Try VMRay Platform
Malicious
Classifications

Downloader

Threat Names

Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2023-03-04T23:50:53+00:00

out_4.bin.exe

Windows Exe (x86-32)
...

Remarks

(0x0200004A): 2 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 24 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\out_4.bin.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 147.50 KB
MD5 63e9249d7950ca2e03c40a64a76a3951 Copy to Clipboard
SHA1 29dd8609c74cc54d60bab53c6e83a3cb641f8b4a Copy to Clipboard
SHA256 14405eee6b03c4de6fba6b68768a943120c092280e0763ee2672b7ffdf9358bc Copy to Clipboard
SSDeep 3072:NdU3dwpnjuifrRaft3JHpiSbhwfVvcKJko0SYwy3yL+ppKNTfTfwEw6:7eSnK96vcCKS5y3i+4cEw6 Copy to Clipboard
ImpHash 1bd86c8250cb14d4a4cc7b168be1e173 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x0040755F
Size Of Code 0x0001B000
Size Of Initialized Data 0x0000A600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-02-13 16:21 (UTC+1)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0001AFD6 0x0001B000 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.62
.rdata 0x0041C000 0x00007904 0x00007A00 0x0001B400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.07
.data 0x00424000 0x0000166C 0x00000C00 0x00022E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.56
.reloc 0x00426000 0x0000133C 0x00001400 0x00023A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.44
Imports (6)
»
KERNEL32.dll (78)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HeapFree - 0x0041C000 0x0002309C 0x0002249C 0x0000034C
lstrlenA - 0x0041C004 0x000230A0 0x000224A0 0x0000063F
GetProcessHeap - 0x0041C008 0x000230A4 0x000224A4 0x000002B7
lstrcpyA - 0x0041C00C 0x000230A8 0x000224A8 0x00000639
WriteFile - 0x0041C010 0x000230AC 0x000224AC 0x00000616
FindClose - 0x0041C014 0x000230B0 0x000224B0 0x00000178
GetFileAttributesA - 0x0041C018 0x000230B4 0x000224B4 0x00000243
CreateFileA - 0x0041C01C 0x000230B8 0x000224B8 0x000000C6
CloseHandle - 0x0041C020 0x000230BC 0x000224BC 0x00000089
MultiByteToWideChar - 0x0041C024 0x000230C0 0x000224C0 0x000003F3
CreateDirectoryA - 0x0041C028 0x000230C4 0x000224C4 0x000000B8
ReadFile - 0x0041C02C 0x000230C8 0x000224C8 0x00000475
GetTempPathA - 0x0041C030 0x000230CC 0x000224CC 0x000002F8
GetFileSize - 0x0041C034 0x000230D0 0x000224D0 0x0000024E
HeapAlloc - 0x0041C038 0x000230D4 0x000224D4 0x00000348
MoveFileA - 0x0041C03C 0x000230D8 0x000224D8 0x000003EA
Sleep - 0x0041C040 0x000230DC 0x000224DC 0x00000581
GetLastError - 0x0041C044 0x000230E0 0x000224E0 0x00000264
DeleteFileA - 0x0041C048 0x000230E4 0x000224E4 0x00000115
ExitProcess - 0x0041C04C 0x000230E8 0x000224E8 0x00000161
VirtualFree - 0x0041C050 0x000230EC 0x000224EC 0x000005CD
TerminateProcess - 0x0041C054 0x000230F0 0x000224F0 0x00000590
CreateProcessA - 0x0041C058 0x000230F4 0x000224F4 0x000000E3
CreateFileW - 0x0041C05C 0x000230F8 0x000224F8 0x000000CE
DecodePointer - 0x0041C060 0x000230FC 0x000224FC 0x0000010C
HeapSize - 0x0041C064 0x00023100 0x00022500 0x00000351
GetConsoleMode - 0x0041C068 0x00023104 0x00022504 0x000001FF
GetConsoleOutputCP - 0x0041C06C 0x00023108 0x00022508 0x00000203
FlushFileBuffers - 0x0041C070 0x0002310C 0x0002250C 0x000001A2
