Malicious
Classifications
Backdoor
Threat Names
NanoCore Mal/Generic-S
Dynamic Analysis Report
Created on 2022-08-05T11:28:59+00:00
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x004C4C4E |
Size Of Code | 0x000C2E00 |
Size Of Initialized Data | 0x00000800 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2056-09-10 19:49 (UTC+2) |
Version Information (11)
»
Comments | |
CompanyName | |
FileDescription | Lib Mang Sys |
FileVersion | 1.0.0.0 |
InternalName | AggregateDiction.exe |
LegalCopyright | Copyright © 2020 |
LegalTrademarks | |
OriginalFilename | AggregateDiction.exe |
ProductName | Lib Mang Sys |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x000C2C6C | 0x000C2E00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.54 |
.rsrc | 0x004C6000 | 0x000005DC | 0x00000600 | 0x000C3000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.15 |
.reloc | 0x004C8000 | 0x0000000C | 0x00000200 | 0x000C3600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x000C4C24 | 0x000C2E24 | 0x00000000 |
Memory Dumps (19)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe | 1 | 0x01370000 | 0x01439FFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 1 | 0x00610000 | 0x0061FFFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x008C0000 | 0x008C2FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 1 | 0x00340000 | 0x003C2FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe | 1 | 0x01370000 | 0x01439FFF | Final Dump | 32-bit | - |
...
|
||
buffer | 1 | 0x04DF0000 | 0x04E26FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 4 | 0x00400000 | 0x00437FFF | Content Changed | 32-bit | - |
...
|
||
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe | 4 | 0x01370000 | 0x01439FFF | Relevant Image | 32-bit | - |
...
|
||
fded70e0d7bee0d44fdb8cd327a09f1a879d61cc35a57a4d2cba7d7d232eed18.exe | 1 | 0x01370000 | 0x01439FFF | Process Termination | 32-bit | - |
...
|
||
buffer | 4 | 0x003E0000 | 0x003E4FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 4 | 0x00440000 | 0x00458FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 4 | 0x003E0000 | 0x003E4FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
buffer | 4 | 0x003F0000 | 0x003F2FFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
agpss.exe | 10 | 0x00EE0000 | 0x00FA9FFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 10 | 0x00470000 | 0x0047FFFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
nfxioujoilco.exe | 8 | 0x00EC0000 | 0x00F89FFF | Relevant Image | 32-bit | - |
...
|
||
buffer | 8 | 0x004C0000 | 0x004CFFFF | Reflectively Loaded .NET Assembly | 32-bit | - |
...
|
||
agpss.exe | 10 | 0x00EE0000 | 0x00FA9FFF | Final Dump | 32-bit | - |
...
|
||
nfxioujoilco.exe | 8 | 0x00EC0000 | 0x00F89FFF | Final Dump | 32-bit | - |
...
|
7301a2115a9d357c467346d7b5e295e2079a785d7ef2823424d8e6c57180eeb4 | Code Dump File | Stream |
Malicious
|
...
|
»
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat | Dropped File | Stream |
Clean
|
...
|
»
c:\users\keecfmwgj\appdata\local\gdipfontcachev1.dat | Dropped File | Stream |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Local\Temp\tmpC690.tmp | Dropped File | Text |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Local\Temp\tmpFD29.tmp | Dropped File | Text |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Local\Temp\tmp17.tmp | Dropped File | Text |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Roaming\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\task.dat | Dropped File | Text |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Roaming\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\run.dat | Dropped File | Text |
Clean
|
...
|
»
C:\Users\kEecfMwgj\AppData\Roaming\B9C8F16E-2E51-4052-9ECB-F86AE5D96EF6\settings.bin | Dropped File | Stream |
Clean
|
...
|
»
37af1cc5a7606c4cce476c2324b066c3a7f625eee010baf8347937ad13fd4081 | Extracted File | Image |
Clean
|
»