SnakeKeylogger | 221e4f5c1f12

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\IFNGRZH.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	766.00 KB
MD5	cc17147aa1a1f904d8b9aef3516b804e
SHA1	6cc7070b205acdd8b136889cc7d8042201a09ef0
SHA256	221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171
SSDeep	12288:jzAuF5iJGRTwdx8SQ7ZluhjvOmODV17VfGuVr4UG4mHd/wunj/N/VI04:LFEJTUdshjvUD/7d1r1unx/VI0
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x004BCD7E
Size Of Code	0x000BB600
Size Of Initialized Data	0x00004000
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2023-03-15 04:44 (UTC+1)

Version Information (11)

Comments	-
CompanyName	Sky123.Org
FileDescription	radarsystem
FileVersion	1.0.0.0
InternalName	fKN.exe
LegalCopyright	Copyright © Sky123.Org
LegalTrademarks	-
OriginalFilename	fKN.exe
ProductName	radarsystem
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000BB57C	0x000BB600	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.81
.rsrc	0x004BE000	0x00003E00	0x00003E00	0x000BB800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	7.82
.reloc	0x004C2000	0x0000000C	0x00000200	0x000BF600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000BCD54	0x000BAF54	0x00000000

Memory Dumps (16)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe	1	0x00DA0000	0x00E63FFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01160000	0x01177FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01140000	0x01145FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07AF0000	0x07B89FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01140000	0x01145FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe	1	0x00DA0000	0x00E63FFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07B90000	0x07B93FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07ED0000	0x07EF4FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07B90000	0x07B93FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00425FFF	Content Changed	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe	7	0x005B0000	0x00673FFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe	1	0x00DA0000	0x00E63FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x043BE000	0x043BFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00187000	0x0018FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00425FFF	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
221e4f5c1f12b340bde3be53c3ab9bdbf4940b4d9d22aa5a451a06a06572c171.exe	7	0x005B0000	0x00673FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp16B3.tmp

Dropped File

Text

MIME Type	text/xml
File Size	1.56 KB
MD5	df977a0edbe4f34177380540c8caf338
SHA1	67f4005a0f9d5b3cef8de0f5ef08a0cdf78f17d6
SHA256	493f65e79af5a168fcf79b4557b85b5598f853f39bbffe7e9cfa3c63548160cd
SSDeep	24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNto+xvn:cge2UYrFdOFzOzN33ODOiDdKrsuToyv
ImpHash	-

1cd5527f780c5023ee64244b5d3cd9ed1adc55b06bc3bd2bf0d30a58e43e5969

Downloaded File

HTML

MIME Type	text/html
File Size	104 Bytes
MD5	466de80be5e8b785131d356524726550
SHA1	3b5bb162df47e1ef32dfb62873b2916e383dc506
SHA256	1cd5527f780c5023ee64244b5d3cd9ed1adc55b06bc3bd2bf0d30a58e43e5969
SSDeep	3:qVZxgROCQ+y8RRCXbZ6SXOy0Wt2LQeuc2:qzxU4+b3CX96kOPo0x92
ImpHash	-

6422009ebb2d117a18193a60242ae969355fe091e2a47c8ee54b2bfb3204514a

Extracted File

Image

Parent File	C:\Users\RDhJ0CNFevzX\AppData\Roaming\IFNGRZH.exe
MIME Type	image/png
File Size	13.91 KB
MD5	1f093c2126dd5419fb37070d6392d3e8
SHA1	02aa644064a63f064437fc4647845aa410402103
SHA256	6422009ebb2d117a18193a60242ae969355fe091e2a47c8ee54b2bfb3204514a
SSDeep	384:UVgmi+Uz7HUzTiT4IlsCkYpkIa7seOM7Uhd6IAdw:ejKz7Ai0Ss1sYOMYhYI8w
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information