Try VMRay Platform
Malicious
Classifications

Spyware Injector

Threat Names

FormBook Mal/HTMLGen-A Trojan.NSISX.Spy.Gen.1 Gen:Variant.Razy.679962

Dynamic Analysis Report

Created on 2021-09-28T06:55:00

PRICE_REQUEST_QUOTATION.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 hours, 26 minutes, 14 seconds" to "4 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x0200004A): 6 dumps were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 190 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\PRICE_REQUEST_QUOTATION.exe Sample File Binary
malicious
...
»
Also Known As c:\users\rdhj0cnfevzx\appdata\local\temp\ealwtgnkh\-zetrxylspxh.exe (Dropped File)
C:\Program Files (x86)\Ealwtgnkh\-zetrxylspxh.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 260.85 KB
MD5 85589170af713a03ca622f94429c634a Copy to Clipboard
SHA1 4e0b9dfd13dd6e4b85bca4352be0cec2be9024d7 Copy to Clipboard
SHA256 dae6ba220bb0a34de731b57965753391343bfe96f9f3fa4fea48102d3377ccf7 Copy to Clipboard
SSDeep 6144:F8LxBsicGu14h0W/c8aRyPwSagdVDgfpnYluQgVd0ka7cDp3:/USWDaRaa6VUBqvr03 Copy to Clipboard
ImpHash b76363e9cb88bf9390860da8e50999d2 Copy to Clipboard
File Reputation Information
»
Verdict
malicious
AV Matches (1)
»
Threat Name Verdict
Trojan.NSISX.Spy.Gen.1
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x40312a
Size Of Code 0x6000
Size Of Initialized Data 0x28400
Size Of Uninitialized Data 0x400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2016-04-02 03:20:13+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x5e66 0x6000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x407000 0x12a2 0x1400 0x6400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.06
.data 0x409000 0x25d18 0x600 0x7800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.19
.ndata 0x42f000 0x8000 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x437000 0x9e0 0xa00 0x7e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.5
Imports (7)
»
KERNEL32.dll (58)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTickCount - 0x407064 0x7628 0x6a28 0x1df
GetShortPathNameA - 0x407068 0x762c 0x6a2c 0x1b5
GetFullPathNameA - 0x40706c 0x7630 0x6a30 0x169
MoveFileA - 0x407070 0x7634 0x6a34 0x26e
SetCurrentDirectoryA - 0x407074 0x7638 0x6a38 0x30a
GetFileAttributesA - 0x407078 0x763c 0x6a3c 0x15e
SetFileAttributesA - 0x40707c 0x7640 0x6a40 0x319
CompareFileTime - 0x407080 0x7644 0x6a44 0x39
SearchPathA - 0x407084 0x7648 0x6a48 0x2db
GetFileSize - 0x407088 0x764c 0x6a4c 0x163
GetModuleFileNameA - 0x40708c 0x7650 0x6a50 0x17d
GetCurrentProcess - 0x407090 0x7654 0x6a54 0x142
CopyFileA - 0x407094 0x7658 0x6a58 0x43
ExitProcess - 0x407098 0x765c 0x6a5c 0xb9
GetWindowsDirectoryA - 0x40709c 0x7660 0x6a60 0x1f3
GetTempPathA - 0x4070a0 0x7664 0x6a64 0x1d5
Sleep - 0x4070a4 0x7668 0x6a68 0x356
lstrcmpiA - 0x4070a8 0x766c 0x6a6c 0x3c3
