Try VMRay Platform
Malicious
Classifications

Spyware Injector Downloader

Threat Names

Mal/HTMLGen-A Mal/Generic-S

Dynamic Analysis Report

Created on 2022-05-05T02:28:30+00:00

d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes, 13 seconds" to "10 seconds" to reveal dormant functionality.

Remarks

(0x0200005D): 32 additional dumps with the reason "Content Changed" and a total of 112 MB were skipped because the respective maximum limit was reached.

(0x0200004A): 1 dump(s) were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 166 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.51 MB
MD5 310eb5bd45ac9c5767d28e63ab64635b Copy to Clipboard
SHA1 4ac0d40abb71e9fcff34c8f67511fc590f495f3e Copy to Clipboard
SHA256 d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6 Copy to Clipboard
SSDeep 24576:07L4j8tb74F0xt7ruJV/QujUOycEvgyJrDybsxXX+ZVGNVooHI9s5KCfj2:07L4jIIct7w/QujMvOgUwLoKIG2 Copy to Clipboard
ImpHash efad26290bf4d1a676b7ad79139e8cdb Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00429132
Size Of Code 0x0011F400
Size Of Initialized Data 0x00062C00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-05-04 20:22 (UTC+2)
Version Information (8)
»
CompanyName Tetec Inc
FileDescription Yequokos yagi
FileVersion 5.10.8.100
InternalName Snhgowdekrift
LegalCopyright Copyright (C) 2020-2022 by Tetec Inc.
OriginalFilename Btderogatnive.exe
ProductName Dikem
ProductVersion 30.77.57.46
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0011F3D0 0x0011F400 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.61
.data 0x00521000 0x0000394C 0x00001A00 0x0011F800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.79
.reloc 0x00525000 0x00002D10 0x00002E00 0x00121200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.47
.rsrc 0x00528000 0x0005C37C 0x0005C400 0x00124000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.95
Imports (3)
»
KERNEL32.dll (83)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GenerateConsoleCtrlEvent - 0x0040100C 0x0011FBFC 0x0011EFFC 0x00000167
GlobalAlloc - 0x00401010 0x0011FC00 0x0011F000 0x000002B3
LoadLibraryW - 0x00401014 0x0011FC04 0x0011F004 0x0000033F
FreeConsole - 0x00401018 0x0011FC08 0x0011F008 0x0000015F
GetAtomNameW - 0x0040101C 0x0011FC0C 0x0011F00C 0x0000016E
GetACP - 0x00401020 0x0011FC10 0x0011F010 0x00000168
MultiByteToWideChar - 0x00401024 0x0011FC14 0x0011F014 0x00000367
GetLastError - 0x00401028 0x0011FC18 0x0011F018 0x00000202
GetProcAddress - 0x0040102C 0x0011FC1C 0x0011F01C 0x00000245
OutputDebugStringW - 0x00401030 0x0011FC20 0x0011F020 0x0000038A
GetCurrentProcessId - 0x00401034 0x0011FC24 0x0011F024 0x000001C1
AddConsoleAliasA - 0x00401038 0x0011FC28 0x0011F028 0x00000005
GlobalReAlloc - 0x0040103C 0x0011FC2C 0x0011F02C 0x000002C1
SetEndOfFile - 0x00401040 0x0011FC30 0x0011F030 0x00000453
CreateFileW - 0x00401044 0x0011FC34 0x0011F034 0x0000008F
CreateFileA - 0x00401048 0x0011FC38 0x0011F038 0x00000088
WriteConsoleW - 0x0040104C 0x0011FC3C 0x0011F03C 0x00000524
AllocConsole - 0x00401050 0x0011FC40 0x0011F040 0x00000010
SetConsoleTitleW - 0x00401054 0x0011FC44 0x0011F044 0x00000448
GetConsoleAliasExesA - 0x00401058 0x0011FC48 0x0011F048 0x00000191
InterlockedIncrement - 0x0040105C 0x0011FC4C 0x0011F04C 0x000002EF
InterlockedDecrement - 0x00401060 0x0011FC50 0x0011F050 0x000002EB
EncodePointer - 0x00401064 0x0011FC54 0x0011F054 0x000000EA
DecodePointer - 0x00401068 0x0011FC58 0x0011F058 0x000000CA
Sleep - 0x0040106C 0x0011FC5C 0x0011F05C 0x000004B2
InitializeCriticalSection - 0x00401070 0x0011FC60 0x0011F060 0x000002E2
DeleteCriticalSection - 0x00401074 0x0011FC64 0x0011F064 0x000000D1
EnterCriticalSection - 0x00401078 0x0011FC68 0x0011F068 0x000000EE
LeaveCriticalSection - 0x0040107C 0x0011FC6C 0x0011F06C 0x00000339
GetCommandLineW - 0x00401080 0x0011FC70 0x0011F070 0x00000187
HeapSetInformation - 0x00401084 0x0011FC74 0x0011F074 0x000002D3
GetStartupInfoW - 0x00401088 0x0011FC78 0x0011F078 0x00000263
RaiseException - 0x0040108C 0x0011FC7C 0x0011F07C 0x000003B1
RtlUnwind - 0x00401090 0x0011FC80 0x0011F080 0x00000418
HeapFree - 0x00401094 0x0011FC84 0x0011F084 0x000002CF
