Malicious
Classifications
Injector Downloader
Threat Names
Mal/Generic-S SmokeLoader Mal/HTMLGen-A
Dynamic Analysis Report
Created on 2022-08-04T08:49:41+00:00
6716b20272e1b5ec3a6d86f9144af69e1615efdab035e130b654757b36e8b84f.exe
Windows Exe (x86-32)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "44 minutes, 16 seconds" to "8 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
| Filters: |
There are no files for this filter
There are no files in this analysis
| File Name | Category | Type | Verdict | Actions |
|---|
| C:\Users\RDhJ0CNFevzX\Desktop\6716b20272e1b5ec3a6d86f9144af69e1615efdab035e130b654757b36e8b84f.exe | Sample File | Binary |
Malicious
|
...
|
»
| Also Known As |
C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Accessed File)
|
| MIME Type | application/vnd.microsoft.portable-executable |
| File Size | 338.50 KB |
| MD5 |
785d9d53c4b721385e9e5f51a4846791
|
| SHA1 |
751b17ab9fae896ed414f42dacd885bd75a83f46
|
| SHA256 |
6716b20272e1b5ec3a6d86f9144af69e1615efdab035e130b654757b36e8b84f
|
| SSDeep |
6144:kbielRAT0GZkAMOHG/HBCssiXE8du+9W0U:kmehKkZOHGfBCsG29W
|
| ImpHash |
9da6af138aaaf087a1ce609a65e93d9a
|
File Reputation Information
»
| Verdict |
Malicious
|
| Names | Mal/Generic-S |
PE Information
»
| Image Base | 0x00400000 |
| Entry Point | 0x0040B2A0 |
| Size Of Code | 0x00032200 |
| Size Of Initialized Data | 0x0002F200 |
| File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
| Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
| Machine Type | IMAGE_FILE_MACHINE_I386 |
| Compile Timestamp | 2021-02-10 06:43 (UTC+1) |
Sections (7)
»
| Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
|---|---|---|---|---|---|---|
| .text | 0x00401000 | 0x0003205A | 0x00032200 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.75 |
| .data | 0x00434000 | 0x00019D88 | 0x00010E00 | 0x00032600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.78 |
| .cuheb | 0x0044E000 | 0x00000005 | 0x00000200 | 0x00043400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rilez | 0x0044F000 | 0x00000400 | 0x00000400 | 0x00043600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .kibu | 0x00450000 | 0x00000400 | 0x00000400 | 0x00043A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .vitid | 0x00451000 | 0x00000096 | 0x00000200 | 0x00043E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
| .rsrc | 0x00452000 | 0x000108D0 | 0x00010A00 | 0x00044000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.49 |
Imports (2)
»
KERNEL32.dll (171)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| lstrcatA | - | 0x00401000 | 0x00032040 | 0x00031440 | 0x000004A6 |
| LocalSize | - | 0x00401004 | 0x00032044 | 0x00031444 | 0x00000302 |
| VerifyVersionInfoA | - | 0x00401008 | 0x00032048 | 0x00031448 | 0x00000452 |
| VerifyVersionInfoW | - | 0x0040100C | 0x0003204C | 0x0003144C | 0x00000453 |
| WriteConsoleInputW | - | 0x00401010 | 0x00032050 | 0x00031450 | 0x00000486 |