GetVersion - 0x4070ac 0x7670 0x6a70 0x1e8
SetErrorMode - 0x4070b0 0x7674 0x6a74 0x315
lstrcpynA - 0x4070b4 0x7678 0x6a78 0x3c9
GetDiskFreeSpaceA - 0x4070b8 0x767c 0x6a7c 0x14d
GlobalUnlock - 0x4070bc 0x7680 0x6a80 0x20a
GlobalLock - 0x4070c0 0x7684 0x6a84 0x203
CreateThread - 0x4070c4 0x7688 0x6a88 0x6f
GetLastError - 0x4070c8 0x768c 0x6a8c 0x171
CreateDirectoryA - 0x4070cc 0x7690 0x6a90 0x4b
CreateProcessA - 0x4070d0 0x7694 0x6a94 0x66
RemoveDirectoryA - 0x4070d4 0x7698 0x6a98 0x2c4
CreateFileA - 0x4070d8 0x769c 0x6a9c 0x53
GetTempFileNameA - 0x4070dc 0x76a0 0x6aa0 0x1d3
lstrcatA - 0x4070e0 0x76a4 0x6aa4 0x3bd
GetSystemDirectoryA - 0x4070e4 0x76a8 0x6aa8 0x1c1
WaitForSingleObject - 0x4070e8 0x76ac 0x6aac 0x390
SetFileTime - 0x4070ec 0x76b0 0x6ab0 0x31f
CloseHandle - 0x4070f0 0x76b4 0x6ab4 0x34
GlobalFree - 0x4070f4 0x76b8 0x6ab8 0x1ff
lstrcmpA - 0x4070f8 0x76bc 0x6abc 0x3c0
ExpandEnvironmentStringsA - 0x4070fc 0x76c0 0x6ac0 0xbc
GetExitCodeProcess - 0x407100 0x76c4 0x6ac4 0x15a
GlobalAlloc - 0x407104 0x76c8 0x6ac8 0x1f8
lstrlenA - 0x407108 0x76cc 0x6acc 0x3cc
GetCommandLineA - 0x40710c 0x76d0 0x6ad0 0x110
GetProcAddress - 0x407110 0x76d4 0x6ad4 0x1a0
FindFirstFileA - 0x407114 0x76d8 0x6ad8 0xd2
FindNextFileA - 0x407118 0x76dc 0x6adc 0xdc
DeleteFileA - 0x40711c 0x76e0 0x6ae0 0x83
SetFilePointer - 0x407120 0x76e4 0x6ae4 0x31b
ReadFile - 0x407124 0x76e8 0x6ae8 0x2b5
FindClose - 0x407128 0x76ec 0x6aec 0xce
GetPrivateProfileStringA - 0x40712c 0x76f0 0x6af0 0x19c
WritePrivateProfileStringA - 0x407130 0x76f4 0x6af4 0x3a9
WriteFile - 0x407134 0x76f8 0x6af8 0x3a4
MulDiv - 0x407138 0x76fc 0x6afc 0x274
MultiByteToWideChar - 0x40713c 0x7700 0x6b00 0x275
LoadLibraryExA - 0x407140 0x7704 0x6b04 0x253
GetModuleHandleA - 0x407144 0x7708 0x6b08 0x17f
FreeLibrary - 0x407148 0x770c 0x6b0c 0xf8
USER32.dll (62)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetCursor - 0x40716c 0x7730 0x6b30 0x24d
GetWindowRect - 0x407170 0x7734 0x6b34 0x174
EnableMenuItem - 0x407174 0x7738 0x6b38 0xc2
GetSystemMenu - 0x407178 0x773c 0x6b3c 0x15c
SetClassLongA - 0x40717c 0x7740 0x6b40 0x247
IsWindowEnabled - 0x407180 0x7744 0x6b44 0x1ae
SetWindowPos - 0x407184 0x7748 0x6b48 0x283
GetSysColor - 0x407188 0x774c 0x6b4c 0x15a
EndDialog - 0x40718c 0x7750 0x6b50 0xc6
ScreenToClient - 0x407190 0x7754 0x6b54 0x231
LoadCursorA - 0x407194 0x7758 0x6b58 0x1ba
CheckDlgButton - 0x407198 0x775c 0x6b5c 0x38
GetMessagePos - 0x40719c 0x7760 0x6b60 0x13c
LoadBitmapA - 0x4071a0 0x7764 0x6b64 0x1b8
CallWindowProcA - 0x4071a4 0x7768 0x6b68 0x1b
IsWindowVisible - 0x4071a8 0x776c 0x6b6c 0x1b1
CloseClipboard - 0x4071ac 0x7770 0x6b70 0x42
SetForegroundWindow - 0x4071b0 0x7774 0x6b74 0x257
GetWindowLongA - 0x4071b4 0x7778 0x6b78 0x16e
RegisterClassA - 0x4071b8 0x777c 0x6b7c 0x216
TrackPopupMenu - 0x4071bc 0x7780 0x6b80 0x2a4