WideCharToMultiByte - 0x00401098 0x0011FC88 0x0011F088 0x00000511
LCMapStringW - 0x0040109C 0x0011FC8C 0x0011F08C 0x0000032D
GetCPInfo - 0x004010A0 0x0011FC90 0x0011F090 0x00000172
HeapAlloc - 0x004010A4 0x0011FC94 0x0011F094 0x000002CB
TerminateProcess - 0x004010A8 0x0011FC98 0x0011F098 0x000004C0
GetCurrentProcess - 0x004010AC 0x0011FC9C 0x0011F09C 0x000001C0
UnhandledExceptionFilter - 0x004010B0 0x0011FCA0 0x0011F0A0 0x000004D3
SetUnhandledExceptionFilter - 0x004010B4 0x0011FCA4 0x0011F0A4 0x000004A5
IsDebuggerPresent - 0x004010B8 0x0011FCA8 0x0011F0A8 0x00000300
IsProcessorFeaturePresent - 0x004010BC 0x0011FCAC 0x0011F0AC 0x00000304
SetStdHandle - 0x004010C0 0x0011FCB0 0x0011F0B0 0x00000487
InitializeCriticalSectionAndSpinCount - 0x004010C4 0x0011FCB4 0x0011F0B4 0x000002E3
GetFileType - 0x004010C8 0x0011FCB8 0x0011F0B8 0x000001F3
WriteFile - 0x004010CC 0x0011FCBC 0x0011F0BC 0x00000525
GetConsoleCP - 0x004010D0 0x0011FCC0 0x0011F0C0 0x0000019A
GetConsoleMode - 0x004010D4 0x0011FCC4 0x0011F0C4 0x000001AC
SetHandleCount - 0x004010D8 0x0011FCC8 0x0011F0C8 0x0000046F
GetStdHandle - 0x004010DC 0x0011FCCC 0x0011F0CC 0x00000264
CloseHandle - 0x004010E0 0x0011FCD0 0x0011F0D0 0x00000052
GetModuleHandleW - 0x004010E4 0x0011FCD4 0x0011F0D4 0x00000218
ExitProcess - 0x004010E8 0x0011FCD8 0x0011F0D8 0x00000119
GetModuleFileNameW - 0x004010EC 0x0011FCDC 0x0011F0DC 0x00000214
FreeEnvironmentStringsW - 0x004010F0 0x0011FCE0 0x0011F0E0 0x00000161
GetEnvironmentStringsW - 0x004010F4 0x0011FCE4 0x0011F0E4 0x000001DA
TlsAlloc - 0x004010F8 0x0011FCE8 0x0011F0E8 0x000004C5
TlsGetValue - 0x004010FC 0x0011FCEC 0x0011F0EC 0x000004C7
TlsSetValue - 0x00401100 0x0011FCF0 0x0011F0F0 0x000004C8
TlsFree - 0x00401104 0x0011FCF4 0x0011F0F4 0x000004C6
SetLastError - 0x00401108 0x0011FCF8 0x0011F0F8 0x00000473
GetCurrentThreadId - 0x0040110C 0x0011FCFC 0x0011F0FC 0x000001C5
HeapCreate - 0x00401110 0x0011FD00 0x0011F100 0x000002CD
QueryPerformanceCounter - 0x00401114 0x0011FD04 0x0011F104 0x000003A7
GetTickCount - 0x00401118 0x0011FD08 0x0011F108 0x00000293
GetSystemTimeAsFileTime - 0x0040111C 0x0011FD0C 0x0011F10C 0x00000279
GetLocaleInfoW - 0x00401120 0x0011FD10 0x0011F110 0x00000206
HeapSize - 0x00401124 0x0011FD14 0x0011F114 0x000002D4
FlushFileBuffers - 0x00401128 0x0011FD18 0x0011F118 0x00000157
ReadFile - 0x0040112C 0x0011FD1C 0x0011F11C 0x000003C0
SetFilePointer - 0x00401130 0x0011FD20 0x0011F120 0x00000466
GetOEMCP - 0x00401134 0x0011FD24 0x0011F124 0x00000237
IsValidCodePage - 0x00401138 0x0011FD28 0x0011F128 0x0000030A
GetStringTypeW - 0x0040113C 0x0011FD2C 0x0011F12C 0x00000269
HeapReAlloc - 0x00401140 0x0011FD30 0x0011F130 0x000002D2
GetUserDefaultLCID - 0x00401144 0x0011FD34 0x0011F134 0x0000029B
GetLocaleInfoA - 0x00401148 0x0011FD38 0x0011F138 0x00000204
EnumSystemLocalesA - 0x0040114C 0x0011FD3C 0x0011F13C 0x0000010D
IsValidLocale - 0x00401150 0x0011FD40 0x0011F140 0x0000030C
GetProcessHeap - 0x00401154 0x0011FD44 0x0011F144 0x0000024A
USER32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OffsetRect - 0x0040115C 0x0011FD4C 0x0011F14C 0x00000225
MessageBoxA - 0x00401160 0x0011FD50 0x0011F150 0x0000020E
IsRectEmpty - 0x00401164 0x0011FD54 0x0011F154 0x000001D4
InvertRect - 0x00401168 0x0011FD58 0x0011F158 0x000001C0
GDI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ResizePalette - 0x00401000 0x0011FBF0 0x0011EFF0 0x00000268
SaveDC - 0x00401004 0x0011FBF4 0x0011EFF4 0x00000270
Digital Signature Information
»
Verification Status Valid
Certificate: *.elo.com
»
Issued by *.elo.com
Country Name None
Valid From 2021-09-28 17:03 (UTC+2)
Valid Until 2022-10-28 17:03 (UTC+2)
Algorithm sha256_rsa
Serial Number 01 CA 3A 6D BD 89 E3 BA 09 A6 98 32 60 FE 8F 96
Thumbprint A5 A5 60 E2 2C A4 07 5C 52 80 1E 63 97 7D A1 FC 5D 79 88 29
Memory Dumps (91)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe 1 0x01200000 0x01384FFF Relevant Image False 32-bit 0x0122FEA8 False
...
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe 1 0x01200000 0x01384FFF Content Changed False 32-bit 0x0121A1EC False
...