| EnumDateFormatsW | - | 0x00401014 | 0x00032054 | 0x00031454 | 0x000000E3 |
| FindNextFileW | - | 0x00401018 | 0x00032058 | 0x00031458 | 0x00000130 |
| CopyFileExA | - | 0x0040101C | 0x0003205C | 0x0003145C | 0x00000061 |
| DnsHostnameToComputerNameW | - | 0x00401020 | 0x00032060 | 0x00031460 | 0x000000CF |
| ReadConsoleOutputCharacterW | - | 0x00401024 | 0x00032064 | 0x00031464 | 0x00000364 |
| SetConsoleActiveScreenBuffer | - | 0x00401028 | 0x00032068 | 0x00031468 | 0x000003A5 |
| LockFile | - | 0x0040102C | 0x0003206C | 0x0003146C | 0x00000305 |
| GetProfileSectionW | - | 0x00401030 | 0x00032070 | 0x00031470 | 0x00000232 |
| QueryDosDeviceW | - | 0x00401034 | 0x00032074 | 0x00031474 | 0x0000034E |
| IsSystemResumeAutomatic | - | 0x00401038 | 0x00032078 | 0x00031478 | 0x000002D6 |
| GetProcessPriorityBoost | - | 0x0040103C | 0x0003207C | 0x0003147C | 0x00000228 |
| GetDriveTypeW | - | 0x00401040 | 0x00032080 | 0x00031480 | 0x000001BB |
| GlobalGetAtomNameA | - | 0x00401044 | 0x00032084 | 0x00031484 | 0x0000028D |
| lstrlenA | - | 0x00401048 | 0x00032088 | 0x00031488 | 0x000004B5 |
| FindNextVolumeMountPointW | - | 0x0040104C | 0x0003208C | 0x0003148C | 0x00000134 |
| TlsGetValue | - | 0x00401050 | 0x00032090 | 0x00031490 | 0x00000434 |
| SizeofResource | - | 0x00401054 | 0x00032094 | 0x00031494 | 0x00000420 |
| WriteConsoleInputA | - | 0x00401058 | 0x00032098 | 0x00031498 | 0x00000483 |
| GetConsoleTitleA | - | 0x0040105C | 0x0003209C | 0x0003149C | 0x0000019E |
| GetComputerNameExW | - | 0x00401060 | 0x000320A0 | 0x000314A0 | 0x00000177 |
| OpenEventA | - | 0x00401064 | 0x000320A4 | 0x000314A4 | 0x00000327 |
| CallNamedPipeW | - | 0x00401068 | 0x000320A8 | 0x000314A8 | 0x00000030 |
| GetModuleHandleW | - | 0x0040106C | 0x000320AC | 0x000314AC | 0x000001F9 |
| GetSystemDirectoryA | - | 0x00401070 | 0x000320B0 | 0x000314B0 | 0x00000245 |
| SetCurrentDirectoryA | - | 0x00401074 | 0x000320B4 | 0x000314B4 | 0x000003C6 |
| BuildCommDCBAndTimeoutsA | - | 0x00401078 | 0x000320B8 | 0x000314B8 | 0x0000002C |
| GetProcAddress | - | 0x0040107C | 0x000320BC | 0x000314BC | 0x00000220 |
| LoadLibraryA | - | 0x00401080 | 0x000320C0 | 0x000314C0 | 0x000002F1 |
| MoveFileWithProgressW | - | 0x00401084 | 0x000320C4 | 0x000314C4 | 0x00000318 |
| GetCommandLineW | - | 0x00401088 | 0x000320C8 | 0x000314C8 | 0x00000170 |
| InterlockedExchange | - | 0x0040108C | 0x000320CC | 0x000314CC | 0x000002BD |
| GetConsoleTitleW | - | 0x00401090 | 0x000320D0 | 0x000314D0 | 0x0000019F |
| CopyFileW | - | 0x00401094 | 0x000320D4 | 0x000314D4 | 0x00000065 |
| CreateActCtxA | - | 0x00401098 | 0x000320D8 | 0x000314D8 | 0x00000067 |
| FormatMessageW | - | 0x0040109C | 0x000320DC | 0x000314DC | 0x00000148 |
| LeaveCriticalSection | - | 0x004010A0 | 0x000320E0 | 0x000314E0 | 0x000002EF |
| FindNextVolumeW | - | 0x004010A4 | 0x000320E4 | 0x000314E4 | 0x00000135 |
| GetOverlappedResult | - | 0x004010A8 | 0x000320E8 | 0x000314E8 | 0x00000214 |
| CreateNamedPipeW | - | 0x004010AC | 0x000320EC | 0x000314EC | 0x00000090 |