SetFilePointerEx - 0x0041C074 0x00023110 0x00022510 0x00000525
GetFileSizeEx - 0x0041C078 0x00023114 0x00022514 0x0000024F
GetStringTypeW - 0x0041C07C 0x00023118 0x00022518 0x000002DA
SetStdHandle - 0x0041C080 0x0002311C 0x0002251C 0x0000054E
FreeEnvironmentStringsW - 0x0041C084 0x00023120 0x00022520 0x000001AD
GetEnvironmentStringsW - 0x0041C088 0x00023124 0x00022524 0x0000023A
GetCommandLineW - 0x0041C08C 0x00023128 0x00022528 0x000001DA
GetCommandLineA - 0x0041C090 0x0002312C 0x0002252C 0x000001D9
GetCPInfo - 0x0041C094 0x00023130 0x00022530 0x000001C4
GetOEMCP - 0x0041C098 0x00023134 0x00022534 0x0000029A
GetACP - 0x0041C09C 0x00023138 0x00022538 0x000001B5
IsValidCodePage - 0x0041C0A0 0x0002313C 0x0002253C 0x0000038F
FindNextFileW - 0x0041C0A4 0x00023140 0x00022540 0x0000018F
FindFirstFileExW - 0x0041C0A8 0x00023144 0x00022544 0x0000017E
HeapReAlloc - 0x0041C0AC 0x00023148 0x00022548 0x0000034F
LCMapStringW - 0x0041C0B0 0x0002314C 0x0002254C 0x000003B5
QueryPerformanceCounter - 0x0041C0B4 0x00023150 0x00022550 0x0000044F
GetCurrentProcessId - 0x0041C0B8 0x00023154 0x00022554 0x0000021B
GetCurrentThreadId - 0x0041C0BC 0x00023158 0x00022558 0x0000021F
GetSystemTimeAsFileTime - 0x0041C0C0 0x0002315C 0x0002255C 0x000002EC
InitializeSListHead - 0x0041C0C4 0x00023160 0x00022560 0x00000366
IsDebuggerPresent - 0x0041C0C8 0x00023164 0x00022564 0x00000382
UnhandledExceptionFilter - 0x0041C0CC 0x00023168 0x00022568 0x000005B1
SetUnhandledExceptionFilter - 0x0041C0D0 0x0002316C 0x0002256C 0x00000571
GetStartupInfoW - 0x0041C0D4 0x00023170 0x00022570 0x000002D3
IsProcessorFeaturePresent - 0x0041C0D8 0x00023174 0x00022574 0x00000389
GetModuleHandleW - 0x0041C0DC 0x00023178 0x00022578 0x0000027B
GetCurrentProcess - 0x0041C0E0 0x0002317C 0x0002257C 0x0000021A
RtlUnwind - 0x0041C0E4 0x00023180 0x00022580 0x000004D5
RaiseException - 0x0041C0E8 0x00023184 0x00022584 0x00000464
SetLastError - 0x0041C0EC 0x00023188 0x00022588 0x00000534
EncodePointer - 0x0041C0F0 0x0002318C 0x0002258C 0x00000130
EnterCriticalSection - 0x0041C0F4 0x00023190 0x00022590 0x00000134
LeaveCriticalSection - 0x0041C0F8 0x00023194 0x00022594 0x000003C1
DeleteCriticalSection - 0x0041C0FC 0x00023198 0x00022598 0x00000113
InitializeCriticalSectionAndSpinCount - 0x0041C100 0x0002319C 0x0002259C 0x00000362
TlsAlloc - 0x0041C104 0x000231A0 0x000225A0 0x000005A2
TlsGetValue - 0x0041C108 0x000231A4 0x000225A4 0x000005A4
TlsSetValue - 0x0041C10C 0x000231A8 0x000225A8 0x000005A5
TlsFree - 0x0041C110 0x000231AC 0x000225AC 0x000005A3
FreeLibrary - 0x0041C114 0x000231B0 0x000225B0 0x000001AE
GetProcAddress - 0x0041C118 0x000231B4 0x000225B4 0x000002B1
LoadLibraryExW - 0x0041C11C 0x000231B8 0x000225B8 0x000003C7
GetModuleHandleExW - 0x0041C120 0x000231BC 0x000225BC 0x0000027A
GetStdHandle - 0x0041C124 0x000231C0 0x000225C0 0x000002D5
GetModuleFileNameW - 0x0041C128 0x000231C4 0x000225C4 0x00000277
GetFileType - 0x0041C12C 0x000231C8 0x000225C8 0x00000251
WideCharToMultiByte - 0x0041C130 0x000231CC 0x000225CC 0x00000602
WriteConsoleW - 0x0041C134 0x000231D0 0x000225D0 0x00000615
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wsprintfA - 0x0041C144 0x000231E0 0x000225E0 0x000003E1
