Try VMRay Platform
Malicious
Classifications

Injector

Threat Names

-

Dynamic Analysis Report

Created on 2022-05-04T08:17:57+00:00

b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 5.62 MB
MD5 d9079709c37a9977a75123a38cbd6660 Copy to Clipboard
SHA1 0f7af4f8fe342afc826d5b6a7ffb0c145b371c50 Copy to Clipboard
SHA256 b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3 Copy to Clipboard
SSDeep 98304:bumoQRPPfNT4k+yX/wURxAwFGQWijQ4QeDUOr:aKPPfN1vzRxvGcTQNO Copy to Clipboard
ImpHash ced282d9b261d1462772017fe2f6972b Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00403348
Size Of Code 0x00006600
Size Of Initialized Data 0x00027C00
Size Of Uninitialized Data 0x00000400
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2020-08-01 04:44 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00006457 0x00006600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.rdata 0x00408000 0x00001380 0x00001400 0x00006A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.26
.data 0x0040A000 0x00025538 0x00000600 0x00007E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.13
.ndata 0x00430000 0x00008000 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x00438000 0x0003CF90 0x0003D000 0x00008400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.35
Imports (7)
»
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCreateKeyExA - 0x00408000 0x000085E4 0x00006FE4 0x000001D1
RegEnumKeyA - 0x00408004 0x000085E8 0x00006FE8 0x000001DD
RegQueryValueExA - 0x00408008 0x000085EC 0x00006FEC 0x000001F7
RegSetValueExA - 0x0040800C 0x000085F0 0x00006FF0 0x00000204
RegCloseKey - 0x00408010 0x000085F4 0x00006FF4 0x000001CB
RegDeleteValueA - 0x00408014 0x000085F8 0x00006FF8 0x000001D8
RegDeleteKeyA - 0x00408018 0x000085FC 0x00006FFC 0x000001D4
AdjustTokenPrivileges - 0x0040801C 0x00008600 0x00007000 0x0000001C
LookupPrivilegeValueA - 0x00408020 0x00008604 0x00007004 0x0000014F
OpenProcessToken - 0x00408024 0x00008608 0x00007008 0x000001AC
SetFileSecurityA - 0x00408028 0x0000860C 0x0000700C 0x0000022E
RegOpenKeyExA - 0x0040802C 0x00008610 0x00007010 0x000001EC
RegEnumValueA - 0x00408030 0x00008614 0x00007014 0x000001E1
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFileInfoA - 0x0040816C 0x00008750 0x00007150 0x000000AC
SHFileOperationA - 0x00408170 0x00008754 0x00007154 0x0000009A
SHGetPathFromIDListA - 0x00408174 0x00008758 0x00007158 0x000000BC
ShellExecuteExA - 0x00408178 0x0000875C 0x0000715C 0x00000109
SHGetSpecialFolderLocation - 0x0040817C 0x00008760 0x00007160 0x000000C3
SHBrowseForFolderA - 0x00408180 0x00008764 0x00007164 0x00000079
ole32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
IIDFromString - 0x00408284 0x00008868 0x00007268 0x000000C6
OleInitialize - 0x00408288 0x0000886C 0x0000726C 0x000000EE
OleUninitialize - 0x0040828C 0x00008870 0x00007270 0x00000105
CoCreateInstance - 0x00408290 0x00008874 0x00007274 0x00000010
CoTaskMemFree - 0x00408294 0x00008878 0x00007278 0x00000065
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000011 0x00408038 0x0000861C 0x0000701C -
ImageList_Create - 0x0040803C 0x00008620 0x00007020 0x00000037
ImageList_Destroy - 0x00408040 0x00008624 0x00007024 0x00000038
ImageList_AddMasked - 0x00408044 0x00008628 0x00007028 0x00000034
USER32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetClipboardData - 0x00408188 0x0000876C 0x0000716C 0x0000024A
CharPrevA - 0x0040818C 0x00008770 0x00007170 0x0000002D
CallWindowProcA - 0x00408190 0x00008774 0x00007174 0x0000001B
PeekMessageA - 0x00408194 0x00008778 0x00007178 0x00000200
DispatchMessageA - 0x00408198 0x0000877C 0x0000717C 0x000000A1
MessageBoxIndirectA - 0x0040819C 0x00008780 0x00007180 0x000001E2
GetDlgItemTextA - 0x004081A0 0x00008784 0x00007184 0x00000113
SetDlgItemTextA - 0x004081A4 0x00008788 0x00007188 0x00000253
GetSystemMetrics - 0x004081A8 0x0000878C 0x0000718C 0x0000015D
CreatePopupMenu - 0x004081AC 0x00008790 0x00007190 0x0000005E
AppendMenuA - 0x004081B0 0x00008794 0x00007194 0x00000008
TrackPopupMenu - 0x004081B4 0x00008798 0x00007198 0x000002A4
FillRect - 0x004081B8 0x0000879C 0x0000719C 0x000000E2
EmptyClipboard - 0x004081BC 0x000087A0 0x000071A0 0x000000C1
LoadCursorA - 0x004081C0 0x000087A4 0x000071A4 0x000001BA
GetMessagePos - 0x004081C4 0x000087A8 0x000071A8 0x0000013C
CheckDlgButton - 0x004081C8 0x000087AC 0x000071AC 0x00000038
GetSysColor - 0x004081CC 0x000087B0 0x000071B0 0x0000015A
SetCursor - 0x004081D0 0x000087B4 0x000071B4 0x0000024D
GetWindowLongA - 0x004081D4 0x000087B8 0x000071B8 0x0000016E
SetClassLongA - 0x004081D8 0x000087BC 0x000071BC 0x00000247
SetWindowPos - 0x004081DC 0x000087C0 0x000071C0 0x00000283
IsWindowEnabled - 0x004081E0 0x000087C4 0x000071C4 0x000001AE
GetWindowRect - 0x004081E4 0x000087C8 0x000071C8 0x00000174
GetSystemMenu - 0x004081E8 0x000087CC 0x000071CC 0x0000015C
EnableMenuItem - 0x004081EC 0x000087D0 0x000071D0 0x000000C2
RegisterClassA - 0x004081F0 0x000087D4 0x000071D4 0x00000216
ScreenToClient - 0x004081F4 0x000087D8 0x000071D8 0x00000231
EndDialog - 0x004081F8 0x000087DC 0x000071DC 0x000000C6
GetClassInfoA - 0x004081FC 0x000087E0 0x000071E0 0x000000F6
SystemParametersInfoA - 0x00408200 0x000087E4 0x000071E4 0x00000299
CreateWindowExA - 0x00408204 0x000087E8 0x000071E8 0x00000060
ExitWindowsEx - 0x00408208 0x000087EC 0x000071EC 0x000000E1
DialogBoxParamA - 0x0040820C 0x000087F0 0x000071F0 0x0000009E
CharNextA - 0x00408210 0x000087F4 0x000071F4 0x0000002A
SetTimer - 0x00408214 0x000087F8 0x000071F8 0x0000027A
DestroyWindow - 0x00408218 0x000087FC 0x000071FC 0x00000099
CreateDialogParamA - 0x0040821C 0x00008800 0x00007200 0x00000055
SetForegroundWindow - 0x00408220 0x00008804 0x00007204 0x00000257
SetWindowTextA - 0x00408224 0x00008808 0x00007208 0x00000286
PostQuitMessage - 0x00408228 0x0000880C 0x0000720C 0x00000204
SendMessageTimeoutA - 0x0040822C 0x00008810 0x00007210 0x0000023E
