Spyware Injector Downloader
Mal/HTMLGen-A Mal/Generic-S
Created on 2022-05-05T02:28:30+00:00
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes, 13 seconds" to "10 seconds" to reveal dormant functionality.
Remarks
(0x0200005D): 32 additional dumps with the reason "Content Changed" and a total of 112 MB were skipped because the respective maximum limit was reached.
(0x0200004A): 1 dump(s) were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 166 MB.
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe | Sample File | Binary |
Malicious
|
...
|
Image Base | 0x00400000 |
Entry Point | 0x00429132 |
Size Of Code | 0x0011F400 |
Size Of Initialized Data | 0x00062C00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2022-05-04 20:22 (UTC+2) |
CompanyName | Tetec Inc |
FileDescription | Yequokos yagi |
FileVersion | 5.10.8.100 |
InternalName | Snhgowdekrift |
LegalCopyright | Copyright (C) 2020-2022 by Tetec Inc. |
OriginalFilename | Btderogatnive.exe |
ProductName | Dikem |
ProductVersion | 30.77.57.46 |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00401000 | 0x0011F3D0 | 0x0011F400 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.61 |
.data | 0x00521000 | 0x0000394C | 0x00001A00 | 0x0011F800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.79 |
.reloc | 0x00525000 | 0x00002D10 | 0x00002E00 | 0x00121200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 4.47 |
.rsrc | 0x00528000 | 0x0005C37C | 0x0005C400 | 0x00124000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.95 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GenerateConsoleCtrlEvent | - | 0x0040100C | 0x0011FBFC | 0x0011EFFC | 0x00000167 |
GlobalAlloc | - | 0x00401010 | 0x0011FC00 | 0x0011F000 | 0x000002B3 |
LoadLibraryW | - | 0x00401014 | 0x0011FC04 | 0x0011F004 | 0x0000033F |
FreeConsole | - | 0x00401018 | 0x0011FC08 | 0x0011F008 | 0x0000015F |
GetAtomNameW | - | 0x0040101C | 0x0011FC0C | 0x0011F00C | 0x0000016E |
GetACP | - | 0x00401020 | 0x0011FC10 | 0x0011F010 | 0x00000168 |
MultiByteToWideChar | - | 0x00401024 | 0x0011FC14 | 0x0011F014 | 0x00000367 |
GetLastError | - | 0x00401028 | 0x0011FC18 | 0x0011F018 | 0x00000202 |
GetProcAddress | - | 0x0040102C | 0x0011FC1C | 0x0011F01C | 0x00000245 |
OutputDebugStringW | - | 0x00401030 | 0x0011FC20 | 0x0011F020 | 0x0000038A |
GetCurrentProcessId | - | 0x00401034 | 0x0011FC24 | 0x0011F024 | 0x000001C1 |
AddConsoleAliasA | - | 0x00401038 | 0x0011FC28 | 0x0011F028 | 0x00000005 |
GlobalReAlloc | - | 0x0040103C | 0x0011FC2C | 0x0011F02C | 0x000002C1 |
SetEndOfFile | - | 0x00401040 | 0x0011FC30 | 0x0011F030 | 0x00000453 |
CreateFileW | - | 0x00401044 | 0x0011FC34 | 0x0011F034 | 0x0000008F |
CreateFileA | - | 0x00401048 | 0x0011FC38 | 0x0011F038 | 0x00000088 |
WriteConsoleW | - | 0x0040104C | 0x0011FC3C | 0x0011F03C | 0x00000524 |
AllocConsole | - | 0x00401050 | 0x0011FC40 | 0x0011F040 | 0x00000010 |
SetConsoleTitleW | - | 0x00401054 | 0x0011FC44 | 0x0011F044 | 0x00000448 |
GetConsoleAliasExesA | - | 0x00401058 | 0x0011FC48 | 0x0011F048 | 0x00000191 |
InterlockedIncrement | - | 0x0040105C | 0x0011FC4C | 0x0011F04C | 0x000002EF |
InterlockedDecrement | - | 0x00401060 | 0x0011FC50 | 0x0011F050 | 0x000002EB |
EncodePointer | - | 0x00401064 | 0x0011FC54 | 0x0011F054 | 0x000000EA |
DecodePointer | - | 0x00401068 | 0x0011FC58 | 0x0011F058 | 0x000000CA |
Sleep | - | 0x0040106C | 0x0011FC5C | 0x0011F05C | 0x000004B2 |
InitializeCriticalSection | - | 0x00401070 | 0x0011FC60 | 0x0011F060 | 0x000002E2 |
DeleteCriticalSection | - | 0x00401074 | 0x0011FC64 | 0x0011F064 | 0x000000D1 |
EnterCriticalSection | - | 0x00401078 | 0x0011FC68 | 0x0011F068 | 0x000000EE |
LeaveCriticalSection | - | 0x0040107C | 0x0011FC6C | 0x0011F06C | 0x00000339 |
