Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Trojan.GenericKDZ.76753 Gen:Variant.Mikey.113998

Dynamic Analysis Report

Created on 2021-09-28T09:01:00

d7cb31b51d497eaac81246a38db0abd05398832fb301cb1b97d1ca979df2a4ca.exe.dll

Windows DLL (x86-64)
...

Remarks (2/2)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "29 minutes, 47 seconds" to "1 minute, 20 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\d7cb31b51d497eaac81246a38db0abd05398832fb301cb1b97d1ca979df2a4ca.exe.dll Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 2.02 MB
MD5 8a6f4fe59b41d74501e04f1b451dc57d Copy to Clipboard
SHA1 064f5eca3efd02c5f40a8c9e7fedb86aa40eeed0 Copy to Clipboard
SHA256 d7cb31b51d497eaac81246a38db0abd05398832fb301cb1b97d1ca979df2a4ca Copy to Clipboard
SSDeep 12288:1VI0W/TtlPLfJCm3WIYxJ9yK5IQ9PElOlidGAWilgm5Qq0nB6wtt4AenZ1:sfP7fWsK5z9A+WGAW+V5SB6Ct4bnb Copy to Clipboard
ImpHash 6668be91e2c948b183827f040944057f Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKDZ.76753
malicious
PE Information
»
Image Base 0x140000000
Entry Point 0x140041070
Size Of Code 0x41000
Size Of Initialized Data 0x1c4000
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2020-02-20 08:35:24+00:00
Version Information (8)
»
CompanyName Microsoft Corporati
FileDescription Background Intellig
FileVersion 7.5.7600.16385 (win7_rtm.090713-
InternalName bitsp
LegalCopyright © Microsoft Corporation. All rights reserv
OriginalFilename kbdy
ProductName Microsoft® Windows® Operating S
ProductVersion 6.1.7600
Sections (38)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x40796 0x41000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.73
.rdata 0x140042000 0x64f2c 0x65000 0x42000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.87
.data 0x1400a7000 0x178b8 0x18000 0xa7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.32
.pdata 0x1400bf000 0x12c 0x1000 0xbf000 IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.58
.rsrc 0x1400c0000 0x880 0x1000 0xc0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.24
.reloc 0x1400c1000 0x2324 0x3000 0xc1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.65
.qkm 0x1400c4000 0x74a 0x1000 0xc4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.cvjb 0x1400c5000 0x1e66 0x2000 0xc5000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.tlmkv 0x1400c7000 0xbde 0x1000 0xc7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wucsxe 0x1400c8000 0x45174 0x46000 0xc8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.fltwtj 0x14010e000 0x1267 0x2000 0x10e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.sfplio 0x140110000 0x736 0x1000 0x110000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.rpg 0x140111000 0x45174 0x46000 0x111000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.bewzc 0x140157000 0x1124 0x2000 0x157000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.vksvaw 0x140159000 0x736 0x1000 0x159000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.wmhg 0x14015a000 0x1278 0x2000 0x15a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.kswemc 0x14015c000 0x36d 0x1000 0x15c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.kaxfk 0x14015d000 0x197d 0x2000 0x15d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.pjf 0x14015f000 0xbde 0x1000 