| GetSystemDefaultLangID | - | 0x004010B0 | 0x000320F0 | 0x000314F0 | 0x00000242 |
| GetConsoleAliasesLengthW | - | 0x004010B4 | 0x000320F4 | 0x000314F4 | 0x00000181 |
| WriteProfileSectionW | - | 0x004010B8 | 0x000320F8 | 0x000314F8 | 0x00000498 |
| AddAtomA | - | 0x004010BC | 0x000320FC | 0x000314FC | 0x00000003 |
| InterlockedIncrement | - | 0x004010C0 | 0x00032100 | 0x00031500 | 0x000002C0 |
| HeapSize | - | 0x004010C4 | 0x00032104 | 0x00031504 | 0x000002A6 |
| _hwrite | - | 0x004010C8 | 0x00032108 | 0x00031508 | 0x0000049E |
| InterlockedExchangeAdd | - | 0x004010CC | 0x0003210C | 0x0003150C | 0x000002BE |
| GetStartupInfoW | - | 0x004010D0 | 0x00032110 | 0x00031510 | 0x0000023A |
| CreateMailslotA | - | 0x004010D4 | 0x00032114 | 0x00031514 | 0x00000088 |
| IsDBCSLeadByte | - | 0x004010D8 | 0x00032118 | 0x00031518 | 0x000002CF |
| GetSystemWow64DirectoryW | - | 0x004010DC | 0x0003211C | 0x0003151C | 0x00000254 |
| GetLastError | - | 0x004010E0 | 0x00032120 | 0x00031520 | 0x000001E6 |
| GetPrivateProfileIntA | - | 0x004010E4 | 0x00032124 | 0x00031524 | 0x00000216 |
| GetConsoleAliasExesLengthW | - | 0x004010E8 | 0x00032128 | 0x00031528 | 0x0000017C |
| DebugBreak | - | 0x004010EC | 0x0003212C | 0x0003152C | 0x000000B4 |
| SetLastError | - | 0x004010F0 | 0x00032130 | 0x00031530 | 0x000003EC |
| LoadLibraryW | - | 0x004010F4 | 0x00032134 | 0x00031534 | 0x000002F4 |
| GetComputerNameA | - | 0x004010F8 | 0x00032138 | 0x00031538 | 0x00000175 |
| VirtualAlloc | - | 0x004010FC | 0x0003213C | 0x0003153C | 0x00000454 |
| GetOEMCP | - | 0x00401100 | 0x00032140 | 0x00031540 | 0x00000213 |
| lstrcpyA | - | 0x00401104 | 0x00032144 | 0x00031544 | 0x000004AF |
| GetConsoleAliasW | - | 0x00401108 | 0x00032148 | 0x00031548 | 0x0000017E |
| GetDiskFreeSpaceExW | - | 0x0040110C | 0x0003214C | 0x0003154C | 0x000001B6 |
| TerminateProcess | - | 0x00401110 | 0x00032150 | 0x00031550 | 0x0000042D |
| EnumResourceLanguagesA | - | 0x00401114 | 0x00032154 | 0x00031554 | 0x000000E6 |
| GetCPInfoExW | - | 0x00401118 | 0x00032158 | 0x00031558 | 0x0000015D |
| SetConsoleWindowInfo | - | 0x0040111C | 0x0003215C | 0x0003155C | 0x000003C3 |
| GlobalGetAtomNameW | - | 0x00401120 | 0x00032160 | 0x00031560 | 0x0000028E |
| WriteConsoleA | - | 0x00401124 | 0x00032164 | 0x00031564 | 0x00000482 |
| EnumSystemLocalesA | - | 0x00401128 | 0x00032168 | 0x00031568 | 0x000000F8 |
| FileTimeToSystemTime | - | 0x0040112C | 0x0003216C | 0x0003156C | 0x00000110 |
| ResetEvent | - | 0x00401130 | 0x00032170 | 0x00031570 | 0x0000038A |
| LockFileEx | - | 0x00401134 | 0x00032174 | 0x00031574 | 0x00000306 |
| MoveFileA | - | 0x00401138 | 0x00032178 | 0x00031578 | 0x00000311 |
| CreateMutexA | - | 0x0040113C | 0x0003217C | 0x0003157C | 0x0000008B |
| FindResourceW | - | 0x00401140 | 0x00032180 | 0x00031580 | 0x00000139 |
| SetCommState | - | 0x00401144 | 0x00032184 | 0x00031584 | 0x0000039F |
