Try VMRay Platform
Malicious
Classifications

Backdoor

Threat Names

NanoCore Mal/Generic-S

Dynamic Analysis Report

Created on 2022-08-05T11:28:59+00:00

fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe Sample File Binary
Malicious
...
»
Also Known As C:\Program Files (x86)\AGP Subsystem\agpss.exe (Accessed File)
C:\Users\kEecfMwgj\AppData\Roaming\nFxIoujoILCO.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 782.00 KB
MD5 583524e79bf439fe42fc992fea5d75f9 Copy to Clipboard
SHA1 433e13004fc64ef09412e0ac57cc42492eb9b327 Copy to Clipboard
SHA256 fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18 Copy to Clipboard
SSDeep 24576:/l4lNlPllllplUlllllllllllllUlUUPllllUlUllbUllbT9dDZH1m3q+lVKbk0Q:/l4lNlPllllplUlllllllllllllUlUUt Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x004C4C4E
Size Of Code 0x000C2E00
Size Of Initialized Data 0x00000800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2056-09-10 19:49 (UTC+2)
Version Information (11)
»
Comments
CompanyName
FileDescription Lib Mang Sys
FileVersion 1.0.0.0
InternalName AggregateDiction.exe
LegalCopyright Copyright © 2020
LegalTrademarks
OriginalFilename AggregateDiction.exe
ProductName Lib Mang Sys
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000C2C6C 0x000C2E00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.54
.rsrc 0x004C6000 0x000005DC 0x00000600 0x000C3000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.15
.reloc 0x004C8000 0x0000000C 0x00000200 0x000C3600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000C4C24 0x000C2E24 0x00000000
Memory Dumps (19)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe 1 0x01370000 0x01439FFF Relevant Image False 32-bit - False
...
buffer 1 0x00610000 0x0061FFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x008C0000 0x008C2FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x00340000 0x003C2FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe 1 0x01370000 0x01439FFF Final Dump False 32-bit - False
...
buffer 1 0x04DF0000 0x04E26FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 4 0x00400000 0x00437FFF Content Changed False 32-bit - False
...
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe 4 0x01370000 0x01439FFF Relevant Image False 32-bit - False
...
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe 1 0x01370000 0x01439FFF Process Termination False 32-bit - False
...
buffer 4 0x003E0000 0x003E4FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 4 0x00440000 0x00458FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 4 0x003E0000 0x003E4FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 4 0x003F0000 0x003F2FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
agpss.exe 10 0x00EE0000 0x00FA9FFF Relevant Image False 32-bit - False
...
buffer 10 0x00470000 0x0047FFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
nfxioujoilco.exe 8 0x00EC0000 0x00F89FFF Relevant Image False 32-bit - False
...
buffer 8 0x004C0000 0x004CFFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
agpss.exe 10 0x00EE0000 0x00FA9FFF Final Dump False 32-bit - False
...
nfxioujoilco.exe 8 0x00EC0000 0x00F89FFF Final Dump False 32-bit - False
...
7301a2115a9d357c467346d7b5e295e2079a785d7ef2823424d8e6c57180eeb4 Code Dump File Stream
Malicious
...
»
MIME Type application/octet-stream
File Size 114.00 KB
MD5 d4df43eba03984471ab954bbde44e0c2 Copy to Clipboard
SHA1 1610ecde8ad4aacb916492fcff95643ac6ed8c4d Copy to Clipboard
SHA256 7301a2115a9d357c467346d7b5e295e2079a785d7ef2823424d8e6c57180eeb4 Copy to Clipboard
SSDeep 3072:jzEqV6B1jHa6dtJ10jgvzcgi+oG/j9iaMP2s/HIH:jLV6Bta6dtJmakIM5 Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 108.54 KB
MD5 cfed669ff5e75be7f120f6db78fbf341 Copy to Clipboard
