Try VMRay Platform
Malicious
Classifications

Backdoor Keylogger

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created on 2024-04-27T09:44:17+00:00

cagrt.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "35 days, 18 hours, 49 minutes, 44 seconds" to "3 hours, 17 minutes, 9 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\cagrt.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\OQXZRA~1\AppData\Local\Temp\wjhuwcp.exe (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 3.09 MB
MD5 60160e5c59102cdfd7506d7d106fc029 Copy to Clipboard
SHA1 d44460fe999e4838fd507b0abba3f12ed599d4bd Copy to Clipboard
SHA256 0f0f8f3babd10779dac4805595ef2141ad4dee809a140c3262c2cb729149ceb2 Copy to Clipboard
SSDeep 6144:33ue8ySm8hQAAIfFrRXuEE+0l97mKwKKqHVV/mx86JQPDHDdx/Qtqa:F/zkFF+EExZmKbKuV9IPJQPDHvd Copy to Clipboard
ImpHash d67c205451cfa889d29c6c8718886c08 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x00422943
Size Of Code 0x00029000
Size Of Initialized Data 0x0003C000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2006-12-09 06:15 (UTC)
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0002892F 0x00033000 0x00001000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.09
.rdata 0x0042A000 0x00003730 0x0000C000 0x000F7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.14
.data 0x0042E000 0x000370F4 0x00028000 0x002F1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.03
Imports (8)
»
KERNEL32.dll (115)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateThread - 0x0042A054 0x0002C650 0x000F9650 0x00000069
GetLogicalDriveStringsA - 0x0042A058 0x0002C654 0x000F9654 0x0000016E
GetDriveTypeA - 0x0042A05C 0x0002C658 0x000F9658 0x0000014B
GetWindowsDirectoryA - 0x0042A060 0x0002C65C 0x000F965C 0x000001E9
MoveFileA - 0x0042A064 0x0002C660 0x000F9660 0x00000264
FreeLibrary - 0x0042A068 0x0002C664 0x000F9664 0x000000EF
EnumResourceNamesA - 0x0042A06C 0x0002C668 0x000F9668 0x0000009C
LoadLibraryA - 0x0042A070 0x0002C66C 0x000F966C 0x00000248
GetProcAddress - 0x0042A074 0x0002C670 0x000F9670 0x00000198
GetModuleHandleA - 0x0042A078 0x0002C674 0x000F9674 0x00000177
GetSystemInfo - 0x0042A07C 0x0002C678 0x000F9678 0x000001BB
GetVersionExA - 0x0042A080 0x0002C67C 0x000F967C 0x000001DF
SetThreadPriority - 0x0042A084 0x0002C680 0x000F9680 0x00000336
GetCurrentThread - 0x0042A088 0x0002C684 0x000F9684 0x0000013D
FreeResource - 0x0042A08C 0x0002C688 0x000F9688 0x000000F1
UpdateResourceA - 0x0042A090 0x0002C68C 0x000F968C 0x00000367
SizeofResource - 0x0042A094 0x0002C690 0x000F9690 0x00000346
LockResource - 0x0042A098 0x0002C694 0x000F9694 0x0000025B
LoadResource - 0x0042A09C 0x0002C698 0x000F9698 0x0000024D
FindResourceA - 0x0042A0A0 0x0002C69C 0x000F969C 0x000000DA
EnumResourceLanguagesA - 0x0042A0A4 0x0002C6A0 0x000F96A0 0x0000009A
EndUpdateResourceA - 0x0042A0A8 0x0002C6A4 0x000F96A4 0x0000008D
BeginUpdateResourceA - 0x0042A0AC 0x0002C6A8 0x000F96A8 0x0000001A
CreateMutexA - 0x0042A0B0 0x0002C6AC 0x000F96AC 0x0000005A
GetLastError - 0x0042A0B4 0x0002C6B0 0x000F96B0 0x00000169
WaitForSingleObject - 0x0042A0B8 0x0002C6B4 0x000F96B4 0x00000383
GetVolumeInformationA - 0x0042A0BC 0x0002C6B8 0x000F96B8 0x000001E1
GetComputerNameA - 0x0042A0C0 0x0002C6BC 0x000F96BC 0x0000010C
GetCurrentProcess - 0x0042A0C4 0x0002C6C0 0x000F96C0 0x0000013A
OpenMutexA - 0x0042A0C8 0x0002C6C4 0x000F96C4 0x00000278
SetPriorityClass - 0x0042A0CC 0x0002C6C8 0x000F96C8 0x00000324
GetTempPathA - 0x0042A0D0 0x0002C6CC 0x000F96CC 0x000001CB
GetModuleFileNameA - 0x0042A0D4 0x0002C6D0 0x000F96D0 0x00000175
GetSystemDirectoryA - 0x0042A0D8 0x0002C6D4 0x000F96D4 0x000001B9
SetErrorMode - 0x0042A0DC 0x0002C6D8 0x000F96D8 0x00000308
InitializeCriticalSection - 0x0042A0E0 0x0002C6DC 0x000F96DC 0x00000219
HeapAlloc - 0x0042A0E4 0x0002C6E0 0x000F96E0 0x00000206
GetProcessHeap - 0x0042A0E8 0x0002C6E4 0x000F96E4 0x0000019B
HeapFree - 0x0042A0EC 0x0002C6E8 0x000F96E8 0x0000020C
WideCharToMultiByte - 0x0042A0F0 0x0002C6EC 0x000F96EC 0x00000387
MultiByteToWideChar - 0x0042A0F4 0x0002C6F0 0x000F96F0 0x0000026B
ExitThread - 0x0042A0F8 0x0002C6F4 0x000F96F4 0x000000B0
GetTimeFormatA - 0x0042A0FC 0x0002C6F8 0x000F96F8 0x000001D6
GetDateFormatA - 0x0042A100 0x0002C6FC 0x000F96FC 0x0000013F
GetFileSize - 0x0042A104 0x0002C700 0x000F9700 0x0000015B
SetFileAttributesA - 0x0042A108 0x0002C704 0x000F9704 0x0000030C
GlobalUnlock - 0x0042A10C 0x0002C708 0x000F9708 0x00000200
GlobalLock - 0x0042A110 0x0002C70C 0x000F970C 0x000001F9
GlobalAlloc - 0x0042A114 0x0002C710 0x000F9710 0x000001EE
lstrcmpiA - 0x0042A118 0x0002C714 0x000F9714 0x000003B3
SetFileTime - 0x0042A11C 0x0002C718 0x000F9718 0x00000312
SystemTimeToFileTime - 0x0042A120 0x0002C71C 0x000F971C 0x0000034C
GetSystemTime - 0x0042A124 0x0002C720 0x000F9720 0x000001BE
CreateDirectoryA - 0x0042A128 0x0002C724 0x000F9724 0x00000045
CreateProcessA - 0x0042A12C 0x0002C728 0x000F9728 0x00000060
GetCurrentProcessId - 0x0042A130 0x0002C72C 0x000F972C 0x0000013B
SetEnvironmentVariableA - 0x0042A134 0x0002C730 0x000F9730 0x00000306
CompareStringW - 0x0042A138 0x0002C734 0x000F9734 0x00000035
CompareStringA - 0x0042A13C 0x0002C738 0x000F9738 0x00000034