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA - 0x0041C13C 0x000231D8 0x000225D8 0x000001AA
WINHTTP.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinHttpQueryDataAvailable - 0x0041C14C 0x000231E8 0x000225E8 0x0000002B
WinHttpConnect - 0x0041C150 0x000231EC 0x000225EC 0x00000009
WinHttpSetTimeouts - 0x0041C154 0x000231F0 0x000225F0 0x0000003A
WinHttpSendRequest - 0x0041C158 0x000231F4 0x000225F4 0x00000034
WinHttpCloseHandle - 0x0041C15C 0x000231F8 0x000225F8 0x00000008
WinHttpOpenRequest - 0x0041C160 0x000231FC 0x000225FC 0x00000027
WinHttpReceiveResponse - 0x0041C164 0x00023200 0x00022600 0x00000031
WinHttpOpen - 0x0041C168 0x00023204 0x00022604 0x00000026
WinHttpReadData - 0x0041C16C 0x00023208 0x00022608 0x0000002E
urlmon.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
URLDownloadToFileA - 0x0041C19C 0x00023238 0x00022638 0x00000073
WS2_32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSACleanup 0x00000074 0x0041C174 0x00023210 0x00022610 -
closesocket 0x00000003 0x0041C178 0x00023214 0x00022614 -
setsockopt 0x00000015 0x0041C17C 0x00023218 0x00022618 -
sendto 0x00000014 0x0041C180 0x0002321C 0x0002261C -
freeaddrinfo - 0x0041C184 0x00023220 0x00022620 0x00000095
getaddrinfo - 0x0041C188 0x00023224 0x00022624 0x00000096
WSAStartup 0x00000073 0x0041C18C 0x00023228 0x00022628 -
socket 0x00000017 0x0041C190 0x0002322C 0x0002262C -
recvfrom 0x00000011 0x0041C194 0x00023230 0x00022630 -
Memory Dumps (21)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
out_4.bin.exe 1 0x01230000 0x01257FFF Relevant Image False 32-bit 0x012386AE False
...
buffer 1 0x0040B000 0x0040FFFF First Network Behavior False 32-bit - False
...
buffer 1 0x0054E4D8 0x0054E6F7 First Network Behavior False 32-bit - False
...
buffer 1 0x0054E7F0 0x0054EB53 First Network Behavior False 32-bit - False
...
buffer 1 0x0054EB60 0x0054F95F First Network Behavior False 32-bit - False
...
buffer 1 0x00550168 0x005501E7 First Network Behavior False 32-bit - False
...
buffer 1 0x005501F0 0x00550287 First Network Behavior False 32-bit - False
...
buffer 1 0x005502F0 0x005503BD First Network Behavior False 32-bit - False
...
buffer 1 0x00550D40 0x0055153F First Network Behavior False 32-bit - False
...
buffer 1 0x005519B0 0x00551A41 First Network Behavior False 32-bit - False
...
buffer 1 0x00557F10 0x0055800E First Network Behavior False 32-bit - False
...
buffer 1 0x005607C0 0x005608BE First Network Behavior False 32-bit - False
...
buffer 1 0x005608C8 0x005609C6 First Network Behavior False 32-bit - False
...
buffer 1 0x005609D0 0x00560ACE First Network Behavior False 32-bit - False
...
buffer 1 0x00567D08 0x005681DC First Network Behavior False 32-bit - False
...
buffer 1 0x00572B80 0x005733B3 First Network Behavior False 32-bit - False
...
buffer 1 0x005733C0 0x005737BF First Network Behavior False 32-bit - False
...
buffer 1 0x00573ED0 0x00573FCE First Network Behavior False 32-bit - False
...
buffer 1 0x02A656F8 0x02A65789 First Network Behavior False 32-bit - False
...
out_4.bin.exe 1 0x01230000 0x01257FFF First Network Behavior False 32-bit 0x01233900 False
...
out_4.bin.exe 1 0x01230000 0x01257FFF Process Termination False 32-bit - False
...
