Injector Spyware
ArkeiStealer Mal/HTMLGen-A Mal/Generic-S
Created on 2022-08-05T09:49:24+00:00
9f532c8749bc71b3fc723d42f86300ae5a583515817da2aad40c858f163d01f8.exe
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "12 minutes" to "20 seconds" to reveal dormant functionality.
Remarks
(0x0200004A): 1 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 380 MB.
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\9f532c8749bc71b3fc723d42f86300ae5a583515817da2aad40c858f163d01f8.exe | Sample File | Binary |
Malicious
|
...
|
Verdict |
Malicious
|
Names | Mal/Generic-S |
Image Base | 0x00400000 |
Entry Point | 0x0045298E |
Size Of Code | 0x00050A00 |
Size Of Initialized Data | 0x00008800 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2022-07-19 09:18 (UTC+2) |
Comments | |
CompanyName | |
FileDescription | VBZXBVZXBNSDMHBDSJ67327632 |
FileVersion | 1.0.0.0 |
InternalName | VBZXBVZXBNSDMHBDSJ67327632.exe |
LegalCopyright | Copyright © 2022 |
LegalTrademarks | |
OriginalFilename | VBZXBVZXBNSDMHBDSJ67327632.exe |
ProductName | VBZXBVZXBNSDMHBDSJ67327632 |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00050994 | 0x00050A00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.89 |
.rsrc | 0x00454000 | 0x0000848E | 0x00008600 | 0x00050C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.2 |
.reloc | 0x0045E000 | 0x0000000C | 0x00000200 | 0x00059200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x00052968 | 0x00050B68 | 0x00000000 |
Verification Status | Failed |
Issued by | Avast Software s.r.o. |
Parent Certificate | DigiCert SHA2 Assured ID Code Signing CA |
Country Name | CZ |
Valid From | 2020-04-02 02:00 (UTC+2) |
Valid Until | 2023-03-09 13:00 (UTC+1) |
Algorithm | sha256_rsa |
Serial Number | 09 70 EF 4B AD 5C C4 4A 1C 2B C3 D9 64 01 67 4C |
Thumbprint | DB 43 36 A6 DC 80 8C 8F 6A 49 44 FA 8E 8D 6A 9E 70 3F 89 15 |
Issued by | DigiCert SHA2 Assured ID Code Signing CA |
Country Name | US |
Valid From | 2013-10-22 14:00 (UTC+2) |
Valid Until | 2028-10-22 14:00 (UTC+2) |
Algorithm | sha256_rsa |
Serial Number | 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08 |
Thumbprint | 92 C1 58 8E 85 AF 22 01 CE 79 15 E8 53 8B 49 2F 60 5B 80 C6 |
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
9f532c8749bc71b3fc723d42f86300ae5a583515817da2aad40c858f163d01f8.exe | 1 | 0x00400000 | 0x0045FFFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x04650000 | 0x04692FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x047D0000 | 0x04812FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
9f532c8749bc71b3fc723d42f86300ae5a583515817da2aad40c858f163d01f8.exe | 1 | 0x00400000 | 0x0045FFFF | Process Termination | 32-bit | - |
...
|
72e9f594001d1f5dbbfda95b6d0afba38429f8c0c8463a70439a33776551da20 | Downloaded File | HTML |
Malicious
|
...
|
9cae8a7f3b76652356d2168b154b101cb88497c046eaeeb8b85640e930116afa | Downloaded File | HTML |
Clean
|
...
|
835a453208437920a27efa9f9e097b09377d6938a657cf5960a67904dafda082 | Downloaded File | HTML |
Clean
|
...
|
74ed590754b66015500fc2b81d7c7f7c4eb591f25d59ad930e85500d4b0be306 | Downloaded File | HTML |
Clean
|
...
|
e079478f7129e38eddb49d74eab7b0635b05ea5df1f5d43d83f580b8b1d8ac88 | Downloaded File | HTML |
Clean
|
...
|
823ac0cbd3e55db1927e168fff0322c3370638f31a3a2ded6cc43503d639155b | Downloaded File | HTML |
Clean
|
...
|
4541c5a6eb3aea52f3b18da8c7aab988ef3b7e8fd9399290285bb133feaa68e1 | Downloaded File | HTML |
Clean
|
...
|
03bb045ee8ee4f87244d12e4474d949f98f2898bb1d22f89e1cd5b318a3c57fc | Downloaded File | HTML |
Clean
|
...
|
699234afebe79cf636714ab04043d4392d1063d50fc513151742280675e0b666 | Downloaded File | HTML |
Clean
|
...
|
c4714f06397c1aeb4cb271d62559fb37fc135d2bdc4c8cff1ed61b7b8f09e77b | Downloaded File | HTML |
Clean
|
...
|
b57c61191542bff66352d55ae0731c68a7760a55b23037536d373980cf98e9c5 | Downloaded File | HTML |
Clean
|
...
|
18fcd44a2a3714fe96e1d610213eb4a618ee67810b2614d776c888df362ec448 | Downloaded File | HTML |
Clean
|
...
|
a68869a13913ad3195f9a7c6dfba77c38d7a40be5a79d4c4fdf7416687afc7eb | Downloaded File | HTML |
Clean
|
...
|
dea99138fa385f30aca6751b9c32ff7083af2db9574d3872709d9f058b843122 | Downloaded File | HTML |
Clean
|
...
|
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
Clean
|
...
|