buffer 1 0x00DB5020 0x00EEA4DC First Execution False 32-bit 0x00DB5020 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EEA1FB False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EBD71C False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EBE15D False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EC100C False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EC0166 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EC2172 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EC4B00 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E89950 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DCB0CB False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E0FDF0 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E1172F False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DCC072 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DCD000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E9C000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DB74BE False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E2A06E False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E33221 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E21170 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E33AF2 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DC63C0 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E33AF2 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DC63C0 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E33AF2 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DC63C0 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E34000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E2C000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E27000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EAA1E2 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EAB000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E28000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E3C7A1 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E40000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E2B000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DD5D0B False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E4A000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DD1F3C False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E56373 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E70E00 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E71033 False
...
buffer 1 0x00185000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 1 0x00570FD0 0x005711EF First Network Behavior False 32-bit - False
...
buffer 1 0x00571420 0x0057161F First Network Behavior False 32-bit - False
...
buffer 1 0x00571628 0x005716FF First Network Behavior False 32-bit - False
...
buffer 1 0x00572710 0x0057278F First Network Behavior False 32-bit - False
...
buffer 1 0x00572798 0x00572F97 First Network Behavior False 32-bit - False
...
buffer 1 0x006DF4C0 0x006DF54F First Network Behavior False 32-bit - False
...
buffer 1 0x006E0458 0x006E0525 First Network Behavior False 32-bit - False
...
buffer 1 0x006E09C8 0x006E0A47 First Network Behavior False 32-bit - False
...
buffer 1 0x006E3538 0x006E389B First Network Behavior False 32-bit - False
...
buffer 1 0x006E38A8 0x006E46A7 First Network Behavior False 32-bit - False
...
buffer 1 0x006E46B0 0x006E48CF First Network Behavior False 32-bit - False
...
buffer 1 0x006E4A10 0x006E4AE5 First Network Behavior False 32-bit - False
...
buffer 1 0x006E4C80 0x006E547F First Network Behavior False 32-bit - False
...
buffer 1 0x006E5D98 0x006E5E69 First Network Behavior False 32-bit - False
...
buffer 1 0x006E5F48 0x006E5FD7 First Network Behavior False 32-bit - False
...
buffer 1 0x00AF9020 0x00DA37EC First Network Behavior False 32-bit - False
...
buffer 1 0x00DB5020 0x00EEA4DC First Network Behavior False 32-bit 0x00E6F533 False
...
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe 1 0x01200000 0x01384FFF First Network Behavior False 32-bit 0x0122FD79 False
...
counters.dat 1 0x00550000 0x00550FFF First Network Behavior False 32-bit - False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EB6058 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E5770D False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00DDB667 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EBC000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E74000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E76000 False
