a54c4c2c...549f | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Threat Names:
VBS.ObfDldr.23.Gen
Gen:Variant.Midie.70770
Mal/HTMLGen-A

documeynt4565.wsf

Windows Script File

Created at 2020-02-24T15:56:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\documeynt4565.wsf Sample File Text
Malicious
...
»
Mime Type text/x-wsf
File Size 21.92 KB
MD5 42ffb9ad1b4555f9080fbf94181b6f35 Copy to Clipboard
SHA1 46a467d751787c9679c45b0d8f390ad526b75206 Copy to Clipboard
SHA256 a54c4c2c87771dde2fa649a4858a1036b3e8dda1756ed4dc3c9c179b9b33549f Copy to Clipboard
SSDeep 96:mCaQGDT4SZEW1FFuefsNXBAv03oAuCmCLGVQ8YYYYYNz:mP8q2Ly8o1Cqa8YYYYYt Copy to Clipboard
ImpHash -
Local AV Matches (1)
»
Threat Name Severity
VBS.ObfDldr.23.Gen
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\NGHvEOGrPRHHZU.dll Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.18 MB
MD5 305d96335a600ea4b97c5629845f4e29 Copy to Clipboard
SHA1 425af28f7c69f96a89d1784724cde4e4c3417d47 Copy to Clipboard
SHA256 dc9bffe02bc22d40ec5dd71efe9c27cdde2bab294fcef9ee5c3cb680760019ba Copy to Clipboard
SSDeep 24576:AXcfREnkuoLQV0cxhHGvnPra2DIYJJ4tY+ngj6bdW7WzB6:AXcfHCacXWnjJEaiNu6bd7w Copy to Clipboard
ImpHash 19dc63eda973bc8408853a85c14ecf4e Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x10002812
Size Of Code 0x43c00
Size Of Initialized Data 0x1e5000
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-02-21 13:20:54+00:00
Version Information (8)
»
CompanyName Metal Higher Logic
FileDescription She Dream
FileVersion 8.4.5401.7660
InternalName allowdear.dll
LegalCopyright © Metal Higher Logic Corporation. All rights reserved.
OriginalFilename allowdear.dll
ProductName Metal Higher Logic She Dream
ProductVersion 8.4.5401.7660
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x43a94 0x43c00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.27
.rdata 0x10045000 0x8e565 0x8e600 0x44000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.17
.data 0x100d4000 0x153348 0x57a00 0xd2600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.77
.rsrc 0x10228000 0x3b0 0x400 0x12a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.13
.reloc 0x10229000 0x3010 0x3200 0x12a400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 2.88
Imports (5)
»
KERNEL32.dll (76)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsAlloc 0x0 0x10045028 0xd2cac 0xd1cac 0x4c5
CreateFileA 0x0 0x1004502c 0xd2cb0 0xd1cb0 0x88
SetStdHandle 0x0 0x10045030 0xd2cb4 0xd1cb4 0x487
VirtualProtect 0x0 0x10045034 0xd2cb8 0xd1cb8 0x4ef
WriteConsoleW 0x0 0x10045038 0xd2cbc 0xd1cbc 0x524
