ac69e0f6...26b4 | Yara
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Spyware, Ransomware, Trojan, Dropper, Backdoor

killeryuga.exe

Windows Exe (x86-32)

Created at 2019-03-24T16:35:00

...

Remarks (2/3)

(0x2000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x200000e): The overall sleep time of all monitored processes was truncated from "1 minute, 40 seconds" to "10 seconds" to reveal dormant functionality.

(0x2000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Detection Information

YARA Applied On Sample Files, PCAP File, Downloaded Files, Dropped Files, Modified Files, Memory Dumps, Embedded Files
YARA Matches (11)
ยป
Ruleset Name Rule Name Rule Description File Type Filename Classification Severity Actions
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Malware Gh0stMiancha_1_0_0 Miancha backdoor Memory Dump 5.exe Backdoor
Malicious
...
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image