d4de58e7...ea2c | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win7_64_sp1 | exe
Classification: Riskware, Wiper, Ransomware

d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c (SHA256)

d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe

Windows Exe (x86-32)

Created at 2018-07-02 12:52:00

...

Files Information

Number of sample files submitted for analysis 1
Number of files created and extracted during analysis 3
Number of files modified and extracted during analysis 0
c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, ...
»
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe (Sample File)
c:\progra~2\common~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe (Created File)
Size 355.50 KB
Hash Values MD5: 8893004b04b4436eb47e9b504b7a437f
SHA1: 29b18de4657e00cabc41b3600e753ef51960cd21
SHA256: d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c
Actions
...
PE Information
»
Information Value
Image Base 0x400000
Entry Point 0x4e1380
Size Of Code 0x57000
Size Of Initialized Data 0x2000
Size Of Uninitialized Data 0x8a000
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2018-06-16 21:18:36
Compiler/Packer Unknown
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
d240 0x401000 0x8a000 0x0 0x400 CNT_UNINITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE 0.0
fk81 0x48b000 0x57000 0x57000 0x400 CNT_INITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE 8.0
.rsrc 0x4e2000 0x2000 0x1a00 0x57400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.94
Imports (21)
»
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetAce 0x0 0x4e375c 0xe375c 0x58b5c
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ImageList_Remove 0x0 0x4e3764 0xe3764 0x58b64
COMDLG32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetOpenFileNameW 0x0 0x4e376c 0xe376c 0x58b6c
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LineTo 0x0 0x4e3774 0xe3774 0x58b74
IPHLPAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
IcmpSendEcho 0x0 0x4e377c 0xe377c 0x58b7c
KERNEL32.DLL (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadLibraryA 0x0 0x4e3784 0xe3784 0x58b84
ExitProcess 0x0 0x4e3788 0xe3788 0x58b88
GetProcAddress 0x0 0x4e378c 0xe378c 0x58b8c
VirtualProtect 0x0 0x4e3790 0xe3790 0x58b90
MPR.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WNetUseConnectionW 0x0 0x4e3798 0xe3798 0x58b98
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoGetObject 0x0 0x4e37a0 0xe37a0 0x58ba0
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VariantInit 0x8 0x4e37a8 0xe37a8 0x58ba8
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetProcessMemoryInfo 0x0 0x4e37b0 0xe37b0 0x58bb0
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DragFinish 0x0 0x4e37b8 0xe37b8 0x58bb8
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetDC 0x0 0x4e37c0 0xe37c0 0x58bc0
USERENV.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadUserProfileW 0x0 0x4e37c8 0xe37c8 0x58bc8
UxTheme.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
IsThemeActive 0x0 0x4e37d0 0xe37d0 0x58bd0
VERSION.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VerQueryValueW 0x0 0x4e37d8 0xe37d8 0x58bd8
WININET.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
FtpOpenFileW 0x0 0x4e37e0 0xe37e0 0x58be0
WINMM.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
timeGetTime 0x0 0x4e37e8 0xe37e8 0x58be8
WSOCK32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
connect 0x4 0x4e37f0 0xe37f0 0x58bf0
Icons (3)
»
c:\progra~2\common~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe
»
File Properties
Names c:\progra~2\common~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe (Created File)
Size 0.00 KB
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\1033\structuredqueryschema.king_ouroboros.bin
»
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\1033\structuredqueryschema.king_ouroboros.bin (Created File)
Size 34.82 KB
Hash Values MD5: f2ad2da14dd24935bfcde62777728563
SHA1: e6f252a00c7d507dd84dacf31a0903b14e4abb07
SHA256: d3720bff0369475d216c957505505cc2809f0b661e7de2fe5e75a6416cbdf76d
Actions
...
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image