AppendMenuA - 0x4071c0 0x7784 0x6b84 0x8
CreatePopupMenu - 0x4071c4 0x7788 0x6b88 0x5e
GetSystemMetrics - 0x4071c8 0x778c 0x6b8c 0x15d
SetDlgItemTextA - 0x4071cc 0x7790 0x6b90 0x253
GetDlgItemTextA - 0x4071d0 0x7794 0x6b94 0x113
MessageBoxIndirectA - 0x4071d4 0x7798 0x6b98 0x1e2
CharPrevA - 0x4071d8 0x779c 0x6b9c 0x2d
DispatchMessageA - 0x4071dc 0x77a0 0x6ba0 0xa1
PeekMessageA - 0x4071e0 0x77a4 0x6ba4 0x200
GetDC - 0x4071e4 0x77a8 0x6ba8 0x10c
EnableWindow - 0x4071e8 0x77ac 0x6bac 0xc4
InvalidateRect - 0x4071ec 0x77b0 0x6bb0 0x193
SendMessageA - 0x4071f0 0x77b4 0x6bb4 0x23b
DefWindowProcA - 0x4071f4 0x77b8 0x6bb8 0x8e
BeginPaint - 0x4071f8 0x77bc 0x6bbc 0xd
GetClientRect - 0x4071fc 0x77c0 0x6bc0 0xff
FillRect - 0x407200 0x77c4 0x6bc4 0xe2
DrawTextA - 0x407204 0x77c8 0x6bc8 0xbc
SystemParametersInfoA - 0x407208 0x77cc 0x6bcc 0x299
CreateWindowExA - 0x40720c 0x77d0 0x6bd0 0x60
GetClassInfoA - 0x407210 0x77d4 0x6bd4 0xf6
DialogBoxParamA - 0x407214 0x77d8 0x6bd8 0x9e
CharNextA - 0x407218 0x77dc 0x6bdc 0x2a
ExitWindowsEx - 0x40721c 0x77e0 0x6be0 0xe1
SetTimer - 0x407220 0x77e4 0x6be4 0x27a
PostQuitMessage - 0x407224 0x77e8 0x6be8 0x204
SetWindowLongA - 0x407228 0x77ec 0x6bec 0x280
SendMessageTimeoutA - 0x40722c 0x77f0 0x6bf0 0x23e
LoadImageA - 0x407230 0x77f4 0x6bf4 0x1c0
wsprintfA - 0x407234 0x77f8 0x6bf8 0x2d7
GetDlgItem - 0x407238 0x77fc 0x6bfc 0x111
FindWindowExA - 0x40723c 0x7800 0x6c00 0xe4
IsWindow - 0x407240 0x7804 0x6c04 0x1ad
SetClipboardData - 0x407244 0x7808 0x6c08 0x24a
EmptyClipboard - 0x407248 0x780c 0x6c0c 0xc1
OpenClipboard - 0x40724c 0x7810 0x6c10 0x1f6
EndPaint - 0x407250 0x7814 0x6c14 0xc8
CreateDialogParamA - 0x407254 0x7818 0x6c18 0x55
DestroyWindow - 0x407258 0x781c 0x6c1c 0x99
ShowWindow - 0x40725c 0x7820 0x6c20 0x292
SetWindowTextA - 0x407260 0x7824 0x6c24 0x286
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SelectObject - 0x407040 0x7604 0x6a04 0x20e
SetBkMode - 0x407044 0x7608 0x6a08 0x216
CreateFontIndirectA - 0x407048 0x760c 0x6a0c 0x3a
SetTextColor - 0x40704c 0x7610 0x6a10 0x23c
DeleteObject - 0x407050 0x7614 0x6a14 0x8f
GetDeviceCaps - 0x407054 0x7618 0x6a18 0x16b
CreateBrushIndirect - 0x407058 0x761c 0x6a1c 0x29
SetBkColor - 0x40705c 0x7620 0x6a20 0x215
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation - 0x407150 0x7714 0x6b14 0xc3
SHGetPathFromIDListA - 0x407154 0x7718 0x6b18 0xbc
SHBrowseForFolderA - 0x407158 0x771c 0x6b1c 0x79
SHGetFileInfoA - 0x40715c 0x7720 0x6b20 0xac
SHFileOperationA - 0x407160 0x7724 0x6b24 0x9a
ShellExecuteA - 0x407164 0x7728 0x6b28 0x107
ADVAPI32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegDeleteValueA - 0x407000 0x75c4 0x69c4 0x1d8
SetFileSecurityA - 0x407004 0x75c8 0x69c8 0x22e
RegOpenKeyExA - 0x407008 0x75cc 0x69cc 0x1ec
RegDeleteKeyA - 0x40700c 0x75d0 0x69d0 0x1d4
