Malicious
Classifications
Keylogger Spyware
Threat Names
Mal/Generic-S
Dynamic Analysis Report
Created on 2024-04-27T09:51:57+00:00
READ ME! (List of free things).exe
Windows Exe (x86-32)
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes" to "10 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\OqXZRaykm\Desktop\READ ME! (List of free things).exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
Names | Mal/Generic-S |
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x0043885E |
Size Of Code | 0x00036A00 |
Size Of Initialized Data | 0x0001CC00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2024-04-27 05:57 (UTC+2) |
Version Information (7)
»
FileDescription | |
FileVersion | 1.0.0.0 |
InternalName | READ ME! (List of free things).exe |
LegalCopyright | |
OriginalFilename | READ ME! (List of free things).exe |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00036864 | 0x00036A00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.93 |
.rsrc | 0x0043A000 | 0x0001C9BA | 0x0001CA00 | 0x00036C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 5.81 |
.reloc | 0x00458000 | 0x0000000C | 0x00000200 | 0x00053600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x00038830 | 0x00036A30 | 0x00000000 |
Memory Dumps (2)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
read me! (list of free things).exe | 1 | 0x00010000 | 0x00069FFF | Relevant Image | 64-bit | - |
...
|
||
read me! (list of free things).exe | 1 | 0x00010000 | 0x00069FFF | Process Termination | 64-bit | - |
...
|
C:\Users\OqXZRaykm\AppData\Roaming\LIVE-WindowsPlayer-version-492b7f0827474659.exe | Dropped File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Verdict |
Malicious
|
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x0040B17E |
Size Of Code | 0x00009200 |
Size Of Initialized Data | 0x00029C00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2024-04-27 04:40 (UTC+2) |
Version Information (7)
»
FileDescription | |
FileVersion | 1.0.0.0 |
InternalName | LIVE-WindowsPlayer-version-492b7f0827474659.exe |
LegalCopyright | |
OriginalFilename | LIVE-WindowsPlayer-version-492b7f0827474659.exe |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x00009184 | 0x00009200 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 5.72 |
.rsrc | 0x0040C000 | 0x000299D0 | 0x00029A00 | 0x00009400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.09 |
.reloc | 0x00436000 | 0x0000000C | 0x00000200 | 0x00032E00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.08 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x0000B154 | 0x00009354 | 0x00000000 |
Memory Dumps (7)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
live-windowsplayer-version-492b7f0827474659.exe | 4 | 0x00010000 | 0x00047FFF | Relevant Image | 64-bit | - |
...
|
||
buffer | 4 | 0x1AF9B000 | 0x1AF9FFFF | First Network Behavior | 64-bit | - |
...
|
||
buffer | 4 | 0x1AB9B000 | 0x1AB9FFFF | First Network Behavior | 64-bit | - |
...
|
||
buffer | 4 | 0x1A75D000 | 0x1A75FFFF | First Network Behavior | 64-bit | - |
...
|
||
buffer | 4 | 0x00181000 | 0x0018FFFF | First Network Behavior | 64-bit | - |
...
|
||
live-windowsplayer-version-492b7f0827474659.exe | 4 | 0x00010000 | 0x00047FFF | First Network Behavior | 64-bit | - |
...
|
||
live-windowsplayer-version-492b7f0827474659.exe | 4 | 0x00010000 | 0x00047FFF | Final Dump | 64-bit | - |
...
|
2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0 | Downloaded File | Text |
Clean
Known to be clean.
|
...
|
»
4d830c2921ca9d1408dd409571f74a072c9bfb473f7d03bfb1a83a79ec1d9a63 | Extracted File | Image |
Clean
|
...
|
»
7bcc141f3b818cd5833b2507492bc401ded8eb52f59c890730629e7d85b790ff | Extracted File | Image |
Clean
|
...
|
»