0x15f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.favk 0x140160000 0x1f7 0x1000 0x160000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.vhtukj 0x140161000 0x45174 0x46000 0x161000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.hmbyox 0x1401a7000 0x8fe 0x1000 0x1a7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.djv 0x1401a8000 0x13e 0x1000 0x1a8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.hpern 0x1401a9000 0x706 0x1000 0x1a9000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.czzwqg 0x1401aa000 0x8fe 0x1000 0x1aa000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.jxjvn 0x1401ab000 0xbf6 0x1000 0x1ab000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.jfsnsk 0x1401ac000 0x1f7 0x1000 0x1ac000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.nzvifv 0x1401ad000 0x8fe 0x1000 0x1ad000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.tops 0x1401ae000 0x1278 0x2000 0x1ae000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.lrjye 0x1401b0000 0x13e 0x1000 0x1b0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.qwdob 0x1401b1000 0x6cd0 0x7000 0x1b1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.xcq 0x1401b8000 0x8fe 0x1000 0x1b8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ifxvj 0x1401b9000 0x8fe 0x1000 0x1b9000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.fgpyt 0x1401ba000 0x1278 0x2000 0x1ba000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.tgzhe 0x1401bc000 0x8fe 0x1000 0x1bc000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.oocus 0x1401bd000 0x45174 0x46000 0x1bd000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.ybtor 0x140203000 0x8fe 0x1000 0x203000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.gxixek 0x140204000 0x1f2a 0x2000 0x204000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.51
Imports (7)
»
USER32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LookupIconIdFromDirectoryEx - 0x140042098 0xa64c8 0xa64c8 0x205
WaitForInputIdle - 0x1400420a0 0xa64d0 0xa64d0 0x32e
GetParent - 0x1400420a8 0xa64d8 0xa64d8 0x166
GetFocus - 0x1400420b0 0xa64e0 0xa64e0 0x12e
SETUPAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CM_Get_Resource_Conflict_DetailsW - 0x140042078 0xa64a8 0xa64a8 0x8a
KERNEL32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection - 0x140042038 0xa6468 0xa6468 0xd2
DeleteTimerQueue - 0x140042040 0xa6470 0xa6470 0xd9
TerminateJobObject - 0x140042048 0xa6478 0xa6478 0x4cd
GetFileInformationByHandle - 0x140042050 0xa6480 0xa6480 0x1f3
GetThreadLocale - 0x140042058 0xa6488 0xa6488 0x293
GetNamedPipeServerProcessId - 0x140042060 0xa6490 0xa6490 0x229
GetConsoleFontSize - 0x140042068 0xa6498 0xa6498 0x1aa
GDI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateBitmapIndirect - 0x140042020 0xa6450 0xa6450 0x2b
GetPolyFillMode - 0x140042028 0xa6458 0xa6458 0x206
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CertGetCTLContextProperty - 0x140042010 0xa6440 0xa6440 0x44
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AddAccessDeniedObjectAce - 0x140042000 0xa6430 0xa6430 0x15
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ChrCmpIW - 0x140042088 0xa64b8 0xa64b8 0xa
Exports (225)
»
Api name EAT Address Ordinal
CopyPropVariant 0x23308 0xa
CreatePropVariant 0x2428 0xb