FindNextFileW 0x0 0x1004503c 0xd2cc0 0xd1cc0 0x145
FindClose 0x0 0x10045040 0xd2cc4 0xd1cc4 0x12e
GetModuleFileNameW 0x0 0x10045044 0xd2cc8 0xd1cc8 0x214
Sleep 0x0 0x10045048 0xd2ccc 0xd1ccc 0x4b2
LoadLibraryW 0x0 0x1004504c 0xd2cd0 0xd1cd0 0x33f
GetConsoleOutputCP 0x0 0x10045050 0xd2cd4 0xd1cd4 0x1b0
WriteConsoleA 0x0 0x10045054 0xd2cd8 0xd1cd8 0x51a
CloseHandle 0x0 0x10045058 0xd2cdc 0xd1cdc 0x52
TlsSetValue 0x0 0x1004505c 0xd2ce0 0xd1ce0 0x4c8
FindFirstFileW 0x0 0x10045060 0xd2ce4 0xd1ce4 0x139
GetEnvironmentVariableW 0x0 0x10045064 0xd2ce8 0xd1ce8 0x1dc
SetFilePointer 0x0 0x10045068 0xd2cec 0xd1cec 0x466
ExitProcess 0x0 0x1004506c 0xd2cf0 0xd1cf0 0x119
HeapAlloc 0x0 0x10045070 0xd2cf4 0xd1cf4 0x2cb
GetCurrentThreadId 0x0 0x10045074 0xd2cf8 0xd1cf8 0x1c5
GetCommandLineA 0x0 0x10045078 0xd2cfc 0xd1cfc 0x186
RaiseException 0x0 0x1004507c 0xd2d00 0xd1d00 0x3b1
RtlUnwind 0x0 0x10045080 0xd2d04 0xd1d04 0x418
TerminateProcess 0x0 0x10045084 0xd2d08 0xd1d08 0x4c0
GetCurrentProcess 0x0 0x10045088 0xd2d0c 0xd1d0c 0x1c0
UnhandledExceptionFilter 0x0 0x1004508c 0xd2d10 0xd1d10 0x4d3
SetUnhandledExceptionFilter 0x0 0x10045090 0xd2d14 0xd1d14 0x4a5
IsDebuggerPresent 0x0 0x10045094 0xd2d18 0xd1d18 0x300
EnterCriticalSection 0x0 0x10045098 0xd2d1c 0xd1d1c 0xee
LeaveCriticalSection 0x0 0x1004509c 0xd2d20 0xd1d20 0x339
GetLastError 0x0 0x100450a0 0xd2d24 0xd1d24 0x202
HeapFree 0x0 0x100450a4 0xd2d28 0xd1d28 0x2cf
DeleteCriticalSection 0x0 0x100450a8 0xd2d2c 0xd1d2c 0xd1
VirtualFree 0x0 0x100450ac 0xd2d30 0xd1d30 0x4ec
VirtualAlloc 0x0 0x100450b0 0xd2d34 0xd1d34 0x4e9
HeapReAlloc 0x0 0x100450b4 0xd2d38 0xd1d38 0x2d2
HeapCreate 0x0 0x100450b8 0xd2d3c 0xd1d3c 0x2cd
HeapDestroy 0x0 0x100450bc 0xd2d40 0xd1d40 0x2ce
GetModuleHandleW 0x0 0x100450c0 0xd2d44 0xd1d44 0x218
GetProcAddress 0x0 0x100450c4 0xd2d48 0xd1d48 0x245
WriteFile 0x0 0x100450c8 0xd2d4c 0xd1d4c 0x525
GetStdHandle 0x0 0x100450cc 0xd2d50 0xd1d50 0x264
GetModuleFileNameA 0x0 0x100450d0 0xd2d54 0xd1d54 0x213
TlsGetValue 0x0 0x100450d4 0xd2d58 0xd1d58 0x4c7
TlsFree 0x0 0x100450d8 0xd2d5c 0xd1d5c 0x4c6
InterlockedIncrement 0x0 0x100450dc 0xd2d60 0xd1d60 0x2ef
SetLastError 0x0 0x100450e0 0xd2d64 0xd1d64 0x473
InterlockedDecrement 0x0 0x100450e4 0xd2d68 0xd1d68 0x2eb
SetHandleCount 0x0 0x100450e8 0xd2d6c 0xd1d6c 0x46f
GetFileType 0x0 0x100450ec 0xd2d70 0xd1d70 0x1f3
GetStartupInfoA 0x0 0x100450f0 0xd2d74 0xd1d74 0x262
FreeEnvironmentStringsA 0x0 0x100450f4 0xd2d78 0xd1d78 0x160
GetEnvironmentStrings 0x0 0x100450f8 0xd2d7c 0xd1d7c 0x1d8
FreeEnvironmentStringsW 0x0 0x100450fc 0xd2d80 0xd1d80 0x161