| InterlockedCompareExchange | - | 0x00401148 | 0x00032188 | 0x00031588 | 0x000002BA |
| ConvertThreadToFiber | - | 0x0040114C | 0x0003218C | 0x0003158C | 0x0000005E |
| GetConsoleFontSize | - | 0x00401150 | 0x00032190 | 0x00031590 | 0x0000018D |
| LocalAlloc | - | 0x00401154 | 0x00032194 | 0x00031594 | 0x000002F9 |
| lstrcpyW | - | 0x00401158 | 0x00032198 | 0x00031598 | 0x000004B0 |
| HeapLock | - | 0x0040115C | 0x0003219C | 0x0003159C | 0x000002A2 |
| GetFileAttributesA | - | 0x00401160 | 0x000321A0 | 0x000315A0 | 0x000001C9 |
| SetCalendarInfoW | - | 0x00401164 | 0x000321A4 | 0x000315A4 | 0x00000399 |
| GetSystemWindowsDirectoryW | - | 0x00401168 | 0x000321A8 | 0x000315A8 | 0x00000252 |
| GetConsoleAliasesW | - | 0x0040116C | 0x000321AC | 0x000315AC | 0x00000182 |
| EnumDateFormatsExW | - | 0x00401170 | 0x000321B0 | 0x000315B0 | 0x000000E2 |
| GetComputerNameW | - | 0x00401174 | 0x000321B4 | 0x000315B4 | 0x00000178 |
| GetPrivateProfileStructW | - | 0x00401178 | 0x000321B8 | 0x000315B8 | 0x0000021F |
| OpenWaitableTimerA | - | 0x0040117C | 0x000321BC | 0x000315BC | 0x00000338 |
| EnumResourceNamesW | - | 0x00401180 | 0x000321C0 | 0x000315C0 | 0x000000ED |
| FillConsoleOutputCharacterA | - | 0x00401184 | 0x000321C4 | 0x000315C4 | 0x00000112 |
| GetFullPathNameW | - | 0x00401188 | 0x000321C8 | 0x000315C8 | 0x000001DF |
| GetThreadPriority | - | 0x0040118C | 0x000321CC | 0x000315CC | 0x00000261 |
| MapUserPhysicalPages | - | 0x00401190 | 0x000321D0 | 0x000315D0 | 0x00000308 |
| WriteConsoleOutputCharacterA | - | 0x00401194 | 0x000321D4 | 0x000315D4 | 0x00000489 |
| OpenJobObjectA | - | 0x00401198 | 0x000321D8 | 0x000315D8 | 0x0000032D |
| CreateFileW | - | 0x0040119C | 0x000321DC | 0x000315DC | 0x0000007F |
| BuildCommDCBAndTimeoutsW | - | 0x004011A0 | 0x000321E0 | 0x000315E0 | 0x0000002D |
| SetCalendarInfoA | - | 0x004011A4 | 0x000321E4 | 0x000315E4 | 0x00000398 |
| GetFileInformationByHandle | - | 0x004011A8 | 0x000321E8 | 0x000315E8 | 0x000001D0 |
| GetDefaultCommConfigW | - | 0x004011AC | 0x000321EC | 0x000315EC | 0x000001B2 |
| InterlockedDecrement | - | 0x004011B0 | 0x000321F0 | 0x000315F0 | 0x000002BC |
| Sleep | - | 0x004011B4 | 0x000321F4 | 0x000315F4 | 0x00000421 |
| InitializeCriticalSection | - | 0x004011B8 | 0x000321F8 | 0x000315F8 | 0x000002B4 |
| DeleteCriticalSection | - | 0x004011BC | 0x000321FC | 0x000315FC | 0x000000BE |
| EnterCriticalSection | - | 0x004011C0 | 0x00032200 | 0x00031600 | 0x000000D9 |
| RaiseException | - | 0x004011C4 | 0x00032204 | 0x00031604 | 0x0000035A |
| RtlUnwind | - | 0x004011C8 | 0x00032208 | 0x00031608 | 0x00000392 |
| GetCommandLineA | - | 0x004011CC | 0x0003220C | 0x0003160C | 0x0000016F |
| GetStartupInfoA | - | 0x004011D0 | 0x00032210 | 0x00031610 | 0x00000239 |
| HeapValidate | - | 0x004011D4 | 0x00032214 | 0x00031614 | 0x000002A9 |
| IsBadReadPtr | - | 0x004011D8 | 0x00032218 | 0x00031618 | 0x000002C8 |
| UnhandledExceptionFilter | - | 0x004011DC | 0x0003221C | 0x0003161C | 0x0000043E |