ShowWindow - 0x00408230 0x00008814 0x00007214 0x00000292
wsprintfA - 0x00408234 0x00008818 0x00007218 0x000002D7
GetDlgItem - 0x00408238 0x0000881C 0x0000721C 0x00000111
FindWindowExA - 0x0040823C 0x00008820 0x00007220 0x000000E4
IsWindow - 0x00408240 0x00008824 0x00007224 0x000001AD
GetDC - 0x00408244 0x00008828 0x00007228 0x0000010C
SetWindowLongA - 0x00408248 0x0000882C 0x0000722C 0x00000280
LoadImageA - 0x0040824C 0x00008830 0x00007230 0x000001C0
InvalidateRect - 0x00408250 0x00008834 0x00007234 0x00000193
ReleaseDC - 0x00408254 0x00008838 0x00007238 0x0000022A
EnableWindow - 0x00408258 0x0000883C 0x0000723C 0x000000C4
BeginPaint - 0x0040825C 0x00008840 0x00007240 0x0000000D
SendMessageA - 0x00408260 0x00008844 0x00007244 0x0000023B
DefWindowProcA - 0x00408264 0x00008848 0x00007248 0x0000008E
DrawTextA - 0x00408268 0x0000884C 0x0000724C 0x000000BC
GetClientRect - 0x0040826C 0x00008850 0x00007250 0x000000FF
EndPaint - 0x00408270 0x00008854 0x00007254 0x000000C8
IsWindowVisible - 0x00408274 0x00008858 0x00007258 0x000001B1
CloseClipboard - 0x00408278 0x0000885C 0x0000725C 0x00000042
OpenClipboard - 0x0040827C 0x00008860 0x00007260 0x000001F6
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetBkMode - 0x0040804C 0x00008630 0x00007030 0x00000216
SetBkColor - 0x00408050 0x00008634 0x00007034 0x00000215
GetDeviceCaps - 0x00408054 0x00008638 0x00007038 0x0000016B
CreateFontIndirectA - 0x00408058 0x0000863C 0x0000703C 0x0000003A
CreateBrushIndirect - 0x0040805C 0x00008640 0x00007040 0x00000029
DeleteObject - 0x00408060 0x00008644 0x00007044 0x0000008F
SetTextColor - 0x00408064 0x00008648 0x00007048 0x0000023C
SelectObject - 0x00408068 0x0000864C 0x0000704C 0x0000020E
KERNEL32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetExitCodeProcess - 0x00408070 0x00008654 0x00007054 0x0000015A
WaitForSingleObject - 0x00408074 0x00008658 0x00007058 0x00000390
GetProcAddress - 0x00408078 0x0000865C 0x0000705C 0x000001A0
GetSystemDirectoryA - 0x0040807C 0x00008660 0x00007060 0x000001C1
WideCharToMultiByte - 0x00408080 0x00008664 0x00007064 0x00000394
MoveFileExA - 0x00408084 0x00008668 0x00007068 0x0000026F
ReadFile - 0x00408088 0x0000866C 0x0000706C 0x000002B5
GetTempFileNameA - 0x0040808C 0x00008670 0x00007070 0x000001D3
WriteFile - 0x00408090 0x00008674 0x00007074 0x000003A4
RemoveDirectoryA - 0x00408094 0x00008678 0x00007078 0x000002C4
CreateProcessA - 0x00408098 0x0000867C 0x0000707C 0x00000066
CreateFileA - 0x0040809C 0x00008680 0x00007080 0x00000053
GetLastError - 0x004080A0 0x00008684 0x00007084 0x00000171
CreateThread - 0x004080A4 0x00008688 0x00007088 0x0000006F
CreateDirectoryA - 0x004080A8 0x0000868C 0x0000708C 0x0000004B
GlobalUnlock - 0x004080AC 0x00008690 0x00007090 0x0000020A
GetDiskFreeSpaceA - 0x004080B0 0x00008694 0x00007094 0x0000014D
GlobalLock - 0x004080B4 0x00008698 0x00007098 0x00000203
SetErrorMode - 0x004080B8 0x0000869C 0x0000709C 0x00000315
GetVersion - 0x004080BC 0x000086A0 0x000070A0 0x000001E8
lstrcpynA - 0x004080C0 0x000086A4 0x000070A4 0x000003C9
GetCommandLineA - 0x004080C4 0x000086A8 0x000070A8 0x00000110
GetTempPathA - 0x004080C8 0x000086AC 0x000070AC 0x000001D5
lstrlenA - 0x004080CC 0x000086B0 0x000070B0 0x000003CC
SetEnvironmentVariableA - 0x004080D0 0x000086B4 0x000070B4 0x00000313
ExitProcess - 0x004080D4 0x000086B8 0x000070B8 0x000000B9
GetWindowsDirectoryA - 0x004080D8 0x000086BC 0x000070BC 0x000001F3
GetCurrentProcess - 0x004080DC 0x000086C0 0x000070C0 0x00000142
GetModuleFileNameA - 0x004080E0 0x000086C4 0x000070C4 0x0000017D
CopyFileA - 0x004080E4 0x000086C8 0x000070C8 0x00000043
GetTickCount - 0x004080E8 0x000086CC 0x000070CC 0x000001DF
Sleep - 0x004080EC 0x000086D0 0x000070D0 0x00000356
GetFileSize - 0x004080F0 0x000086D4 0x000070D4 0x00000163
GetFileAttributesA - 0x004080F4 0x000086D8 0x000070D8 0x0000015E
SetCurrentDirectoryA - 0x004080F8 0x000086DC 0x000070DC 0x0000030A
SetFileAttributesA - 0x004080FC 0x000086E0 0x000070E0 0x00000319
GetFullPathNameA - 0x00408100 0x000086E4 0x000070E4 0x00000169
GetShortPathNameA - 0x00408104 0x000086E8 0x000070E8 0x000001B5
MoveFileA - 0x00408108 0x000086EC 0x000070EC 0x0000026E
CompareFileTime - 0x0040810C 0x000086F0 0x000070F0 0x00000039
SetFileTime - 0x00408110 0x000086F4 0x000070F4 0x0000031F
SearchPathA - 0x00408114 0x000086F8 0x000070F8 0x000002DB
lstrcmpiA - 0x00408118 0x000086FC 0x000070FC 0x000003C3
lstrcmpA - 0x0040811C 0x00008700 0x00007100 0x000003C0
CloseHandle - 0x00408120 0x00008704 0x00007104 0x00000034
GlobalFree - 0x00408124 0x00008708 0x00007108 0x000001FF
GlobalAlloc - 0x00408128 0x0000870C 0x0000710C 0x000001F8
ExpandEnvironmentStringsA - 0x0040812C 0x00008710 0x00007110 0x000000BC
LoadLibraryExA - 0x00408130 0x00008714 0x00007114 0x00000253
FreeLibrary - 0x00408134 0x00008718 0x00007118 0x000000F8
lstrcpyA - 0x00408138 0x0000871C 0x0000711C 0x000003C6
lstrcatA - 0x0040813C 0x00008720 0x00007120 0x000003BD
FindClose - 0x00408140 0x00008724 0x00007124 0x000000CE
MultiByteToWideChar - 0x00408144 0x00008728 0x00007128 0x00000275
WritePrivateProfileStringA - 0x00408148 0x0000872C 0x0000712C 0x000003A9
GetPrivateProfileStringA - 0x0040814C 0x00008730 0x00007130 0x0000019C
SetFilePointer - 0x00408150 0x00008734 0x00007134 0x0000031B
GetModuleHandleA - 0x00408154 0x00008738 0x00007138 0x0000017F
FindNextFileA - 0x00408158 0x0000873C 0x0000713C 0x000000DC
FindFirstFileA - 0x0040815C 0x00008740 0x00007140 0x000000D2
DeleteFileA - 0x00408160 0x00008744 0x00007144 0x00000083
MulDiv - 0x00408164 0x00008748 0x00007148 0x00000274
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3.exe 1 0x00400000 0x00474FFF Relevant Image False 32-bit 0x00406500 False False
...
b6a3b9630a6ed8f626b7fdc083c73a03c57923c1055314bacaa49031c5fa6ae3.exe 1 0x00400000 0x00474FFF Final Dump False 32-bit 0x0040324C False False
...
