6efb57a28434

C:\Users\OqXZRaykm\Desktop\READ ME! (List of free things).exe

Sample File

Binary

»

MIME Type	application/vnd.microsoft.portable-executable
File Size	334.00 KB
MD5	68c1b029a29c360bf98551ff87031eee
SHA1	f39190ed310e9d2244ebfb9edd360de3f7f810a0
SHA256	6efb57a28434d238a6fcd58c8aa90a1f1cda4d5897ecdce5351fb11a9a5abef2
SSDeep	6144:o/ipsG1aNuu239B0WHF06M+58VEhC8XVtyArpV8zbXqzNugVqwlL:ppsGB0N+5kGHVtbr7UXqxuAJ
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

»

Verdict	Malicious
Names	Mal/Generic-S

PE Information

»

Image Base	0x00400000
Entry Point	0x0043885E
Size Of Code	0x00036A00
Size Of Initialized Data	0x0001CC00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2024-04-27 05:57 (UTC+2)

Version Information (7)

»

FileDescription
FileVersion	1.0.0.0
InternalName	READ ME! (List of free things).exe
LegalCopyright
OriginalFilename	READ ME! (List of free things).exe
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00036864	0x00036A00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.93
.rsrc	0x0043A000	0x0001C9BA	0x0001CA00	0x00036C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.81
.reloc	0x00458000	0x0000000C	0x00000200	0x00053600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

»

mscoree.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x00038830	0x00036A30	0x00000000

Memory Dumps (2)

»

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuild	Bitness	Entry Point	YARA	Actions
read me! (list of free things).exe	1	0x00010000	0x00069FFF	Relevant Image		64-bit	-		... Actions Go to Process Download Dump
read me! (list of free things).exe	1	0x00010000	0x00069FFF	Process Termination		64-bit	-		... Actions Go to Process Download Dump

C:\Users\OqXZRaykm\AppData\Roaming\LIVE-WindowsPlayer-version-492b7f0827474659.exe

Dropped File

Binary

»

MIME Type	application/vnd.microsoft.portable-executable
File Size	204.00 KB
MD5	5e6477b7b17aaec6ba3ef55f73b12c91
SHA1	fa8c21fffbd539d8719d696184d5a8f8d6899aa6
SHA256	a830068f14771855442956a1d95b0222071ef7bc788910fabb6cc5a861cdcecd
SSDeep	3072:LXPrirAlKaFM9ztOMf8SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLnC:bPriMLM93UhcX7elbKTuq9bfF/H9d9n
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

»

Verdict

Malicious

PE Information

»

Image Base	0x00400000
Entry Point	0x0040B17E
Size Of Code	0x00009200
Size Of Initialized Data	0x00029C00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2024-04-27 04:40 (UTC+2)

Version Information (7)

»

FileDescription
FileVersion	1.0.0.0
InternalName	LIVE-WindowsPlayer-version-492b7f0827474659.exe
LegalCopyright
OriginalFilename	LIVE-WindowsPlayer-version-492b7f0827474659.exe
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x00009184	0x00009200	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.72
.rsrc	0x0040C000	0x000299D0	0x00029A00	0x00009400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	7.09
.reloc	0x00436000	0x0000000C	0x00000200	0x00032E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08

Imports (1)

»

mscoree.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x0000B154	0x00009354	0x00000000

Memory Dumps (7)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
live-windowsplayer-version-492b7f0827474659.exe	4	0x00010000	0x00047FFF	Relevant Image	64-bit	-	... Actions Go to Process Download Dump
buffer	4	0x1AF9B000	0x1AF9FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	4	0x1AB9B000	0x1AB9FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	4	0x1A75D000	0x1A75FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	4	0x00181000	0x0018FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
live-windowsplayer-version-492b7f0827474659.exe	4	0x00010000	0x00047FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
live-windowsplayer-version-492b7f0827474659.exe	4	0x00010000	0x00047FFF	Final Dump	64-bit	-	... Actions Go to Process Download Dump

2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0

Downloaded File

Text

»

MIME Type	text/plain
File Size	6 Bytes
MD5	d42f2da1df5ecdf29be4ac27edda0c12
SHA1	b73d74fcede92cdd78ec92c2c5899671d1b32044
SHA256	2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0
SSDeep	3:ovn:ovn
ImpHash	-

File Reputation Information

»

Verdict

Clean

4d830c2921ca9d1408dd409571f74a072c9bfb473f7d03bfb1a83a79ec1d9a63

Extracted File

Image

»

Parent File	C:\Users\OqXZRaykm\AppData\Roaming\LIVE-WindowsPlayer-version-492b7f0827474659.exe
MIME Type	image/png
File Size	67.38 KB
MD5	b0568908ac8c5861e6f7df216a8b42a8
SHA1	f988edfa2e2298ca3b55d2cde5209552feadc608
SHA256	4d830c2921ca9d1408dd409571f74a072c9bfb473f7d03bfb1a83a79ec1d9a63
SSDeep	1536:27693CKf8sl1ouc3K/8Z1Xt5esA7/jRs7bz8KWKmMuA:U8SKfbzxcwg7es6/Vsb8VKTuA
ImpHash	-

7bcc141f3b818cd5833b2507492bc401ded8eb52f59c890730629e7d85b790ff

Extracted File

Image

»

Parent File	C:\Users\OqXZRaykm\Desktop\READ ME! (List of free things).exe
MIME Type	image/png
File Size	15.41 KB
MD5	7ada84b31fce86b71b3eb55e4d7ea7d3
SHA1	f76e6fb481e8d03cb1ae7e4c465ac7fcd2a6a604
SHA256	7bcc141f3b818cd5833b2507492bc401ded8eb52f59c890730629e7d85b790ff
SSDeep	384:9yBIBYgt3oNPDPRPdxJ6zJwg/4Auz5VfJ8DTBY1teJD2gbU:OIl3oNPb1dxKuq4fz5VB8W1Yd4
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information