GetCommandLineW | - | 0x00401080 | 0x0011FC70 | 0x0011F070 | 0x00000187 |
HeapSetInformation | - | 0x00401084 | 0x0011FC74 | 0x0011F074 | 0x000002D3 |
GetStartupInfoW | - | 0x00401088 | 0x0011FC78 | 0x0011F078 | 0x00000263 |
RaiseException | - | 0x0040108C | 0x0011FC7C | 0x0011F07C | 0x000003B1 |
RtlUnwind | - | 0x00401090 | 0x0011FC80 | 0x0011F080 | 0x00000418 |
HeapFree | - | 0x00401094 | 0x0011FC84 | 0x0011F084 | 0x000002CF |
WideCharToMultiByte | - | 0x00401098 | 0x0011FC88 | 0x0011F088 | 0x00000511 |
LCMapStringW | - | 0x0040109C | 0x0011FC8C | 0x0011F08C | 0x0000032D |
GetCPInfo | - | 0x004010A0 | 0x0011FC90 | 0x0011F090 | 0x00000172 |
HeapAlloc | - | 0x004010A4 | 0x0011FC94 | 0x0011F094 | 0x000002CB |
TerminateProcess | - | 0x004010A8 | 0x0011FC98 | 0x0011F098 | 0x000004C0 |
GetCurrentProcess | - | 0x004010AC | 0x0011FC9C | 0x0011F09C | 0x000001C0 |
UnhandledExceptionFilter | - | 0x004010B0 | 0x0011FCA0 | 0x0011F0A0 | 0x000004D3 |
SetUnhandledExceptionFilter | - | 0x004010B4 | 0x0011FCA4 | 0x0011F0A4 | 0x000004A5 |
IsDebuggerPresent | - | 0x004010B8 | 0x0011FCA8 | 0x0011F0A8 | 0x00000300 |
IsProcessorFeaturePresent | - | 0x004010BC | 0x0011FCAC | 0x0011F0AC | 0x00000304 |
SetStdHandle | - | 0x004010C0 | 0x0011FCB0 | 0x0011F0B0 | 0x00000487 |
InitializeCriticalSectionAndSpinCount | - | 0x004010C4 | 0x0011FCB4 | 0x0011F0B4 | 0x000002E3 |
GetFileType | - | 0x004010C8 | 0x0011FCB8 | 0x0011F0B8 | 0x000001F3 |
WriteFile | - | 0x004010CC | 0x0011FCBC | 0x0011F0BC | 0x00000525 |
GetConsoleCP | - | 0x004010D0 | 0x0011FCC0 | 0x0011F0C0 | 0x0000019A |
GetConsoleMode | - | 0x004010D4 | 0x0011FCC4 | 0x0011F0C4 | 0x000001AC |
SetHandleCount | - | 0x004010D8 | 0x0011FCC8 | 0x0011F0C8 | 0x0000046F |
GetStdHandle | - | 0x004010DC | 0x0011FCCC | 0x0011F0CC | 0x00000264 |
CloseHandle | - | 0x004010E0 | 0x0011FCD0 | 0x0011F0D0 | 0x00000052 |
GetModuleHandleW | - | 0x004010E4 | 0x0011FCD4 | 0x0011F0D4 | 0x00000218 |
ExitProcess | - | 0x004010E8 | 0x0011FCD8 | 0x0011F0D8 | 0x00000119 |
GetModuleFileNameW | - | 0x004010EC | 0x0011FCDC | 0x0011F0DC | 0x00000214 |
FreeEnvironmentStringsW | - | 0x004010F0 | 0x0011FCE0 | 0x0011F0E0 | 0x00000161 |
GetEnvironmentStringsW | - | 0x004010F4 | 0x0011FCE4 | 0x0011F0E4 | 0x000001DA |
TlsAlloc | - | 0x004010F8 | 0x0011FCE8 | 0x0011F0E8 | 0x000004C5 |
TlsGetValue | - | 0x004010FC | 0x0011FCEC | 0x0011F0EC | 0x000004C7 |
TlsSetValue | - | 0x00401100 | 0x0011FCF0 | 0x0011F0F0 | 0x000004C8 |
TlsFree | - | 0x00401104 | 0x0011FCF4 | 0x0011F0F4 | 0x000004C6 |
SetLastError | - | 0x00401108 | 0x0011FCF8 | 0x0011F0F8 | 0x00000473 |
GetCurrentThreadId | - | 0x0040110C | 0x0011FCFC | 0x0011F0FC | 0x000001C5 |
HeapCreate | - | 0x00401110 | 0x0011FD00 | 0x0011F100 | 0x000002CD |
QueryPerformanceCounter | - | 0x00401114 | 0x0011FD04 | 0x0011F104 | 0x000003A7 |
GetTickCount | - | 0x00401118 | 0x0011FD08 | 0x0011F108 | 0x00000293 |
GetSystemTimeAsFileTime | - | 0x0040111C | 0x0011FD0C | 0x0011F10C | 0x00000279 |
GetLocaleInfoW | - | 0x00401120 | 0x0011FD10 | 0x0011F110 | 0x00000206 |
HeapSize | - | 0x00401124 | 0x0011FD14 | 0x0011F114 | 0x000002D4 |
FlushFileBuffers | - | 0x00401128 | 0x0011FD18 | 0x0011F118 | 0x00000157 |
ReadFile | - | 0x0040112C | 0x0011FD1C | 0x0011F11C | 0x000003C0 |
SetFilePointer | - | 0x00401130 | 0x0011FD20 | 0x0011F120 | 0x00000466 |
GetOEMCP | - | 0x00401134 | 0x0011FD24 | 0x0011F124 | 0x00000237 |
IsValidCodePage | - | 0x00401138 | 0x0011FD28 | 0x0011F128 | 0x0000030A |
GetStringTypeW | - | 0x0040113C | 0x0011FD2C | 0x0011F12C | 0x00000269 |
HeapReAlloc | - | 0x00401140 | 0x0011FD30 | 0x0011F130 | 0x000002D2 |
GetUserDefaultLCID | - | 0x00401144 | 0x0011FD34 | 0x0011F134 | 0x0000029B |
GetLocaleInfoA | - | 0x00401148 | 0x0011FD38 | 0x0011F138 | 0x00000204 |