C:\Users\RDhJ0CNFevzX\AppData\Roaming\[New]1.exe Dropped File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 10.00 MB
MD5 53f272aa6b135aa25af781f68d7cffa6 Copy to Clipboard
SHA1 8e42409ae14a74f7b7f3b876780b36458dcfebb9 Copy to Clipboard
SHA256 3a72958c60a8dd1eaf2044b7217680de6bf0b8bb71d3aae7e5f3d00db42de4e5 Copy to Clipboard
SSDeep 196608:eVqv+4fqfX5/sIW+pTXJPb+BjLl9XAzQA45FlDwRdVd60U2dIyu/C1lYhfjo12Ar:ewv+4fqfJVTXJPb+BjLlRFxwRdVd61UA Copy to Clipboard
ImpHash 6db5fd36871bf7ca78879be44b315cea Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x0040A4E8
Size Of Code 0x005E2E00
Size Of Initialized Data 0x00024400
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:07 (UTC+1)
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
crL2t 0x00401000 0x00025075 0x00025200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.59
0wrVPjE 0x00427000 0x005BDA21 0x005BDC00 0x00025600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.88
YW7wta 0x009E5000 0x0001F424 0x0001F600 0x005E3200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.15
obFJa 0x00A05000 0x00001D08 0x00001000 0x00602800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.02
e5WJl% 0x00A07000 0x000873F0 0x00087400 0x00603800 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.83
9RdLoc 0x00A8F000 0x00002EC0 0x00003000 0x0068AC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.64
Lnxjc 0x00A92000 0x000001D5 0x00000200 0x0068DC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.69
Imports (2)
»
USER32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW - 0x009E5138 0x00603E1C 0x0060201C 0x00000288
GetSystemMetrics - 0x009E513C 0x00603E20 0x00602020 0x000001C5
GetSysColorBrush - 0x009E5140 0x00603E24 0x00602024 0x000001C2
FindWindowA - 0x009E5144 0x00603E28 0x00602028 0x00000111
KERNEL32.dll (77)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FreeLibrary - 0x009E5000 0x00603CE4 0x00601EE4 0x000001AE
CreateFileW - 0x009E5004 0x00603CE8 0x00601EE8 0x000000CE
HeapSize - 0x009E5008 0x00603CEC 0x00601EEC 0x00000351
GetProcessHeap - 0x009E500C 0x00603CF0 0x00601EF0 0x000002B7
SetStdHandle - 0x009E5010 0x00603CF4 0x00601EF4 0x0000054E
VirtualAlloc - 0x009E5014 0x00603CF8 0x00601EF8 0x000005CA
GetCurrentThreadId - 0x009E5018 0x00603CFC 0x00601EFC 0x0000021F
MultiByteToWideChar - 0x009E501C 0x00603D00 0x00601F00 0x000003F3
GetLastError - 0x009E5020 0x00603D04 0x00601F04 0x00000264
GetCurrentProcessId - 0x009E5024 0x00603D08 0x00601F08 0x0000021B
GetConsoleWindow - 0x009E5028 0x00603D0C 0x00601F0C 0x0000020A
WideCharToMultiByte - 0x009E502C 0x00603D10 0x00601F10 0x00000602
EnterCriticalSection - 0x009E5030 0x00603D14 0x00601F14 0x00000134
LeaveCriticalSection - 0x009E5034 0x00603D18 0x00601F18 0x000003C1
InitializeCriticalSectionEx - 0x009E5038 0x00603D1C 0x00601F1C 0x00000363
DeleteCriticalSection - 0x009E503C 0x00603D20 0x00601F20 0x00000113
EncodePointer - 0x009E5040 0x00603D24 0x00601F24 0x00000130
DecodePointer - 0x009E5044 0x00603D28 0x00601F28 0x0000010C
LCMapStringEx - 0x009E5048 0x00603D2C 0x00601F2C 0x000003B4
GetStringTypeW - 0x009E504C 0x00603D30 0x00601F30 0x000002DA
GetCPInfo - 0x009E5050 0x00603D34 0x00601F34 0x000001C4
UnhandledExceptionFilter - 0x009E5054 0x00603D38 0x00601F38 0x000005B1
SetUnhandledExceptionFilter - 0x009E5058 0x00603D3C 0x00601F3C 0x00000571
GetCurrentProcess - 0x009E505C 0x00603D40 0x00601F40 0x0000021A
TerminateProcess - 0x009E5060 0x00603D44 0x00601F44 0x00000590
IsProcessorFeaturePresent - 0x009E5064 0x00603D48 0x00601F48 0x00000389
QueryPerformanceCounter - 0x009E5068 0x00603D4C 0x00601F4C 0x0000044F
GetSystemTimeAsFileTime - 0x009E506C 0x00603D50 0x00601F50 0x000002EC
InitializeSListHead - 0x009E5070 0x00603D54 0x00601F54 0x00000366
IsDebuggerPresent - 0x009E5074 0x00603D58 0x00601F58 0x00000382
GetStartupInfoW - 0x009E5078 0x00603D5C 0x00601F5C 0x000002D3
GetModuleHandleW - 0x009E507C 0x00603D60 0x00601F60 0x0000027B
SetEnvironmentVariableW - 0x009E5080 0x00603D64 0x00601F64 0x00000516
RaiseException - 0x009E5084 0x00603D68 0x00601F68 0x00000464
RtlUnwind - 0x009E5088 0x00603D6C 0x00601F6C 0x000004D5
SetLastError - 0x009E508C 0x00603D70 0x00601F70 0x00000534
InitializeCriticalSectionAndSpinCount - 0x009E5090 0x00603D74 0x00601F74 0x00000362
TlsAlloc - 0x009E5094 0x00603D78 0x00601F78 0x000005A2
TlsGetValue - 0x009E5098 0x00603D7C 0x00601F7C 0x000005A4
TlsSetValue - 0x009E509C 0x00603D80 0x00601F80 0x000005A5
TlsFree - 0x009E50A0 0x00603D84 0x00601F84 0x000005A3
WriteConsoleW - 0x009E50A4 0x00603D88 0x00601F88 0x00000615
GetProcAddress - 0x009E50A8 0x00603D8C 0x00601F8C 0x000002B1
LoadLibraryExW - 0x009E50AC 0x00603D90 0x00601F90 0x000003C7
GetStdHandle - 0x009E50B0 0x00603D94 0x00601F94 0x000002D5
WriteFile - 0x009E50B4 0x00603D98 0x00601F98 0x00000616
GetModuleFileNameW - 0x009E50B8 0x00603D9C 0x00601F9C 0x00000277
ExitProcess - 0x009E50BC 0x00603DA0 0x00601FA0 0x00000161
GetModuleHandleExW - 0x009E50C0 0x00603DA4 0x00601FA4 0x0000027A
GetCommandLineA - 0x009E50C4 0x00603DA8 0x00601FA8 0x000001D9
GetCommandLineW - 0x009E50C8 0x00603DAC 0x00601FAC 0x000001DA
HeapAlloc - 0x009E50CC 0x00603DB0 0x00601FB0 0x00000348
HeapFree - 0x009E50D0 0x00603DB4 0x00601FB4 0x0000034C
CompareStringW - 0x009E50D4 0x00603DB8 0x00601FB8 0x0000009E
LCMapStringW - 0x009E50D8 0x00603DBC 0x00601FBC 0x000003B5
GetLocaleInfoW - 0x009E50DC 0x00603DC0 0x00601FC0 0x00000268
IsValidLocale - 0x009E50E0 0x00603DC4 0x00601FC4 0x00000391
GetUserDefaultLCID - 0x009E50E4 0x00603DC8 0x00601FC8 0x00000315
EnumSystemLocalesW - 0x009E50E8 0x00603DCC 0x00601FCC 0x00000157
GetFileType - 0x009E50EC 0x00603DD0 0x00601FD0 0x00000251
CloseHandle - 0x009E50F0 0x00603DD4 0x00601FD4 0x00000089
FlushFileBuffers - 0x009E50F4 0x00603DD8 0x00601FD8 0x000001A2
GetConsoleOutputCP - 0x009E50F8 0x00603DDC 0x00601FDC 0x00000203
GetConsoleMode - 0x009E50FC 0x00603DE0 0x00601FE0 0x000001FF
ReadFile - 0x009E5100 0x00603DE4 0x00601FE4 0x00000475
GetFileSizeEx - 0x009E5104 0x00603DE8 0x00601FE8 0x0000024F