HeapSize - 0x0042A140 0x0002C73C 0x000F973C 0x00000212
GetSystemTimeAsFileTime - 0x0042A144 0x0002C740 0x000F9740 0x000001C0
GetCurrentThreadId - 0x0042A148 0x0002C744 0x000F9744 0x0000013E
QueryPerformanceCounter - 0x0042A14C 0x0002C748 0x000F9748 0x00000297
SetStdHandle - 0x0042A150 0x0002C74C 0x000F974C 0x0000032A
HeapReAlloc - 0x0042A154 0x0002C750 0x000F9750 0x00000210
GetLocaleInfoA - 0x0042A158 0x0002C754 0x000F9754 0x0000016C
GetExitCodeProcess - 0x0042A15C 0x0002C758 0x000F9758 0x00000152
GetStringTypeW - 0x0042A160 0x0002C75C 0x000F975C 0x000001B5
GetStringTypeA - 0x0042A164 0x0002C760 0x000F9760 0x000001B2
VirtualFree - 0x0042A168 0x0002C764 0x000F9764 0x00000376
HeapCreate - 0x0042A16C 0x0002C768 0x000F9768 0x00000208
HeapDestroy - 0x0042A170 0x0002C76C 0x000F976C 0x0000020A
GetFileType - 0x0042A174 0x0002C770 0x000F9770 0x0000015E
SetHandleCount - 0x0042A178 0x0002C774 0x000F9774 0x00000317
GetEnvironmentStringsW - 0x0042A17C 0x0002C778 0x000F9778 0x0000014F
FreeEnvironmentStringsW - 0x0042A180 0x0002C77C 0x000F977C 0x000000EE
GetEnvironmentStrings - 0x0042A184 0x0002C780 0x000F9780 0x0000014D
FreeEnvironmentStringsA - 0x0042A188 0x0002C784 0x000F9784 0x000000ED
UnhandledExceptionFilter - 0x0042A18C 0x0002C788 0x000F9788 0x00000360
GetStdHandle - 0x0042A190 0x0002C78C 0x000F978C 0x000001B1
VirtualAlloc - 0x0042A194 0x0002C790 0x000F9790 0x00000373
VirtualProtect - 0x0042A198 0x0002C794 0x000F9794 0x00000379
GetCPInfo - 0x0042A19C 0x0002C798 0x000F9798 0x000000FC
FlushFileBuffers - 0x0042A1A0 0x0002C79C 0x000F979C 0x000000E5
GetOEMCP - 0x0042A1A4 0x0002C7A0 0x000F97A0 0x0000018B
GetACP - 0x0042A1A8 0x0002C7A4 0x000F97A4 0x000000F5
LCMapStringW - 0x0042A1AC 0x0002C7A8 0x000F97A8 0x0000023B
LCMapStringA - 0x0042A1B0 0x0002C7AC 0x000F97AC 0x0000023A
VirtualQuery - 0x0042A1B4 0x0002C7B0 0x000F97B0 0x0000037B
InterlockedExchange - 0x0042A1B8 0x0002C7B4 0x000F97B4 0x0000021F
RtlUnwind - 0x0042A1BC 0x0002C7B8 0x000F97B8 0x000002CA
TerminateProcess - 0x0042A1C0 0x0002C7BC 0x000F97BC 0x0000034F
GetCommandLineA - 0x0042A1C4 0x0002C7C0 0x000F97C0 0x00000108
GetStartupInfoA - 0x0042A1C8 0x0002C7C4 0x000F97C4 0x000001AF
SetFilePointer - 0x0042A1CC 0x0002C7C8 0x000F97C8 0x0000030E
WriteFile - 0x0042A1D0 0x0002C7CC 0x000F97CC 0x00000394
CreateFileA - 0x0042A1D4 0x0002C7D0 0x000F97D0 0x0000004D
ReadFile - 0x0042A1D8 0x0002C7D4 0x000F97D4 0x000002A9
CloseHandle - 0x0042A1DC 0x0002C7D8 0x000F97D8 0x0000002E
Sleep - 0x0042A1E0 0x0002C7DC 0x000F97DC 0x00000347
FindFirstFileA - 0x0042A1E4 0x0002C7E0 0x000F97E0 0x000000C9
lstrcpyA - 0x0042A1E8 0x0002C7E4 0x000F97E4 0x000003B6
lstrcatA - 0x0042A1EC 0x0002C7E8 0x000F97E8 0x000003AD
ExitProcess - 0x0042A1F0 0x0002C7EC 0x000F97EC 0x000000AF
lstrcmpA - 0x0042A1F4 0x0002C7F0 0x000F97F0 0x000003B0
EnterCriticalSection - 0x0042A1F8 0x0002C7F4 0x000F97F4 0x0000008F
LeaveCriticalSection - 0x0042A1FC 0x0002C7F8 0x000F97F8 0x00000247
DeleteFileA - 0x0042A200 0x0002C7FC 0x000F97FC 0x0000007C
lstrcpynA - 0x0042A204 0x0002C800 0x000F9800 0x000003B9
GetTickCount - 0x0042A208 0x0002C804 0x000F9804 0x000001D5
GetFileAttributesA - 0x0042A20C 0x0002C808 0x000F9808 0x00000156
lstrlenA - 0x0042A210 0x0002C80C 0x000F980C 0x000003BC
CopyFileA - 0x0042A214 0x0002C810 0x000F9810 0x0000003D
FindNextFileA - 0x0042A218 0x0002C814 0x000F9814 0x000000D3
FindClose - 0x0042A21C 0x0002C818 0x000F9818 0x000000C5
USER32.dll (41)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TranslateMessage - 0x0042A248 0x0002C844 0x000F9844 0x000002AA
GetMessageA - 0x0042A24C 0x0002C848 0x000F9848 0x0000013A
UpdateWindow - 0x0042A250 0x0002C84C 0x000F984C 0x000002BB
RegisterClassA - 0x0042A254 0x0002C850 0x000F9850 0x00000216
DispatchMessageA - 0x0042A258 0x0002C854 0x000F9854 0x000000A1
wsprintfA - 0x0042A25C 0x0002C858 0x000F9858 0x000002D6
GetWindowRect - 0x0042A260 0x0002C85C 0x000F985C 0x00000174
GetDesktopWindow - 0x0042A264 0x0002C860 0x000F9860 0x0000010E
ShowWindow - 0x0042A268 0x0002C864 0x000F9864 0x00000292
EnableWindow - 0x0042A26C 0x0002C868 0x000F9868 0x000000C4
GetClassNameA - 0x0042A270 0x0002C86C 0x000F986C 0x000000FC
DestroyWindow - 0x0042A274 0x0002C870 0x000F9870 0x00000099
UnregisterClassA - 0x0042A278 0x0002C874 0x000F9874 0x000002B3
PostMessageA - 0x0042A27C 0x0002C878 0x000F9878 0x00000201
GetWindowThreadProcessId - 0x0042A280 0x0002C87C 0x000F987C 0x0000017B
GetWindowTextA - 0x0042A284 0x0002C880 0x000F9880 0x00000177
IsWindowVisible - 0x0042A288 0x0002C884 0x000F9884 0x000001B1
EnumWindows - 0x0042A28C 0x0002C888 0x000F9888 0x000000DE
IsWindowEnabled - 0x0042A290 0x0002C88C 0x000F988C 0x000001AE
LookupIconIdFromDirectoryEx - 0x0042A294 0x0002C890 0x000F9890 0x000001D1
GetCursorPos - 0x0042A298 0x0002C894 0x000F9894 0x0000010B
SetCursorPos - 0x0042A29C 0x0002C898 0x000F9898 0x0000024F
GetSystemMetrics - 0x0042A2A0 0x0002C89C 0x000F989C 0x0000015D
ReleaseDC - 0x0042A2A4 0x0002C8A0 0x000F98A0 0x0000022A
GetWindowDC - 0x0042A2A8 0x0002C8A4 0x000F98A4 0x0000016C
SetClipboardData - 0x0042A2AC 0x0002C8A8 0x000F98A8 0x0000024A
EmptyClipboard - 0x0042A2B0 0x0002C8AC 0x000F98AC 0x000000C1
SendInput - 0x0042A2B4 0x0002C8B0 0x000F98B0 0x0000023A
