Try VMRay Platform
Malicious
Classifications

Ransomware

Threat Names

CryptoLocker Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-03-29T05:51:26+00:00

asih.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\asih.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 46.46 KB
MD5 99c930a9101ee6e24b3a979e13e6358c Copy to Clipboard
SHA1 5322c3fdf93409bd5d8b9faa8f6d33cf1ce980fa Copy to Clipboard
SHA256 d2aebe923c85cc32a23b73751d306c46379e70a65bf4291489b29893d38a223c Copy to Clipboard
SSDeep 768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6j4AYsqSh+DETkedmhXSV7:YGzl5wjRQBBOsP1QMOtEvwDpjl39+D+f Copy to Clipboard
ImpHash a0c275da44db88d1f2fc3943daf6948b Copy to Clipboard
Static Analysis Parser Error malformed string file info
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00500000
Entry Point 0x00501000
Size Of Code 0x00002E00
Size Of Initialized Data 0x00003E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2013-10-02 14:59 (UTC+2)
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text U 0x00501000 0x00002CAA 0x00002E00 0x00000400 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.28
.rdata 0x00504000 0x000004B6 0x00000600 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.94
.data s 0x00505000 0x00000630 0x00000400 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.79
.rsrc U 0x00506000 0x00002AC8 0x00002C00 0x00003C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.98
.reloc 0x00509000 0x00000218 0x00000400 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.0
.yya Feb 0x0050A000 0x00000400 0x00000400 0x00006C00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 4.89
Imports (3)
»
KERNEL32.DLL (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLastError - 0x00504008 0x00004008 0x00003208 0x00000000
lstrcpyA - 0x0050400C 0x0000400C 0x0000320C 0x00000000
GetModuleHandleA - 0x00504010 0x00004010 0x00003210 0x00000000
GetCommandLineA - 0x00504014 0x00004014 0x00003214 0x00000000
FindFirstFileA - 0x00504018 0x00004018 0x00003218 0x00000000
FormatMessageA - 0x0050401C 0x0000401C 0x0000321C 0x00000000
FindClose - 0x00504020 0x00004020 0x00003220 0x00000000
FindNextFileA - 0x00504024 0x00004024 0x00003224 0x00000000
DeleteFileA - 0x00504028 0x00004028 0x00003228 0x00000000
CloseHandle - 0x0050402C 0x0000402C 0x0000322C 0x00000000
GetACP - 0x00504030 0x00004030 0x00003230 0x00000000
CreateFileA - 0x00504034 0x00004034 0x00003234 0x00000000
gdi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x00504000 0x00004000 0x00003200 0x00000000
user32.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PostQuitMessage - 0x0050403C 0x0000403C 0x0000323C 0x00000000
GetMessageA - 0x00504040 0x00004040 0x00003240 0x00000000
UpdateWindow - 0x00504044 0x00004044 0x00003244 0x00000000
EndPaint - 0x00504048 0x00004048 0x00003248 0x00000000
DispatchMessageA - 0x0050404C 0x0000404C 0x0000324C 0x00000000
BeginPaint - 0x00504050 0x00004050 0x00003250 0x00000000
TranslateMessage - 0x00504054 0x00004054 0x00003254 0x00000000
MoveWindow - 0x00504058 0x00004058 0x00003258 0x00000000
CreateWindowExA - 0x0050405C 0x0000405C 0x0000325C 0x00000000
RegisterClassExA - 0x00504060 0x00004060 0x00003260 0x00000000
DefWindowProcA - 0x00504064 0x00004064 0x00003264 0x00000000
MessageBoxA - 0x00504068 0x00004068 0x00003268 0x00000000
SendMessageA - 0x0050406C 0x0000406C 0x0000326C 0x00000000
DestroyWindow - 0x00504070 0x00004070 0x00003270 0x00000000
LoadCursorA - 0x00504074 0x00004074 0x00003274 0x00000000
LoadIconA - 0x00504078 0x00004078 0x00003278 0x00000000
ShowWindow - 0x0050407C 0x0000407C 0x0000327C 0x00000000
GetWindowRect - 0x00504080 0x00004080 0x00003280 0x00000000
Memory Dumps (10)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
asih.exe 1 0x00500000 0x0050AFFF First Execution False 32-bit 0x00501000 False
...
buffer 1 0x001F0000 0x001F5FFF First Execution False 32-bit 0x001F0009 False
...
buffer 1 0x001F0000 0x001F5FFF Content Changed False 32-bit 0x001F0983 False
...
buffer 1 0x00420000 0x00425FFF Marked Executable False 32-bit - False
...
buffer 1 0x00420000 0x00425FFF Marked Executable False 32-bit - False
...
buffer 1 0x00420000 0x00425FFF Marked Executable False 32-bit - False
...
buffer 1 0x00420000 0x00425FFF Marked Executable False 32-bit - False
...
buffer 1 0x00420000 0x00425FFF First Execution False 32-bit 0x00421020 False
...
buffer 1 0x02130048 0x0213BA71 Image In Buffer False 32-bit - False
...
asih.exe 1 0x00500000 0x0050AFFF Process Termination False 32-bit - False
...
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
CryptoLocker_rule2 CryptoLocker ransomware Ransomware
5/5
...
CryptoLocker_set1 CryptoLocker ransomware Ransomware
5/5
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\asih.exe Dropped File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 46.54 KB