SetFilePointerEx - 0x009E5108 0x00603DEC 0x00601FEC 0x00000525
ReadConsoleW - 0x009E510C 0x00603DF0 0x00601FF0 0x00000472
HeapReAlloc - 0x009E5110 0x00603DF4 0x00601FF4 0x0000034F
FindClose - 0x009E5114 0x00603DF8 0x00601FF8 0x00000178
FindFirstFileExW - 0x009E5118 0x00603DFC 0x00601FFC 0x0000017E
FindNextFileW - 0x009E511C 0x00603E00 0x00602000 0x0000018F
IsValidCodePage - 0x009E5120 0x00603E04 0x00602004 0x0000038F
GetACP - 0x009E5124 0x00603E08 0x00602008 0x000001B5
GetOEMCP - 0x009E5128 0x00603E0C 0x0060200C 0x0000029A
GetEnvironmentStringsW - 0x009E512C 0x00603E10 0x00602010 0x0000023A
FreeEnvironmentStringsW - 0x009E5130 0x00603E14 0x00602014 0x000001AD
Digital Signature Information
»
Verification Status Failed
Certificate: Nvidia Corporation
»
Issued by Nvidia Corporation
Parent Certificate DigiCert SHA2 Assured ID Code Signing CA
Country Name US
Valid From 2021-04-14 02:00 (UTC+2)
Valid Until 2024-04-17 01:59 (UTC+2)
Algorithm sha256_rsa
Serial Number 02 66 AD FA 17 63 89 D9 B4 30 1A C8 7E FD 6A 96
Thumbprint F5 18 FA D5 DE C9 E0 50 0D A1 C1 59 8C 4B 0F FC 02 68 B2 D0
Certificate: DigiCert SHA2 Assured ID Code Signing CA
»
Issued by DigiCert SHA2 Assured ID Code Signing CA
Country Name US
Valid From 2013-10-22 14:00 (UTC+2)
Valid Until 2028-10-22 14:00 (UTC+2)
Algorithm sha256_rsa
Serial Number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
Thumbprint 92 C1 58 8E 85 AF 22 01 CE 79 15 E8 53 8B 49 2F 60 5B 80 C6
Memory Dumps (24)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
[new]1.exe 2 0x00B70000 0x01202FFF Relevant Image False 32-bit 0x00B7B000 False False
...
buffer 2 0x0019F7B4 0x0019FF31 First Execution False 32-bit 0x0019F935 False False
...
buffer 2 0x02760000 0x02829FFF Content Changed False 32-bit - False False
...
buffer 2 0x0019F7B4 0x0019FF31 Process Termination False 32-bit - False False
...
buffer 2 0x001E0000 0x001E0FFF Process Termination False 32-bit - False False
...
buffer 2 0x001F0000 0x001F0FFF Process Termination False 32-bit - False False
...
buffer 2 0x00616A90 0x00616B1F Process Termination False 32-bit - False False
...
buffer 2 0x0061FBE0 0x0061FDFF Process Termination False 32-bit - False False
...
buffer 2 0x00621658 0x00622457 Process Termination False 32-bit - False False
...
buffer 2 0x00626DA0 0x00627D9F Process Termination False 32-bit - False False
...
buffer 2 0x00A30000 0x00A30FFF Process Termination False 32-bit - False False
...
buffer 2 0x00A40000 0x00A40FFF Process Termination False 32-bit - False False
...
buffer 2 0x00A50000 0x00A50FFF Process Termination False 32-bit - False False
...
buffer 2 0x00A60000 0x00A60FFF Process Termination False 32-bit - False False
...
buffer 2 0x00A70000 0x00A70FFF Process Termination False 32-bit - False False
...
buffer 2 0x00A80000 0x00A80FFF Process Termination False 32-bit - False False
...
buffer 2 0x00A90000 0x00A90FFF Process Termination False 32-bit - False False
...
buffer 2 0x00AA0000 0x00AA0FFF Process Termination False 32-bit - False False
...
buffer 2 0x00AB0000 0x00AB0FFF Process Termination False 32-bit - False False
...
buffer 2 0x00AC0000 0x00AC0FFF Process Termination False 32-bit - False False
...
buffer 2 0x00AD0000 0x00AD0FFF Process Termination False 32-bit - False False
...
buffer 2 0x00AE0000 0x00AE0FFF Process Termination False 32-bit - False False
...
buffer 2 0x00AF0000 0x00AF0FFF Process Termination False 32-bit - False False
...
[new]1.exe 2 0x00B70000 0x01202FFF Process Termination False 32-bit - False False
...
C:\Users\RDhJ0CNFevzX\AppData\Roaming\[New]Salvity_crypted(2).exe Dropped File Binary
Suspicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 10.00 MB
MD5 88e9498958e409e48e30eedff82a8a37 Copy to Clipboard
SHA1 4cc83de8c9029f37f25c2f6e2a21153f9584cfb6 Copy to Clipboard
SHA256 a7927e47341bbf25e30180af9531a926da35fcb78ebf072ed6bad17ae31091c8 Copy to Clipboard
SSDeep 49152:MwxhIwG5fF74dqElom1QsVx+3qa3WAVr2ZLaBvs:fxhIwG5fF74dqElomGsVUpR6BaB Copy to Clipboard
ImpHash 6db5fd36871bf7ca78879be44b315cea Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x0040A4E8
Size Of Code 0x0012E000
Size Of Initialized Data 0x00024200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:13 (UTC+1)
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
CwRJt 0x00401000 0x00025075 0x00025200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.56
V1Huayq 0x00427000 0x00108CB1 0x00108E00 0x00025600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.63
3gNuta 0x00530000 0x0001F324 0x0001F400 0x0012E400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.14
qi7ga 0x00550000 0x00001D08 0x00001000 0x0014D800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.0
p4YOu8 0x00552000 0x0008A200 0x0008A200 0x0014E800 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.83
jnlhoc 0x005DD000 0x00002EAC 0x00003000 0x001D8A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.63
tM59c 0x005E0000 0x000001D5 0x00000200 0x001DBA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.7
Imports (2)
»
USER32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW - 0x00530138 0x0014ED1C 0x0014D11C 0x00000288
GetSystemMetrics - 0x0053013C 0x0014ED20 0x0014D120 0x000001C5
GetSysColorBrush - 0x00530140 0x0014ED24 0x0014D124 0x000001C2
FindWindowA - 0x00530144 0x0014ED28 0x0014D128 0x00000111
KERNEL32.dll (77)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FreeLibrary - 0x00530000 0x0014EBE4 0x0014CFE4 0x000001AE
CreateFileW - 0x00530004 0x0014EBE8 0x0014CFE8 0x000000CE
HeapSize - 0x00530008 0x0014EBEC 0x0014CFEC 0x00000351
GetProcessHeap - 0x0053000C 0x0014EBF0 0x0014CFF0 0x000002B7
SetStdHandle - 0x00530010 0x0014EBF4 0x0014CFF4 0x0000054E
VirtualAlloc - 0x00530014 0x0014EBF8 0x0014CFF8 0x000005CA
GetCurrentThreadId - 0x00530018 0x0014EBFC 0x0014CFFC 0x0000021F
MultiByteToWideChar - 0x0053001C 0x0014EC00 0x0014D000 0x000003F3
GetLastError - 0x00530020 0x0014EC04 0x0014D004 0x00000264