SendMessageTimeoutA - 0x0042A2B8 0x0002C8B4 0x000F98B4 0x0000023E
RegisterWindowMessageA - 0x0042A2BC 0x0002C8B8 0x000F98B8 0x00000227
SetWindowPos - 0x0042A2C0 0x0002C8BC 0x000F98BC 0x00000283
PostQuitMessage - 0x0042A2C4 0x0002C8C0 0x000F98C0 0x00000203
GetClientRect - 0x0042A2C8 0x0002C8C4 0x000F98C4 0x000000FF
GetWindowInfo - 0x0042A2CC 0x0002C8C8 0x000F98C8 0x0000016D
GetWindow - 0x0042A2D0 0x0002C8CC 0x000F98CC 0x0000016A
GetWindowPlacement - 0x0042A2D4 0x0002C8D0 0x000F98D0 0x00000173
MessageBoxA - 0x0042A2D8 0x0002C8D4 0x000F98D4 0x000001DE
EnumChildWindows - 0x0042A2DC 0x0002C8D8 0x000F98D8 0x000000CB
SetWindowTextA - 0x0042A2E0 0x0002C8DC 0x000F98DC 0x00000286
SetForegroundWindow - 0x0042A2E4 0x0002C8E0 0x000F98E0 0x00000257
SetFocus - 0x0042A2E8 0x0002C8E4 0x000F98E4 0x00000256
GDI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateCompatibleDC - 0x0042A034 0x0002C630 0x000F9630 0x0000002D
CreateCompatibleBitmap - 0x0042A038 0x0002C634 0x000F9634 0x0000002C
SelectObject - 0x0042A03C 0x0002C638 0x000F9638 0x0000020E
BitBlt - 0x0042A040 0x0002C63C 0x000F963C 0x00000012
DeleteDC - 0x0042A044 0x0002C640 0x000F9640 0x0000008C
GetDIBits - 0x0042A048 0x0002C644 0x000F9644 0x0000016A
DeleteObject - 0x0042A04C 0x0002C648 0x000F9648 0x0000008F
ADVAPI32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetSecurityDescriptorGroup - 0x0042A000 0x0002C5FC 0x000F95FC 0x00000230
ChangeServiceConfigA - 0x0042A004 0x0002C600 0x000F9600 0x00000036
GetUserNameA - 0x0042A008 0x0002C604 0x000F9604 0x00000123
SetSecurityDescriptorOwner - 0x0042A00C 0x0002C608 0x000F9608 0x00000231
SetSecurityDescriptorDacl - 0x0042A010 0x0002C60C 0x000F960C 0x0000022F
InitializeSecurityDescriptor - 0x0042A014 0x0002C610 0x000F9610 0x00000132
AddAccessAllowedAce - 0x0042A018 0x0002C614 0x000F9614 0x00000010
InitializeAcl - 0x0042A01C 0x0002C618 0x000F9618 0x00000131
GetLengthSid - 0x0042A020 0x0002C61C 0x000F961C 0x000000F6
GetTokenInformation - 0x0042A024 0x0002C620 0x000F9620 0x00000119
SetFileSecurityA - 0x0042A028 0x0002C624 0x000F9624 0x00000223
SetSecurityDescriptorSacl - 0x0042A02C 0x0002C628 0x000F9628 0x00000233
SHELL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA - 0x0042A234 0x0002C830 0x000F9830 0x00000106
SHGetSpecialFolderLocation - 0x0042A238 0x0002C834 0x000F9834 0x000000C2
SHGetPathFromIDListA - 0x0042A23C 0x0002C838 0x000F9838 0x000000BB
SHGetMalloc - 0x0042A240 0x0002C83C 0x000F983C 0x000000B6
WS2_32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
inet_addr 0x0000000B 0x0042A300 0x0002C8FC 0x000F98FC -
WSACreateEvent - 0x0042A304 0x0002C900 0x000F9900 0x00000013
WSAEventSelect - 0x0042A308 0x0002C904 0x000F9904 0x0000001B
WSAWaitForMultipleEvents - 0x0042A30C 0x0002C908 0x000F9908 0x00000046
WSAEnumNetworkEvents - 0x0042A310 0x0002C90C 0x000F990C 0x00000018
WSACloseEvent - 0x0042A314 0x0002C910 0x000F9910 0x00000011
sendto 0x00000014 0x0042A318 0x0002C914 0x000F9914 -
WSAGetLastError 0x0000006F 0x0042A31C 0x0002C918 0x000F9918 -
gethostbyaddr 0x00000033 0x0042A320 0x0002C91C 0x000F991C -
accept 0x00000001 0x0042A324 0x0002C920 0x000F9920 -
getpeername 0x00000005 0x0042A328 0x0002C924 0x000F9924 -
shutdown 0x00000016 0x0042A32C 0x0002C928 0x000F9928 -
inet_ntoa 0x0000000C 0x0042A330 0x0002C92C 0x000F992C -
select 0x00000012 0x0042A334 0x0002C930 0x000F9930 -
__WSAFDIsSet 0x00000097 0x0042A338 0x0002C934 0x000F9934 -
recv 0x00000010 0x0042A33C 0x0002C938 0x000F9938 -
send 0x00000013 0x0042A340 0x0002C93C 0x000F993C -
closesocket 0x00000003 0x0042A344 0x0002C940 0x000F9940 -
htons 0x00000009 0x0042A348 0x0002C944 0x000F9944 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x0042A2F0 0x0002C8EC 0x000F98EC 0x00000001
GetFileVersionInfoA - 0x0042A2F4 0x0002C8F0 0x000F98F0 0x00000000
VerQueryValueA - 0x0042A2F8 0x0002C8F4 0x000F98F4 0x0000000A
RPCRT4.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UuidCreate - 0x0042A224 0x0002C820 0x000F9820 0x000001E1
UuidToStringA - 0x0042A228 0x0002C824 0x000F9824 0x000001E9
RpcStringFreeA - 0x0042A22C 0x0002C828 0x000F9828 0x000001D7
Memory Dumps (13)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
cagrt.exe 1 0x00400000 0x00465FFF Relevant Image False 32-bit 0x0042594F False
...
cagrt.exe 1 0x00400000 0x00465FFF Final Dump False 32-bit 0x00414B88 False
...
wjhuwcp.exe 4 0x00400000 0x00465FFF Relevant Image False 32-bit 0x0042594F False
...
wjhuwcp.exe 5 0x00400000 0x00465FFF Relevant Image False 32-bit 0x0041A11E False
...
cagrt.exe 1 0x00400000 0x00465FFF Process Termination False 32-bit - False
...
buffer 4 0x02A9D000 0x02A9FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x0295D000 0x0295FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x022DF000 0x022DFFFF First Network Behavior False 32-bit - False
...
buffer 4 0x0210F000 0x0210FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x00195000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x021D1490 0x021D1C8F First Network Behavior False 32-bit - False
...
buffer 4 0x021D1C98 0x021D1D17 First Network Behavior False 32-bit - False
...
wjhuwcp.exe 4 0x00400000 0x00465FFF First Network Behavior False 32-bit 0x004228D3 False
...
