Malicious
Classifications
-
Threat Names
Mal/Generic-S
Dynamic Analysis Report
Created on 2022-08-05T16:28:51+00:00
21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe
Windows Exe (x86-32)
Remarks (2/2)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "49 days, 17 hours, 8 minutes, 57 seconds" to "20 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x00675C1E |
Size Of Code | 0x00273E00 |
Size Of Initialized Data | 0x00003600 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2022-05-04 18:03 (UTC+2) |
Version Information (4)
»
FileVersion | 5.15.2.0 |
OriginalFilename | libGLESv2.dll |
ProductName | libGLESv2 |
ProductVersion | 5.15.2.0 |
Sections (4)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00273C24 | 0x00273E00 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.66 |
.sdata | 0x00676000 | 0x00002FDF | 0x00003000 | 0x00274200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.24 |
.rsrc | 0x0067A000 | 0x00000218 | 0x00000400 | 0x00277200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 1.84 |
.reloc | 0x0067C000 | 0x0000000C | 0x00000200 | 0x00277600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x00275BF8 | 0x00273FF8 | 0x00000000 |
Memory Dumps (45)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe | 1 | 0x01300000 | 0x0157DFFF | Relevant Image | 64-bit | - |
...
|
||
buffer | 1 | 0x005B0000 | 0x005C4FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x005D0000 | 0x005E0FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x005F0000 | 0x005F4FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00600000 | 0x0064FFFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00650000 | 0x0065BFFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00660000 | 0x00664FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00C20000 | 0x00C28FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00660000 | 0x00664FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00C30000 | 0x00C31FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00C20000 | 0x00C28FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00660000 | 0x00664FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x01250000 | 0x01255FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00C30000 | 0x00C31FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00C20000 | 0x00C28FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00660000 | 0x00664FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x01260000 | 0x01261FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x01250000 | 0x01255FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00C30000 | 0x00C31FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00C20000 | 0x00C28FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x00660000 | 0x00664FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
buffer | 1 | 0x01270000 | 0x01275FFF | Reflectively Loaded .NET Assembly | 64-bit | - |
...
|
||
21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe | 1 | 0x01300000 | 0x0157DFFF | Final Dump | 64-bit | - |
...
|
||
21719369d4b1474ad31c61c60ec7510ab511a21ba5659cca266f1e6a933cdc71.exe | 1 | 0x01300000 | 0x0157DFFF | Process Termination | 64-bit | - |
...
|
||
explorer.exe | 60 | 0x00C50000 | 0x00ECDFFF | Relevant Image | 64-bit | - |
...
|
||
wmiprvse.exe | 74 | 0x00F50000 | 0x011CDFFF | Relevant Image | 64-bit | - |
...
|
||
flashfxp.exe | 72 | 0x00EF0000 | 0x0116DFFF | Relevant Image | 64-bit | - |
...
|
||
lsm.exe | 65 | 0x01250000 | 0x014CDFFF | Relevant Image | 64-bit | - |
...
|
||
yahoomessenger.exe | 70 | 0x00A40000 | 0x00CBDFFF | Relevant Image | 64-bit | - |
...
|
||
smartftp.exe | 64 | 0x01390000 | 0x0160DFFF | Relevant Image | 64-bit | - |
...
|
||
explorer.exe | 63 | 0x002D0000 | 0x0054DFFF | Relevant Image | 64-bit | - |
...
|
||
system.exe | 73 | 0x00F80000 | 0x011FDFFF | Relevant Image | 64-bit | - |
...
|
||
lsass.exe | 67 | 0x013C0000 | 0x0163DFFF | Relevant Image | 64-bit | - |
...
|
||
congress.exe | 68 | 0x01390000 | 0x0160DFFF | Relevant Image | 64-bit | - |
...
|
||
isspos.exe | 71 | 0x00380000 | 0x005FDFFF | Relevant Image | 64-bit | - |
...
|
||
congress.exe | 68 | 0x01390000 | 0x0160DFFF | Final Dump | 64-bit | - |
...
|
||
smartftp.exe | 64 | 0x01390000 | 0x0160DFFF | Final Dump | 64-bit | - |
...
|
||
flashfxp.exe | 72 | 0x00EF0000 | 0x0116DFFF | Final Dump | 64-bit | - |
...
|
||
explorer.exe | 63 | 0x002D0000 | 0x0054DFFF | Final Dump | 64-bit | - |
...
|
||
wmiprvse.exe | 74 | 0x00F50000 | 0x011CDFFF | Final Dump | 64-bit | - |
...
|
||
lsm.exe | 65 | 0x01250000 | 0x014CDFFF | Final Dump | 64-bit | - |
...
|
||
lsass.exe | 67 | 0x013C0000 | 0x0163DFFF | Final Dump | 64-bit | - |
...
|
||
yahoomessenger.exe | 70 | 0x00A40000 | 0x00CBDFFF | Final Dump | 64-bit | - |
...
|
||
system.exe | 73 | 0x00F80000 | 0x011FDFFF | Final Dump | 64-bit | - |
...
|
||
isspos.exe | 71 | 0x00380000 | 0x005FDFFF | Final Dump | 64-bit | - |
...
|
C:\Windows\Offline Web Pages\757a39080a2975 | Dropped File | Text |
Clean
|
...
|
»
C:\Users\kEecfMwgj\Downloads\27d1bcfc3c54e0 | Dropped File | Text |
Clean
|
...
|
»
C:\Program Files\Windows Defender\en-US\24dbde2999530e | Dropped File | Text |
Clean
|
...
|
»
c:\programdata\microsoft\wwansvc\bceae2a2bde6c4 | Dropped File | Text |
Clean
|
...
|
»
c:\users\keecfmwgj\appdata\roaming\microsoft\windows\network shortcuts\bceae2a2bde6c4 | Dropped File | Text |
Clean
|
...
|
»
C:\Recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\61ed18144b6802 | Dropped File | Text |
Clean
|
...
|
»
C:\Recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\757a39080a2975 | Dropped File | Text |
Clean
|
...
|
»
C:\Windows\Help\Windows\4863bbf8905744 | Dropped File | Text |
Clean
|
...
|
»
C:\MSOCache\All Users\6203df4a6bafc7 | Dropped File | Text |
Clean
|
...
|
»
C:\Program Files (x86)\Windows Portable Devices\8503bace434a30 | Dropped File | Text |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Local\Temp\\UiqPJstYE1.bat | Dropped File | Text |
Clean
|
...
|
»
C:\Program Files (x86)\MSBuild\Microsoft\7a0fd90576e088 | Dropped File | Text |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Local\Temp\Tp6OfGWybr | Dropped File | Text |
Clean
|
...
|
»