C:\Users\KEECFM~1\AppData\Local\Temp\5ZJNWs5LVhHy2g2\svchost.exe Dropped File Binary
Suspicious
...
»
Also Known As C:\Users\KEECFM~1\AppData\Local\Temp\lAJV5KG3SOUZTZl.KdD3 (Accessed File)
c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\106[1].exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 10.00 MB
MD5 ae48ad3f4f50e3c56de3236920ef14e1 Copy to Clipboard
SHA1 c6dc06dcfe3ed72f78dd3ab2cd0374f7788c158f Copy to Clipboard
SHA256 8a1b6de98b121ba7c97731e000474a23fe1055b40ddcd091686ff49429611c5e Copy to Clipboard
SSDeep 196608:n0d+AFqkrhFOQHm2NZu7bYKvebX99R8wL7PYwNfvNJzzNdG:n0d9qQHmKuolj9D8a7PYyfXz+ Copy to Clipboard
ImpHash 8832376fa59bf29966d40030d361652a Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00F4FB75
Size Of Code 0x0001D600
Size Of Initialized Data 0x00084200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-02-21 14:28 (UTC+1)
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0001D5FE 0x00000000 0x00000000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.0
.rdata 0x0041F000 0x00002A50 0x00000000 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.data 0x00422000 0x000005BC 0x00000200 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.02
.5-D 0x00423000 0x00A931F8 0x00000000 0x00000000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.0
.qa1 0x00EB7000 0x00000394 0x00000400 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.46
.C!b 0x00EB8000 0x00D00E10 0x00D01000 0x00000A00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.99
.rsrc 0x01BB9000 0x00080EA4 0x00081000 0x00D01A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
Imports (1)
»
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyWindow - 0x00EB7008 0x00AC29C8 0x0000B3C8 0x00000000
C:\Users\kEecfMwgj\AppData\Local\Default\src\mails\gmail.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 280.24 KB
MD5 a39735afbefbccb49b8fe5c758c3a9f7 Copy to Clipboard
SHA1 631123ab2bc24863f93ae8ef5b3173ee63fca684 Copy to Clipboard
SHA256 0e3369b689948b9f009fe2f8eedf0ca977c53ebdcf19ab5da656c329e3a2e394 Copy to Clipboard
SSDeep 3072:DIh8GgP3hujzwbhd3XvSiDQ47GKLHz0gjGsUU86bbDUcQr1:Dy8G6RujcHX6MQ47GKj7j0R6bbDUcK Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\mails\yahoo.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 237.73 KB
MD5 2cea676f2cc7a65b6dde0ab35a7aad02 Copy to Clipboard
SHA1 89d1602bb8d1e247ad9c2bbf1d170cb7b59d4e26 Copy to Clipboard
SHA256 561f021f3b4f69705ed9e93cba53f8197cb2fd8c56c1e7fae9a622b5be4740ee Copy to Clipboard
SSDeep 3072:DIh8GgP3hujzwbhd3XvSiDQ47GKvHz0geGVaytcQrM:Dy8G6RujcHX6MQ47GKf7e/Gcj Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\mails\hotmail.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 237.56 KB
MD5 7b0a24e769b86b8c457d0084883de814 Copy to Clipboard
SHA1 34148080ef5b140af15bffd3883c27490c113beb Copy to Clipboard
SHA256 d094428bfa619d2e0c5139491b84e4ec0fecb325f346e28f9e0bda7860dfc9ab Copy to Clipboard
SSDeep 3072:DIh8GgP3hujzwbhd3XvSiDQ47GK5Hz0g5GCIyt6QrM:Dy8G6RujcHX6MQ47GK175MG6j Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\content\main.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 93.84 KB
MD5 94d1596d34b472b4472e2a7ba92db4b5 Copy to Clipboard
SHA1 207b861d29b279392dc883bcaa56f22ba889abca Copy to Clipboard
SHA256 4554d6f75364eef0b39ef147c2acadb7cac8b2b98ef007ecd8e47c890180e536 Copy to Clipboard
SSDeep 1536:WNjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQr:WcqmCU3zhINzfmR4lb3e34UQ47GK2 Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\proxy.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 11.82 KB
