685081816257cc1fc196efcf733b7e Copy to Clipboard
SHA256 a1fa33ef6a682ce950587050813c6f58ec6b7a30391745620f68b78637d1bbdd Copy to Clipboard
SSDeep 12:fkqkEO6LaghR2dtGISe1YXmYXS1xtpZRhFSXI:fHkEO6uER26/WYXS15z8I Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\6203df4a6bafc7 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 516 Bytes
MD5 8609d29a965912f9928829989430275e Copy to Clipboard
SHA1 575345c216cade83f37ec8be8b8a177209388292 Copy to Clipboard
SHA256 c1a005bd4328774a62eb5d3dc1ad6ac3b87799a5686b90f841c6cb804b7317e7 Copy to Clipboard
SSDeep 12:P/ra+49KItiIW7DivT3dpEEySu0QJUyQTsmGxH/IH/tV73j9ipzE:Pza++4IW7DiLQZQSfIf7AG Copy to Clipboard
ImpHash -
C:\Boot\ko-KR\24dbde2999530e Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 424 Bytes
MD5 f65b973c87d676021f5133e6c8cdc36d Copy to Clipboard
SHA1 35cf49a7e5f2c59baad7d66e3ebaba5ab601eca3 Copy to Clipboard
SHA256 47930e02683a6fc28edeab00d9a4bc2517a9ec2f220b6b354ca39fb8ef16d6cb Copy to Clipboard
SSDeep 12:xhpUVC6UhsvH6IvIuwmOkcYSqbQteRvazHRy:JUmhsvH9QuwSFuteRgxy Copy to Clipboard
ImpHash -
C:\Windows\en-US\b064723b75e933 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 397 Bytes
MD5 a9538b596acc48bbe847d8be82c50cbc Copy to Clipboard
SHA1 414d4a2b21fd5ccc3ee9cb5f5a75ba12506b1707 Copy to Clipboard
SHA256 848e8f3a5d639cafbef893e4d594f88882fd0ea3a92117c5f8b4abbd26087514 Copy to Clipboard
SSDeep 12:QlqLQDgu1UHAvjHqR+mR2Ga4ThwHuA34muEQFni95:QlbDguEAv7qlRrJwOc9LQU95 Copy to Clipboard
ImpHash -
C:\Boot\de-DE\101b941d020240 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 289 Bytes
MD5 a518a712b6573b26aee36b10b08d572b Copy to Clipboard
SHA1 978836ed20af075b9da0e2469b2bfacc6b3b9034 Copy to Clipboard
SHA256 f60254afe03838f420c7f07154b05f216870df73378c1541b95b331c2a9ce009 Copy to Clipboard
SSDeep 6:splGLJ0BrFVHet8xD5ZK6yHY+yvJba64CNpGfRy7XGuj:spILJg/Hz5ZK3LyvdagpGf87X3 Copy to Clipboard
ImpHash -
C:\Program Files (x86)\Windows Portable Devices\8503bace434a30 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 235 Bytes
MD5 1084a343612c9446d82302b2678c017a Copy to Clipboard
SHA1 efd725f753dfa2a734210c75cbfca56942ba9997 Copy to Clipboard
SHA256 371c25fa18cf4776c46acfd7f0a47a2214b51bdc35e13e52e5778c0b20ab4559 Copy to Clipboard
SSDeep 6:opGTZFWgMyQHOcK/Vvd97nhBCtO0cAGgrSt0Wn:iK3HQu/9d910cAGgra0W Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\\UiqPJstYE1.bat Dropped File Text
Clean
...
»
Also Known As C:\Users\kEecfMwgj\AppData\Local\Temp\UiqPJstYE1.bat (Dropped File, Accessed File)
MIME Type text/x-msdos-batch
File Size 222 Bytes
MD5 53b2a7cf37d6d5dc5cbd441b5a633976 Copy to Clipboard
SHA1 79f618e4618ae9cdca1ee108a561a89044b296a1 Copy to Clipboard
SHA256 21097d3c6c5c521832c7f7900f7ae9a6d32e5f1ee71f389759894fe3dc4125c7 Copy to Clipboard
SSDeep 6:hITg3Nou11r+DER5o2QMtb/bKOZG1UaEi23f5/:OTg9YDEfrrbDp Copy to Clipboard
ImpHash -
C:\Program Files (x86)\MSBuild\Microsoft\7a0fd90576e088 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 128 Bytes
MD5 ade281d1cbe00a2662f86d999511cdda Copy to Clipboard
SHA1 d0188f18e19f3c2f5ca0e8019520586a884b2473 Copy to Clipboard
SHA256 f154ae8288d916f7aea0445e8215c9a211d5d46b0c163fd916356a7a6d54a74b Copy to Clipboard
SSDeep 3:QTHcbOZvodjMBk+GohCRxSn1o8kDO0Pj1+UfDDgy6qEcM:QT8ejBNCR6o8kPb1+Uffgtx Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\Tp6OfGWybr Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 25 Bytes
MD5 c8496974d1883eac64b17a9a99549475 Copy to Clipboard
SHA1 7cfe076cfd2767eda45e475296d9562ccfa22d8c Copy to Clipboard
SHA256 d5a613b8e51b850cf2311fc221b1197ccd361f1f5dc35dcf15dcae9bc48a57f1 Copy to Clipboard
SSDeep 3:TdEgF9VQR:RNKR Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image