Dynamic Analysis Report |
Classification: Riskware, Trojan, Ransomware |
cc5b0cacfc5ea0f21068870e5ee9d9f573a1ba443fa66807cb7cf445798ead2c (SHA256)
rufus-3.3.exe
Created at 2019-01-30 12:49:00
Notifications (2/4)
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
The operating system was rebooted during the analysis.
Remarks
Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
Sector Number | Sector Size | Actions |
---|---|---|
2063 | 512 bytes |
...
|
This list contains only the embedded files and created files
Filters: |
There are no files for this filter
There are no files in this analysis
Filename | Category | Type | Severity | Actions |
---|
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rufus-3.3.exe | Sample File | Binary |
Suspicious
|
...
|
Severity |
Suspicious
|
First Seen | 2019-01-25 19:55 (UTC+1) |
Last Seen | 2019-01-28 16:12 (UTC+1) |
Names | Win32.Trojan.Krap |
Families | Krap |
Classification | Trojan |
Image Base | 0x400000 |
Entry Point | 0x412e30 |
Size Of Code | 0x2000 |
Size Of Initialized Data | 0xa000 |
Size Of Uninitialized Data | 0x10000 |
File Type | executable |
Subsystem | windows_gui |
Machine Type | i386 |
Compile Timestamp | 2019-01-16 19:21:05+00:00 |
Packer | UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser |
LegalCopyright | © 2011-2018 Pete Batard (GPL v3) |
InternalName | Rufus |
FileVersion | 3.3.1400 |
CompanyName | Akeo Consulting |
LegalTrademarks | https://www.gnu.org/copyleft/gpl.html |
Comments | https://akeo.ie |
ProductName | Rufus |
ProductVersion | 3.3.1400 |
FileDescription | Rufus |
OriginalFilename | rufus-3.3.exe |
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
UPX0 | 0x401000 | 0x10000 | 0x0 | 0x400 | cnt_uninitialized_data, mem_execute, mem_read, mem_write | 0.0 |
UPX1 | 0x411000 | 0x2000 | 0x2000 | 0x400 | cnt_initialized_data, mem_execute, mem_read, mem_write | 7.83 |
.rsrc | 0x413000 | 0xa000 | 0x9600 | 0x2400 | cnt_initialized_data, mem_read, mem_write | 3.97 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
CryptGenKey | 0x0 | 0x41c410 | 0x1c410 | 0xb810 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
LoadLibraryA | 0x0 | 0x41c418 | 0x1c418 | 0xb818 | 0x0 |
ExitProcess | 0x0 | 0x41c41c | 0x1c41c | 0xb81c | 0x0 |
GetProcAddress | 0x0 | 0x41c420 | 0x1c420 | 0xb820 | 0x0 |
VirtualProtect | 0x0 | 0x41c424 | 0x1c424 | 0xb824 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
WNetOpenEnumW | 0x0 | 0x41c42c | 0x1c42c | 0xb82c | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
ShellExecuteW | 0x0 | 0x41c434 | 0x1c434 | 0xb834 | 0x0 |
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
StrStrW | 0x0 | 0x41c43c | 0x1c43c | 0xb83c | 0x0 |
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml | Modified File | Stream |
Unknown
|
...
|
\\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi | Modified File | Stream |
Unknown
|
...
|
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log | Modified File | Stream |
Unknown
|
...
|
\\?\C:\ProgramData\Microsoft\MF\Pending.GRL | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab | Modified File | Stream |
Unknown
|
...
|
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml | Modified File | Stream |
Unknown
|
...
|
\\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi | Modified File | Stream |
Unknown
|
...
|
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll | Modified File | Stream |
Unknown
|
...
|
\\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml | Modified File | Stream |
Unknown
|
...
|
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log | Modified File | Stream |
Unknown
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat | Modified File | Stream |
Not Queried
|
...
|
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt | Created File | Text |
Not Queried
|
...
|
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\_uninstalling_.png | Created File | Stream |
Not Queried
|
...
|