MD5 ea946d1f52cf6630526e702ddb105b08 Copy to Clipboard
SHA1 7224dea7f946cf10392108b39ad46dd085430754 Copy to Clipboard
SHA256 89f9d308b17f1b92fa9a0f6191b585ae525f22d19c475016de661c3bc1840079 Copy to Clipboard
SSDeep 768:wHGGaSawqnwjRQ6ESlmFOsPoOdQtOOtEvwDpjm6j4AYsqSh+DETkedmhXSVh:YGzl5wjRQBBOsP1QMOtEvwDpjl39+D+l Copy to Clipboard
ImpHash a0c275da44db88d1f2fc3943daf6948b Copy to Clipboard
Static Analysis Parser Error malformed string file info
PE Information
»
Image Base 0x00500000
Entry Point 0x00501000
Size Of Code 0x00002E00
Size Of Initialized Data 0x00003E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2013-10-02 14:59 (UTC+2)
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text U 0x00501000 0x00002CAA 0x00002E00 0x00000400 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.28
.rdata 0x00504000 0x000004B6 0x00000600 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.94
.data s 0x00505000 0x00000630 0x00000400 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.79
.rsrc U 0x00506000 0x00002AC8 0x00002C00 0x00003C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.98
.reloc 0x00509000 0x00000218 0x00000400 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.0
.yya Feb 0x0050A000 0x00000400 0x00000400 0x00006C00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 4.89
Imports (3)
»
KERNEL32.DLL (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLastError - 0x00504008 0x00004008 0x00003208 0x00000000
lstrcpyA - 0x0050400C 0x0000400C 0x0000320C 0x00000000
GetModuleHandleA - 0x00504010 0x00004010 0x00003210 0x00000000
GetCommandLineA - 0x00504014 0x00004014 0x00003214 0x00000000
FindFirstFileA - 0x00504018 0x00004018 0x00003218 0x00000000
FormatMessageA - 0x0050401C 0x0000401C 0x0000321C 0x00000000
FindClose - 0x00504020 0x00004020 0x00003220 0x00000000
FindNextFileA - 0x00504024 0x00004024 0x00003224 0x00000000
DeleteFileA - 0x00504028 0x00004028 0x00003228 0x00000000
CloseHandle - 0x0050402C 0x0000402C 0x0000322C 0x00000000
GetACP - 0x00504030 0x00004030 0x00003230 0x00000000
CreateFileA - 0x00504034 0x00004034 0x00003234 0x00000000
gdi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x00504000 0x00004000 0x00003200 0x00000000
user32.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PostQuitMessage - 0x0050403C 0x0000403C 0x0000323C 0x00000000
GetMessageA - 0x00504040 0x00004040 0x00003240 0x00000000
UpdateWindow - 0x00504044 0x00004044 0x00003244 0x00000000
EndPaint - 0x00504048 0x00004048 0x00003248 0x00000000
DispatchMessageA - 0x0050404C 0x0000404C 0x0000324C 0x00000000
BeginPaint - 0x00504050 0x00004050 0x00003250 0x00000000
TranslateMessage - 0x00504054 0x00004054 0x00003254 0x00000000
MoveWindow - 0x00504058 0x00004058 0x00003258 0x00000000
CreateWindowExA - 0x0050405C 0x0000405C 0x0000325C 0x00000000
RegisterClassExA - 0x00504060 0x00004060 0x00003260 0x00000000
DefWindowProcA - 0x00504064 0x00004064 0x00003264 0x00000000
MessageBoxA - 0x00504068 0x00004068 0x00003268 0x00000000
SendMessageA - 0x0050406C 0x0000406C 0x0000326C 0x00000000
DestroyWindow - 0x00504070 0x00004070 0x00003270 0x00000000
LoadCursorA - 0x00504074 0x00004074 0x00003274 0x00000000
LoadIconA - 0x00504078 0x00004078 0x00003278 0x00000000
ShowWindow - 0x0050407C 0x0000407C 0x0000327C 0x00000000
GetWindowRect - 0x00504080 0x00004080 0x00003280 0x00000000
Memory Dumps (15)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
asih.exe 2 0x00500000 0x0050AFFF First Execution False 32-bit 0x00501000 False
...
buffer 2 0x006A0000 0x006A5FFF First Execution False 32-bit 0x006A0009 False
...
buffer 2 0x01EE0000 0x01EE5FFF Marked Executable False 32-bit - False
...
buffer 2 0x01EE0000 0x01EE5FFF Marked Executable False 32-bit - False
...
buffer 2 0x01EE0000 0x01EE5FFF Marked Executable False 32-bit - False
...
buffer 2 0x01EE0000 0x01EE5FFF Marked Executable False 32-bit - False
...
buffer 2 0x01EE0000 0x01EE5FFF First Execution False 32-bit 0x01EE1020 False
...
buffer 2 0x0019A000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x00690000 0x00695FFF First Network Behavior False 32-bit - False
...
buffer 2 0x006A0000 0x006A5FFF First Network Behavior False 32-bit - False
...
buffer 2 0x01EE0000 0x01EE5FFF First Network Behavior False 32-bit 0x01EE12B8 False
...
buffer 2 0x01FC0048 0x01FCBACF First Network Behavior False 32-bit - False
...
buffer 2 0x020D0000 0x0220FFFF First Network Behavior False 32-bit - False
...
asih.exe 2 0x00500000 0x0050AFFF First Network Behavior False 32-bit - False
...
counters.dat 2 0x01EF0000 0x01EF0FFF First Network Behavior False 32-bit - False
...
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
CryptoLocker_rule2 CryptoLocker ransomware Ransomware
5/5
...
CryptoLocker_set1 CryptoLocker ransomware Ransomware
5/5
...
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image