C:\Users\OQXZRA~1\AppData\Local\Temp\wjhuwcp.exe Dropped File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 4.34 MB
MD5 afcb121c88f057c17a85ee132ffab749 Copy to Clipboard
SHA1 a996db098910b6c83d178ceaef5f90036768d106 Copy to Clipboard
SHA256 3942ef3732b4fbb8282e015b7f1860fc524a4e33f3b3f6bcd5ed892116805a60 Copy to Clipboard
SSDeep 12288:5/zkFF+EExZmKbC+UFmF+iicUz8hKliUbNQiu1lPuV9IPJQPDHvd:5/c+EEXmKcVs4V Copy to Clipboard
ImpHash d67c205451cfa889d29c6c8718886c08 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00422943
Size Of Code 0x00029000
Size Of Initialized Data 0x0003C000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2006-12-09 05:23 (UTC)
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0002892F 0x00034000 0x00001000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.0
.rdata 0x0042A000 0x00003730 0x0000C000 0x0012D000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.14
.data 0x0042E000 0x000370F4 0x0002A000 0x0042E000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.8
Imports (8)
»
KERNEL32.dll (115)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateThread - 0x0042A054 0x0002C650 0x0012F650 0x00000069
GetLogicalDriveStringsA - 0x0042A058 0x0002C654 0x0012F654 0x0000016E
GetDriveTypeA - 0x0042A05C 0x0002C658 0x0012F658 0x0000014B
GetWindowsDirectoryA - 0x0042A060 0x0002C65C 0x0012F65C 0x000001E9
MoveFileA - 0x0042A064 0x0002C660 0x0012F660 0x00000264
FreeLibrary - 0x0042A068 0x0002C664 0x0012F664 0x000000EF
EnumResourceNamesA - 0x0042A06C 0x0002C668 0x0012F668 0x0000009C
LoadLibraryA - 0x0042A070 0x0002C66C 0x0012F66C 0x00000248
GetProcAddress - 0x0042A074 0x0002C670 0x0012F670 0x00000198
GetModuleHandleA - 0x0042A078 0x0002C674 0x0012F674 0x00000177
GetSystemInfo - 0x0042A07C 0x0002C678 0x0012F678 0x000001BB
GetVersionExA - 0x0042A080 0x0002C67C 0x0012F67C 0x000001DF
SetThreadPriority - 0x0042A084 0x0002C680 0x0012F680 0x00000336
GetCurrentThread - 0x0042A088 0x0002C684 0x0012F684 0x0000013D
FreeResource - 0x0042A08C 0x0002C688 0x0012F688 0x000000F1
UpdateResourceA - 0x0042A090 0x0002C68C 0x0012F68C 0x00000367
SizeofResource - 0x0042A094 0x0002C690 0x0012F690 0x00000346
LockResource - 0x0042A098 0x0002C694 0x0012F694 0x0000025B
LoadResource - 0x0042A09C 0x0002C698 0x0012F698 0x0000024D
FindResourceA - 0x0042A0A0 0x0002C69C 0x0012F69C 0x000000DA
EnumResourceLanguagesA - 0x0042A0A4 0x0002C6A0 0x0012F6A0 0x0000009A
EndUpdateResourceA - 0x0042A0A8 0x0002C6A4 0x0012F6A4 0x0000008D
BeginUpdateResourceA - 0x0042A0AC 0x0002C6A8 0x0012F6A8 0x0000001A
CreateMutexA - 0x0042A0B0 0x0002C6AC 0x0012F6AC 0x0000005A
GetLastError - 0x0042A0B4 0x0002C6B0 0x0012F6B0 0x00000169
WaitForSingleObject - 0x0042A0B8 0x0002C6B4 0x0012F6B4 0x00000383
GetVolumeInformationA - 0x0042A0BC 0x0002C6B8 0x0012F6B8 0x000001E1
GetComputerNameA - 0x0042A0C0 0x0002C6BC 0x0012F6BC 0x0000010C
GetCurrentProcess - 0x0042A0C4 0x0002C6C0 0x0012F6C0 0x0000013A
OpenMutexA - 0x0042A0C8 0x0002C6C4 0x0012F6C4 0x00000278
SetPriorityClass - 0x0042A0CC 0x0002C6C8 0x0012F6C8 0x00000324
GetTempPathA - 0x0042A0D0 0x0002C6CC 0x0012F6CC 0x000001CB
GetModuleFileNameA - 0x0042A0D4 0x0002C6D0 0x0012F6D0 0x00000175
GetSystemDirectoryA - 0x0042A0D8 0x0002C6D4 0x0012F6D4 0x000001B9
SetErrorMode - 0x0042A0DC 0x0002C6D8 0x0012F6D8 0x00000308
InitializeCriticalSection - 0x0042A0E0 0x0002C6DC 0x0012F6DC 0x00000219
HeapAlloc - 0x0042A0E4 0x0002C6E0 0x0012F6E0 0x00000206
GetProcessHeap - 0x0042A0E8 0x0002C6E4 0x0012F6E4 0x0000019B
HeapFree - 0x0042A0EC 0x0002C6E8 0x0012F6E8 0x0000020C
WideCharToMultiByte - 0x0042A0F0 0x0002C6EC 0x0012F6EC 0x00000387
MultiByteToWideChar - 0x0042A0F4 0x0002C6F0 0x0012F6F0 0x0000026B
ExitThread - 0x0042A0F8 0x0002C6F4 0x0012F6F4 0x000000B0
GetTimeFormatA - 0x0042A0FC 0x0002C6F8 0x0012F6F8 0x000001D6
GetDateFormatA - 0x0042A100 0x0002C6FC 0x0012F6FC 0x0000013F
GetFileSize - 0x0042A104 0x0002C700 0x0012F700 0x0000015B
SetFileAttributesA - 0x0042A108 0x0002C704 0x0012F704 0x0000030C
GlobalUnlock - 0x0042A10C 0x0002C708 0x0012F708 0x00000200
GlobalLock - 0x0042A110 0x0002C70C 0x0012F70C 0x000001F9
GlobalAlloc - 0x0042A114 0x0002C710 0x0012F710 0x000001EE
lstrcmpiA - 0x0042A118 0x0002C714 0x0012F714 0x000003B3
SetFileTime - 0x0042A11C 0x0002C718 0x0012F718 0x00000312
SystemTimeToFileTime - 0x0042A120 0x0002C71C 0x0012F71C 0x0000034C
GetSystemTime - 0x0042A124 0x0002C720 0x0012F720 0x000001BE
CreateDirectoryA - 0x0042A128 0x0002C724 0x0012F724 0x00000045
CreateProcessA - 0x0042A12C 0x0002C728 0x0012F728 0x00000060
GetCurrentProcessId - 0x0042A130 0x0002C72C 0x0012F72C 0x0000013B
SetEnvironmentVariableA - 0x0042A134 0x0002C730 0x0012F730 0x00000306
CompareStringW - 0x0042A138 0x0002C734 0x0012F734 0x00000035
CompareStringA - 0x0042A13C 0x0002C738 0x0012F738 0x00000034
HeapSize - 0x0042A140 0x0002C73C 0x0012F73C 0x00000212
GetSystemTimeAsFileTime - 0x0042A144 0x0002C740 0x0012F740 0x000001C0
GetCurrentThreadId - 0x0042A148 0x0002C744 0x0012F744 0x0000013E
QueryPerformanceCounter - 0x0042A14C 0x0002C748 0x0012F748 0x00000297
SetStdHandle - 0x0042A150 0x0002C74C 0x0012F74C 0x0000032A
HeapReAlloc - 0x0042A154 0x0002C750 0x0012F750 0x00000210
GetLocaleInfoA - 0x0042A158 0x0002C754 0x0012F754 0x0000016C
GetExitCodeProcess - 0x0042A15C 0x0002C758 0x0012F758 0x00000152
GetStringTypeW - 0x0042A160 0x0002C75C 0x0012F75C 0x000001B5
GetStringTypeA - 0x0042A164 0x0002C760 0x0012F760 0x000001B2
VirtualFree - 0x0042A168 0x0002C764 0x0012F764 0x00000376
HeapCreate - 0x0042A16C 0x0002C768 0x0012F768 0x00000208
HeapDestroy - 0x0042A170 0x0002C76C 0x0012F76C 0x0000020A
GetFileType - 0x0042A174 0x0002C770 0x0012F770 0x0000015E
SetHandleCount - 0x0042A178 0x0002C774 0x0012F774 0x00000317
GetEnvironmentStringsW - 0x0042A17C 0x0002C778 0x0012F778 0x0000014F
