Malicious
Classifications
-
Threat Names
-
Dynamic Analysis Report
Created on 2024-03-29T05:50:27+00:00
asd.exe
Windows Exe (x86-64)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\asd.exe | Sample File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x140000000 |
Entry Point | 0x14060184A |
Size Of Code | 0x0001FA00 |
Size Of Initialized Data | 0x00081E00 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Machine Type | IMAGE_FILE_MACHINE_AMD64 |
Compile Timestamp | 2024-03-19 15:51 (UTC) |
Sections (10)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x140001000 | 0x0001F900 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 0.0 |
.rdata | 0x140021000 | 0x0000C524 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.0 |
.data | 0x14002E000 | 0x00072C68 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.pdata | 0x1400A1000 | 0x00001C74 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.0 |
_RDATA | 0x1400A3000 | 0x000001F4 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.0 |
.lLD | 0x1400A4000 | 0x00467984 | 0x00000000 | 0x00000400 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 0.0 |
.a?- | 0x14050C000 | 0x000009E8 | 0x00000A00 | 0x00000400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.15 |
.1_J | 0x14050D000 | 0x0078499C | 0x00784A00 | 0x00000E00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.91 |
.reloc | 0x140C92000 | 0x00000028 | 0x00000200 | 0x00785800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 0.52 |
.rsrc | 0x140C93000 | 0x000001D5 | 0x00000200 | 0x00785A00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.71 |
Imports (5)
»
KERNEL32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CloseHandle | - | 0x14050C000 | 0x006E3310 | 0x001D7110 | 0x00000000 |
USER32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetDesktopWindow | - | 0x14050C010 | 0x006E3320 | 0x001D7120 | 0x00000000 |
ADVAPI32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
AdjustTokenPrivileges | - | 0x14050C020 | 0x006E3330 | 0x001D7130 | 0x00000000 |
KERNEL32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetSystemTimeAsFileTime | - | 0x14050C030 | 0x006E3340 | 0x001D7140 | 0x00000000 |
KERNEL32.dll (6)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
HeapAlloc | - | 0x14050C040 | 0x006E3350 | 0x001D7150 | 0x00000000 |
HeapFree | - | 0x14050C048 | 0x006E3358 | 0x001D7158 | 0x00000000 |
ExitProcess | - | 0x14050C050 | 0x006E3360 | 0x001D7160 | 0x00000000 |
GetModuleHandleA | - | 0x14050C058 | 0x006E3368 | 0x001D7168 | 0x00000000 |
LoadLibraryA | - | 0x14050C060 | 0x006E3370 | 0x001D7170 | 0x00000000 |
GetProcAddress | - | 0x14050C068 | 0x006E3378 | 0x001D7178 | 0x00000000 |
Memory Dumps (4)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
asd.exe | 1 | 0x13F410000 | 0x1400A3FFF | Relevant Image | 64-bit | 0x14000D068 |
...
|
|||
buffer | 1 | 0x77440000 | 0x77440FFF | Marked Executable | 64-bit | - |
...
|
|||
buffer | 1 | 0x77450000 | 0x77450FFF | Marked Executable | 64-bit | - |
...
|
|||
asd.exe | 1 | 0x13F410000 | 0x1400A3FFF | Process Termination | 64-bit | - |
...
|