| SetUnhandledExceptionFilter | - | 0x004011E0 | 0x00032220 | 0x00031620 | 0x00000415 |
| GetModuleFileNameW | - | 0x004011E4 | 0x00032224 | 0x00031624 | 0x000001F5 |
| GetCurrentProcess | - | 0x004011E8 | 0x00032228 | 0x00031628 | 0x000001A9 |
| IsDebuggerPresent | - | 0x004011EC | 0x0003222C | 0x0003162C | 0x000002D1 |
| GetModuleHandleA | - | 0x004011F0 | 0x00032230 | 0x00031630 | 0x000001F6 |
| TlsAlloc | - | 0x004011F4 | 0x00032234 | 0x00031634 | 0x00000432 |
| TlsSetValue | - | 0x004011F8 | 0x00032238 | 0x00031638 | 0x00000435 |
| GetCurrentThreadId | - | 0x004011FC | 0x0003223C | 0x0003163C | 0x000001AD |
| TlsFree | - | 0x00401200 | 0x00032240 | 0x00031640 | 0x00000433 |
| SetFilePointer | - | 0x00401204 | 0x00032244 | 0x00031644 | 0x000003DF |
| SetHandleCount | - | 0x00401208 | 0x00032248 | 0x00031648 | 0x000003E8 |
| GetStdHandle | - | 0x0040120C | 0x0003224C | 0x0003164C | 0x0000023B |
| GetFileType | - | 0x00401210 | 0x00032250 | 0x00031650 | 0x000001D7 |
| QueryPerformanceCounter | - | 0x00401214 | 0x00032254 | 0x00031654 | 0x00000354 |
| GetTickCount | - | 0x00401218 | 0x00032258 | 0x00031658 | 0x00000266 |
| GetCurrentProcessId | - | 0x0040121C | 0x0003225C | 0x0003165C | 0x000001AA |
| GetSystemTimeAsFileTime | - | 0x00401220 | 0x00032260 | 0x00031660 | 0x0000024F |
| ExitProcess | - | 0x00401224 | 0x00032264 | 0x00031664 | 0x00000104 |
| GetModuleFileNameA | - | 0x00401228 | 0x00032268 | 0x00031668 | 0x000001F4 |
| FreeEnvironmentStringsA | - | 0x0040122C | 0x0003226C | 0x0003166C | 0x0000014A |
| GetEnvironmentStrings | - | 0x00401230 | 0x00032270 | 0x00031670 | 0x000001BF |
| FreeEnvironmentStringsW | - | 0x00401234 | 0x00032274 | 0x00031674 | 0x0000014B |
| WideCharToMultiByte | - | 0x00401238 | 0x00032278 | 0x00031678 | 0x0000047A |
| GetEnvironmentStringsW | - | 0x0040123C | 0x0003227C | 0x0003167C | 0x000001C1 |
| HeapDestroy | - | 0x00401240 | 0x00032280 | 0x00031680 | 0x000002A0 |
| HeapCreate | - | 0x00401244 | 0x00032284 | 0x00031684 | 0x0000029F |
| HeapFree | - | 0x00401248 | 0x00032288 | 0x00031688 | 0x000002A1 |
| VirtualFree | - | 0x0040124C | 0x0003228C | 0x0003168C | 0x00000457 |
| WriteFile | - | 0x00401250 | 0x00032290 | 0x00031690 | 0x0000048D |
| HeapAlloc | - | 0x00401254 | 0x00032294 | 0x00031694 | 0x0000029D |
| HeapReAlloc | - | 0x00401258 | 0x00032298 | 0x00031698 | 0x000002A4 |
| GetACP | - | 0x0040125C | 0x0003229C | 0x0003169C | 0x00000152 |
| GetCPInfo | - | 0x00401260 | 0x000322A0 | 0x000316A0 | 0x0000015B |
| IsValidCodePage | - | 0x00401264 | 0x000322A4 | 0x000316A4 | 0x000002DB |
| FlushFileBuffers | - | 0x00401268 | 0x000322A8 | 0x000316A8 | 0x00000141 |
| GetConsoleCP | - | 0x0040126C | 0x000322AC | 0x000316AC | 0x00000183 |
| GetConsoleMode | - | 0x00401270 | 0x000322B0 | 0x000316B0 | 0x00000195 |
| OutputDebugStringA | - | 0x00401274 | 0x000322B4 | 0x000316B4 | 0x0000033A |
| WriteConsoleW | - | 0x00401278 | 0x000322B8 | 0x000316B8 | 0x0000048C |