WideCharToMultiByte 0x0 0x10045100 0xd2d84 0xd1d84 0x511
GetEnvironmentStringsW 0x0 0x10045104 0xd2d88 0xd1d88 0x1da
QueryPerformanceCounter 0x0 0x10045108 0xd2d8c 0xd1d8c 0x3a7
GetTickCount 0x0 0x1004510c 0xd2d90 0xd1d90 0x293
GetCurrentProcessId 0x0 0x10045110 0xd2d94 0xd1d94 0x1c1
GetSystemTimeAsFileTime 0x0 0x10045114 0xd2d98 0xd1d98 0x279
GetCPInfo 0x0 0x10045118 0xd2d9c 0xd1d9c 0x172
GetACP 0x0 0x1004511c 0xd2da0 0xd1da0 0x168
GetOEMCP 0x0 0x10045120 0xd2da4 0xd1da4 0x237
IsValidCodePage 0x0 0x10045124 0xd2da8 0xd1da8 0x30a
MultiByteToWideChar 0x0 0x10045128 0xd2dac 0xd1dac 0x367
InitializeCriticalSectionAndSpinCount 0x0 0x1004512c 0xd2db0 0xd1db0 0x2e3
LoadLibraryA 0x0 0x10045130 0xd2db4 0xd1db4 0x33c
HeapSize 0x0 0x10045134 0xd2db8 0xd1db8 0x2d4
GetConsoleCP 0x0 0x10045138 0xd2dbc 0xd1dbc 0x19a
GetConsoleMode 0x0 0x1004513c 0xd2dc0 0xd1dc0 0x1ac
FlushFileBuffers 0x0 0x10045140 0xd2dc4 0xd1dc4 0x157
LCMapStringA 0x0 0x10045144 0xd2dc8 0xd1dc8 0x32b
LCMapStringW 0x0 0x10045148 0xd2dcc 0xd1dcc 0x32d
GetStringTypeA 0x0 0x1004514c 0xd2dd0 0xd1dd0 0x266
GetStringTypeW 0x0 0x10045150 0xd2dd4 0xd1dd4 0x269
GetLocaleInfoA 0x0 0x10045154 0xd2dd8 0xd1dd8 0x204
USER32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EndDialog 0x0 0x1004515c 0xd2de0 0xd1de0 0xda
OffsetRect 0x0 0x10045160 0xd2de4 0xd1de4 0x225
LoadIconW 0x0 0x10045164 0xd2de8 0xd1de8 0x1ed
SetCapture 0x0 0x10045168 0xd2dec 0xd1dec 0x280
GetMessageW 0x0 0x1004516c 0xd2df0 0xd1df0 0x15d
CloseClipboard 0x0 0x10045170 0xd2df4 0xd1df4 0x49
GDI32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OffsetViewportOrgEx 0x0 0x10045000 0xd2c84 0xd1c84 0x23e
SetViewportExtEx 0x0 0x10045004 0xd2c88 0xd1c88 0x2a8
ScaleViewportExtEx 0x0 0x10045008 0xd2c8c 0xd1c8c 0x271
ScaleWindowExtEx 0x0 0x1004500c 0xd2c90 0xd1c90 0x272
ole32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoUninitialize 0x0 0x10045178 0xd2dfc 0xd1dfc 0x6c
OleInitialize 0x0 0x1004517c 0xd2e00 0xd1e00 0x132
OleUninitialize 0x0 0x10045180 0xd2e04 0xd1e04 0x149
CoInitialize 0x0 0x10045184 0xd2e08 0xd1e08 0x3e
CoCreateInstance 0x0 0x10045188 0xd2e0c 0xd1e0c 0x10
IMM32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImmSetCompositionFontW 0x0 0x10045014 0xd2c98 0xd1c98 0x71
ImmGetCompositionStringW 0x0 0x10045018 0xd2c9c 0xd1c9c 0x36
ImmGetContext 0x0 0x1004501c 0xd2ca0 0xd1ca0 0x38
ImmSetCompositionWindow 0x0 0x10045020 0xd2ca4 0xd1ca4 0x74
Exports (1)
»
Api name EAT Address Ordinal
Selflight 0xc310 0x1
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Midie.70770
Malicious
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image