GetCurrentProcessId - 0x00530024 0x0014EC08 0x0014D008 0x0000021B
GetConsoleWindow - 0x00530028 0x0014EC0C 0x0014D00C 0x0000020A
WideCharToMultiByte - 0x0053002C 0x0014EC10 0x0014D010 0x00000602
EnterCriticalSection - 0x00530030 0x0014EC14 0x0014D014 0x00000134
LeaveCriticalSection - 0x00530034 0x0014EC18 0x0014D018 0x000003C1
InitializeCriticalSectionEx - 0x00530038 0x0014EC1C 0x0014D01C 0x00000363
DeleteCriticalSection - 0x0053003C 0x0014EC20 0x0014D020 0x00000113
EncodePointer - 0x00530040 0x0014EC24 0x0014D024 0x00000130
DecodePointer - 0x00530044 0x0014EC28 0x0014D028 0x0000010C
LCMapStringEx - 0x00530048 0x0014EC2C 0x0014D02C 0x000003B4
GetStringTypeW - 0x0053004C 0x0014EC30 0x0014D030 0x000002DA
GetCPInfo - 0x00530050 0x0014EC34 0x0014D034 0x000001C4
UnhandledExceptionFilter - 0x00530054 0x0014EC38 0x0014D038 0x000005B1
SetUnhandledExceptionFilter - 0x00530058 0x0014EC3C 0x0014D03C 0x00000571
GetCurrentProcess - 0x0053005C 0x0014EC40 0x0014D040 0x0000021A
TerminateProcess - 0x00530060 0x0014EC44 0x0014D044 0x00000590
IsProcessorFeaturePresent - 0x00530064 0x0014EC48 0x0014D048 0x00000389
QueryPerformanceCounter - 0x00530068 0x0014EC4C 0x0014D04C 0x0000044F
GetSystemTimeAsFileTime - 0x0053006C 0x0014EC50 0x0014D050 0x000002EC
InitializeSListHead - 0x00530070 0x0014EC54 0x0014D054 0x00000366
IsDebuggerPresent - 0x00530074 0x0014EC58 0x0014D058 0x00000382
GetStartupInfoW - 0x00530078 0x0014EC5C 0x0014D05C 0x000002D3
GetModuleHandleW - 0x0053007C 0x0014EC60 0x0014D060 0x0000027B
SetEnvironmentVariableW - 0x00530080 0x0014EC64 0x0014D064 0x00000516
RaiseException - 0x00530084 0x0014EC68 0x0014D068 0x00000464
RtlUnwind - 0x00530088 0x0014EC6C 0x0014D06C 0x000004D5
SetLastError - 0x0053008C 0x0014EC70 0x0014D070 0x00000534
InitializeCriticalSectionAndSpinCount - 0x00530090 0x0014EC74 0x0014D074 0x00000362
TlsAlloc - 0x00530094 0x0014EC78 0x0014D078 0x000005A2
TlsGetValue - 0x00530098 0x0014EC7C 0x0014D07C 0x000005A4
TlsSetValue - 0x0053009C 0x0014EC80 0x0014D080 0x000005A5
TlsFree - 0x005300A0 0x0014EC84 0x0014D084 0x000005A3
WriteConsoleW - 0x005300A4 0x0014EC88 0x0014D088 0x00000615
GetProcAddress - 0x005300A8 0x0014EC8C 0x0014D08C 0x000002B1
LoadLibraryExW - 0x005300AC 0x0014EC90 0x0014D090 0x000003C7
GetStdHandle - 0x005300B0 0x0014EC94 0x0014D094 0x000002D5
WriteFile - 0x005300B4 0x0014EC98 0x0014D098 0x00000616
GetModuleFileNameW - 0x005300B8 0x0014EC9C 0x0014D09C 0x00000277
ExitProcess - 0x005300BC 0x0014ECA0 0x0014D0A0 0x00000161
GetModuleHandleExW - 0x005300C0 0x0014ECA4 0x0014D0A4 0x0000027A
GetCommandLineA - 0x005300C4 0x0014ECA8 0x0014D0A8 0x000001D9
GetCommandLineW - 0x005300C8 0x0014ECAC 0x0014D0AC 0x000001DA
HeapAlloc - 0x005300CC 0x0014ECB0 0x0014D0B0 0x00000348
HeapFree - 0x005300D0 0x0014ECB4 0x0014D0B4 0x0000034C
CompareStringW - 0x005300D4 0x0014ECB8 0x0014D0B8 0x0000009E
LCMapStringW - 0x005300D8 0x0014ECBC 0x0014D0BC 0x000003B5
GetLocaleInfoW - 0x005300DC 0x0014ECC0 0x0014D0C0 0x00000268
IsValidLocale - 0x005300E0 0x0014ECC4 0x0014D0C4 0x00000391
GetUserDefaultLCID - 0x005300E4 0x0014ECC8 0x0014D0C8 0x00000315
EnumSystemLocalesW - 0x005300E8 0x0014ECCC 0x0014D0CC 0x00000157
GetFileType - 0x005300EC 0x0014ECD0 0x0014D0D0 0x00000251
CloseHandle - 0x005300F0 0x0014ECD4 0x0014D0D4 0x00000089
FlushFileBuffers - 0x005300F4 0x0014ECD8 0x0014D0D8 0x000001A2
GetConsoleOutputCP - 0x005300F8 0x0014ECDC 0x0014D0DC 0x00000203
GetConsoleMode - 0x005300FC 0x0014ECE0 0x0014D0E0 0x000001FF
ReadFile - 0x00530100 0x0014ECE4 0x0014D0E4 0x00000475
GetFileSizeEx - 0x00530104 0x0014ECE8 0x0014D0E8 0x0000024F
SetFilePointerEx - 0x00530108 0x0014ECEC 0x0014D0EC 0x00000525
ReadConsoleW - 0x0053010C 0x0014ECF0 0x0014D0F0 0x00000472
HeapReAlloc - 0x00530110 0x0014ECF4 0x0014D0F4 0x0000034F
FindClose - 0x00530114 0x0014ECF8 0x0014D0F8 0x00000178
FindFirstFileExW - 0x00530118 0x0014ECFC 0x0014D0FC 0x0000017E
FindNextFileW - 0x0053011C 0x0014ED00 0x0014D100 0x0000018F
IsValidCodePage - 0x00530120 0x0014ED04 0x0014D104 0x0000038F
GetACP - 0x00530124 0x0014ED08 0x0014D108 0x000001B5
GetOEMCP - 0x00530128 0x0014ED0C 0x0014D10C 0x0000029A
GetEnvironmentStringsW - 0x0053012C 0x0014ED10 0x0014D110 0x0000023A
FreeEnvironmentStringsW - 0x00530130 0x0014ED14 0x0014D114 0x000001AD
Digital Signature Information
»
Verification Status Failed
Certificate: Nvidia Corporation
»
Issued by Nvidia Corporation
Parent Certificate DigiCert SHA2 Assured ID Code Signing CA
Country Name US
Valid From 2021-04-14 02:00 (UTC+2)
Valid Until 2024-04-17 01:59 (UTC+2)
Algorithm sha256_rsa
Serial Number 02 66 AD FA 17 63 89 D9 B4 30 1A C8 7E FD 6A 96
Thumbprint F5 18 FA D5 DE C9 E0 50 0D A1 C1 59 8C 4B 0F FC 02 68 B2 D0
Revoked Since 2022-02-20 13:00 (UTC+1)
Certificate: DigiCert SHA2 Assured ID Code Signing CA
»
Issued by DigiCert SHA2 Assured ID Code Signing CA
Country Name US
Valid From 2013-10-22 14:00 (UTC+2)
Valid Until 2028-10-22 14:00 (UTC+2)
Algorithm sha256_rsa
Serial Number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
Thumbprint 92 C1 58 8E 85 AF 22 01 CE 79 15 E8 53 8B 49 2F 60 5B 80 C6
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\OneDrive\OneDrive.exe Dropped File Binary
Suspicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 175.90 KB
MD5 f3af73070387fb75b19286826cc3126c Copy to Clipboard
SHA1 7774854137d7ada89f3b4bdf67631456a1e74853 Copy to Clipboard
SHA256 974243f2487ceeb8eeea6aa8fee215f15c7b204382d4bd12f469f712f56c3610 Copy to Clipboard
SSDeep 3072:I/D8SxgtONJf2IoY3UJMYZIP1kZZP7n+H:lSxgELf2ItUJM2ZD+ Copy to Clipboard
ImpHash e263a54738f24c587246df1df70bae2c Copy to Clipboard
PE Information
»
Image Base 0x140000000
Entry Point 0x14000126C
Size Of Code 0x0000CC00
Size Of Initialized Data 0x0001DC00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2022-04-22 19:51 (UTC+2)
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription Microsoft OneDrive
FileVersion 22.65.412.4
InternalName Client Application
LegalCopyright Microsoft Corporation. All rights reserved.