MD5 f6610ad4fb4a8d2564ed066cf293c873 Copy to Clipboard
SHA1 e0921914401174845874892279828d719bd3dd88 Copy to Clipboard
SHA256 5cc418457bc22049b535cd99f4f3d79e8f348c84b6b88e9600546bbcfaea5878 Copy to Clipboard
SSDeep 192:WoRd8MoUKdaXfwBgy0Yb72DRgAHGc6+U9ztCI+Q:9/si4BgLRgAHXe9zyQ Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\modules\content-scripts-register-polyfill.4.0.0.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 8.38 KB
MD5 f9d8025a6f17bc03731531d378fbd0f6 Copy to Clipboard
SHA1 7344e3e93919e5dc76b866ba9254b50f8cda8b9f Copy to Clipboard
SHA256 38c9e992d359768abfbe8a2c39be53d7345dd0172672c54f67dbfd97526c29c5 Copy to Clipboard
SSDeep 192:askXM1UbVe0EaeAaeQ58pWzHADxoSdzfStgtadD+x:ask81Ub9dpWzgD1AG Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\getMachineInfo.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 4.11 KB
MD5 78d95582445fdb7971c126326c8a64f4 Copy to Clipboard
SHA1 f297e9be2b0374b3bf2dad864a22823f01b222c3 Copy to Clipboard
SHA256 2d0e971ef41882ed970d988d30bd35d26c7f4d48aa047a96744206573ec9450c Copy to Clipboard
SSDeep 48:/woYnJKfsn5uEYAkbVIFz2Hm4VwdBdc04o4fi2+JFdTZr71rAgIM3IayavivL:/UMfsnUXAcIaY79rSB+5Rlzij Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\commands.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 3.99 KB
MD5 4c021f3154f7b6c51acfc2514e7157ad Copy to Clipboard
SHA1 bc1acfcc7a9dc368497382875ad434ca3bd185f1 Copy to Clipboard
SHA256 32549ca5b71962f1ab8f92022a2084e03258d8a311a46e1b192f35fe5f4c8bac Copy to Clipboard
SSDeep 48:8nOn/mn3BDX3RrRil40d/WIfSeoovvrCZrgjIayM6:F/mnRDXWl4yae5u5G+ Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\exchangeSettings.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 3.92 KB
MD5 95b2eaad7468d423bcf94ba53b330ea4 Copy to Clipboard
SHA1 b50a485ee063a3da39b3f46bfd234807f4958f61 Copy to Clipboard
SHA256 2c5fae28f0e029e491983f844acfc4c2042d8c5afa279288b965dfe0f2d77966 Copy to Clipboard
SSDeep 48:xrzie1koDAuIIaAxWooDLN1PIaSQoDs1J3rIaSQoDsVWzoDu1zzfIaSQoDsk7oof:RzP3yA+bGIHG4aGnooMO Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\resolve.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 3.89 KB
MD5 604bf29947d37c67c09111eac1330d15 Copy to Clipboard
SHA1 f0bba5baf7c199c5d3cf3352463a89c6e00b8469 Copy to Clipboard
SHA256 7795246fede147781358e81e32a0d5e9922dad51a6b00feeeb7e6777239a31dc Copy to Clipboard
SSDeep 48:Ufoey0wcOCji2VWz+ouskzKQjv6YC9kErw47VtmKKMHo046j0oRMRaYRiRInRg7T:UfoeywZjNg1MK0SBHu0IWbgLS Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\ico.png Dropped File Image
Clean
...
»
MIME Type image/png
File Size 3.82 KB
MD5 40de419c81de274c26c63e0f23d91a3f Copy to Clipboard
SHA1 3fda2c10bf0d84aa327e107730b3596fcd13d4fd Copy to Clipboard
SHA256 7d1878c4a74f2b7c6deb2efb39aa4c1cef86b8792efd2022644437cad6c48af3 Copy to Clipboard
SSDeep 48:7j4avmcia3fSE3dGlhjHCJSPJYfJhSlxn5kWglUuaPLrelX1QuC/6ufVVbRUlyiZ:p9ia3aSGlNdm3ShqUdMdC/6uNjly0O Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\background.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 2.09 KB
MD5 ac6a8b087a81220c320ba6dd0e271244 Copy to Clipboard
SHA1 33d3bb42b2e05d43478fbacefc4f2360b6ea44bf Copy to Clipboard
SHA256 78a799ab2ab295f74d471db41318713d8db7bf9c8f7acc7eda3c625c0907b886 Copy to Clipboard
SSDeep 48:SJ60gBosT7TuRftP8/7muFM6+3iHmIay1:APgB37SPuhFMKQo Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\manifest.json Dropped File Unknown
Clean
...