FreeEnvironmentStringsW - 0x0042A180 0x0002C77C 0x0012F77C 0x000000EE
GetEnvironmentStrings - 0x0042A184 0x0002C780 0x0012F780 0x0000014D
FreeEnvironmentStringsA - 0x0042A188 0x0002C784 0x0012F784 0x000000ED
UnhandledExceptionFilter - 0x0042A18C 0x0002C788 0x0012F788 0x00000360
GetStdHandle - 0x0042A190 0x0002C78C 0x0012F78C 0x000001B1
VirtualAlloc - 0x0042A194 0x0002C790 0x0012F790 0x00000373
VirtualProtect - 0x0042A198 0x0002C794 0x0012F794 0x00000379
GetCPInfo - 0x0042A19C 0x0002C798 0x0012F798 0x000000FC
FlushFileBuffers - 0x0042A1A0 0x0002C79C 0x0012F79C 0x000000E5
GetOEMCP - 0x0042A1A4 0x0002C7A0 0x0012F7A0 0x0000018B
GetACP - 0x0042A1A8 0x0002C7A4 0x0012F7A4 0x000000F5
LCMapStringW - 0x0042A1AC 0x0002C7A8 0x0012F7A8 0x0000023B
LCMapStringA - 0x0042A1B0 0x0002C7AC 0x0012F7AC 0x0000023A
VirtualQuery - 0x0042A1B4 0x0002C7B0 0x0012F7B0 0x0000037B
InterlockedExchange - 0x0042A1B8 0x0002C7B4 0x0012F7B4 0x0000021F
RtlUnwind - 0x0042A1BC 0x0002C7B8 0x0012F7B8 0x000002CA
TerminateProcess - 0x0042A1C0 0x0002C7BC 0x0012F7BC 0x0000034F
GetCommandLineA - 0x0042A1C4 0x0002C7C0 0x0012F7C0 0x00000108
GetStartupInfoA - 0x0042A1C8 0x0002C7C4 0x0012F7C4 0x000001AF
SetFilePointer - 0x0042A1CC 0x0002C7C8 0x0012F7C8 0x0000030E
WriteFile - 0x0042A1D0 0x0002C7CC 0x0012F7CC 0x00000394
CreateFileA - 0x0042A1D4 0x0002C7D0 0x0012F7D0 0x0000004D
ReadFile - 0x0042A1D8 0x0002C7D4 0x0012F7D4 0x000002A9
CloseHandle - 0x0042A1DC 0x0002C7D8 0x0012F7D8 0x0000002E
Sleep - 0x0042A1E0 0x0002C7DC 0x0012F7DC 0x00000347
FindFirstFileA - 0x0042A1E4 0x0002C7E0 0x0012F7E0 0x000000C9
lstrcpyA - 0x0042A1E8 0x0002C7E4 0x0012F7E4 0x000003B6
lstrcatA - 0x0042A1EC 0x0002C7E8 0x0012F7E8 0x000003AD
ExitProcess - 0x0042A1F0 0x0002C7EC 0x0012F7EC 0x000000AF
lstrcmpA - 0x0042A1F4 0x0002C7F0 0x0012F7F0 0x000003B0
EnterCriticalSection - 0x0042A1F8 0x0002C7F4 0x0012F7F4 0x0000008F
LeaveCriticalSection - 0x0042A1FC 0x0002C7F8 0x0012F7F8 0x00000247
DeleteFileA - 0x0042A200 0x0002C7FC 0x0012F7FC 0x0000007C
lstrcpynA - 0x0042A204 0x0002C800 0x0012F800 0x000003B9
GetTickCount - 0x0042A208 0x0002C804 0x0012F804 0x000001D5
GetFileAttributesA - 0x0042A20C 0x0002C808 0x0012F808 0x00000156
lstrlenA - 0x0042A210 0x0002C80C 0x0012F80C 0x000003BC
CopyFileA - 0x0042A214 0x0002C810 0x0012F810 0x0000003D
FindNextFileA - 0x0042A218 0x0002C814 0x0012F814 0x000000D3
FindClose - 0x0042A21C 0x0002C818 0x0012F818 0x000000C5
USER32.dll (41)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TranslateMessage - 0x0042A248 0x0002C844 0x0012F844 0x000002AA
GetMessageA - 0x0042A24C 0x0002C848 0x0012F848 0x0000013A
UpdateWindow - 0x0042A250 0x0002C84C 0x0012F84C 0x000002BB
RegisterClassA - 0x0042A254 0x0002C850 0x0012F850 0x00000216
DispatchMessageA - 0x0042A258 0x0002C854 0x0012F854 0x000000A1
wsprintfA - 0x0042A25C 0x0002C858 0x0012F858 0x000002D6
GetWindowRect - 0x0042A260 0x0002C85C 0x0012F85C 0x00000174
GetDesktopWindow - 0x0042A264 0x0002C860 0x0012F860 0x0000010E
ShowWindow - 0x0042A268 0x0002C864 0x0012F864 0x00000292
EnableWindow - 0x0042A26C 0x0002C868 0x0012F868 0x000000C4
GetClassNameA - 0x0042A270 0x0002C86C 0x0012F86C 0x000000FC
DestroyWindow - 0x0042A274 0x0002C870 0x0012F870 0x00000099
UnregisterClassA - 0x0042A278 0x0002C874 0x0012F874 0x000002B3
PostMessageA - 0x0042A27C 0x0002C878 0x0012F878 0x00000201
GetWindowThreadProcessId - 0x0042A280 0x0002C87C 0x0012F87C 0x0000017B
GetWindowTextA - 0x0042A284 0x0002C880 0x0012F880 0x00000177
IsWindowVisible - 0x0042A288 0x0002C884 0x0012F884 0x000001B1
EnumWindows - 0x0042A28C 0x0002C888 0x0012F888 0x000000DE
IsWindowEnabled - 0x0042A290 0x0002C88C 0x0012F88C 0x000001AE
LookupIconIdFromDirectoryEx - 0x0042A294 0x0002C890 0x0012F890 0x000001D1
GetCursorPos - 0x0042A298 0x0002C894 0x0012F894 0x0000010B
SetCursorPos - 0x0042A29C 0x0002C898 0x0012F898 0x0000024F
GetSystemMetrics - 0x0042A2A0 0x0002C89C 0x0012F89C 0x0000015D
ReleaseDC - 0x0042A2A4 0x0002C8A0 0x0012F8A0 0x0000022A
GetWindowDC - 0x0042A2A8 0x0002C8A4 0x0012F8A4 0x0000016C
SetClipboardData - 0x0042A2AC 0x0002C8A8 0x0012F8A8 0x0000024A
EmptyClipboard - 0x0042A2B0 0x0002C8AC 0x0012F8AC 0x000000C1
SendInput - 0x0042A2B4 0x0002C8B0 0x0012F8B0 0x0000023A
SendMessageTimeoutA - 0x0042A2B8 0x0002C8B4 0x0012F8B4 0x0000023E
RegisterWindowMessageA - 0x0042A2BC 0x0002C8B8 0x0012F8B8 0x00000227
SetWindowPos - 0x0042A2C0 0x0002C8BC 0x0012F8BC 0x00000283
PostQuitMessage - 0x0042A2C4 0x0002C8C0 0x0012F8C0 0x00000203
GetClientRect - 0x0042A2C8 0x0002C8C4 0x0012F8C4 0x000000FF
GetWindowInfo - 0x0042A2CC 0x0002C8C8 0x0012F8C8 0x0000016D
GetWindow - 0x0042A2D0 0x0002C8CC 0x0012F8CC 0x0000016A
GetWindowPlacement - 0x0042A2D4 0x0002C8D0 0x0012F8D0 0x00000173
MessageBoxA - 0x0042A2D8 0x0002C8D4 0x0012F8D4 0x000001DE
EnumChildWindows - 0x0042A2DC 0x0002C8D8 0x0012F8D8 0x000000CB
SetWindowTextA - 0x0042A2E0 0x0002C8DC 0x0012F8DC 0x00000286
SetForegroundWindow - 0x0042A2E4 0x0002C8E0 0x0012F8E0 0x00000257
SetFocus - 0x0042A2E8 0x0002C8E4 0x0012F8E4 0x00000256
GDI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateCompatibleDC - 0x0042A034 0x0002C630 0x0012F630 0x0000002D
CreateCompatibleBitmap - 0x0042A038 0x0002C634 0x0012F634 0x0000002C
SelectObject - 0x0042A03C 0x0002C638 0x0012F638 0x0000020E
BitBlt - 0x0042A040 0x0002C63C 0x0012F63C 0x00000012
DeleteDC - 0x0042A044 0x0002C640 0x0012F640 0x0000008C
GetDIBits - 0x0042A048 0x0002C644 0x0012F644 0x0000016A
DeleteObject - 0x0042A04C 0x0002C648 0x0012F648 0x0000008F
ADVAPI32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetSecurityDescriptorGroup - 0x0042A000 0x0002C5FC 0x0012F5FC 0x00000230
ChangeServiceConfigA - 0x0042A004 0x0002C600 0x0012F600 0x00000036
GetUserNameA - 0x0042A008 0x0002C604 0x0012F604 0x00000123
SetSecurityDescriptorOwner - 0x0042A00C 0x0002C608 0x0012F608 0x00000231
