Netwire | 2a05a23d8879

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\rWWREmAZOgElhb.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	1.24 MB
MD5	e366f96c9b5c5528426a116eb49ef445
SHA1	8062220b613b56116d638b3d7f5dd043f3bc096e
SHA256	2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58
SSDeep	24576:iTJjpjM7KzOkDwPN2XanQBOrOlaLlpxtRYNNHV3lSpWBb62:EjW77kQNaaQB6w+tR63AEbT
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x004D4CF2
Size Of Code	0x000D2E00
Size Of Initialized Data	0x0006A400
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2096-07-01 22:36 (UTC+2)

Version Information (11)

Comments
CompanyName
FileDescription	Lib Mang Sys
FileVersion	1.0.0.0
InternalName	BinaryWri.exe
LegalCopyright	Copyright © 2020
LegalTrademarks
OriginalFilename	BinaryWri.exe
ProductName	Lib Mang Sys
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000D2D10	0x000D2E00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.59
.rsrc	0x004D6000	0x0006A034	0x0006A200	0x000D3000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.18
.reloc	0x00542000	0x0000000C	0x00000200	0x0013D200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000D4CC8	0x000D2EC8	0x00000000

Memory Dumps (31)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe	1	0x00400000	0x00543FFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04730000	0x0473FFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04760000	0x04762FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x020A0000	0x02131FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe	1	0x00400000	0x00543FFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0A7A0000	0x0A7E8FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x0044FFFF	First Execution	32-bit	0x0041AE7B	... Actions Go to Process Go to YARA Match Download Dump
2a05a23d8879f9d001af335779b5102dd644b08d2f106353c28c8ce303ee9b58.exe	1	0x00400000	0x00543FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x0041C02E	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x0042407F	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x00427B47	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x0042D69F	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x0041D59D	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x0041FD85	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x004216EF	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x004056D0	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x004088A0	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x0040FFB0	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x00402000	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x00413590	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x00411B60	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x00426FE8	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x0044FFFF	Content Changed	32-bit	0x004049A0	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00195000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x0044FFFF	First Network Behavior	32-bit	0x004076AA	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x006740A0	0x0067412F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x006775D8	0x00677657	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x0067B198	0x0067B3B7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00681090	0x006813F3	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00681400	0x006821FF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00682208	0x00682A07	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpB163.tmp

Dropped File

Text

MIME Type	text/xml
File Size	1.56 KB
MD5	8a7e43af598e7e8a061203690407cf56
SHA1	abfaf57ca8714b44166abdd68653182fb359ab98
SHA256	807607b419e72e7018fcf4f0f63effd01d5437d0e8f58143453d20b638a9f7b2
SSDeep	24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt1vVxvn:cge2UYrFdOFzOzN33ODOiDdKrsuT1vrv
ImpHash	-

Remarks (2/2)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information