Try VMRay Platform


Threat Names


Dynamic Analysis Report

Created on 2023-02-03T18:26:08+00:00


Windows DLL (x86-64)

Remarks (2/3)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "8 minutes, 29 seconds" to "1 minute, 30 seconds" to reveal dormant functionality.


(0x0200005D): 7572 additional dumps with the reason "Content Changed" and a total of 12062 MB were skipped because the respective maximum limit was reached.

File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656.exe.dll Sample File Binary
Also Known As C:\Users\KEECFM~1\Desktop\51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656.exe.dll (Accessed File)
MIME Type application/
File Size 903.00 KB
MD5 a740177df6f2918373d4e6f482b8c2e3 Copy to Clipboard
SHA1 4501edd7904033cfdee783c03af2df0db935be30 Copy to Clipboard
SHA256 51bb71bd446bd7fc03cc1234fcc3f489f10db44e312c9ce619b937fad6912656 Copy to Clipboard
SSDeep 24576:gYfSxQ6Gjq/v/PQ7fV+Hz9PuYWp9ToAbXjTA+JxN9QS:/fSqovPQ7Cs9FbTTAAbx Copy to Clipboard
ImpHash 5b5de5739f4fcbaa215d9c878921b5a7 Copy to Clipboard
PE Information
Image Base 0x180000000
Entry Point 0x180002EA0
Size Of Code 0x00011600
Size Of Initialized Data 0x000D0E00
Compile Timestamp 2023-02-01 16:16 (UTC+1)
Sections (7)
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x00011592 0x00011600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.42
.rdata 0x180013000 0x0006E1CE 0x0006E200 0x00011A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.45
.data 0x180082000 0x00061480 0x00060A00 0x0007FC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.59
.pdata 0x1800E4000 0x00000A08 0x00000C00 0x000E0600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.32
.gfids 0x1800E5000 0x00000010 0x00000200 0x000E1200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.16
.rsrc 0x1800E6000 0x000001E0 0x00000200 0x000E1400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.72
.reloc 0x1800E7000 0x00000500 0x00000600 0x000E1600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.02
Imports (1)
KERNEL32.dll (50)
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFileA - 0x180013000 0x00080C98 0x0007F698 0x000000BA
LockFile - 0x180013008 0x00080CA0 0x0007F6A0 0x000003BE
ReadFile - 0x180013010 0x00080CA8 0x0007F6A8 0x00000454
WriteFile - 0x180013018 0x00080CB0 0x0007F6B0 0x000005F1
CloseHandle - 0x180013020 0x00080CB8 0x0007F6B8 0x0000007F
GetLastError - 0x180013028 0x00080CC0 0x0007F6C0 0x00000256
HeapCreate - 0x180013030 0x00080CC8 0x0007F6C8 0x0000033A
InitializeCriticalSection - 0x180013038 0x00080CD0 0x0007F6D0 0x00000350
EnterCriticalSection - 0x180013040 0x00080CD8 0x0007F6D8 0x00000129
LeaveCriticalSection - 0x180013048 0x00080CE0 0x0007F6E0 0x000003A5
TryEnterCriticalSection - 0x180013050 0x00080CE8 0x0007F6E8 0x0000058B
WaitForSingleObject - 0x180013058 0x00080CF0 0x0007F6F0 0x000005BB
CreateThread - 0x180013060 0x00080CF8 0x0007F6F8 0x000000E7
GetSystemDirectoryA - 0x180013068 0x00080D00 0x0007F700 0x000002D3
VirtualAlloc - 0x180013070 0x00080D08 0x0007F708 0x000005AB
GetModuleHandleA - 0x180013078 0x00080D10 0x0007F710 0x0000026A
SwitchToFiber - 0x180013080 0x00080D18 0x0007F718 0x0000056A
CreateFiber - 0x180013088 0x00080D20 0x0007F720 0x000000B7
ConvertThreadToFiber - 0x180013090 0x00080D28 0x0007F728 0x0000009C
CallNamedPipeA - 0x180013098 0x00080D30 0x0007F730 0x00000065
RaiseException - 0x1800130A0 0x00080D38 0x0007F738 0x00000444
RtlCaptureContext - 0x1800130A8 0x00080D40 0x0007F740 0x000004AE
RtlLookupFunctionEntry - 0x1800130B0 0x00080D48 0x0007F748 0x000004B5
RtlVirtualUnwind - 0x1800130B8 0x00080D50 0x0007F750 0x000004BC
IsDebuggerPresent - 0x1800130C0 0x00080D58 0x0007F758 0x0000036A
UnhandledExceptionFilter - 0x1800130C8 0x00080D60 0x0007F760 0x00000592
SetUnhandledExceptionFilter - 0x1800130D0 0x00080D68 0x0007F768 0x00000552
GetCurrentProcess - 0x1800130D8 0x00080D70 0x0007F770 0x0000020F
TerminateProcess - 0x1800130E0 0x00080D78 0x0007F778 0x00000570
IsProcessorFeaturePresent - 0x1800130E8 0x00080D80 0x0007F780 0x00000370
SetLastError - 0x1800130F0 0x00080D88 0x0007F788 0x00000519
HeapAlloc - 0x1800130F8 0x00080D90 0x0007F790 0x00000338
HeapFree - 0x180013100 0x00080D98 0x0007F798 0x0000033C
GetModuleHandleW - 0x180013108 0x00080DA0 0x0007F7A0 0x0000026D
GetProcAddress - 0x180013110 0x00080DA8 0x0007F7A8 0x000002A4
TlsGetValue - 0x180013118 0x00080DB0 0x0007F7B0 0x00000584
TlsSetValue - 0x180013120 0x00080DB8 0x0007F7B8 0x00000585
FreeLibrary - 0x180013128 0x00080DC0 0x0007F7C0 0x000001A4
LoadLibraryExW - 0x180013130 0x00080DC8 0x0007F7C8 0x000003AA
LCMapStringW - 0x180013138 0x00080DD0 0x0007F7D0 0x00000399
IsValidCodePage - 0x180013140 0x00080DD8 0x0007F7D8 0x00000375
GetACP - 0x180013148 0x00080DE0 0x0007F7E0 0x000001AA
GetOEMCP - 0x180013150 0x00080DE8 0x0007F7E8 0x0000028D
GetCPInfo - 0x180013158 0x00080DF0 0x0007F7F0 0x000001B9
ExitProcess - 0x180013160 0x00080DF8 0x0007F7F8 0x00000157
GetModuleHandleExW - 0x180013168 0x00080E00 0x0007F800 0x0000026C
GetStringTypeW - 0x180013170 0x00080E08 0x0007F808 0x000002CC
MultiByteToWideChar - 0x180013178 0x00080E10 0x0007F810 0x000003D4
WideCharToMultiByte - 0x180013180 0x00080E18 0x0007F818 0x000005DD
RtlUnwindEx - 0x180013188 0x00080E20 0x0007F820 0x000004BB
Exports (5)
API Name EAT Address Ordinal
Cpurthnvlc 0x00005970 0x00000001
FPH732n7 0x00011CF0 0x00000002
KlXWgB9j 0x00010010 0x00000003
LKKIJ77 0x00006420 0x00000004
MMlFUh3Tzt 0x00010CF0 0x00000005
Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".