»
MIME Type application/json
File Size 1.18 KB
MD5 ebe7e432c656c6478df796ea245fefb8 Copy to Clipboard
SHA1 6ed3e4ee61f14ce06b1deee12836d68a45da048f Copy to Clipboard
SHA256 d4e49c2dcb191baa167e6b95a03581a7368803ed8c4261f6048e2ae574404468 Copy to Clipboard
SSDeep 24:OX0vxE1KiKyNjAv8MgosNU8WA5cBTbG0BfpjM9BMO1P:OgxkKgNj68jhsBRj3O1P Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\tabs.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 761 Bytes
MD5 3c6e1b49b5b5f176f998c1610b523873 Copy to Clipboard
SHA1 e7304a2d5249d2a60f720bd305b8bcbf5d18bb49 Copy to Clipboard
SHA256 c0e554c1c620cc7200a1803b54a11ac15895a8d07be65a7772089b2b8e441537 Copy to Clipboard
SSDeep 12:4iZgJY1XzH3YdyWqXufPBEY1XzH3zYmRPByPJY1XzHllig2jUflbQ/kk6SHqI:WYTKR2AEYTz7yxYplBNfh+BHt Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\notifications.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 673 Bytes
MD5 eef7fd1dff2c19591869998b3bc99660 Copy to Clipboard
SHA1 a8f20cd2e74d5afe9624f09423563e57ed677be5 Copy to Clipboard
SHA256 5af7c0ad5425c6c3a631dd800dcb7e6035cebf03210433914544d330063ebe49 Copy to Clipboard
SSDeep 12:/yy86BlHO6UKY1XzHxMsBTFl1xrQmdUuBS3Zm9:/0AlHOcYdMMP1xrrdXSA9 Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\rules.json Dropped File Unknown
Clean
...
»
MIME Type application/json
File Size 618 Bytes
MD5 6c1f6ab3492a615404a70161303de746 Copy to Clipboard
SHA1 d699813f9847cf859b0c2de40b94e32fc32c9976 Copy to Clipboard
SHA256 09aa1c09bd6316b4d8cc83ba1dbfa915c5a0802cab8cd414a52b766a3e1d9ffe Copy to Clipboard
SSDeep 12:UMJ6HfhqwF8XMSwF8XMXdewFpblwFpfXXMSwFprJ5ncfYFTV:HJ6/IdqAyutEJ5n+Y9V Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\injections.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 513 Bytes
MD5 6f74d4107333d79363f7a920fcd4ac4a Copy to Clipboard
SHA1 c65256680f8c88f374160fe34041ddbf2fe8c22e Copy to Clipboard
SHA256 60e419bbc7e8979be6068a5133c4e0b6bcd713add6d4295f04373e4e0d813507 Copy to Clipboard
SSDeep 12:4iNGJY1XzH7MhxH1TXIkBXaxRQXNojmRpLMhx07amw:0YwnBqXCTBw Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\extensions.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 479 Bytes
MD5 8e02ca576ce7a7828376dc48a7bd96d2 Copy to Clipboard
SHA1 cd0d8c9c86cb2faf317df6e993037e931942e725 Copy to Clipboard
SHA256 380637e36765a4a2969687cf002c3a17abde1d1f460bbf85c536a36b8dd2758c Copy to Clipboard
SSDeep 12:4i7AfJY1XzHhlaxELPBuCIJY1XzH9eQJT5mH3omz:FAhYfEY5kHz Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\settings.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 454 Bytes
MD5 02b7a53f87fb7e7446fd3e2743a44d9a Copy to Clipboard
SHA1 d82172a6f888bf0e1f4a656c2cc8d7dd6b643cb1 Copy to Clipboard
SHA256 d5ec352432681ac7ce9e74a9777f5c80415801e88544ab0d8b35f80f1066c6e9 Copy to Clipboard
SSDeep 12:4iF6+JY1XzH7MhxH1TXIkB0RQ1vYoxRpLMhxMWBamw:5YwnBoGYA8Bw Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\app.html Dropped File HTML
Clean
...
