Try VMRay Platform
Malicious
Classifications

Downloader Injector

Threat Names

SmokeLoader Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2022-01-14T01:20:00

8362e0f91ae3379c73422bbca7bac493.virus.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "58 minutes, 20 seconds" to "11 seconds" to reveal dormant functionality.

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\8362e0f91ae3379c73422bbca7bac493.virus.exe Sample File Binary
malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\bcatcih (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 287.50 KB
MD5 8362e0f91ae3379c73422bbca7bac493 Copy to Clipboard
SHA1 ec761f77bbe9900aed7ffa0a9303dc6801a9effb Copy to Clipboard
SHA256 adfea20237be615461c44fea423d6043fc74bf1c5303ee33fcecd8acd201291e Copy to Clipboard
SSDeep 3072:Uv7CHCUfMX34IHHW1UJNZoVkzUl1V9gALVggjcGkNIVqI:UvByIIIW1UJNZo/VV7ITsq Copy to Clipboard
ImpHash 996fe7decbf39b8813e0892e829e72ad Copy to Clipboard
File Reputation Information
»
Verdict
malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x403360
Size Of Code 0x12000
Size Of Initialized Data 0x3da00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-05-18 18:47:08+00:00
Version Information (3)
»
InternationalName bomgvioci.iwa
Copyright Copyrighz (C) 2021, fudkort
ProjectVersion 3.10.70.57
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x11fc6 0x12000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.7
.rdata 0x413000 0x596e 0x5a00 0x12400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.67
.data 0x419000 0x28278 0x22200 0x17e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.81
.rsrc 0x442000 0xdc88 0xde00 0x3a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.38
Imports (1)
»
KERNEL32.dll (98)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetLocaleInfoA - 0x413000 0x180b0 0x174b0 0x3f0
GetConsoleAliasesLengthW - 0x413004 0x180b4 0x174b4 0x181
VirtualQuery - 0x413008 0x180b8 0x174b8 0x45c
GetDefaultCommConfigW - 0x41300c 0x180bc 0x174bc 0x1b2
OpenJobObjectA - 0x413010 0x180c0 0x174c0 0x32d
ReadConsoleA - 0x413014 0x180c4 0x174c4 0x35c
GetConsoleAliasA - 0x413018 0x180c8 0x174c8 0x179
InterlockedDecrement - 0x41301c 0x180cc 0x174cc 0x2bc
GetProfileSectionA - 0x413020 0x180d0 0x174d0 0x231
SetComputerNameW - 0x413024 0x180d4 0x174d4 0x3a4
GetTimeFormatA - 0x413028 0x180d8 0x174d8 0x268
GetConsoleAliasesA - 0x41302c 0x180dc 0x174dc 0x17f
GetConsoleTitleA - 0x413030 0x180e0 0x174e0 0x19e
SetFileTime - 0x413034 0x180e4 0x174e4 0x3e3
FindResourceExA - 0x413038 0x180e8 0x174e8 0x137
Sleep - 0x41303c 0x180ec 0x174ec 0x421
GetFileAttributesW - 0x413040 0x180f0 0x174f0 0x1ce
SetComputerNameExW - 0x413044 0x180f4 0x174f4 0x3a3
RaiseException - 0x413048 0x180f8 0x174f8 0x35a
GetLongPathNameW - 0x41304c 0x180fc 0x174fc 0x1f2
GetProcAddress - 0x413050 0x18100 0x17500 0x220
VirtualAlloc - 0x413054 0x18104 0x17504 0x454
GetAtomNameA - 0x413058 0x18108 0x17508 0x155
LocalAlloc - 0x41305c 0x1810c 0x1750c 0x2f9
DnsHostnameToComputerNameA - 0x413060 0x18110 0x17510 0xce
GetFileType - 0x413064 0x18114 0x17514 0x1d7
GetModuleFileNameA - 0x413068 0x18118 0x17518 0x1f4
CreateIoCompletionPort - 0x41306c 0x1811c 0x1751c 0x84
SetConsoleTitleW - 0x413070 0x18120 0x17520 0x3c2
GetModuleHandleA - 0x413074 0x18124 0x17524 0x1f6
GetStringTypeW - 0x413078 0x18128 0x17528 0x240
GetVersionExA - 0x41307c 0x1812c 0x1752c 0x275
ReadConsoleInputW - 0x413080 0x18130 0x17530 0x360
EnumSystemLocalesW - 0x413084 0x18134 0x17534 0xfa
CreateThread - 0x413088 0x18138 0x17538 0xa3
HeapAlloc - 0x41308c 0x1813c 0x1753c 0x29d
GetCommandLineA - 0x413090 0x18140 0x17540 0x16f
GetStartupInfoA - 0x413094 0x18144 0x17544 0x239
RtlUnwind - 0x413098 0x18148 0x17548 0x392