| OutputDebugStringW | - | 0x0040127C | 0x000322BC | 0x000316BC | 0x0000033B |
| InitializeCriticalSectionAndSpinCount | - | 0x00401280 | 0x000322C0 | 0x000316C0 | 0x000002B5 |
| SetStdHandle | - | 0x00401284 | 0x000322C4 | 0x000316C4 | 0x000003FC |
| MultiByteToWideChar | - | 0x00401288 | 0x000322C8 | 0x000316C8 | 0x0000031A |
| LCMapStringA | - | 0x0040128C | 0x000322CC | 0x000316CC | 0x000002E1 |
| LCMapStringW | - | 0x00401290 | 0x000322D0 | 0x000316D0 | 0x000002E3 |
| GetStringTypeA | - | 0x00401294 | 0x000322D4 | 0x000316D4 | 0x0000023D |
| GetStringTypeW | - | 0x00401298 | 0x000322D8 | 0x000316D8 | 0x00000240 |
| GetLocaleInfoA | - | 0x0040129C | 0x000322DC | 0x000316DC | 0x000001E8 |
| GetConsoleOutputCP | - | 0x004012A0 | 0x000322E0 | 0x000316E0 | 0x00000199 |
| CloseHandle | - | 0x004012A4 | 0x000322E4 | 0x000316E4 | 0x00000043 |
| CreateFileA | - | 0x004012A8 | 0x000322E8 | 0x000316E8 | 0x00000078 |
USER32.dll (2)
»
| API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
|---|---|---|---|---|---|
| CharUpperA | - | 0x004012B0 | 0x000322F0 | 0x000316F0 | 0x00000037 |
| GetCursorInfo | - | 0x004012B4 | 0x000322F4 | 0x000316F4 | 0x00000118 |
Memory Dumps (14)
»
| Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 6716b20272e1b5ec3a6d86f9144af69e1615efdab035e130b654757b36e8b84f.exe | 1 | 0x00400000 | 0x00462FFF | Relevant Image |
|
32-bit | 0x00416D20 |
|
...
|
| buffer | 1 | 0x004E1F48 | 0x004F12C7 | First Execution |
|
32-bit | 0x004E594E |
|
...
|
| buffer | 1 | 0x001E0000 | 0x001E8FFF | First Execution |
|
32-bit | 0x001E0000 |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | First Execution |
|
32-bit | 0x00402DD8 |
|
...
|
| 6716b20272e1b5ec3a6d86f9144af69e1615efdab035e130b654757b36e8b84f.exe | 1 | 0x00400000 | 0x00462FFF | Process Termination |
|
32-bit | - |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x004026DE |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x00401849 |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Content Changed |
|
32-bit | 0x00402B9F |
|
...
|
| buffer | 2 | 0x00400000 | 0x00408FFF | Process Termination |
|
32-bit | - |
|
...
|
| buffer | 2 | 0x00420000 | 0x00425FFF | Process Termination |
|
32-bit | - |
|
...
|
| bcatcih | 6 | 0x00400000 | 0x00462FFF | Relevant Image |
|
32-bit | 0x00416D20 |
|
...
|
| buffer | 6 | 0x00781348 | 0x007906C7 | First Execution |
|
32-bit | 0x00784D4E |
|
...
|
| buffer | 6 | 0x001C0000 | 0x001C8FFF | First Execution |
|
32-bit | 0x001C0000 |
|
...
|
| bcatcih | 6 | 0x00400000 | 0x00462FFF | Final Dump |
|
32-bit | - |
|
...
|
| f02d38c231490b79375250343ff0237e1f3d5ff0abc6a7e84cb3eac13d96a485 | Downloaded File | Stream |
Clean
|
...
|
»
| MIME Type | application/octet-stream |
| File Size | 24 Bytes |
| MD5 |
a7161b1723d888e07578878e5be373a9
|
| SHA1 |
979f687aec89386a04756823acd5b42b6b7e9c06
|
| SHA256 |
f02d38c231490b79375250343ff0237e1f3d5ff0abc6a7e84cb3eac13d96a485
|
| SSDeep |
3:tfMWJX:txt
|
| ImpHash | - |