»
MIME Type text/html
File Size 227 Bytes
MD5 08785f3794a7ae9aab6b3fa669646794 Copy to Clipboard
SHA1 be015854a82c1c8119861ccb5cabc35249a4f2a7 Copy to Clipboard
SHA256 d301a7d23e62ae2747777cde00260dc5ab633361daf80d338a24358ff2133f50 Copy to Clipboard
SSDeep 6:qTFQzhqIezAGSKYkxfVfAbplMWEKgTfUb1AEyXMweXfGb:qTWIz+gCHjgT2KErpPGb Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\csp.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 208 Bytes
MD5 f2f958ae546c75ee373c58cc42676d94 Copy to Clipboard
SHA1 f1cf4b018e039680ad5bcb546673b8cd5a3701fc Copy to Clipboard
SHA256 65827a0e24ce36007307db3f415a97e6e9dc8bd9504b025a39ee9805f021d599 Copy to Clipboard
SSDeep 6:4i8KW6tWSaJDKGjAhROwu+X63MurWo124w3wdE:4idWlQhOLb0oo3OE Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\screenshot.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 205 Bytes
MD5 96f64d44ff2d8026288e84512a84501b Copy to Clipboard
SHA1 234d0ee1d11226c41d29dabff362f54526e58980 Copy to Clipboard
SHA256 d84cb4a6fb4d068ab1677a0a3dc1a606a46a1583e6676f2641703efec0d63baf Copy to Clipboard
SSDeep 6:4i8KWQXz0SQY1XTXM6KRe5lAFDZ9MkSweMolt:4iz4JY1XzH35lGZukJTolt Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\config.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 106 Bytes
MD5 c5886aea3f399d3a243a4adef6366512 Copy to Clipboard
SHA1 d1e28382f213c439672fa428af33f1a363a89e10 Copy to Clipboard
SHA256 b5d5497e70d7bfaf6c5927e079b8b6d5974c1e68011e0d3fd91c08c775e9add4 Copy to Clipboard
SSDeep 3:4i7AYgky2LRZ3pHGvqXXgKaCspKz:4i/O2LRPEqAKaLEz Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Default\src\functions\utils.js Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 81 Bytes
MD5 6ed6f00fe0734913d417c2b678eaaf71 Copy to Clipboard
SHA1 34d27ad2e2032047fb720ed19cdc131e20584f44 Copy to Clipboard
SHA256 9d8efec309ace466c552461702d83c7b7d5c7dcdbbcaad43a839cb80834d27ac Copy to Clipboard
SSDeep 3:4i8KWDWkqhovXQ+SERZVejkuV/pNv:4i8KW8SQDERZV6VVBNv Copy to Clipboard
ImpHash -
5b3209b25aacc6bbdfd9445eb7e77bd910e4209f95094bf386d28524bf72f1ec Downloaded File Binary
Clean
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 13.51 MB
MD5 ce3b1bfae46d06f1d52c7032505f8658 Copy to Clipboard
SHA1 5719afb013fe15e183fef63dc724ee39e3062d1c Copy to Clipboard
SHA256 5b3209b25aacc6bbdfd9445eb7e77bd910e4209f95094bf386d28524bf72f1ec Copy to Clipboard
SSDeep 393216:n0d9qQHmKuolj9D8a7PYyfXzmro5ixLF9np:0d9qQBz9DV7PYyvzmrDxh9n Copy to Clipboard
ImpHash 69ced1ad11dc0af68759e861c3ff436a Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00F4FB75
Size Of Code 0x0001D600
Size Of Initialized Data 0x00084200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-02-21 14:28 (UTC+1)
Version Information (12)
»
CompanyName MAGIX Computer Products Intl. Co.
FileDescription VEGAS MXF File Format
FileVersion Version 15.0 (Build 216)
InternalName mxfxavc.DLL
LegalCopyright Copyright (c) 2017 MAGIX Software GmbH. All rights reserved.
OriginalFilename mxfxavc.DLL
ProductName VEGAS MXF File Format
ProductVersion Version 15.0 (Build 216)
SfCharSet UNICODE
SfLangName English (U.S.)
