VTI SCORE: 93/100
Dynamic Analysis Report |
Classification: |
Spyware
|
Threat Names: | - |
vMjO4l2fj1uvRlHw.exe
Windows Exe (x86-32)
Created at 2020-06-20T03:05:00
Remarks
(0x0200000C): The maximum memory dump size was exceeded. Some dumps may be missing in the report.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\FD1HVy\Desktop\vMjO4l2fj1uvRlHw.exe | Sample File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x400000 |
Entry Point | 0x423844 |
Size Of Code | 0x47a00 |
Size Of Initialized Data | 0x10a00 |
File Type | FileType.executable |
Subsystem | Subsystem.windows_gui |
Machine Type | MachineType.i386 |
Compile Timestamp | 2020-06-18 18:48:06+00:00 |
Sections (6)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
- | 0x401000 | 0x48000 | 0x27800 | 0x400 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 8.0 |
- | 0x449000 | 0xb000 | 0x4a00 | 0x27c00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.96 |
- | 0x454000 | 0x2000 | 0x200 | 0x2c600 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 6.29 |
- | 0x456000 | 0x4000 | 0x3200 | 0x2c800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.94 |
- | 0x45a000 | 0x27f000 | 0x0 | 0x2fa00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 0.0 |
.data | 0x6d9000 | 0xe7000 | 0xe7000 | 0x2fa00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 7.99 |
Imports (23)
»
kernel32.dll (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetModuleHandleA | 0x0 | 0x6d9230 | 0x2d9230 | 0x2fc30 | 0x0 |
GetProcAddress | 0x0 | 0x6d9234 | 0x2d9234 | 0x2fc34 | 0x0 |
ExitProcess | 0x0 | 0x6d9238 | 0x2d9238 | 0x2fc38 | 0x0 |
LoadLibraryA | 0x0 | 0x6d923c | 0x2d923c | 0x2fc3c | 0x0 |
user32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
MessageBoxA | 0x0 | 0x6d9244 | 0x2d9244 | 0x2fc44 | 0x0 |
advapi32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
RegCloseKey | 0x0 | 0x6d924c | 0x2d924c | 0x2fc4c | 0x0 |
oleaut32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
SysFreeString | 0x0 | 0x6d9254 | 0x2d9254 | 0x2fc54 | 0x0 |
gdi32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CreateFontA | 0x0 | 0x6d925c | 0x2d925c | 0x2fc5c | 0x0 |
shell32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ShellExecuteA | 0x0 | 0x6d9264 | 0x2d9264 | 0x2fc64 | 0x0 |
version.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GetFileVersionInfoA | 0x0 | 0x6d926c | 0x2d926c | 0x2fc6c | 0x0 |
MSVCP140.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z | 0x0 | 0x6d9274 | 0x2d9274 | 0x2fc74 | 0x0 |
SHLWAPI.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
PathFindExtensionW | 0x0 | 0x6d927c | 0x2d927c | 0x2fc7c | 0x0 |
gdiplus.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
GdiplusStartup | 0x0 | 0x6d9284 | 0x2d9284 | 0x2fc84 | 0x0 |
WININET.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
HttpEndRequestA | 0x0 | 0x6d928c | 0x2d928c | 0x2fc8c | 0x0 |
VCRUNTIME140.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CxxThrowException | 0x0 | 0x6d9294 | 0x2d9294 | 0x2fc94 | 0x0 |
api-ms-win-crt-runtime-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_configure_narrow_argv | 0x0 | 0x6d929c | 0x2d929c | 0x2fc9c | 0x0 |
api-ms-win-crt-time-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
clock | 0x0 | 0x6d92a4 | 0x2d92a4 | 0x2fca4 | 0x0 |
api-ms-win-crt-string-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
wcscspn | 0x0 | 0x6d92ac | 0x2d92ac | 0x2fcac | 0x0 |
api-ms-win-crt-heap-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_recalloc | 0x0 | 0x6d92b4 | 0x2d92b4 | 0x2fcb4 | 0x0 |
api-ms-win-crt-utility-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
srand | 0x0 | 0x6d92bc | 0x2d92bc | 0x2fcbc | 0x0 |
api-ms-win-crt-stdio-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
fopen | 0x0 | 0x6d92c4 | 0x2d92c4 | 0x2fcc4 | 0x0 |
api-ms-win-crt-multibyte-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_mbsicmp | 0x0 | 0x6d92cc | 0x2d92cc | 0x2fccc | 0x0 |
api-ms-win-crt-environment-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
getenv | 0x0 | 0x6d92d4 | 0x2d92d4 | 0x2fcd4 | 0x0 |
api-ms-win-crt-convert-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
atoi | 0x0 | 0x6d92dc | 0x2d92dc | 0x2fcdc | 0x0 |
api-ms-win-crt-locale-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_configthreadlocale | 0x0 | 0x6d92e4 | 0x2d92e4 | 0x2fce4 | 0x0 |
api-ms-win-crt-math-l1-1-0.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
__setusermatherr | 0x0 | 0x6d92ec | 0x2d92ec | 0x2fcec | 0x0 |
Memory Dumps (27)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | AV | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|---|
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | First Execution | 32-bit | 0x00C23844 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00DC20BC |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00DC131C |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00D6C280 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00C5B294 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00C5E354 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00C68D9C |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CAE148 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CADD50 |
...
|
|||
buffer | 1 | 0x00580000 | 0x00580FFF | Content Changed | 32-bit | - |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CB02F8 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CB1F40 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CB60C4 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CB3A20 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00C64F88 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CC0A04 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CCFA48 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CE35B8 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CE5190 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CDFA50 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CDC228 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CB8BAC |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CE2B44 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00CB5044 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00D07138 |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00D0A1BC |
...
|
|||
vmjo4l2fj1uvrlhw.exe | 1 | 0x00C00000 | 0x00FBFFFF | Content Changed | 32-bit | 0x00D0B3C4 |
...
|
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\THDBSCEHFT.ODNSNUPVI | Dropped File | Sqlite |
Whitelisted
|
...
|
»
File Reputation Information
»
Severity |
Whitelisted
|
c:\users\fd1hvy\appdata\local\microsoft\windows\inetcache\counters2.dat | Modified File | Stream |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\THDBSCEHFT.ODNSNUPVI | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\THDBSCEHFT.ODNSNUPVI | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\THDBSCEHFT.ODNSNUPVI | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\THDBSCEHFT.ODNSNUPVI | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\ESNKOR.COMWPKWYKT | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\THDBSCEHFT.ODNSNUPVI | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\SEBDPRYPBG.BBMDTYCIC | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\SEBDPRYPBG.BBMDTYCIC | Dropped File | Sqlite |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\FYSKIW.KQEMYWFFDB | Dropped File | Text |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\GQIELTYOKBFKMKMTBHK.WJSOJKKXHPXPOYMV | Dropped File | Image |
Unknown
|
...
|
»
C:\Users\FD1HVy\AppData\Local\Temp\WODWMSVHIINCVIWHDSKW\ISRBFKSGQBQFQJMDWUGJ.UYWH | Dropped File | Text |
Unknown
|
...
|
»