OriginalFilename OneDrive.exe
ProductName Microsoft OneDrive
ProductVersion 22.065.0412.0004
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x0000CB40 0x0000CC00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x14000E000 0x00009366 0x00009400 0x0000D000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.66
.data 0x140018000 0x00001D18 0x00000C00 0x00016400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.87
.pdata 0x14001A000 0x00000F00 0x00001000 0x00017000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.6
_RDATA 0x14001B000 0x000000FC 0x00000200 0x00018000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.0
.rsrc 0x14001C000 0x00010E38 0x00011000 0x00018200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.84
.reloc 0x14002D000 0x00000654 0x00000800 0x00029200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.85
Imports (1)
»
KERNEL32.dll (72)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA - 0x14000E000 0x00016BE8 0x00015BE8 0x000003DA
WriteConsoleW - 0x14000E008 0x00016BF0 0x00015BF0 0x0000063C
QueryPerformanceCounter - 0x14000E010 0x00016BF8 0x00015BF8 0x00000464
GetCurrentProcessId - 0x14000E018 0x00016C00 0x00015C00 0x0000022B
GetCurrentThreadId - 0x14000E020 0x00016C08 0x00015C08 0x0000022F
GetSystemTimeAsFileTime - 0x14000E028 0x00016C10 0x00015C10 0x00000301
InitializeSListHead - 0x14000E030 0x00016C18 0x00015C18 0x00000381
RtlCaptureContext - 0x14000E038 0x00016C20 0x00015C20 0x000004E9
RtlLookupFunctionEntry - 0x14000E040 0x00016C28 0x00015C28 0x000004F1
RtlVirtualUnwind - 0x14000E048 0x00016C30 0x00015C30 0x000004F8
IsDebuggerPresent - 0x14000E050 0x00016C38 0x00015C38 0x00000397
UnhandledExceptionFilter - 0x14000E058 0x00016C40 0x00015C40 0x000005D8
SetUnhandledExceptionFilter - 0x14000E060 0x00016C48 0x00015C48 0x00000597
GetStartupInfoW - 0x14000E068 0x00016C50 0x00015C50 0x000002E8
IsProcessorFeaturePresent - 0x14000E070 0x00016C58 0x00015C58 0x0000039E
GetModuleHandleW - 0x14000E078 0x00016C60 0x00015C60 0x0000028C
RtlUnwindEx - 0x14000E080 0x00016C68 0x00015C68 0x000004F7
GetLastError - 0x14000E088 0x00016C70 0x00015C70 0x00000274
SetLastError - 0x14000E090 0x00016C78 0x00015C78 0x00000557
EnterCriticalSection - 0x14000E098 0x00016C80 0x00015C80 0x00000141
LeaveCriticalSection - 0x14000E0A0 0x00016C88 0x00015C88 0x000003D6
DeleteCriticalSection - 0x14000E0A8 0x00016C90 0x00015C90 0x0000011B
InitializeCriticalSectionAndSpinCount - 0x14000E0B0 0x00016C98 0x00015C98 0x0000037D
TlsAlloc - 0x14000E0B8 0x00016CA0 0x00015CA0 0x000005C8
TlsGetValue - 0x14000E0C0 0x00016CA8 0x00015CA8 0x000005CA
TlsSetValue - 0x14000E0C8 0x00016CB0 0x00015CB0 0x000005CB
TlsFree - 0x14000E0D0 0x00016CB8 0x00015CB8 0x000005C9
FreeLibrary - 0x14000E0D8 0x00016CC0 0x00015CC0 0x000001BD
GetProcAddress - 0x14000E0E0 0x00016CC8 0x00015CC8 0x000002C4
LoadLibraryExW - 0x14000E0E8 0x00016CD0 0x00015CD0 0x000003DC
EncodePointer - 0x14000E0F0 0x00016CD8 0x00015CD8 0x0000013D
RaiseException - 0x14000E0F8 0x00016CE0 0x00015CE0 0x0000047B
RtlPcToFileHeader - 0x14000E100 0x00016CE8 0x00015CE8 0x000004F3
GetStdHandle - 0x14000E108 0x00016CF0 0x00015CF0 0x000002EA
WriteFile - 0x14000E110 0x00016CF8 0x00015CF8 0x0000063D
GetModuleFileNameW - 0x14000E118 0x00016D00 0x00015D00 0x00000288
GetCurrentProcess - 0x14000E120 0x00016D08 0x00015D08 0x0000022A
ExitProcess - 0x14000E128 0x00016D10 0x00015D10 0x00000170
TerminateProcess - 0x14000E130 0x00016D18 0x00015D18 0x000005B6
GetModuleHandleExW - 0x14000E138 0x00016D20 0x00015D20 0x0000028B
HeapAlloc - 0x14000E140 0x00016D28 0x00015D28 0x00000363
HeapFree - 0x14000E148 0x00016D30 0x00015D30 0x00000367
FindClose - 0x14000E150 0x00016D38 0x00015D38 0x00000187
FindFirstFileExW - 0x14000E158 0x00016D40 0x00015D40 0x0000018D
FindNextFileW - 0x14000E160 0x00016D48 0x00015D48 0x0000019E
IsValidCodePage - 0x14000E168 0x00016D50 0x00015D50 0x000003A4
GetACP - 0x14000E170 0x00016D58 0x00015D58 0x000001C4
GetOEMCP - 0x14000E178 0x00016D60 0x00015D60 0x000002AD
GetCPInfo - 0x14000E180 0x00016D68 0x00015D68 0x000001D3
GetCommandLineA - 0x14000E188 0x00016D70 0x00015D70 0x000001E8
GetCommandLineW - 0x14000E190 0x00016D78 0x00015D78 0x000001E9
MultiByteToWideChar - 0x14000E198 0x00016D80 0x00015D80 0x00000408
WideCharToMultiByte - 0x14000E1A0 0x00016D88 0x00015D88 0x00000629
GetEnvironmentStringsW - 0x14000E1A8 0x00016D90 0x00015D90 0x0000024B
FreeEnvironmentStringsW - 0x14000E1B0 0x00016D98 0x00015D98 0x000001BC
SetStdHandle - 0x14000E1B8 0x00016DA0 0x00015DA0 0x00000572
GetFileType - 0x14000E1C0 0x00016DA8 0x00015DA8 0x00000262
GetStringTypeW - 0x14000E1C8 0x00016DB0 0x00015DB0 0x000002EF
FlsAlloc - 0x14000E1D0 0x00016DB8 0x00015DB8 0x000001AC
FlsGetValue - 0x14000E1D8 0x00016DC0 0x00015DC0 0x000001AE
FlsSetValue - 0x14000E1E0 0x00016DC8 0x00015DC8 0x000001AF
FlsFree - 0x14000E1E8 0x00016DD0 0x00015DD0 0x000001AD
LCMapStringW - 0x14000E1F0 0x00016DD8 0x00015DD8 0x000003CA
GetProcessHeap - 0x14000E1F8 0x00016DE0 0x00015DE0 0x000002CB
HeapSize - 0x14000E200 0x00016DE8 0x00015DE8 0x0000036C
HeapReAlloc - 0x14000E208 0x00016DF0 0x00015DF0 0x0000036A
FlushFileBuffers - 0x14000E210 0x00016DF8 0x00015DF8 0x000001B1
GetConsoleOutputCP - 0x14000E218 0x00016E00 0x00015E00 0x00000212
GetConsoleMode - 0x14000E220 0x00016E08 0x00015E08 0x0000020E
SetFilePointerEx - 0x14000E228 0x00016E10 0x00015E10 0x00000549
CreateFileW - 0x14000E230 0x00016E18 0x00015E18 0x000000D3
CloseHandle - 0x14000E238 0x00016E20 0x00015E20 0x0000008E
Digital Signature Information
»
Verification Status Failed
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA 2010
Country Name US
Valid From 2021-09-02 20:25 (UTC+2)
Valid Until 2022-09-01 20:25 (UTC+2)
Algorithm sha256_rsa
Serial Number 33 00 00 04 25 35 21 6F 36 08 7C EB 06 00 00 00 00 04 25
Thumbprint 92 51 BD 18 AC 5C 69 FD C0 CB 16 B5 1D 51 33 A8 4F E6 BC 2F
Certificate: Microsoft Code Signing PCA 2010
»
Issued by Microsoft Code Signing PCA 2010
Country Name US
Valid From 2010-07-06 22:40 (UTC+2)
Valid Until 2025-07-06 22:50 (UTC+2)
Algorithm sha256_rsa
Serial Number 61 0C 52 4C 00 00 00 00 00 03
Thumbprint 8B FE 31 07 71 2B 3C 88 6B 1C 96 AA EC 89 98 49 14 DC 9B 6B
Memory Dumps (35)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
onedrive.exe 5 0x7FF60E8F0000 0x7FF60E91DFFF Relevant Image False 64-bit 0x7FF60E8FD6E0 False False
...