CreatePropertyStore 0x7828 0xc
DestroyPropVariant 0x1de24 0xd
FormatTagFromWfx 0x222b4 0x1
GetAMSubtypeFromD3DFormat 0x22d18 0xe
GetD3DFormatFromMFSubtype 0x3f734 0xf
MFAddPeriodicCallback 0x238e0 0x10
MFAllocateSerialWorkQueue 0x2bcac 0x11
MFAllocateWorkQueue 0x204f8 0x12
MFAllocateWorkQueueEx 0x38680 0x13
MFAppendCollection 0x1a25c 0x14
MFAverageTimePerFrameToFrameRate 0x1eae4 0x15
MFBeginCreateFile 0x1af34 0x16
MFBeginGetHostByName 0x1df68 0x17
MFBeginRegisterWorkQueueWithMMCSS 0x4d98 0x18
MFBeginRegisterWorkQueueWithMMCSSEx 0x10714 0x19
MFBeginUnregisterWorkQueueWithMMCSS 0x114b4 0x1a
MFCalculateBitmapImageSize 0x4674 0x1b
MFCalculateImageSize 0x1c86c 0x1c
MFCallStackTracingClearSnapshot 0x305d0 0x1d
MFCallStackTracingLogSessionErrors 0x1ea0 0x1e
MFCallStackTracingRestoreSnapshot 0x35570 0x1f
MFCallStackTracingTakeSnapshot 0x3f0d8 0x20
MFCancelCreateFile 0xa6c4 0x21
MFCancelWorkItem 0x12c90 0x22
MFClearLocalMFTs 0x21744 0x23
MFCompareFullToPartialMediaType 0x3ccdc 0x24
MFCompareSockaddrAddresses 0x23bd4 0x25
MFConvertColorInfoFromDXVA 0x35380 0x26
MFConvertColorInfoToDXVA 0x3ff5c 0x27
MFConvertFromFP16Array 0x5ca4 0x28
MFConvertToFP16Array 0x41214 0x29
MFCopyImage 0x11c4c 0x2a
MFCreate2DMediaBuffer 0x26ec 0x2b
MFCreate2DMediaBufferOn1DMediaBuffer 0x2df9c 0x2c
MFCreateAMMediaTypeFromMFMediaType 0x2f304 0x2d
MFCreateAlignedMemoryBuffer 0x3269c 0x2e
MFCreateAlignedSharedMemoryBuffer 0x33668 0x2f
MFCreateAsyncResult 0x30c38 0x30
MFCreateAttributes 0xf0cc 0x31
MFCreateAudioMediaType 0x2be34 0x32
MFCreateByteStreamHandlerAppServiceActivate 0x18b64 0x33
MFCreateCollection 0x2ea68 0x34
MFCreateContentDecryptorContext 0x9840 0x35
MFCreateContentProtectionDevice 0x184b0 0x36
MFCreateDXGIDeviceManager 0x346bc 0x37
MFCreateDXGISurfaceBuffer 0x33790 0x38
MFCreateDXSurfaceBuffer 0x1bd50 0x39
MFCreateEventQueue 0xd868 0x3a
MFCreateFence 0x2b00 0x3b
MFCreateFile 0x35720 0x3c
MFCreateFileFromHandle 0x20c48 0x3d
MFCreateLegacyMediaBufferOnMFMediaBuffer 0x8368 0x3e
MFCreateMFByteStreamOnIStreamWithFlags 0x40134 0x3f
MFCreateMFByteStreamOnStream 0x20cf4 0x40
MFCreateMFByteStreamOnStreamEx 0x1acdc 0x41
MFCreateMFByteStreamWrapper 0x2ceb0 0x42
MFCreateMFVideoFormatFromMFMediaType 0x15b88 0x43
MFCreateMediaBufferFromMediaType 0x21b08 0x44
MFCreateMediaBufferWrapper 0x3b218 0x45
MFCreateMediaEvent 0x3759c 0x46
MFCreateMediaEventResult 0x26f80 0x47
MFCreateMediaExtensionActivate 0x2edc8 0x48
MFCreateMediaExtensionActivateNoInit 0x1a92c 0x49
MFCreateMediaExtensionAppServiceActivate 0x13124 0x4a
MFCreateMediaExtensionInprocActivate 0x120d8 0x4b
MFCreateMediaType 0x2b764 0x4c
MFCreateMediaTypeFromProperties 0x236d4 0x4d
MFCreateMediaTypeFromRepresentation 0xeddc 0x4e
MFCreateMemoryBuffer 0x10e28 0x4f
MFCreateMemoryBufferFromRawBuffer 0x13c9c 0x50
MFCreateMemoryStream 0x1f90 0x51
MFCreateMuxStreamAttributes 0x4ed0 0x52
MFCreateMuxStreamMediaType 0x237c8 0x53
MFCreateMuxStreamSample 0x39c6c 0x54
MFCreateOOPMFTProxy 0x803c 0x55
MFCreateOOPMFTRemote 0x1d880 0x56
MFCreatePathFromURL 0x1431c 0x57
MFCreatePresentationDescriptor 0xdfec 0x58
MFCreatePropertiesFromMediaType 0x15cac 0x59
MFCreateReusableByteStream 0x342f4 0x5a
MFCreateReusableByteStreamWithSharedLock 0x6228 0x5b
MFCreateSample 0x2ade8 0x5c
MFCreateSecureBufferAllocator 0x1fe18 0x5d