EnumSystemLocalesA | - | 0x0040114C | 0x0011FD3C | 0x0011F13C | 0x0000010D |
IsValidLocale | - | 0x00401150 | 0x0011FD40 | 0x0011F140 | 0x0000030C |
GetProcessHeap | - | 0x00401154 | 0x0011FD44 | 0x0011F144 | 0x0000024A |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
OffsetRect | - | 0x0040115C | 0x0011FD4C | 0x0011F14C | 0x00000225 |
MessageBoxA | - | 0x00401160 | 0x0011FD50 | 0x0011F150 | 0x0000020E |
IsRectEmpty | - | 0x00401164 | 0x0011FD54 | 0x0011F154 | 0x000001D4 |
InvertRect | - | 0x00401168 | 0x0011FD58 | 0x0011F158 | 0x000001C0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ResizePalette | - | 0x00401000 | 0x0011FBF0 | 0x0011EFF0 | 0x00000268 |
SaveDC | - | 0x00401004 | 0x0011FBF4 | 0x0011EFF4 | 0x00000270 |
Verification Status | Valid |
Issued by | *.elo.com |
Country Name | None |
Valid From | 2021-09-28 17:03 (UTC+2) |
Valid Until | 2022-10-28 17:03 (UTC+2) |
Algorithm | sha256_rsa |
Serial Number | 01 CA 3A 6D BD 89 E3 BA 09 A6 98 32 60 FE 8F 96 |
Thumbprint | A5 A5 60 E2 2C A4 07 5C 52 80 1E 63 97 7D A1 FC 5D 79 88 29 |
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe | 1 | 0x01200000 | 0x01384FFF | Relevant Image | 32-bit | 0x0122FEA8 |
...
|
||
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe | 1 | 0x01200000 | 0x01384FFF | Content Changed | 32-bit | 0x0121A1EC |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | First Execution | 32-bit | 0x00DB5020 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EEA1FB |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EBD71C |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EBE15D |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EC100C |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EC0166 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EC2172 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EC4B00 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E89950 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DCB0CB |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E0FDF0 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E1172F |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DCC072 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DCD000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E9C000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DB74BE |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E2A06E |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E33221 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E21170 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E33AF2 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DC63C0 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E33AF2 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DC63C0 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E33AF2 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DC63C0 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E34000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E2C000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E27000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EAA1E2 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EAB000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E28000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E3C7A1 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E40000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E2B000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DD5D0B |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E4A000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DD1F3C |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E56373 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E70E00 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E71033 |
...
