740634ecedd3

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\740634ecedd318ac8f84c360f5d253ff836c5e60da6542c65a140b17b4ba8024.exe

Sample File

Binary

Also Known As	C:\Windows\system32\Windows\RuntimeBroker.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	5.89 MB
MD5	1fb5d967f92174e0bbb15262f8cd209f
SHA1	76fbd5b88154976887b5099c21666ca3be2cd76e
SHA256	740634ecedd318ac8f84c360f5d253ff836c5e60da6542c65a140b17b4ba8024
SSDeep	98304:5Po4eyejblyJFeBLgYcNBUsBtzOevoMlda05+8pbVTnVp8DW1db7LAm0xVHzd6Wy:640sHwwakZpX1aYGHMaBq9DR5y03HQiB
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x009D8E6E
Size Of Code	0x005D7000
Size Of Initialized Data	0x0000B600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2022-07-27 12:24 (UTC+2)

Version Information (11)

Comments
CompanyName
FileDescription	Runtime Broker
FileVersion	1.2.3.4
InternalName
LegalCopyright
LegalTrademarks
OriginalFilename
ProductName	Runtime Broker
ProductVersion	1.2.3.4
Assembly Version	1.2.3.4

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x005D6E74	0x005D7000	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.59
.rsrc	0x009DA000	0x00000C00	0x00000C00	0x005D7400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.26
.reloc	0x009DC000	0x0000000C	0x00000200	0x005D8000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1
5+VE3vdj	0x009DE000	0x0000A728	0x0000A800	0x005D8200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	7.58

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x005D8E40	0x005D7240	0x00000000

Memory Dumps (27)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
740634ecedd318ac8f84c360f5d253ff836c5e60da6542c65a140b17b4ba8024.exe	1	0x00400000	0x009E9FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B0C0000	0x1B484FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00AE0000	0x00AFDFFF	Reflectively Loaded .NET Assembly	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x1B690000	0x1BE38FFF	Marked Executable	64-bit	-	... Actions Go to Process Download Dump
740634ecedd318ac8f84c360f5d253ff836c5e60da6542c65a140b17b4ba8024.exe	1	0x00400000	0x009E9FFF	Final Dump	64-bit	-	... Actions Go to Process Download Dump

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information