VTI SCORE: 100/100
Target: | win7_64_sp1 | exe |
Classification: | Riskware, Wiper, Ransomware |
d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c (SHA256)
d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe
Windows Exe (x86-32)
Created at 2018-07-02 12:52:00
Files Information
Number of sample files submitted for analysis | 1 |
Number of files created and extracted during analysis | 3 |
Number of files modified and extracted during analysis | 0 |
c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe, ...
»
File Properties | |
---|---|
Names |
c:\users\5p5nrgjn0js halpmcxz\desktop\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe (Sample File)
c:\progra~2\common~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe (Created File) |
Size | 355.50 KB |
Hash Values |
MD5: 8893004b04b4436eb47e9b504b7a437f
SHA1: 29b18de4657e00cabc41b3600e753ef51960cd21 SHA256: d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c |
Actions |
...
|
PE Information
»
Information | Value |
---|---|
Image Base | 0x400000 |
Entry Point | 0x4e1380 |
Size Of Code | 0x57000 |
Size Of Initialized Data | 0x2000 |
Size Of Uninitialized Data | 0x8a000 |
Format | x86 |
Type | Executable |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2018-06-16 21:18:36 |
Compiler/Packer | Unknown |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
d240 | 0x401000 | 0x8a000 | 0x0 | 0x400 | CNT_UNINITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE | 0.0 |
fk81 | 0x48b000 | 0x57000 | 0x57000 | 0x400 | CNT_INITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE | 8.0 |
.rsrc | 0x4e2000 | 0x2000 | 0x1a00 | 0x57400 | CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE | 4.94 |
Imports (21)
»
ADVAPI32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
GetAce | 0x0 | 0x4e375c | 0xe375c | 0x58b5c |
COMCTL32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
ImageList_Remove | 0x0 | 0x4e3764 | 0xe3764 | 0x58b64 |
COMDLG32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
GetOpenFileNameW | 0x0 | 0x4e376c | 0xe376c | 0x58b6c |
GDI32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
LineTo | 0x0 | 0x4e3774 | 0xe3774 | 0x58b74 |
IPHLPAPI.DLL (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
IcmpSendEcho | 0x0 | 0x4e377c | 0xe377c | 0x58b7c |
KERNEL32.DLL (4)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
LoadLibraryA | 0x0 | 0x4e3784 | 0xe3784 | 0x58b84 |
ExitProcess | 0x0 | 0x4e3788 | 0xe3788 | 0x58b88 |
GetProcAddress | 0x0 | 0x4e378c | 0xe378c | 0x58b8c |
VirtualProtect | 0x0 | 0x4e3790 | 0xe3790 | 0x58b90 |
MPR.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
WNetUseConnectionW | 0x0 | 0x4e3798 | 0xe3798 | 0x58b98 |
ole32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
CoGetObject | 0x0 | 0x4e37a0 | 0xe37a0 | 0x58ba0 |
OLEAUT32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
VariantInit | 0x8 | 0x4e37a8 | 0xe37a8 | 0x58ba8 |
PSAPI.DLL (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
GetProcessMemoryInfo | 0x0 | 0x4e37b0 | 0xe37b0 | 0x58bb0 |
SHELL32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
DragFinish | 0x0 | 0x4e37b8 | 0xe37b8 | 0x58bb8 |
USER32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
GetDC | 0x0 | 0x4e37c0 | 0xe37c0 | 0x58bc0 |
USERENV.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
LoadUserProfileW | 0x0 | 0x4e37c8 | 0xe37c8 | 0x58bc8 |
UxTheme.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
IsThemeActive | 0x0 | 0x4e37d0 | 0xe37d0 | 0x58bd0 |
VERSION.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
VerQueryValueW | 0x0 | 0x4e37d8 | 0xe37d8 | 0x58bd8 |
WININET.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
FtpOpenFileW | 0x0 | 0x4e37e0 | 0xe37e0 | 0x58be0 |
WINMM.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
timeGetTime | 0x0 | 0x4e37e8 | 0xe37e8 | 0x58be8 |
WSOCK32.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset |
---|---|---|---|---|
connect | 0x4 | 0x4e37f0 | 0xe37f0 | 0x58bf0 |
c:\progra~2\common~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe
»
File Properties | |
---|---|
Names | c:\progra~2\common~1\d4de58e79bfcf66ea933e50fbeada266fe32ee2ce0636419ed9ec0f60a99ea2c.exe (Created File) |
Size | 0.00 KB |
Hash Values |
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\1033\structuredqueryschema.king_ouroboros.bin
»
File Properties | |
---|---|
Names | c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\1033\structuredqueryschema.king_ouroboros.bin (Created File) |
Size | 34.82 KB |
Hash Values |
MD5: f2ad2da14dd24935bfcde62777728563
SHA1: e6f252a00c7d507dd84dacf31a0903b14e4abb07 SHA256: d3720bff0369475d216c957505505cc2809f0b661e7de2fe5e75a6416cbdf76d |
Actions |
...
|