|
||
buffer | 1 | 0x00185000 | 0x0019FFFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00570FD0 | 0x005711EF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00571420 | 0x0057161F | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00571628 | 0x005716FF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00572710 | 0x0057278F | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00572798 | 0x00572F97 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006DF4C0 | 0x006DF54F | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E0458 | 0x006E0525 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E09C8 | 0x006E0A47 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E3538 | 0x006E389B | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E38A8 | 0x006E46A7 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E46B0 | 0x006E48CF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E4A10 | 0x006E4AE5 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E4C80 | 0x006E547F | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E5D98 | 0x006E5E69 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x006E5F48 | 0x006E5FD7 | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00AF9020 | 0x00DA37EC | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | First Network Behavior | 32-bit | 0x00E6F533 |
...
|
||
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe | 1 | 0x01200000 | 0x01384FFF | First Network Behavior | 32-bit | 0x0122FD79 |
...
|
||
counters.dat | 1 | 0x00550000 | 0x00550FFF | First Network Behavior | 32-bit | - |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EB6058 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E5770D |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00DDB667 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EBC000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E74000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E76000 |
...
|
||
buffer | 1 | 0x0E810000 | 0x0E930FFF | First Execution | 32-bit | 0x0E810000 |
...
|
||
buffer | 1 | 0x0E810000 | 0x0E930FFF | Content Changed | 32-bit | 0x0E823000 |
...
|
||
buffer | 1 | 0x0E810000 | 0x0E930FFF | Content Changed | 32-bit | - |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E77000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EBD000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E1BD70 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EA5425 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E79000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E01A38 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E977F5 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E98000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E03000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E04000 |
...
|
||
buffer | 1 | 0x006A0000 | 0x006BFFFF | Marked Executable | 32-bit | - |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E09000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00E9F000 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EA109F |
...
|
||
buffer | 1 | 0x006A0000 | 0x006BFFFF | Content Changed | 32-bit | - |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EC0FD2 |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EC59AA |
...
|
||
buffer | 1 | 0x00DB5020 | 0x00EEA4DC | Content Changed | 32-bit | 0x00EC21EF |
...
|
||
buffer | 1 | 0x00717C68 | 0x00732467 | Image In Buffer | 32-bit | - |
...
|
||
d1d622e31d20a69fc6fea0d98996607f37f6204bb02625bfb329cfdbb8edb6e6.exe | 1 | 0x01200000 | 0x01384FFF | Process Termination | 32-bit | - |
...
|
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\filename.exe | Downloaded File | Binary |
Malicious
|
...
|
Verdict |
Malicious
|
Names | Mal/Generic-S |
Image Base | 0x140000000 |
Size Of Code | 0x004A6C00 |
Size Of Initialized Data | 0x00000600 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_AMD64 |
Compile Timestamp | 2022-04-21 19:28 (UTC+2) |
Comments | Google Chrome |
CompanyName | Google Inc. |
FileDescription | chrome.exe |
FileVersion | 70.0.3538.110 |
InternalName | rigx.exe |
LegalCopyright | Copyright 2017 Google Inc. All rights reserved. |
OriginalFilename | rigx.exe |
ProductName | Google Chrome |
ProductVersion | 70.0.3538.110 |
Assembly Version | 0.0.0.0 |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x140002000 | 0x004A6BB0 | 0x004A6C00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 8.0 |
.rsrc | 0x1404AA000 | 0x000005F6 | 0x00000600 | 0x004A6E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.25 |
C:\Users\RDHJ0C~1\AppData\Local\Temp\fname.exe | Downloaded File | Binary |
Malicious
|
...