SetSecurityDescriptorDacl - 0x0042A010 0x0002C60C 0x0012F60C 0x0000022F
InitializeSecurityDescriptor - 0x0042A014 0x0002C610 0x0012F610 0x00000132
AddAccessAllowedAce - 0x0042A018 0x0002C614 0x0012F614 0x00000010
InitializeAcl - 0x0042A01C 0x0002C618 0x0012F618 0x00000131
GetLengthSid - 0x0042A020 0x0002C61C 0x0012F61C 0x000000F6
GetTokenInformation - 0x0042A024 0x0002C620 0x0012F620 0x00000119
SetFileSecurityA - 0x0042A028 0x0002C624 0x0012F624 0x00000223
SetSecurityDescriptorSacl - 0x0042A02C 0x0002C628 0x0012F628 0x00000233
SHELL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA - 0x0042A234 0x0002C830 0x0012F830 0x00000106
SHGetSpecialFolderLocation - 0x0042A238 0x0002C834 0x0012F834 0x000000C2
SHGetPathFromIDListA - 0x0042A23C 0x0002C838 0x0012F838 0x000000BB
SHGetMalloc - 0x0042A240 0x0002C83C 0x0012F83C 0x000000B6
WS2_32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
inet_addr 0x0000000B 0x0042A300 0x0002C8FC 0x0012F8FC -
WSACreateEvent - 0x0042A304 0x0002C900 0x0012F900 0x00000013
WSAEventSelect - 0x0042A308 0x0002C904 0x0012F904 0x0000001B
WSAWaitForMultipleEvents - 0x0042A30C 0x0002C908 0x0012F908 0x00000046
WSAEnumNetworkEvents - 0x0042A310 0x0002C90C 0x0012F90C 0x00000018
WSACloseEvent - 0x0042A314 0x0002C910 0x0012F910 0x00000011
sendto 0x00000014 0x0042A318 0x0002C914 0x0012F914 -
WSAGetLastError 0x0000006F 0x0042A31C 0x0002C918 0x0012F918 -
gethostbyaddr 0x00000033 0x0042A320 0x0002C91C 0x0012F91C -
accept 0x00000001 0x0042A324 0x0002C920 0x0012F920 -
getpeername 0x00000005 0x0042A328 0x0002C924 0x0012F924 -
shutdown 0x00000016 0x0042A32C 0x0002C928 0x0012F928 -
inet_ntoa 0x0000000C 0x0042A330 0x0002C92C 0x0012F92C -
select 0x00000012 0x0042A334 0x0002C930 0x0012F930 -
__WSAFDIsSet 0x00000097 0x0042A338 0x0002C934 0x0012F934 -
recv 0x00000010 0x0042A33C 0x0002C938 0x0012F938 -
send 0x00000013 0x0042A340 0x0002C93C 0x0012F93C -
closesocket 0x00000003 0x0042A344 0x0002C940 0x0012F940 -
htons 0x00000009 0x0042A348 0x0002C944 0x0012F944 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x0042A2F0 0x0002C8EC 0x0012F8EC 0x00000001
GetFileVersionInfoA - 0x0042A2F4 0x0002C8F0 0x0012F8F0 0x00000000
VerQueryValueA - 0x0042A2F8 0x0002C8F4 0x0012F8F4 0x0000000A
RPCRT4.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UuidCreate - 0x0042A224 0x0002C820 0x0012F820 0x000001E1
UuidToStringA - 0x0042A228 0x0002C824 0x0012F824 0x000001E9
RpcStringFreeA - 0x0042A22C 0x0002C828 0x0012F828 0x000001D7
Memory Dumps (10)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
wjhuwcp.exe 4 0x00400000 0x00465FFF Relevant Image False 32-bit 0x0042594F False
...
wjhuwcp.exe 5 0x00400000 0x00465FFF Relevant Image False 32-bit 0x0041A11E False
...
buffer 4 0x02A9D000 0x02A9FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x0295D000 0x0295FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x022DF000 0x022DFFFF First Network Behavior False 32-bit - False
...
buffer 4 0x0210F000 0x0210FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x00195000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 4 0x021D1490 0x021D1C8F First Network Behavior False 32-bit - False
...
buffer 4 0x021D1C98 0x021D1D17 First Network Behavior False 32-bit - False
...
wjhuwcp.exe 4 0x00400000 0x00465FFF First Network Behavior False 32-bit 0x004228D3 False
...
C:\Program Files (x86)\nhmgpcwgxjbnlsuiyyqwhbgajwqardvhfmoc.skq Dropped File Stream
Clean
...
»
Also Known As C:\Users\OQXZRA~1\AppData\Local\Temp\nhmgpcwgxjbnlsuiyyqwhbgajwqardvhfmoc.skq (Accessed File)
C:\Users\OqXZRaykm\AppData\Local\nhmgpcwgxjbnlsuiyyqwhbgajwqardvhfmoc.skq (Accessed File)
C:\Windows\nhmgpcwgxjbnlsuiyyqwhbgajwqardvhfmoc.skq (Accessed File)
C:\Windows\system32\nhmgpcwgxjbnlsuiyyqwhbgajwqardvhfmoc.skq (Accessed File)
nhmgpcwgxjbnlsuiyyqwhbgajwqardvhfmoc.skq (Accessed File)
MIME Type application/octet-stream
File Size 3.99 KB
MD5 7d4096f1a0a8c82f748cc31129dce5af Copy to Clipboard
SHA1 93d653d284ce7b4f5410a8d11e62709084e88855 Copy to Clipboard
SHA256 2d6312967c650a828e7d9286f8ef5573762419dbeefbca98ec79279f3f538c89 Copy to Clipboard
SSDeep 96:OlrJcCKO2/i8uVC4e6dJ+UN49g9CQ6TBTQE4+XSRiel:/CKO2/isR6dJtC9EqB0EZXSRtl Copy to Clipboard
ImpHash -
C:\Program Files (x86)\irlusudcijqrearuzovqqztca.lkq Dropped File Stream
Clean
...
»
Also Known As C:\Users\OQXZRA~1\AppData\Local\Temp\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Users\OqXZRaykm\AppData\Local\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\system32\irlusudcijqrearuzovqqztca.lkq (Accessed File)
irlusudcijqrearuzovqqztca.lkq (Accessed File)
MIME Type application/octet-stream
File Size 272 Bytes
MD5 a7eb7d68e8788f28de50324ceef3ea3a Copy to Clipboard
SHA1 c1d6a67d955e1b0702e4f02963ebf02bff68dd42 Copy to Clipboard
SHA256 e983f16a67f3c4f3e10028cb477fdb02d0768ee00d55cce1162104587a8b0ab8 Copy to Clipboard
SSDeep 6:wQXKsEoa6e1awfS7d8rj5yg1rj1Dz4QHCPRC5l36cVzw:NpEjgwfIdej5ykjZz4GguIGw Copy to Clipboard
ImpHash -
C:\Program Files (x86)\irlusudcijqrearuzovqqztca.lkq Dropped File Stream
Clean
...
»
Also Known As C:\Users\OQXZRA~1\AppData\Local\Temp\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Users\OqXZRaykm\AppData\Local\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\system32\irlusudcijqrearuzovqqztca.lkq (Accessed File)
irlusudcijqrearuzovqqztca.lkq (Accessed File)
MIME Type application/octet-stream
File Size 272 Bytes
MD5 ff9d4a9325604f55482e6f091bea93ff Copy to Clipboard
SHA1 d8683f0d5576fd0e83f7aaa5fb1299436d8be0d0 Copy to Clipboard
SHA256 f94284e6ba48dffcd9d95c0675630048f34a0e70ee833509b3a278480f57647c Copy to Clipboard
SSDeep 6:H9DA97pH4oknvZ2kik5aHI/4lfAg2KLhKcirJDJ9pqg/00n:dDAPTknvn57qAg2KLh9ij9pqdM Copy to Clipboard
ImpHash -
C:\Program Files (x86)\irlusudcijqrearuzovqqztca.lkq Dropped File Stream
Clean
...
