Try VMRay Platform
Malicious
Classifications

-

Threat Names

-

Dynamic Analysis Report

Created on 2024-03-29T05:50:27+00:00

asd.exe

Windows Exe (x86-64)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\asd.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 7.52 MB
MD5 4d583ae773f28a6fdcd29a2aa13de118 Copy to Clipboard
SHA1 64cb42f87def47d5f189531b8af14bb5ba2085c0 Copy to Clipboard
SHA256 b030e5e7fc31e7d9f6c10101bb088df7dfcc64e78bb2da889c1253ffb3b520db Copy to Clipboard
SSDeep 196608:mJB7BuVHvQBaUdINboLE6utxn+WlaMUDijGnSNTFgV9eA:mEVHMObuU+WlaMRGnUK Copy to Clipboard
ImpHash 7b529fd349f98535301bf9c7230b0b1d Copy to Clipboard
PE Information
»
Image Base 0x140000000
Entry Point 0x14060184A
Size Of Code 0x0001FA00
Size Of Initialized Data 0x00081E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2024-03-19 15:51 (UTC)
Sections (10)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x0001F900 0x00000000 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.0
.rdata 0x140021000 0x0000C524 0x00000000 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.data 0x14002E000 0x00072C68 0x00000000 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.pdata 0x1400A1000 0x00001C74 0x00000000 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
_RDATA 0x1400A3000 0x000001F4 0x00000000 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.lLD 0x1400A4000 0x00467984 0x00000000 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.0
.a?- 0x14050C000 0x000009E8 0x00000A00 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.15
.1_J 0x14050D000 0x0078499C 0x00784A00 0x00000E00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.91
.reloc 0x140C92000 0x00000028 0x00000200 0x00785800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.52
.rsrc 0x140C93000 0x000001D5 0x00000200 0x00785A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.71
Imports (5)
»
KERNEL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseHandle - 0x14050C000 0x006E3310 0x001D7110 0x00000000
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDesktopWindow - 0x14050C010 0x006E3320 0x001D7120 0x00000000
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustTokenPrivileges - 0x14050C020 0x006E3330 0x001D7130 0x00000000
KERNEL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSystemTimeAsFileTime - 0x14050C030 0x006E3340 0x001D7140 0x00000000
KERNEL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HeapAlloc - 0x14050C040 0x006E3350 0x001D7150 0x00000000
HeapFree - 0x14050C048 0x006E3358 0x001D7158 0x00000000
ExitProcess - 0x14050C050 0x006E3360 0x001D7160 0x00000000
GetModuleHandleA - 0x14050C058 0x006E3368 0x001D7168 0x00000000
LoadLibraryA - 0x14050C060 0x006E3370 0x001D7170 0x00000000
GetProcAddress - 0x14050C068 0x006E3378 0x001D7178 0x00000000
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
asd.exe 1 0x13F410000 0x1400A3FFF Relevant Image False 64-bit 0x14000D068 False False
...
buffer 1 0x77440000 0x77440FFF Marked Executable False 64-bit - False False
...
buffer 1 0x77450000 0x77450FFF Marked Executable False 64-bit - False False
...
asd.exe 1 0x13F410000 0x1400A3FFF Process Termination False 64-bit - False False
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image