7e33dd313ed0

Remarks

Maximum Dump Total Size Reached (0x0200005D): 1341 additional dumps with the reason "Content Changed" and a total of 16721 MB were skipped because the respective maximum limit was reached.

Maximum Dump Size Exceeded (0x0200004A): 2 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 512 MB.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\kEecfMwgj\Desktop\SecuriteInfo.com.Trojan-PSW.Agent.26016.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	4.16 MB
MD5	c9a36a7e0bf431dafe139b1cc18609ed
SHA1	4d77f0d31e994d3baeba164238634cadaf95fb77
SHA256	7e33dd313ed09a15c81af55ee0997031caa3da8fba8c31c3859bc95e52559ff3
SSDeep	98304:6PSzwcdHYUcyX4eHU0hU/cSuijBf1ULKPQ1w9VOO6GQgjIkU:WS0cJ59U0hUkx6f1g1w9CGQ2I
ImpHash	9aebf3da4677af9275c461261e5abde3

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x140000000
Entry Point	0x140C76A70
Size Of Code	0x0042B000
Size Of Initialized Data	0x00001000
Size Of Uninitialized Data	0x0084B000
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_AMD64
Compile Timestamp	1970-01-01 00:00 (UTC)

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
UPX0	0x140001000	0x0084B000	0x00000000	0x00000200	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
UPX1	0x14084C000	0x0042B000	0x0042AE00	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.93
.rsrc	0x140C77000	0x00001000	0x00000600	0x0042B000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.18

Imports (2)

KERNEL32.DLL (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LoadLibraryA	-	0x140C77528	0x00C77528	0x0042B528	0x00000000
ExitProcess	-	0x140C77530	0x00C77530	0x0042B530	0x00000000
GetProcAddress	-	0x140C77538	0x00C77538	0x0042B538	0x00000000
VirtualProtect	-	0x140C77540	0x00C77540	0x0042B540	0x00000000

msvcrt.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
exit	-	0x140C77550	0x00C77550	0x0042B550	0x00000000

Memory Dumps (30)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	First Execution	64-bit	0x13FD06CC0	... Actions Go to Process Download Dump
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	Content Changed	64-bit	0x13F81E970	... Actions Go to Process Download Dump
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	Content Changed	64-bit	0x13F0914E0	... Actions Go to Process Download Dump
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	Content Changed	64-bit	0x13F82A200	... Actions Go to Process Download Dump
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	Content Changed	64-bit	0x13F8199C0	... Actions Go to Process Download Dump
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	Content Changed	64-bit	0x13F0D3D60	... Actions Go to Process Download Dump
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	Content Changed	64-bit	0x13F0BF000	... Actions Go to Process Download Dump
buffer	1	0x2862E000	0x2862FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x2836E000	0x2836FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x2800D000	0x2800FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x27D8E000	0x27D8FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x27A8E000	0x27A8FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0032C000	0x0032FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x000E0000	0x0011FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00120000	0x0012FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00430000	0x0044FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00450000	0x00461FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00470000	0x0047FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00720000	0x0075FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01D20000	0x01E1FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01E20000	0x01E5FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x01EF0000	0x026EFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04720000	0x04720FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x16870000	0x16870FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x266F0000	0x26EEFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x26EF0000	0x276EFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x276F0000	0x277EFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000000000	0xC0003FFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	First Network Behavior	64-bit	0x13F0EE0D4	... Actions Go to Process Download Dump
securiteinfo.com.trojan-psw.agent.26016.exe	1	0x13F090000	0x13FD07FFF	Process Termination	64-bit	-	... Actions Go to Process Download Dump

C:\Users\KEECFM~1\AppData\Local\Temp\cM5o6GeI.zip

Dropped File

ZIP

MIME Type	application/zip
File Size	451 Bytes
MD5	7f0d9c8431ce4a0586b49ffe5c613fe9
SHA1	eedf6f916df1eb7ce45ac6c5e05380340d17dfe4
SHA256	c6b1ac621b3769171b98370ac29ba6a6edc4f0027ebf438fd83eddbde68b8460
SSDeep	12:5jMPude3Vck0Z33RCPked6hmwihml7yx+u+1aKn:9U4e3NeQPkeGmwgO7yx+u+Z
ImpHash	-

Archive Information

Number of Files	1
Number of Folders	0
Size of Packed Archive Contents	317 Bytes
Size of Unpacked Archive Contents	547 Bytes
File Format	zip

Contents (1)

File Name	Packed Size	Unpacked Size	Compression	Is Encrypted	Modify Time	Verdict	Recursively Submitted	Actions
system.txt	317 Bytes	547 Bytes	Deflate	False	-	Clean	-	... Actions Show File Submit File Download File

C:\Users\KEECFM~1\AppData\Local\Temp\system.txt

Dropped File

Text

Also Known As	system.txt (Miscellaneous File, Archive File)
Parent File	C:\Users\KEECFM~1\AppData\Local\Temp\cM5o6GeI.zip
MIME Type	text/plain
File Size	547 Bytes
MD5	c31191aba5d9540330aaf0bcdd7cf488
SHA1	8661b4e685a4d1257992d0a379927c03e6afa5c2
SHA256	28af184aa962040cdbd0d8a4e4e48c11e9217fe1485672e06587d8a4ae62ddcb
SSDeep	12:0b3XTHP/h2oQUUW5EOFfqo6Bjju9MoJDW5jC69Z:0bnTvZ2oQsj6BPuxJDZg
ImpHash	-

85599a07279c398837833e65ce849274ad5c31ee700858a41602dcdd414644a4

Downloaded File

Unknown

MIME Type	application/json
File Size	1.11 KB
MD5	4df5a4ea0f4dd6124d44e4afa88394e8
SHA1	f847dbfd3f80999b9386cc3add3c4542e7bcebe8
SHA256	85599a07279c398837833e65ce849274ad5c31ee700858a41602dcdd414644a4
SSDeep	24:YKK4UD2Zxoqb6uDI2Rj4ANhqvKhRphRoXKO:Y3D2Zx16f+cAWIuV
ImpHash	-

0d3c8dd6f6eadcaf754042a5d0dbdaadc6fac385b91f9c3926a7dc393614c392

Downloaded File

Unknown

MIME Type	application/json
File Size	310 Bytes
MD5	287614d73940ab08bf01350ed7b70869
SHA1	e0fdd7fa4d5f251a238bdbe73c63be4ba4fd1ba0
SHA256	0d3c8dd6f6eadcaf754042a5d0dbdaadc6fac385b91f9c3926a7dc393614c392
SSDeep	6:0Um9olxExVmZmFNH0//fwLiJpWYgpBjF/W35jY:888XHUXBpCBJA5k
ImpHash	-

74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Downloaded File

Text

MIME Type	text/plain
File Size	4 Bytes
MD5	37a6259cc0c1dae299a7866489dff0bd
SHA1	2be88ca4242c76e8253ac62474851065032d6833
SHA256	74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
SSDeep	3:s:s
ImpHash	-

File Reputation Information

Verdict

Clean

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information