...
buffer 1 0x0E810000 0x0E930FFF First Execution False 32-bit 0x0E810000 False
...
buffer 1 0x0E810000 0x0E930FFF Content Changed False 32-bit 0x0E823000 False
...
buffer 1 0x0E810000 0x0E930FFF Content Changed False 32-bit - False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E77000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EBD000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E1BD70 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EA5425 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E79000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E01A38 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E977F5 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E98000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E03000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E04000 False
...
buffer 1 0x006A0000 0x006BFFFF Marked Executable False 32-bit - False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E09000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00E9F000 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EA109F False
...
buffer 1 0x006A0000 0x006BFFFF Content Changed False 32-bit - False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EC0FD2 False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EC59AA False
...
buffer 1 0x00DB5020 0x00EEA4DC Content Changed False 32-bit 0x00EC21EF False
...
buffer 1 0x00717C68 0x00732467 Image In Buffer False 32-bit - False
...
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe 1 0x01200000 0x01384FFF Process Termination False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\filename.exe Downloaded File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.65 MB
MD5 c108ebdd14a2cf40e64411792987796a Copy to Clipboard
SHA1 48f4f5376d0a571784fa03f89015c6a72f74998d Copy to Clipboard
SHA256 f9bff1ac8e6c15dde928e87a8bf733006ca805d42302387b2c24e11e555b7ee6 Copy to Clipboard
SSDeep 98304:mQi4NSWhwXCzdRTm4OVgThNEUdhgjcAwLgq+a6T8g/Ztr4JIs/:Hi4U+rTmoNEUfWcAZ5TPZtr4WK Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x140000000
Size Of Code 0x004A6C00
Size Of Initialized Data 0x00000600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2022-04-21 19:28 (UTC+2)
Version Information (10)
»
Comments Google Chrome
CompanyName Google Inc.
FileDescription chrome.exe
FileVersion 70.0.3538.110
InternalName rigx.exe
LegalCopyright Copyright 2017 Google Inc. All rights reserved.
OriginalFilename rigx.exe
ProductName Google Chrome
ProductVersion 70.0.3538.110
Assembly Version 0.0.0.0
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140002000 0x004A6BB0 0x004A6C00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 8.0
.rsrc 0x1404AA000 0x000005F6 0x00000600 0x004A6E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.25
C:\Users\RDHJ0C~1\AppData\Local\Temp\fname.exe Downloaded File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\fname.exe (Downloaded File, Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 3.51 MB
MD5 c61f9a9059f8b8bd0e69f7df4cb09786 Copy to Clipboard
SHA1 70fffde0debf4559859617d49dc48c54df3c156d Copy to Clipboard
SHA256 84a5a26f1748c3ad1f0b98c438908e8dc842eacc6390484527ee1fe7e56264f5 Copy to Clipboard
SSDeep 98304:xjFJEyX5ZYpLKwYXA8NMLgJ0CYkL1N5qV0O8:ZFSyJZ8LYEgCCYkDxO8 Copy to Clipboard
ImpHash 25a9be81ed1ff039b036d3155dd64335 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x006230B1
Size Of Code 0x0012B200
Size Of Initialized Data 0x00024A00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:04 (UTC+1)
Sections (9)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
JICeboQ 0x00401000 0x00105E35 0x00106000 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.62
zcPlt 0x00507000 0x00025075 0x00025200 0x00106400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.58
rrF5ta 0x0052D000 0x0001F3A0 0x0001F400 0x0012B600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.08
IKbga 0x0054D000 0x00001CF0 0x00001000 0x0014AA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.05