|
Verdict |
Malicious
|
Names | Mal/Generic-S |
Image Base | 0x00400000 |
Entry Point | 0x006230B1 |
Size Of Code | 0x0012B200 |
Size Of Initialized Data | 0x00024A00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 1970-01-01 01:04 (UTC+1) |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
JICeboQ | 0x00401000 | 0x00105E35 | 0x00106000 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.62 |
zcPlt | 0x00507000 | 0x00025075 | 0x00025200 | 0x00106400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.58 |
rrF5ta | 0x0052D000 | 0x0001F3A0 | 0x0001F400 | 0x0012B600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.08 |
IKbga | 0x0054D000 | 0x00001CF0 | 0x00001000 | 0x0014AA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 3.05 |
03AAoc | 0x0054F000 | 0x00002DDC | 0x00002E00 | 0x0014BA00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.7 |
6maTqw | 0x00552000 | 0x00004000 | 0x00004000 | 0x0014E800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.21 |
PKmYta | 0x00556000 | 0x00001000 | 0x00000200 | 0x00152800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.14 |
gTx1qw | 0x00557000 | 0x00226000 | 0x00226000 | 0x00152A00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.08 |
9YRtc | 0x0077D000 | 0x000008DB | 0x00000A00 | 0x00378A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.06 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetModuleHandleA | - | 0x00556078 | 0x00156078 | 0x00152878 | 0x00000000 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
FindWindowA | - | 0x00556080 | 0x00156080 | 0x00152880 | 0x00000000 |
Verification Status | Failed |
Issued by | Gary Kramlich |
Parent Certificate | Sectigo RSA Code Signing CA |
Country Name | US |
Valid From | 2021-03-22 01:00 (UTC+1) |
Valid Until | 2024-03-22 00:59 (UTC+1) |
Algorithm | sha256_rsa |
Serial Number | F6 AD 45 18 8E 55 66 AA 31 7B E2 3B 4B 8B 2C 2F |
Thumbprint | AD FA 74 4A A0 74 FB 5D C5 7E E6 44 5A 3E 18 D6 06 C7 BF 96 |
Issued by | Sectigo RSA Code Signing CA |
Parent Certificate | USERTrust RSA Certification Authority |
Country Name | GB |
Valid From | 2018-11-02 01:00 (UTC+1) |
Valid Until | 2031-01-01 00:59 (UTC+1) |
Algorithm | sha384_rsa |
Serial Number | 1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A |
Thumbprint | 94 C9 5D A1 E8 50 BD 85 20 9A 4A 2A F3 E1 FB 16 04 F9 BB 66 |
Issued by | USERTrust RSA Certification Authority |
Parent Certificate | AAA Certificate Services |
Country Name | US |
Valid From | 2019-03-12 01:00 (UTC+1) |
Valid Until | 2029-01-01 00:59 (UTC+1) |
Algorithm | sha384_rsa |
Serial Number | 39 72 44 3A F9 22 B7 51 D7 D3 6C 10 DD 31 35 95 |
Thumbprint | D8 9E 3B D4 3D 5D 90 9B 47 A1 89 77 AA 9D 5C E3 6C EE 18 4C |
Issued by | AAA Certificate Services |
Country Name | GB |
Valid From | 2004-01-01 01:00 (UTC+1) |
Valid Until | 2029-01-01 00:59 (UTC+1) |
Algorithm | sha1_rsa |
Serial Number | 01 |
Thumbprint | D1 EB 23 A4 6D 17 D6 8F D9 25 64 C2 F1 F1 60 17 64 D8 E3 49 |
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
fname.exe | 6 | 0x01140000 | 0x014BDFFF | First Execution | 32-bit | 0x013630B1 |
...
|
||
fname.exe | 6 | 0x01140000 | 0x014BDFFF | Content Changed | 32-bit | 0x0140A5BA |
...
|
||
fname.exe | 6 | 0x01140000 | 0x014BDFFF | Content Changed | 32-bit | 0x0116E000 |
...
|
||
buffer | 6 | 0x00182754 | 0x00182ED1 | First Execution | 32-bit | 0x001828D5 |
...
|
||
buffer | 6 | 0x00AE0000 | 0x00B01FFF | Content Changed | 32-bit | - |
...
|
||
buffer | 6 | 0x00182754 | 0x00182ED1 | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x001E0000 | 0x001E4FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00510000 | 0x00510FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00520000 | 0x00520FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00530000 | 0x00530FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00540000 | 0x00540FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00550000 | 0x00550FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00560000 | 0x00560FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00570000 | 0x00570FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00580000 | 0x00580FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00590000 | 0x00590FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x005AA438 | 0x005AA4CF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x005B1000 | 0x005B1DFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x005B1E08 | 0x005B2027 | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x005B3E90 | 0x005B4E8F | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00AC0000 | 0x00AC0FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 6 | 0x00AD0000 | 0x00AD0FFF | Process Termination | 32-bit | - |
...
|
||
fname.exe | 6 | 0x01140000 | 0x014BDFFF | Process Termination | 32-bit | - |
...
|
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat | Modified File | Stream |
Clean
|
...
|