buffer 5 0x02397000 0x0239FFFF First Network Behavior False 64-bit - False False
...
buffer 5 0x0014D000 0x0014FFFF First Network Behavior False 64-bit - False False
...
buffer 5 0x007820B0 0x00782147 First Network Behavior False 64-bit - False False
...
buffer 5 0x007844A0 0x00784867 First Network Behavior False 64-bit - False False
...
buffer 5 0x00784870 0x00785A6F First Network Behavior False 64-bit - False False
...
buffer 5 0x00785A80 0x00785CA7 First Network Behavior False 64-bit - False False
...
buffer 5 0x00785CB0 0x00785DAF First Network Behavior False 64-bit - False False
...
buffer 5 0x00785DC0 0x00785ED7 First Network Behavior False 64-bit - False False
...
buffer 5 0x007862D0 0x007863A1 First Network Behavior False 64-bit - False False
...
buffer 5 0x00786490 0x0078651F First Network Behavior False 64-bit - False False
...
buffer 5 0x00787180 0x00787255 First Network Behavior False 64-bit - False False
...
buffer 5 0x00787460 0x0078845F First Network Behavior False 64-bit - False False
...
buffer 5 0x0078EED0 0x0078EF4F First Network Behavior False 64-bit - False False
...
buffer 5 0x0078EF60 0x0078EFEF First Network Behavior False 64-bit - False False
...
onedrive.exe 5 0x7FF60E8F0000 0x7FF60E91DFFF First Network Behavior False 64-bit - False False
...
secur32.dll 5 0x7FF8779F0000 0x7FF877A43FFF First Network Behavior False 64-bit - False False
...
counters.dat 5 0x001D0000 0x001D0FFF First Network Behavior False 64-bit - False False
...
buffer 5 0x007820B0 0x00782147 Final Dump False 64-bit - False False
...
buffer 5 0x007844A0 0x00784867 Final Dump False 64-bit - False False
...
buffer 5 0x00784870 0x00785A6F Final Dump False 64-bit - False False
...
buffer 5 0x00785A80 0x00785CA7 Final Dump False 64-bit - False False
...
buffer 5 0x00785CB0 0x00785DAF Final Dump False 64-bit - False False
...
buffer 5 0x00785DC0 0x00785ED7 Final Dump False 64-bit - False False
...
buffer 5 0x007862D0 0x007863A1 Final Dump False 64-bit - False False
...
buffer 5 0x00786490 0x0078651F Final Dump False 64-bit - False False
...
buffer 5 0x00787180 0x00787255 Final Dump False 64-bit - False False
...
buffer 5 0x00787460 0x0078845F Final Dump False 64-bit - False False
...
buffer 5 0x0078EED0 0x0078EF4F Final Dump False 64-bit - False False
...
buffer 5 0x0078EF60 0x0078EFEF Final Dump False 64-bit - False False
...
onedrive.exe 5 0x7FF60E8F0000 0x7FF60E91DFFF Final Dump False 64-bit - False False
...
secur32.dll 5 0x7FF8779F0000 0x7FF877A43FFF First Execution False 64-bit 0x7FF877A30D60 False False
...
counters.dat 5 0x001D0000 0x001D0FFF Final Dump False 64-bit - False False
...
onedrive.exe 13 0x7FF69A900000 0x7FF69A92DFFF Relevant Image False 64-bit 0x7FF69A90D6E0 False False
...
onedrive.exe 13 0x7FF69A900000 0x7FF69A92DFFF Final Dump False 64-bit - False False
...
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\OneDrive\Secur32.dll Dropped File Binary
Clean
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 316.50 KB
MD5 fed6517a5f84eecc29edee5586d7feeb Copy to Clipboard
SHA1 56df244bf73c7ec7b59c98e1f5d47b379b58a06b Copy to Clipboard
SHA256 5075a0587b1b35c0152d8c44468641d0ab1c52fd8f1814ee257eceb9ffcb89b6 Copy to Clipboard
SSDeep 6144:dJ44tdGSdC73ucShSi5ARPL4emfJFD+Tx:dW7EekJ Copy to Clipboard
ImpHash c100a9223699fa78bf243d68a8c78187 Copy to Clipboard
PE Information
»
Image Base 0x180000000
Entry Point 0x180040D60
Size Of Code 0x00042800
Size Of Initialized Data 0x0000CC00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2022-04-23 16:54 (UTC+2)
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x00042725 0x00042800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.53
.rdata 0x180044000 0x00008152 0x00008200 0x00042C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.27
.data 0x18004D000 0x00000920 0x00000400 0x0004AE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.92
.pdata 0x18004E000 0x00003BC4 0x00003C00 0x0004B200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.33
.rsrc 0x180052000 0x000000F8 0x00000200 0x0004EE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.52
.reloc 0x180053000 0x000000B8 0x00000200 0x0004F000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 2.36
Imports (14)
»
KERNEL32.dll (35)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep - 0x180044000 0x0004B6D0 0x0004A2D0 0x000005A7
GetCurrentDirectoryA - 0x180044008 0x0004B6D8 0x0004A2D8 0x00000222
CreateDirectoryA - 0x180044010 0x0004B6E0 0x0004A2E0 0x000000BD
CreateFileA - 0x180044018 0x0004B6E8 0x0004A2E8 0x000000CB
GetFileAttributesA - 0x180044020 0x0004B6F0 0x0004A2F0 0x00000254
LocalFileTimeToFileTime - 0x180044028 0x0004B6F8 0x0004A2F8 0x000003E5
ReadFile - 0x180044030 0x0004B700 0x0004A300 0x0000048C
SetFilePointer - 0x180044038 0x0004B708 0x0004A308 0x00000548
SetFileTime - 0x180044040 0x0004B710 0x0004A310 0x0000054C
WriteFile - 0x180044048 0x0004B718 0x0004A318 0x0000063D
CloseHandle - 0x180044050 0x0004B720 0x0004A320 0x0000008E
SystemTimeToFileTime - 0x180044058 0x0004B728 0x0004A328 0x000005B2
VirtualAllocEx - 0x180044060 0x0004B730 0x0004A330 0x000005F2
GetFileInformationByHandle - 0x180044068 0x0004B738 0x0004A338 0x0000025B
GetFileSize - 0x180044070 0x0004B740 0x0004A340 0x0000025F
GetLocalTime - 0x180044078 0x0004B748 0x0004A348 0x00000275
GetTickCount - 0x180044080 0x0004B750 0x0004A350 0x00000323
MapViewOfFile - 0x180044088 0x0004B758 0x0004A358 0x000003F7
UnmapViewOfFile - 0x180044090 0x0004B760 0x0004A360 0x000005DB
CreateFileMappingA - 0x180044098 0x0004B768 0x0004A368 0x000000CC
FileTimeToSystemTime - 0x1800440A0 0x0004B770 0x0004A370 0x0000017C
GetSystemTimeAsFileTime - 0x1800440A8 0x0004B778 0x0004A378 0x00000301
GetCurrentThreadId - 0x1800440B0 0x0004B780 0x0004A380 0x0000022F
GetCurrentProcessId - 0x1800440B8 0x0004B788 0x0004A388 0x0000022B