RegEnumValueA - 0x407010 0x75d4 0x69d4 0x1e1
RegCloseKey - 0x407014 0x75d8 0x69d8 0x1cb
RegCreateKeyExA - 0x407018 0x75dc 0x69dc 0x1d1
RegSetValueExA - 0x40701c 0x75e0 0x69e0 0x204
RegQueryValueExA - 0x407020 0x75e4 0x69e4 0x1f7
RegEnumKeyA - 0x407024 0x75e8 0x69e8 0x1dd
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_AddMasked - 0x40702c 0x75f0 0x69f0 0x34
ImageList_Destroy - 0x407030 0x75f4 0x69f4 0x38
ImageList_Create - 0x407034 0x75f8 0x69f8 0x37
(by ordinal) 0x11 0x407038 0x75fc 0x69fc -
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUninitialize - 0x407268 0x782c 0x6c2c 0x105
OleInitialize - 0x40726c 0x7830 0x6c30 0xee
CoTaskMemFree - 0x407270 0x7834 0x6c34 0x65
CoCreateInstance - 0x407274 0x7838 0x6c38 0x10
Memory Dumps (10)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
price_request_quotation.exe 1 0x00400000 0x00437FFF Relevant Image False 32-bit 0x00405F57 False False
...
akepwc.dll 1 0x6C3C0000 0x6C3CFFFF First Execution False 32-bit 0x6C3C7500 False False
...
buffer 2 0x00400000 0x00428FFF First Execution False 32-bit 0x0041D470 True False
...
buffer 1 0x02200000 0x02234FFF Image In Buffer False 32-bit - True False
...
price_request_quotation.exe 1 0x00400000 0x00437FFF Process Termination False 32-bit - False False
...
buffer 2 0x009C0000 0x00CB9FFF First Execution False 32-bit 0x00A37000 False False
...
buffer 2 0x005B0000 0x005C0FFF First Execution False 32-bit 0x005B0000 False False
...
buffer 2 0x008A0000 0x0098CFFF Marked Executable False 32-bit - False False
...
buffer 2 0x00400000 0x00428FFF Content Changed False 32-bit 0x0040D3E0 True False
...
buffer 2 0x00570000 0x00586FFF Image In Buffer False 32-bit - False False
...
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Modified File OLE Compound
clean
...
»
MIME Type application/CDFV2
File Size 51.50 KB
MD5 3088cf24ad455ed8df9999b71d9f290f Copy to Clipboard
SHA1 fc2de6eb2e0059d67b5c204aa2abe80c131e7b53 Copy to Clipboard
SHA256 1517ab5489988fd256f9420a9f3eb1285d0c262d274bd7eb30d986d610fec28b Copy to Clipboard
SSDeep 384:YGafeth58KE6IoKmnwwougfKfYEZf0VUeHMe3FjdT:Y05065JoNEZ6f7 Copy to Clipboard
ImpHash -
CFB Streams (37)
»
Name ID Size Actions
Root\ 1 729 Bytes
...
Root\2 2 456 Bytes
...
Root\3 3 456 Bytes
...
Root\4 4 455 Bytes
...
Root\DestList 5 8.81 KB
...
Root\ 6 452 Bytes
...
Root\6 7 453 Bytes
...
Root\7 8 1.18 KB
...
Root\8 9 1019 Bytes
...
Root\9 10 1.19 KB
...
Root\a 11 1.16 KB
...
Root\b 12 1.28 KB
...
Root\c 13 887 Bytes
...
Root\d 14 809 Bytes
...
Root\e 15 967 Bytes
...
Root\f 16 1.20 KB
...
Root\ 17 783 Bytes
...
Root\ 18 1.31 KB
...
Root\2 19 1.18 KB
...
Root\3 20 864 Bytes
...
Root\4 21 987 Bytes
...
Root\ 22 1.06 KB
...
Root\6 23 896 Bytes
...
Root\7 24 902 Bytes
...
Root\8 25 1.04 KB
...
Root\9 26 1.07 KB
...
Root\a 27 1.08 KB
...
Root\b 28 1.16 KB
...