»
Also Known As C:\Users\OQXZRA~1\AppData\Local\Temp\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Users\OqXZRaykm\AppData\Local\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\system32\irlusudcijqrearuzovqqztca.lkq (Accessed File)
irlusudcijqrearuzovqqztca.lkq (Accessed File)
MIME Type application/octet-stream
File Size 272 Bytes
MD5 a4daf2bb840e2ed4fb737a4a7da13c58 Copy to Clipboard
SHA1 75fbbd8c1d1ab6639ad21db734d4239b3e00f6fd Copy to Clipboard
SHA256 1ef6c6138c50e5ed75a327b478e3f3325de9b612c762a0369137474c9ce511da Copy to Clipboard
SSDeep 6:H9DA97pH4oknvZ2kikOrDpXWnDlzqNSIadKyofFNYMQ:dDAPTknvnEpYz8GKRRQ Copy to Clipboard
ImpHash -
C:\Program Files (x86)\irlusudcijqrearuzovqqztca.lkq Dropped File Stream
Clean
...
»
Also Known As C:\Users\OQXZRA~1\AppData\Local\Temp\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Users\OqXZRaykm\AppData\Local\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\system32\irlusudcijqrearuzovqqztca.lkq (Accessed File)
irlusudcijqrearuzovqqztca.lkq (Accessed File)
MIME Type application/octet-stream
File Size 272 Bytes
MD5 b0cf290c237de54053a8772f440ee26c Copy to Clipboard
SHA1 0f159f2a9b9a7b034634dc392f88003c8d6cd55a Copy to Clipboard
SHA256 0e7f6e0126fc3fdedc7046f184ea924d828524be871d60a9b8d861be29d9e847 Copy to Clipboard
SSDeep 6:H9DA97pH4oknvZ2kikOrDpXWnDlzqNSIadKyofFNiB:dDAPTknvnEpYz8GKRSB Copy to Clipboard
ImpHash -
C:\Program Files (x86)\irlusudcijqrearuzovqqztca.lkq Dropped File Stream
Clean
...
»
Also Known As C:\Users\OQXZRA~1\AppData\Local\Temp\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Users\OqXZRaykm\AppData\Local\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\irlusudcijqrearuzovqqztca.lkq (Accessed File)
C:\Windows\system32\irlusudcijqrearuzovqqztca.lkq (Accessed File)
irlusudcijqrearuzovqqztca.lkq (Accessed File)
MIME Type application/octet-stream
File Size 272 Bytes
MD5 95b79bf648e29cc2b3ad3ed6fa879c58 Copy to Clipboard
SHA1 8d4884c54dd8883621133d8e428c8329a539e0f3 Copy to Clipboard
SHA256 6e517960f7acf2e91cb6742715e62ea4bd11c5fe0e0fb333aab2b39ce4e6ff07 Copy to Clipboard
SSDeep 6:H9DA97pH4oknvZ2kikOrDpXWnDlzqNSIadKyofFNbJZ:dDAPTknvnEpYz8GKRrJZ Copy to Clipboard
ImpHash -
fba44daf9492c5e066646cd3c17196efeae1e1c0698ab0a6d0bd80efec0e03b7 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 331.17 KB
MD5 080d88ad8c6c30d0221ace62056696f3 Copy to Clipboard
SHA1 e97651343c01c4c0750a51268ea510024a932eb1 Copy to Clipboard
SHA256 fba44daf9492c5e066646cd3c17196efeae1e1c0698ab0a6d0bd80efec0e03b7 Copy to Clipboard
SSDeep 3072:YH2uKCLhgX7eM1CkPfZSzaX3f4lGiDTyTNv7FPeUlVK0L5oAKCFFN:4dAemPOaX3f4lGiDTyTNv7Fp Copy to Clipboard
ImpHash -
Static Analysis Parser Error HTML parser encountered errors
Extracted URLs (50)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://tieba.baidu.com
Show WHOIS
Not Available
-
...
https://www.baidu.com/s?wd=%E5%A4%AA%E7%A9%BA%E5%86%8D%E8%81%9A%E9%A6%96+%E9%97%AE%E5%A4%A9%E6%97%A0%E6%AD%A2%E5%A2%83&sa=fyb_n_homepage&rsv_dl=fyb_n_homepage&from=super&cl=3&tn=baidutop10&fr=top1000&rsv_idx=2&hisfilter=1
Show WHOIS
Not Available
-
...
http://dss0.bdstatic.com
Show WHOIS
Not Available
-
...
http://www.baidu.com/img/flexible/logo/pc/result@2.png
Show WHOIS
Not Available
-
...
http://www.baidu.com/img/flexible/logo/pc/result.png
Show WHOIS
Not Available
-
...
http://sp2.baidu.com
Show WHOIS
Not Available
-
...
http://pss.bdstatic.com
Show WHOIS
Not Available
-
...
https://www.baidu.com/s?wd=6%E5%B2%81%E7%94%B7%E7%AB%A5%E9%A2%85%E9%AA%A8%E5%AF%84%E5%85%BB%E8%85%B9%E9%83%A81%E4%B8%AA%E5%8D%8A%E6%9C%88&sa=fyb_n_homepage&rsv_dl=fyb_n_homepage&from=super&cl=3&tn=baidutop10&fr=top1000&rsv_idx=2&hisfilter=1
Show WHOIS
Not Available
-
...
http://sp0.baidu.com
Show WHOIS
Not Available
-
...
https://wenku.baidu.com/?fr=bdpcindex
Show WHOIS
Not Available
-
...
https://passport.baidu.com/v2/?login&tpl=mn&u=http%3A%2F%2Fwww.baidu.com%2F&sms=5
Show WHOIS
Not Available
-
...
https://top.baidu.com/board?platform=pc&sa=pcindex_entry
Show WHOIS
Not Available
-
...
https://zhidao.baidu.com
Show WHOIS
Not Available
-
...
http://www.baidu.com/more/
Show WHOIS
Not Available
-
...
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newxueshuicon-a5314d5c83.png
Show WHOIS
Not Available
-
...
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhibo-a6a0831ecd.png
Show WHOIS
Not Available
-
...
http://xueshu.baidu.com
Show WHOIS
Not Available
-
...
http://fanyi.baidu.com
Show WHOIS
Not Available
-
...
https://baike.baidu.com
Show WHOIS
Not Available
-
...
https://live.baidu.com
Show WHOIS
Not Available
-
...
https://www.baidu.com/s?wd=%E5%BC%80%E5%88%9B%E8%A5%BF%E9%83%A8%E5%A4%A7%E5%BC%80%E5%8F%91%E6%96%B0%E6%A0%BC%E5%B1%80&sa=fyb_n_homepage&rsv_dl=fyb_n_homepage&from=super&cl=3&tn=baidutop10&fr=top1000&rsv_idx=2&hisfilter=1
Show WHOIS
Not Available
-
...
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/yingxiaoicon-612169cc36.png
Show WHOIS
Not Available
-
...
http://ss1.bdstatic.com
Show WHOIS
Not Available
-
...
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newyinyue-03ecd1e9b9.png
Show WHOIS
Not Available
-
...