MFCreateSharedMemoryMediaBufferFromMediaType 0x13928 0x5e
MFCreateSocket 0xec58 0x5f
MFCreateSocketListener 0x4150 0x60
MFCreateSourceResolver 0x2bc38 0x61
MFCreateSourceResolverInternal 0x9f04 0x62
MFCreateStagingSurfaceWrapper 0x2760c 0x63
MFCreateStreamDescriptor 0x95b0 0x64
MFCreateStreamOnMFByteStream 0x47dc 0x65
MFCreateStreamOnMFByteStreamEx 0x209a8 0x66
MFCreateSystemTimeSource 0x13f90 0x67
MFCreateTelemetrySession 0x311fc 0x68
MFCreateTempFile 0x1f4f8 0x69
MFCreateTrackedSample 0x1b2d4 0x6a
MFCreateTransformActivate 0x134e4 0x6b
MFCreateURLFromPath 0xde7c 0x6c
MFCreateUdpSockets 0x599c 0x6d
MFCreateVideoDecryptorContext 0x38d48 0x6e
MFCreateVideoMediaType 0x2bd78 0x6f
MFCreateVideoMediaTypeFromBitMapInfoHeader 0x24960 0x70
MFCreateVideoMediaTypeFromBitMapInfoHeaderEx 0x108dc 0x71
MFCreateVideoMediaTypeFromSubtype 0x3f6e4 0x72
MFCreateVideoMediaTypeFromVideoInfoHeader 0x23e30 0x73
MFCreateVideoMediaTypeFromVideoInfoHeader2 0x3cc5c 0x74
MFCreateVideoSampleAllocatorEx 0x3f4f8 0x75
MFCreateWICBitmapBuffer 0x3959c 0x76
MFCreateWaveFormatExFromMFMediaType 0x28a8 0x77
MFDeserializeAttributesFromStream 0x3f5ec 0x78
MFDeserializeEvent 0x31a2c 0x79
MFDeserializeMediaTypeFromStream 0x3fbb0 0x7a
MFDeserializePresentationDescriptor 0x18850 0x7b
MFEndCreateFile 0x41600 0x7c
MFEndGetHostByName 0x3cce0 0x7d
MFEndRegisterWorkQueueWithMMCSS 0x11660 0x7e
MFEndUnregisterWorkQueueWithMMCSS 0x259e8 0x7f
MFEnumLocalMFTRegistrations 0x32120 0x2
MFFrameRateToAverageTimePerFrame 0x3df74 0x80
MFFreeAdaptersAddresses 0x14668 0x81
MFGetAdaptersAddresses 0x2e758 0x82
MFGetAttributesAsBlob 0xf98c 0x83
MFGetAttributesAsBlobSize 0x5298 0x84
MFGetCallStackTracingWeakReference 0x8248 0x85
MFGetConfigurationDWORD 0x5e44 0x86
MFGetConfigurationPolicy 0x3c4d0 0x87
MFGetConfigurationStore 0x4f40 0x88
MFGetConfigurationString 0x3e5a8 0x89
MFGetContentProtectionSystemCLSID 0x3f36c 0x8a
MFGetMFTMerit 0x3be78 0x8b
MFGetNumericNameFromSockaddr 0x3f858 0x8c
MFGetPlaneSize 0xce34 0x8d
MFGetPlatformFlags 0x144b0 0x3
MFGetPlatformVersion 0x32684 0x4
MFGetPluginControl 0x375b4 0x8e
MFGetRandomNumber 0xcac4 0x5
MFGetSockaddrFromNumericName 0x24734 0x8f
MFGetStrideForBitmapInfoHeader 0x93dc 0x90
MFGetSupportedMimeTypes 0x8058 0x91
MFGetSupportedSchemes 0x3994c 0x92
MFGetSystemTime 0x37848 0x93
MFGetTimerPeriodicity 0x27e10 0x94
MFGetUncompressedVideoFormat 0x23948 0x95
MFGetWorkQueueMMCSSClass 0x401d0 0x96
MFGetWorkQueueMMCSSPriority 0x2c068 0x97
MFGetWorkQueueMMCSSTaskId 0xdf70 0x98
MFHasLocallyRegisteredByteStreamHandlers 0x3b970 0x99
MFHasLocallyRegisteredSchemeHandlers 0x3b048 0x9a
MFHeapAlloc 0x2a870 0x9b
MFHeapFree 0x39604 0x9c
MFInitAMMediaTypeFromMFMediaType 0x1b2dc 0x9d
MFInitAttributesFromBlob 0x2cfc 0x9e
MFInitMediaTypeFromAMMediaType 0x1f3bc 0x9f
MFInitMediaTypeFromMFVideoFormat 0x1cc8c 0xa0
MFInitMediaTypeFromMPEG1VideoInfo 0x28804 0xa1
MFInitMediaTypeFromMPEG2VideoInfo 0x1d8a4 0xa2
MFInitMediaTypeFromVideoInfoHeader 0x1228 0xa3
MFInitMediaTypeFromVideoInfoHeader2 0x3ca9c 0xa4
MFInitMediaTypeFromWaveFormatEx 0x17560 0xa5
MFInitVideoFormat 0x2800c 0xa6
MFInitVideoFormat_RGB 0x35508 0xa7
MFInvalidateMFTEnumCache 0x8e9c 0xa8
MFInvokeCallback 0x183e4 0xa9
MFIsBottomUpFormat 0x17b8 0xaa
MFIsContentProtectionDeviceSupported 0x27e70 0xab