TerminateProcess - 0x41309c 0x1814c 0x1754c 0x42d
GetCurrentProcess - 0x4130a0 0x18150 0x17550 0x1a9
UnhandledExceptionFilter - 0x4130a4 0x18154 0x17554 0x43e
SetUnhandledExceptionFilter - 0x4130a8 0x18158 0x17558 0x415
IsDebuggerPresent - 0x4130ac 0x1815c 0x1755c 0x2d1
GetLastError - 0x4130b0 0x18160 0x17560 0x1e6
HeapFree - 0x4130b4 0x18164 0x17564 0x2a1
DeleteCriticalSection - 0x4130b8 0x18168 0x17568 0xbe
LeaveCriticalSection - 0x4130bc 0x1816c 0x1756c 0x2ef
EnterCriticalSection - 0x4130c0 0x18170 0x17570 0xd9
VirtualFree - 0x4130c4 0x18174 0x17574 0x457
HeapReAlloc - 0x4130c8 0x18178 0x17578 0x2a4
HeapCreate - 0x4130cc 0x1817c 0x1757c 0x29f
GetModuleHandleW - 0x4130d0 0x18180 0x17580 0x1f9
ExitProcess - 0x4130d4 0x18184 0x17584 0x104
WriteFile - 0x4130d8 0x18188 0x17588 0x48d
GetStdHandle - 0x4130dc 0x1818c 0x1758c 0x23b
SetHandleCount - 0x4130e0 0x18190 0x17590 0x3e8
SetFilePointer - 0x4130e4 0x18194 0x17594 0x3df
TlsGetValue - 0x4130e8 0x18198 0x17598 0x434
TlsAlloc - 0x4130ec 0x1819c 0x1759c 0x432
TlsSetValue - 0x4130f0 0x181a0 0x175a0 0x435
TlsFree - 0x4130f4 0x181a4 0x175a4 0x433
InterlockedIncrement - 0x4130f8 0x181a8 0x175a8 0x2c0
SetLastError - 0x4130fc 0x181ac 0x175ac 0x3ec
GetCurrentThreadId - 0x413100 0x181b0 0x175b0 0x1ad
CloseHandle - 0x413104 0x181b4 0x175b4 0x43
FreeEnvironmentStringsA - 0x413108 0x181b8 0x175b8 0x14a
GetEnvironmentStrings - 0x41310c 0x181bc 0x175bc 0x1bf
FreeEnvironmentStringsW - 0x413110 0x181c0 0x175c0 0x14b
WideCharToMultiByte - 0x413114 0x181c4 0x175c4 0x47a
GetEnvironmentStringsW - 0x413118 0x181c8 0x175c8 0x1c1
QueryPerformanceCounter - 0x41311c 0x181cc 0x175cc 0x354
GetTickCount - 0x413120 0x181d0 0x175d0 0x266
GetCurrentProcessId - 0x413124 0x181d4 0x175d4 0x1aa
GetSystemTimeAsFileTime - 0x413128 0x181d8 0x175d8 0x24f
InitializeCriticalSectionAndSpinCount - 0x41312c 0x181dc 0x175dc 0x2b5
LoadLibraryA - 0x413130 0x181e0 0x175e0 0x2f1
GetCPInfo - 0x413134 0x181e4 0x175e4 0x15b
GetACP - 0x413138 0x181e8 0x175e8 0x152
GetOEMCP - 0x41313c 0x181ec 0x175ec 0x213
IsValidCodePage - 0x413140 0x181f0 0x175f0 0x2db
CreateFileA - 0x413144 0x181f4 0x175f4 0x78
SetStdHandle - 0x413148 0x181f8 0x175f8 0x3fc
GetConsoleCP - 0x41314c 0x181fc 0x175fc 0x183
GetConsoleMode - 0x413150 0x18200 0x17600 0x195
FlushFileBuffers - 0x413154 0x18204 0x17604 0x141
HeapSize - 0x413158 0x18208 0x17608 0x2a6
GetLocaleInfoA - 0x41315c 0x1820c 0x1760c 0x1e8
LCMapStringA - 0x413160 0x18210 0x17610 0x2e1
MultiByteToWideChar - 0x413164 0x18214 0x17614 0x31a
LCMapStringW - 0x413168 0x18218 0x17618 0x2e3
GetStringTypeA - 0x41316c 0x1821c 0x1761c 0x23d
SetEndOfFile - 0x413170 0x18220 0x17620 0x3cd
GetProcessHeap - 0x413174 0x18224 0x17624 0x223
ReadFile - 0x413178 0x18228 0x17628 0x368
WriteConsoleA - 0x41317c 0x1822c 0x1762c 0x482
GetConsoleOutputCP - 0x413180 0x18230 0x17630 0x199
WriteConsoleW - 0x413184 0x18234 0x17634 0x48c
Memory Dumps (8)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
8362e0f91ae3379c73422bbca7bac493.virus.exe 1 0x00400000 0x0044FFFF Relevant Image False 32-bit 0x00407F33 False
...
buffer 1 0x00030000 0x00038FFF First Execution False 32-bit 0x00030000 False
...
buffer 1 0x001C0000 0x001C8FFF First Execution False 32-bit 0x001C0000 False
...
buffer 2 0x00400000 0x00408FFF First Execution False 32-bit 0x00402F47 False
...
8362e0f91ae3379c73422bbca7bac493.virus.exe 1 0x00400000 0x0044FFFF Process Termination False 32-bit - False
...
buffer 2 0x00400000 0x00408FFF Content Changed False 32-bit 0x0040283D False
...
buffer 2 0x00400000 0x00408FFF Process Termination False 32-bit - False
...
buffer 2 0x00430000 0x00435FFF Process Termination False 32-bit - True
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image