SHA1 41b58034167e5eb6759a5520b229609139c505d7 Copy to Clipboard
SHA256 7d41c8cc04967418bc2d9f627955932ad8b9069cfd79e6a97016f9146e578c41 Copy to Clipboard
SSDeep 768:xU33iHuvsHgTllu5Co9Qx68tSnSww+oOWwHBBpWkUJqiK2EI00aXm14lXim:WmuvsHgTllDoWxGEOWwckUJqiK2oe9m Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 8.03 KB
MD5 3b3c25a73972ae17e57cf588f4bc6f25 Copy to Clipboard
SHA1 8be4759a067d1a625f492737af7dc040d74c8dfb Copy to Clipboard
SHA256 c5e68bc6ec9388f0b0be98a6100459c5573044e269a87f804dac29c025505f52 Copy to Clipboard
SSDeep 3:5tmlNl/myll/:5tmo2l/ Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmpC690.tmp Dropped File Text
Clean
...
»
MIME Type text/xml
File Size 1.56 KB
MD5 0520137970f94bdc36bd5916398b180f Copy to Clipboard
SHA1 708f04a97d6867a207b86e0ac597a9b36b36cb87 Copy to Clipboard
SHA256 19655acbfeaf3c70e713a44fa36beca214ce51283e6a777d83ae76bcd8b91399 Copy to Clipboard
SSDeep 48:cgeD1N14YrFdOFzOzN33ODOiDdKrsuTXv:HeD1gYrFdOFzOz6dKrsuz Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmpFD29.tmp Dropped File Text
Clean
...
»
MIME Type text/xml
File Size 1.33 KB
MD5 a18c96cbe74d62f4029884be5d2ec333 Copy to Clipboard
SHA1 80257819ce4362c88c81c193ed30eac848cb1c12 Copy to Clipboard
SHA256 b29e7f9a093d2f3d64f6ac96b4ec8b34a9db2c05c45058af547e926438e3ba08 Copy to Clipboard
SSDeep 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0luD97xtn:cbk4oL600QydbQxIYODOLedq3ZRj Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp17.tmp Dropped File Text
Clean
...
»
MIME Type text/xml
File Size 1.28 KB
MD5 8aefdc623880016d77594b1802f74db6 Copy to Clipboard
SHA1 17608aaab6106247dec66a472516d023272c9b9b Copy to Clipboard
SHA256 ccd9d374a356e8635fe06015e07c986fb0e6f71099234ddc2935a6cb5e1571ac Copy to Clipboard
SSDeep 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Rcxtn:cbk4oL600QydbQxIYODOLedq3Scj Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Roaming\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\task.dat Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 95 Bytes
MD5 f71a473071767fbd547218ea1ed57049 Copy to Clipboard
SHA1 8431c80b6839ed84a4f6c561266367ed294c19b1 Copy to Clipboard
SHA256 610fcf9c824091895c008cc9d998a23401ca21d2ad1355fc4a0c093a48eb5cda Copy to Clipboard
SSDeep 3:oNLrMaADPAra3DB9XcClEHERQhHC:oNUFsuDzcwrgHC Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Roaming\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\run.dat Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 8 Bytes
MD5 198d285a12527c9e7fa936bf56727562 Copy to Clipboard
SHA1 52fb02fef5714ed2518822233321f39290c79da5 Copy to Clipboard
SHA256 bb32e00d8f24fef8c0672fe8781f2be4a46f50f5fd78421e6210b436b58f9fc8 Copy to Clipboard
SSDeep 3:Nln:Nln Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Roaming\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\settings.bin Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 8 Bytes
MD5 cdbed468f133c3bafff2bb301c37800a Copy to Clipboard
SHA1 01cd45c2244c66eb201a3bbb2b44b8db3753c910 Copy to Clipboard
SHA256 3c099e8a656f6d63978ecb6dd8d4c8eacdb689bb2f748314550dc78a05f30d95 Copy to Clipboard
SSDeep 3:2b:2b Copy to Clipboard
ImpHash -
37af1cc5a7606c4cce476c2324b066c3a7f625eee010baf8347937ad13fd4081 Extracted File Image
Clean
...
»
Parent File cbebc5f72e972b9199001b2411301fd9cedd56b337e0e8d47aa3f033415924d0
MIME Type image/png
File Size 851 Bytes
MD5 c979c0d3d2f8cca15ea84bf23abe70a9 Copy to Clipboard
SHA1 1697075cc08b8f994e1b8dae013efecf49e5b363 Copy to Clipboard
SHA256 37af1cc5a7606c4cce476c2324b066c3a7f625eee010baf8347937ad13fd4081 Copy to Clipboard
SSDeep 24:JDDOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOT:JDr Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image