SfLangID SBCS:409
OLESelfRegister -
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x0001D5FE 0x00000000 0x00000000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.0
.rdata 0x0041F000 0x00002A50 0x00000000 0x00000000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.data 0x00422000 0x000005BC 0x00000200 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.02
.5-D 0x00423000 0x00A931F8 0x00000000 0x00000000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.0
.qa1 0x00EB7000 0x00000394 0x00000400 0x00000600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.46
.C!b 0x00EB8000 0x00D00E10 0x00D01000 0x00000A00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.99
.rsrc 0x01BB9000 0x00080EA4 0x00081000 0x00D01A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.95
Imports (7)
»
KERNEL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LocalAlloc - 0x00EB7000 0x00AC29C0 0x0000B3C0 0x00000000
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DestroyWindow - 0x00EB7008 0x00AC29C8 0x0000B3C8 0x00000000
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFontLanguageInfo - 0x00EB7010 0x00AC29D0 0x0000B3D0 0x00000000
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize - 0x00EB7018 0x00AC29D8 0x0000B3D8 0x00000000
KERNEL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSystemTimeAsFileTime - 0x00EB7020 0x00AC29E0 0x0000B3E0 0x00000000
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharUpperBuffW - 0x00EB7028 0x00AC29E8 0x0000B3E8 0x00000000
KERNEL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LocalAlloc - 0x00EB7030 0x00AC29F0 0x0000B3F0 0x00000000
LocalFree - 0x00EB7034 0x00AC29F4 0x0000B3F4 0x00000000
GetModuleFileNameW - 0x00EB7038 0x00AC29F8 0x0000B3F8 0x00000000
ExitProcess - 0x00EB703C 0x00AC29FC 0x0000B3FC 0x00000000
LoadLibraryA - 0x00EB7040 0x00AC2A00 0x0000B400 0x00000000
GetModuleHandleA - 0x00EB7044 0x00AC2A04 0x0000B404 0x00000000
GetProcAddress - 0x00EB7048 0x00AC2A08 0x0000B408 0x00000000
add0ebf1bb604d3681c8f7e80164f2072430c32cc4c8870394938e507fce5f02 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 1.56 MB
MD5 21eaa1bdbc4ff0317d848282fcb7209b Copy to Clipboard
SHA1 7aba7b77cbdd1dbdae24d6f5447ecfc99cc11d30 Copy to Clipboard
SHA256 add0ebf1bb604d3681c8f7e80164f2072430c32cc4c8870394938e507fce5f02 Copy to Clipboard
SSDeep 49152:pr+aADnAEGQoB1xSIepnbP34i8RpDONq5r2uIxG2bQq7/gr+at9R6DWaPhAfZVt3:n Copy to Clipboard
ImpHash -
15bf4209ecd3d78a4b3331defb091dc4738c2ec83f3897b2b79bc32d14691187 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 2.05 KB
MD5 139622d4411dffea90a62e1c44d2c249 Copy to Clipboard
SHA1 1d1abc8fff6abb171897430423ff6c574f32592c Copy to Clipboard
SHA256 15bf4209ecd3d78a4b3331defb091dc4738c2ec83f3897b2b79bc32d14691187 Copy to Clipboard
SSDeep 48:8aYeJQPcAHBguIvxSIOigyR8rkJf39niRagdR4oETVKFTP8wDjgEO7:8aW/IEWRQYf3c/UTV2O Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 13.85 KB
MD5 e4654ea7693d2f2ccce25a9f2b49f701 Copy to Clipboard
SHA1 8d53a717e20f33aad1e693a2c67bc74633e31c69 Copy to Clipboard
SHA256 006a9adb3c4e3195a22c668131855474d8fa391fa49c75f17cb076f6966f3f07 Copy to Clipboard
SSDeep 384:PFaV8vzOdBXVoGIpN6KQkj2SbRWxATkjh4iUxj:daV8vzOdBXV3IpNBQkj2CRWxAGh4iUxj Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 13.51 KB
MD5 d4c3758e783e84a32506012d68b83499 Copy to Clipboard
SHA1 0b68aac758ab4056590208ab2ac59155b4854abd Copy to Clipboard
SHA256 cd5af7ad412ac22e95345129207ede77e3352bedcce19b870051579ef26add7b Copy to Clipboard
SSDeep 384:tSa5q/4HWrxVIp3jZu3dVvjFUpEA4kjh4iUx6:wa5q/4HWrxVIp3jc3dVvjFUpEAhh4iUA Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image