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newfanyi-da0cea8f7e.png
Show WHOIS
Not Available
-
...
http://sp1.baidu.com
Show WHOIS
Not Available
-
...
https://www.hao123.com/?src=from_pc
Show WHOIS
Not Available
-
...
http://map.baidu.com
Show WHOIS
Not Available
-
...
https://sp1.baidu.com/5b1ZeDe5KgQFm2e88IuM_a/mwb2.gif
Show WHOIS
Not Available
-
...
https://psstatic.cdn.bcebos.com/video/wiseindex/aa6eef91f8b5b1a33b454c401_1660835115000.png
Show WHOIS
Not Available
-
...
http://www.baidu.com/img/PCtm_d9c8750bed0b3c7d089fa7d55720d6cf.png
Show WHOIS
Not Available
-
...
https://www.baidu.com/s?wd=%E5%B9%BF%E5%B7%9E%E5%87%BA%E7%8E%B0%E9%BE%99%E5%8D%B7%E9%A3%8E&sa=fyb_n_homepage&rsv_dl=fyb_n_homepage&from=super&cl=3&tn=baidutop10&fr=top1000&rsv_idx=2&hisfilter=1
Show WHOIS
Not Available
-
...
http://e.baidu.com/ebaidu/home?refer=887
Show WHOIS
Not Available
-
...
https://www.baidu.com/favicon.ico
Show WHOIS
Not Available
-
...
http://www.baidu.com/img/PCfb_5bf082d29588c07f842ccde3f97243ea.png
Show WHOIS
Not Available
-
...
http://music.taihe.com
Show WHOIS
Not Available
-
...
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newjiankang-f03b804b4b.png
Show WHOIS
Not Available
-
...
http://www.baidu.com/img/flexible/logo/pc/peak-result.png
Show WHOIS
Not Available
-
...
http://dss1.bdstatic.com
Show WHOIS
Not Available
-
...
http://www.baidu.com/s?wd=%E7%99%BE%E5%BA%A6%E7%83%AD%E6%90%9C&sa=ire_dl_gh_logo_texing&rsv_dl=igh_logo_pcs
Show WHOIS
Not Available
-
...
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newzhidao-da1cf444b0.png
Show WHOIS
Not Available
-
...
http://www.baidu.com/baidu.html?from=noscript
Show WHOIS
Not Available
-
...
https://jiankang.baidu.com/widescreen/home
Show WHOIS
Not Available
-
...
https://dss0.bdstatic.com/5aV1bjqh_Q23odCf/static/superman/img/topnav/newbaike-889054f349.png
Show WHOIS
Not Available
-
...
https://haokan.baidu.com/?sfrom=baidu-top
Show WHOIS
Not Available
-
...
https://pan.baidu.com/?from=1026962h
Show WHOIS
Not Available
-
...
http://image.baidu.com
Show WHOIS
Not Available
-
...
http://news.baidu.com
Show WHOIS
Not Available
-
...
https://www.baidu.com/s?wd=%E3%80%8A%E5%A5%94%E8%B7%91%E5%90%A7%E3%80%8B%E7%BB%99%E8%89%BA%E4%BA%BAP%E5%AE%89%E5%85%A8%E5%B8%A6&sa=fyb_n_homepage&rsv_dl=fyb_n_homepage&from=super&cl=3&tn=baidutop10&fr=top1000&rsv_idx=2&hisfilter=1
Show WHOIS
Not Available
-
...
https://www.baidu.com/s?wd=%E5%8D%97%E6%98%8C%E7%81%AB%E7%81%BE%E8%87%B43%E6%AD%BB+%E5%A5%B3%E5%AD%90%E5%85%A8%E8%BA%AB%E7%86%8F%E9%BB%91%E9%80%83%E7%94%9F&sa=fyb_n_homepage&rsv_dl=fyb_n_homepage&from=super&cl=3&tn=baidutop10&fr=top1000&rsv_idx=2&hisfilter=1
Show WHOIS
Not Available
-
...
743467946632927530090ea3611e0fc7afe1e7cea857aefa2515133d8a7651fc Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 4.41 KB
MD5 3414c56b3aebb341813c051c9978ac07 Copy to Clipboard
SHA1 1d97a3907ab75db5c866ebdfbb7ce18112422927 Copy to Clipboard
SHA256 743467946632927530090ea3611e0fc7afe1e7cea857aefa2515133d8a7651fc Copy to Clipboard
SSDeep 96:1j9jwIjYj5jDK/D5DMF+C80ZqXKHvpIkdN/HrRm9PaQxJbGD:1j9jhjYj9K/Vo+nZaHvFdN/rU9ieJGD Copy to Clipboard
ImpHash -
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://www.cloudflare.com/5xx-error-landing
Show WHOIS
Not Available
-
...
23f6e8febfc3692506d61e29ad765ccb5356a90aa227cfa9a0405c547fe27f29 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 4.41 KB
MD5 7a13d9cdf3efff988a2ec82ff8dd1605 Copy to Clipboard
SHA1 5a0674f8e0266019662b1dc19323ce688a0595d5 Copy to Clipboard
SHA256 23f6e8febfc3692506d61e29ad765ccb5356a90aa227cfa9a0405c547fe27f29 Copy to Clipboard
SSDeep 96:1j9jwIjYj5jDK/D5DMF+C80ZqXKHvpIkdNoqrRm9PaQxJbGD:1j9jhjYj9K/Vo+nZaHvFdNPrU9ieJGD Copy to Clipboard
ImpHash -
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://www.cloudflare.com/5xx-error-landing
Show WHOIS
Not Available
-
...
4a4bed98893c9bf4bde2ad59f51ed85eb9590a6b2416b24b2e61d3eaae09732b Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 4.41 KB
MD5 da9fa30520adf4c8e31f97dacda5d5e8 Copy to Clipboard
SHA1 eb3af9df3bc76a0f917cc9b21e17963c0596627a Copy to Clipboard
SHA256 4a4bed98893c9bf4bde2ad59f51ed85eb9590a6b2416b24b2e61d3eaae09732b Copy to Clipboard
SSDeep 96:1j9jwIjYj5jDK/D5DMF+C80ZqXKHvpIkdNkrRm9PaQxJbGD:1j9jhjYj9K/Vo+nZaHvFdNkrU9ieJGD Copy to Clipboard
ImpHash -
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://www.cloudflare.com/5xx-error-landing
Show WHOIS
Not Available
-
...
554eb24659837260c3c28a16f48eb667113fe665cee24dce288f982fe375b14e Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 4.41 KB
MD5 5829cd7fef6f85f7bdb07605b9a9006c Copy to Clipboard
SHA1 b35d083bc340aa3c6832500edef905939eb51824 Copy to Clipboard
SHA256 554eb24659837260c3c28a16f48eb667113fe665cee24dce288f982fe375b14e Copy to Clipboard
SSDeep 96:1j9jwIjYj5jDK/D5DMF+C80ZqXKHvpIkdNdrRm9PaQxJbGD:1j9jhjYj9K/Vo+nZaHvFdNdrU9ieJGD Copy to Clipboard
ImpHash -
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://www.cloudflare.com/5xx-error-landing
Show WHOIS
Not Available
-
...
7a3d46a11dc411965815a92d5f9ee9e91f7bcfb8a0271c213a5e289da9732ecb Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 4.41 KB
MD5 2d67435e592508b4ec501eaeb1620e99 Copy to Clipboard
SHA1 2432d862fae75e896fa6a2f2b3b356ff1c3dd276 Copy to Clipboard
SHA256 7a3d46a11dc411965815a92d5f9ee9e91f7bcfb8a0271c213a5e289da9732ecb Copy to Clipboard
SSDeep 96:1j9jwIjYj5jDK/D5DMF+C80ZqXKHvpIkdNHrRm9PaQxJbGD:1j9jhjYj9K/Vo+nZaHvFdNHrU9ieJGD Copy to Clipboard
ImpHash -
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://www.cloudflare.com/5xx-error-landing
Show WHOIS
Not Available
-
...
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 167 Bytes
MD5 0104c301c5e02bd6148b8703d19b3a73 Copy to Clipboard
SHA1 7436e0b4b1f8c222c38069890b75fa2baf9ca620 Copy to Clipboard
SHA256 446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f Copy to Clipboard
SSDeep 3:qVoB3tUROGclXqyvXboAcMBXqWSZUXqXlIVLGWbRIwcWWGu:q43tISl6kXiMIWSU6XlI55bRIpfGu Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image