VTI SCORE: 100/100
Dynamic Analysis Report |
Classification: Keylogger, Spyware, Trojan |
gmmqacgpk.exe
Windows Exe (x86-32)
Created at 2019-07-22T00:24:00
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\gmmqacgpk.exe | Sample File | Binary |
Malicious
|
...
|
»
File Reputation Information
»
Severity |
Blacklisted
|
First Seen | 2016-08-14 02:37 (UTC+2) |
Last Seen | 2018-01-23 06:38 (UTC+1) |
Names | Win32.Trojan.Razy |
Families | Razy |
Classification | Trojan |
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x451d7e |
Size Of Code | 0x50000 |
Size Of Initialized Data | 0x5c000 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2016-08-11 01:19:38+00:00 |
Version Information (7)
»
Assembly Version | 0.0.0.0 |
FileDescription | |
FileVersion | 0.0.0.0 |
InternalName | nono.exe |
LegalCopyright | |
OriginalFilename | nono.exe |
ProductVersion | 0.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x402000 | 0x4fd84 | 0x50000 | 0x1000 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 7.89 |
.rsrc | 0x452000 | 0x5a9a8 | 0x5b000 | 0x51000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 2.05 |
.reloc | 0x4ae000 | 0xc | 0x1000 | 0xac000 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.02 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | 0x0 | 0x402000 | 0x51d58 | 0x50d58 | 0x0 |
Memory Dumps (11)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
system.drawing.ni.dll | 1 | 0x747F0000 | 0x74977FFF | Content Changed | - | 32-bit | 0x74843870, 0x74828140 |
...
|
||
system.drawing.ni.dll | 1 | 0x747F0000 | 0x74977FFF | Content Changed | - | 32-bit | 0x7483BB90, 0x74839940 |
...
|
||
system.drawing.ni.dll | 1 | 0x747F0000 | 0x74977FFF | Content Changed | - | 32-bit | 0x7483FEDC, 0x74827478, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x73E60000 | 0x73FFAFFF | Content Changed | - | 32-bit | 0x73F386A0, 0x73F37A6C, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x73E60000 | 0x73FFAFFF | Content Changed | - | 32-bit | 0x73F8A650, 0x73E891D0, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x73E60000 | 0x73FFAFFF | Content Changed | - | 32-bit | 0x73F3A025, 0x73F39DF8, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x73E60000 | 0x73FFAFFF | Content Changed | - | 32-bit | 0x73F4FC90 |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x73E60000 | 0x73FFAFFF | Content Changed | - | 32-bit | 0x73F4C0FC |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x73E60000 | 0x73FFAFFF | Content Changed | - | 32-bit | 0x73F33B94, 0x73F53EB4, ... |
...
|
||
microsoft.visualbasic.ni.dll | 1 | 0x73E60000 | 0x73FFAFFF | Content Changed | - | 32-bit | 0x73F7F441, 0x73F4AADE, ... |
...
|
||
system.drawing.ni.dll | 1 | 0x747F0000 | 0x74977FFF | Content Changed | - | 32-bit | 0x7483A7F0, 0x74831FAC |
...
|
Local AV Matches (1)
»
Threat Name | Severity |
---|---|
Gen:Variant.Razy.89635 |
Malicious
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\5P5NRG~1\AppData\Local\Temp\IEPass.txt | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\5P5NRG~1\AppData\Local\Temp\Mails.txt | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Temp\strpath.tmp | Dropped File | Text |
Unknown
|
...
|
»