Warzone | 7907827ba244

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\7907827ba244123ddc19a986203a2df7f7b9e7d984ff8efe6715372e2f431062.exe

Sample File

Binary

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\gATZIsOK.exe (Accessed File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	842.50 KB
MD5	9e8d620f00f7988a79ae5c1228f37899
SHA1	27e5c643563bfe8dbccf7e26e9669c2cdde8e767
SHA256	7907827ba244123ddc19a986203a2df7f7b9e7d984ff8efe6715372e2f431062
SSDeep	12288:2k2oQCM0fSNakWL9Kh+gwv5ysdG5Ggdy/hkKJg6SKlpxw8r:xTSWLYh+geG5Gs2TnLlpxw8
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x004AC276
Size Of Code	0x000AA400
Size Of Initialized Data	0x00028400
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2082-04-24 02:40 (UTC+2)

Version Information (11)

Comments
CompanyName
FileDescription	Lib Mang Sys
FileVersion	1.0.0.0
InternalName	StaticIndexRangePartit.exe
LegalCopyright	Copyright © 2020
LegalTrademarks
OriginalFilename	StaticIndexRangePartit.exe
ProductName	Lib Mang Sys
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000AA294	0x000AA400	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.44
.rsrc	0x004AE000	0x00028008	0x00028200	0x000AA600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	2.99
.reloc	0x004D8000	0x0000000C	0x00000200	0x000D2800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000AC24C	0x000AA44C	0x00000000

Memory Dumps (56)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
7907827ba244123ddc19a986203a2df7f7b9e7d984ff8efe6715372e2f431062.exe	1	0x00400000	0x004D9FFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02200000	0x0220FFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04830000	0x04832FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02090000	0x020FAFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
7907827ba244123ddc19a986203a2df7f7b9e7d984ff8efe6715372e2f431062.exe	1	0x00400000	0x004D9FFF	Final Dump	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0A350000	0x0A36FFFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00553FFF	First Execution	32-bit	0x00405CE2	... Actions Go to Process Go to YARA Match Download Dump
7907827ba244123ddc19a986203a2df7f7b9e7d984ff8efe6715372e2f431062.exe	1	0x00400000	0x004D9FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x004011CD	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x00412408	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x00410298	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x00413B3C	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x00411CE2	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x0040C98B	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x004099A8	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x00410298	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x0040D3E9	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x00400000	0x00553FFF	Content Changed	32-bit	0x004060AA	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x0019D000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x00400000	0x00553FFF	First Network Behavior	32-bit	0x00407378	... Actions Go to Process Go to YARA Match Download Dump
buffer	7	0x007A0000	0x007A0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x007B0000	0x007B0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x007C3900	0x007C397F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x007C8E20	0x007C8EBF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x007E7A48	0x007E7FEB	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x007F1490	0x007F1583	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x0081F7D0	0x0081F9CF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x0081F9D8	0x0081FBD7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x0081FBE0	0x0081FDDF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x020A0000	0x020A0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x020B0000	0x020B0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x020C0000	0x020C0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x020D0000	0x020D0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x024D0000	0x024D0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x024E0000	0x024E0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x024F0000	0x024F0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02500000	0x02500FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02510000	0x02510FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02520000	0x02520FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02530000	0x02530FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x0254C020	0x0294C01F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02950000	0x02950FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02960000	0x02960FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02970000	0x02970FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02980000	0x02980FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02990000	0x02990FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x029A0000	0x029A0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x029B0000	0x029B0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x029C0000	0x029C0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x029D0000	0x029D0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x029E0000	0x029E0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x029F0000	0x029F0FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02A00000	0x02A00FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02A10000	0x02A10FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02A20000	0x02A20FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	7	0x02A30000	0x02A30FFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmpDA5D.tmp

Dropped File

Text

MIME Type	text/xml
File Size	1.56 KB
MD5	516a3c3a1c58c866ae505ee1b5b98e5d
SHA1	30ad4e3909bf044e9b38c0e358e3e30829c16774
SHA256	3dfc3b8c427b518bfb4a6e368a90d500f8985daade87a80669575b56d20b8007
SSDeep	24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt1xvn:cge2UYrFdOFzOzN33ODOiDdKrsuTLv
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information