MFIsFeatureEnabled 0x7164 0x6
MFIsLocallyRegisteredMimeType 0x13f84 0xac
MFIsLocallyRegisteredSchemeHandler 0x23170 0xad
MFJoinWorkQueue 0x15418 0xae
MFLockDXGIDeviceManager 0x2f0c8 0xaf
MFLockPlatform 0x3343c 0xb0
MFLockSharedWorkQueue 0x35470 0xb1
MFLockWorkQueue 0x28bd4 0xb2
MFMapDX9FormatToDXGIFormat 0x2dcd0 0xb3
MFMapDXGIFormatToDX9Format 0x2a9d0 0xb4
MFPlatformBigEndian 0x3bd5c 0x7
MFPlatformLittleEndian 0xc594 0x8
MFPutWaitingWorkItem 0xf270 0xb5
MFPutWorkItem 0x2591c 0xb6
MFPutWorkItem2 0x20994 0xb7
MFPutWorkItemEx 0x2fc94 0xb8
MFPutWorkItemEx2 0x2e2c0 0xb9
MFRegisterLocalByteStreamHandler 0x2c8ec 0xba
MFRegisterLocalSchemeHandler 0x3e4fc 0xbb
MFRegisterPlatformWithMMCSS 0xb464 0xbc
MFRemovePeriodicCallback 0x29818 0xbd
MFScheduleWorkItem 0x38778 0xbe
MFScheduleWorkItemEx 0x29e00 0xbf
MFSerializeAttributesToStream 0x3a7c 0xc0
MFSerializeEvent 0x55c0 0xc1
MFSerializeMediaTypeToStream 0x25604 0xc2
MFSerializePresentationDescriptor 0x2da30 0xc3
MFSetMinimumMemoryAlignment 0x21474 0xc4
MFSetSockaddrAny 0x30224 0xc5
MFSetWindowForContentProtection 0x26ac0 0xc6
MFShutdown 0x375c 0xc7
MFStartup 0xdb00 0xc8
MFStreamDescriptorProtectMediaType 0x2e870 0xc9
MFTEnum 0x2542c 0xca
MFTEnum2 0x3a0ec 0xcb
MFTEnumEx 0x39528 0xcc
MFTGetInfo 0x28b98 0xcd
MFTRegister 0xfae4 0xce
MFTRegisterLocal 0xfab8 0xcf
MFTRegisterLocalByCLSID 0x40374 0xd0
MFTUnregister 0x3be90 0xd1
MFTUnregisterLocal 0x30524 0xd2
MFTUnregisterLocalByCLSID 0x13470 0xd3
MFTraceError 0x7cd8 0xd4
MFTraceFuncEnter 0x2d694 0xd5
MFUnjoinWorkQueue 0x33fcc 0xd6
MFUnlockDXGIDeviceManager 0x180a4 0xd7
MFUnlockPlatform 0x32b68 0xd8
MFUnlockWorkQueue 0x4918 0xd9
MFUnregisterPlatformFromMMCSS 0x3c798 0xda
MFUnwrapMediaType 0x2ed44 0xdb
MFValidateMediaTypeSize 0x2f3f4 0xdc
MFWrapMediaType 0xd5f0 0xdd
MFWrapSocket 0xf674 0xde
MFllMulDiv 0x26014 0xdf
PropVariantFromStream 0x23bb4 0xe0
PropVariantToStream 0x22310 0xe1
ValidateWaveFormat 0x36380 0x9
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 53 Bytes
MD5 9c3c1a69a3c43835d6a2579570e6aa0d Copy to Clipboard
SHA1 8af2c3b90473b35f1bb936de12a8bf72fe658468 Copy to Clipboard
SHA256 e641ff8107a4197ded9f558d1891e716811e9a7f109f14e876f5a8394844dc34 Copy to Clipboard
SSDeep 3:/l4l5mrc9l:e4rc9l Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 c5551a36b888dd18b659a03ccbbbe03c Copy to Clipboard
SHA1 bb878be237c2b82629a5f35f5bb7dee20775668e Copy to Clipboard
SHA256 b245a66ea7844ff8765e81570d64b96e75ed81c7ee4ce13d21956ed2bc745e85 Copy to Clipboard
SSDeep 24:ewVdCAQVdOUgn4E7xzPOp1/L8/4R6goyBDC4dRIGZF4OxXFcgJP9jKSGt:xVwxVIUe9lWpRYAQS+4dR7z4OxXFcNf Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 253250ecef24e59cbe308e437e2fef34 Copy to Clipboard
SHA1 cecf6a97c73c87eb8153ded4da6365f2f576a902 Copy to Clipboard
SHA256 4459de34f31d879717f63fcf0b48c4b322ee763c7e60d4b0e2a2a61a7805cf43 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 af0bf73c7550be994674541d21389d0e Copy to Clipboard
SHA1 90288348796b1b6d7d6899f3fb43b221a7a1003d Copy to Clipboard
SHA256 26cf29c1260a48a07f473723e7966f7919c8dd8aa138db546406ce5872c434ad Copy to Clipboard
SSDeep 24:ewVdCAQVdOUgeUTtaU2MlKBfUlPsNxkYBp5ojcLsKZspVYGghIx/GOiUn:xVwxVIUOBxlMcLYBzojI3ZsX18Un Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image