QueryPerformanceCounter - 0x1800440C0 0x0004B790 0x0004A390 0x00000464
IsDebuggerPresent - 0x1800440C8 0x0004B798 0x0004A398 0x00000397
IsProcessorFeaturePresent - 0x1800440D0 0x0004B7A0 0x0004A3A0 0x0000039E
TerminateProcess - 0x1800440D8 0x0004B7A8 0x0004A3A8 0x000005B6
GetCurrentProcess - 0x1800440E0 0x0004B7B0 0x0004A3B0 0x0000022A
SetUnhandledExceptionFilter - 0x1800440E8 0x0004B7B8 0x0004A3B8 0x00000597
UnhandledExceptionFilter - 0x1800440F0 0x0004B7C0 0x0004A3C0 0x000005D8
RtlVirtualUnwind - 0x1800440F8 0x0004B7C8 0x0004A3C8 0x000004F8
RtlLookupFunctionEntry - 0x180044100 0x0004B7D0 0x0004A3D0 0x000004F1
RtlCaptureContext - 0x180044108 0x0004B7D8 0x0004A3D8 0x000004E9
InitializeSListHead - 0x180044110 0x0004B7E0 0x0004A3E0 0x00000381
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDesktopWindow - 0x180044140 0x0004B810 0x0004A410 0x00000146
wsprintfA - 0x180044148 0x0004B818 0x0004A418 0x000003EE
MSVCP140.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
?_Xbad_function_call@std@@YAXXZ - 0x180044120 0x0004B7F0 0x0004A3F0 0x0000028C
?_Xout_of_range@std@@YAXPEBD@Z - 0x180044128 0x0004B7F8 0x0004A3F8 0x0000028F
?_Xlength_error@std@@YAXPEBD@Z - 0x180044130 0x0004B800 0x0004A400 0x0000028E
VCRUNTIME140.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
memcmp - 0x180044158 0x0004B828 0x0004A428 0x0000003B
memmove - 0x180044160 0x0004B830 0x0004A430 0x0000003D
__std_exception_copy - 0x180044168 0x0004B838 0x0004A438 0x00000021
memchr - 0x180044170 0x0004B840 0x0004A440 0x0000003A
__current_exception_context - 0x180044178 0x0004B848 0x0004A448 0x0000001C
_CxxThrowException - 0x180044180 0x0004B850 0x0004A450 0x00000001
__std_type_info_destroy_list - 0x180044188 0x0004B858 0x0004A458 0x00000025
__C_specific_handler - 0x180044190 0x0004B860 0x0004A460 0x00000008
memset - 0x180044198 0x0004B868 0x0004A468 0x0000003E
__current_exception - 0x1800441A0 0x0004B870 0x0004A470 0x0000001B
__std_exception_destroy - 0x1800441A8 0x0004B878 0x0004A478 0x00000022
VCRUNTIME140_1.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__CxxFrameHandler4 - 0x1800441B8 0x0004B888 0x0004A488 0x00000000
api-ms-win-crt-runtime-l1-1-0.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_initterm - 0x180044248 0x0004B918 0x0004A518 0x00000036
_crt_atexit - 0x180044250 0x0004B920 0x0004A520 0x0000001E
_execute_onexit_table - 0x180044258 0x0004B928 0x0004A528 0x00000022
_register_onexit_function - 0x180044260 0x0004B930 0x0004A530 0x0000003C
_initialize_onexit_table - 0x180044268 0x0004B938 0x0004A538 0x00000034
_initialize_narrow_environment - 0x180044270 0x0004B940 0x0004A540 0x00000033
_initterm_e - 0x180044278 0x0004B948 0x0004A548 0x00000037
_configure_narrow_argv - 0x180044280 0x0004B950 0x0004A550 0x00000018
_errno - 0x180044288 0x0004B958 0x0004A558 0x00000021
_invalid_parameter_noinfo_noreturn - 0x180044290 0x0004B960 0x0004A560 0x00000039
terminate - 0x180044298 0x0004B968 0x0004A568 0x00000067
_cexit - 0x1800442A0 0x0004B970 0x0004A570 0x00000016
_seh_filter_dll - 0x1800442A8 0x0004B978 0x0004A578 0x0000003F
api-ms-win-crt-heap-l1-1-0.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_callnewh - 0x1800441E8 0x0004B8B8 0x0004A4B8 0x00000008
malloc - 0x1800441F0 0x0004B8C0 0x0004A4C0 0x00000019
free - 0x1800441F8 0x0004B8C8 0x0004A4C8 0x00000018
calloc - 0x180044200 0x0004B8D0 0x0004A4D0 0x00000017
api-ms-win-crt-utility-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
rand - 0x1800442E8 0x0004B9B8 0x0004A5B8 0x0000001B
srand - 0x1800442F0 0x0004B9C0 0x0004A5C0 0x0000001D
api-ms-win-crt-convert-l1-1-0.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
strtoull - 0x1800441C8 0x0004B898 0x0004A498 0x00000065
strtoll - 0x1800441D0 0x0004B8A0 0x0004A4A0 0x00000063
strtod - 0x1800441D8 0x0004B8A8 0x0004A4A8 0x0000005E
api-ms-win-crt-stdio-l1-1-0.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__stdio_common_vsprintf - 0x1800442B8 0x0004B988 0x0004A588 0x0000000D
fclose - 0x1800442C0 0x0004B990 0x0004A590 0x00000074
fopen - 0x1800442C8 0x0004B998 0x0004A598 0x0000007D
api-ms-win-crt-locale-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
localeconv - 0x180044210 0x0004B8E0 0x0004A4E0 0x00000012
api-ms-win-crt-math-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_dclass - 0x180044220 0x0004B8F0 0x0004A4F0 0x00000010
api-ms-win-crt-multibyte-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_mbsstr - 0x180044230 0x0004B900 0x0004A500 0x000000B7
_mbsicmp - 0x180044238 0x0004B908 0x0004A508 0x0000006B
api-ms-win-crt-time-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_time64 - 0x1800442D8 0x0004B9A8 0x0004A5A8 0x00000030
Exports (1)
»
API Name EAT Address Ordinal
GetUserNameExW 0x00026030 0x00000001
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\06ozgHEJuPa8uO_s Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 233 Bytes
MD5 9d2a79a158b15b145748e88401057b1d Copy to Clipboard
SHA1 05d0b8ea5f9221e1807e8c0c98bc51832bff34bc Copy to Clipboard
SHA256 ea155a7bc6445072c8263e095b84879a6ee76f29b930593e0c12050f8f1d7588 Copy to Clipboard
SSDeep 6:nf+s+rwXJTVV/1Kn1yy2LAcPLdj7q38NR8:ngsXJxc1yRA+xjDk Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\nsdBB97.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\rcfuhdw8\lolminer_v1.48_win64[1].zip Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\jqxs2duj\lolminer_v1.48_win64[1].zip Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\n5x1kxx2\json[1].json Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 322 Bytes
MD5 448fd833dffd83e91cdf73981b2114cf Copy to Clipboard
SHA1 51326e01ae9252848d27b1df39b8f9a5c5343b44 Copy to Clipboard
SHA256 d957ecd848cfa8cfd39395544ca668af84ebd48fcd10ffac4452c01fb52c4f26 Copy to Clipboard
SSDeep 6:Y7XE9Zn750/aopFKspNIrkIRmFP0//fduWHNicYwcphjF/W35jY:KXEPn75GxpLI85UXd1QFhJA5k Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image