03AAoc 0x0054F000 0x00002DDC 0x00002E00 0x0014BA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.7
6maTqw 0x00552000 0x00004000 0x00004000 0x0014E800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.21
PKmYta 0x00556000 0x00001000 0x00000200 0x00152800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.14
gTx1qw 0x00557000 0x00226000 0x00226000 0x00152A00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.08
9YRtc 0x0077D000 0x000008DB 0x00000A00 0x00378A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.06
Imports (2)
»
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA - 0x00556078 0x00156078 0x00152878 0x00000000
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindWindowA - 0x00556080 0x00156080 0x00152880 0x00000000
Digital Signature Information
»
Verification Status Failed
Certificate: Gary Kramlich
»
Issued by Gary Kramlich
Parent Certificate Sectigo RSA Code Signing CA
Country Name US
Valid From 2021-03-22 01:00 (UTC+1)
Valid Until 2024-03-22 00:59 (UTC+1)
Algorithm sha256_rsa
Serial Number F6 AD 45 18 8E 55 66 AA 31 7B E2 3B 4B 8B 2C 2F
Thumbprint AD FA 74 4A A0 74 FB 5D C5 7E E6 44 5A 3E 18 D6 06 C7 BF 96
Certificate: Sectigo RSA Code Signing CA
»
Issued by Sectigo RSA Code Signing CA
Parent Certificate USERTrust RSA Certification Authority
Country Name GB
Valid From 2018-11-02 01:00 (UTC+1)
Valid Until 2031-01-01 00:59 (UTC+1)
Algorithm sha384_rsa
Serial Number 1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A
Thumbprint 94 C9 5D A1 E8 50 BD 85 20 9A 4A 2A F3 E1 FB 16 04 F9 BB 66
Certificate: USERTrust RSA Certification Authority
»
Issued by USERTrust RSA Certification Authority
Parent Certificate AAA Certificate Services
Country Name US
Valid From 2019-03-12 01:00 (UTC+1)
Valid Until 2029-01-01 00:59 (UTC+1)
Algorithm sha384_rsa
Serial Number 39 72 44 3A F9 22 B7 51 D7 D3 6C 10 DD 31 35 95
Thumbprint D8 9E 3B D4 3D 5D 90 9B 47 A1 89 77 AA 9D 5C E3 6C EE 18 4C
Certificate: AAA Certificate Services
»
Issued by AAA Certificate Services
Country Name GB
Valid From 2004-01-01 01:00 (UTC+1)
Valid Until 2029-01-01 00:59 (UTC+1)
Algorithm sha1_rsa
Serial Number 01
Thumbprint D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49
Memory Dumps (23)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
fname.exe 6 0x01140000 0x014BDFFF First Execution False 32-bit 0x013630B1 False
...
fname.exe 6 0x01140000 0x014BDFFF Content Changed False 32-bit 0x0140A5BA False
...
fname.exe 6 0x01140000 0x014BDFFF Content Changed False 32-bit 0x0116E000 False
...
buffer 6 0x00182754 0x00182ED1 First Execution False 32-bit 0x001828D5 False
...
buffer 6 0x00AE0000 0x00B01FFF Content Changed False 32-bit - False
...
buffer 6 0x00182754 0x00182ED1 Process Termination False 32-bit - False
...
buffer 6 0x001E0000 0x001E4FFF Process Termination False 32-bit - False
...
buffer 6 0x00510000 0x00510FFF Process Termination False 32-bit - False
...
buffer 6 0x00520000 0x00520FFF Process Termination False 32-bit - False
...
buffer 6 0x00530000 0x00530FFF Process Termination False 32-bit - False
...
buffer 6 0x00540000 0x00540FFF Process Termination False 32-bit - False
...
buffer 6 0x00550000 0x00550FFF Process Termination False 32-bit - False
...
buffer 6 0x00560000 0x00560FFF Process Termination False 32-bit - False
...
buffer 6 0x00570000 0x00570FFF Process Termination False 32-bit - False
...
buffer 6 0x00580000 0x00580FFF Process Termination False 32-bit - False
...
buffer 6 0x00590000 0x00590FFF Process Termination False 32-bit - False
...
buffer 6 0x005AA438 0x005AA4CF Process Termination False 32-bit - False
...
buffer 6 0x005B1000 0x005B1DFF Process Termination False 32-bit - False
...
buffer 6 0x005B1E08 0x005B2027 Process Termination False 32-bit - False
...
buffer 6 0x005B3E90 0x005B4E8F Process Termination False 32-bit - False
...
buffer 6 0x00AC0000 0x00AC0FFF Process Termination False 32-bit - False
...
buffer 6 0x00AD0000 0x00AD0FFF Process Termination False 32-bit - False
...
fname.exe 6 0x01140000 0x014BDFFF Process Termination False 32-bit - False
...
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image