Root\c 29 859 Bytes
...
Root\d 30 961 Bytes
...
Root\e 31 861 Bytes
...
Root\f 32 1.09 KB
...
Root\20 33 659 Bytes
...
Root\21 34 1.20 KB
...
Root\22 35 1.09 KB
...
Root\23 36 566 Bytes
...
Root\24 37 668 Bytes
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\4gyujazywsbdaoe Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 211.80 KB
MD5 f3364c6b2d2fbe79df14059b0a45b326 Copy to Clipboard
SHA1 2102737f5438f054621a71528044f38ff9cb82bc Copy to Clipboard
SHA256 ca7d46a32ec12479afeec23562bd199c91d2dc0912462250d1a3811a7e89be83 Copy to Clipboard
SSDeep 6144:71sLVyecy+1K1bqg5pcPtdi+wSagdVBFJ6uQgVd0kI:71DdIqg5pcji+a6VLJ6vP Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\nspCDFE.tmp\akepwc.dll Dropped File Binary
clean
...
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\nscE967.tmp\akepwc.dll (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 47.00 KB
MD5 0560ba80e8afe7f5d83eb600602ab426 Copy to Clipboard
SHA1 a783f03bc76ee70833d61d69d854674f45d5a223 Copy to Clipboard
SHA256 19013d7428a659774231fd4b5213a463eeab58a0c347dadfaa95536bd89d3f13 Copy to Clipboard
SSDeep 768:1Zi08T7N8+MHPofNnsG7NthUO33gg5Yyn91tMyuuVaRCNLBk0e67y9OLuiSuMwGA:/8T7N8CnhV/1e67y9O9IKoSJCPQRAli3 Copy to Clipboard
ImpHash 5b7c0894b3b71d7481d3a4733db1dd16 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Size Of Code 0x6a00
Size Of Initialized Data 0x4e00
Size Of Uninitialized Data 0x200
File Type FileType.dll
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2021-09-27 23:20:52+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x6861 0x6a00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.39
.bss 0x10008000 0x18 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x10009000 0xc9a 0xe00 0x6e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.65
.data 0x1000a000 0x34a2 0x3600 0x7c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.84
.rsrc 0x1000e000 0x1e0 0x200 0xb200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.71
.reloc 0x1000f000 0x70c 0x800 0xb400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.97
Imports (7)
»
SHLWAPI.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrPBrkW - 0x10009038 0x991c 0x771c 0x13f
SHRegGetBoolUSValueW - 0x1000903c 0x9920 0x7720 0xe8
UrlIsNoHistoryW - 0x10009040 0x9924 0x7724 0x170
PathRelativePathToW - 0x10009044 0x9928 0x7728 0x85
SHRegWriteUSValueW - 0x10009048 0x992c 0x772c 0xfd
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoA - 0x10009050 0x9934 0x7734 0x0
GetFileVersionInfoSizeA - 0x10009054 0x9938 0x7738 0x4
VerQueryValueA - 0x10009058 0x993c 0x773c 0xf
KERNEL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenProcess - 0x10009000 0x98e4 0x76e4 0x406
GetLastError - 0x10009004 0x98e8 0x76e8 0x25d
SetLastError - 0x10009008 0x98ec 0x76ec 0x52a
EnumResourceTypesA - 0x1000900c 0x98f0 0x76f0 0x145
ReadProcessMemory - 0x10009010 0x98f4 0x76f4 0x46f
VirtualAlloc - 0x10009014 0x98f8 0x76f8 0x5be
RPCRT4.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CStdStubBuffer_DebugServerRelease - 0x1000901c 0x9900 0x7700 0x4
CStdStubBuffer_Connect - 0x10009020 0x9904 0x7704 0x1
NdrMesTypeAlignSize - 0x10009024 0x9908 0x7708 0xfe
NdrConformantStructFree - 0x10009028 0x990c 0x770c 0xbc
CStdStubBuffer_CountRefs - 0x1000902c 0x9910 0x7710 0x2
RpcSsSwapClientAllocFree - 0x10009030 0x9914 0x7714 0x207
WININET.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ParseX509EncodedCertificateForListBoxEntry - 0x10009060 0x9944 0x7744 0xf5
FindFirstUrlCacheContainerA - 0x10009064 0x9948 0x7748 0x2c
GetUrlCacheEntryInfoExA - 0x10009068 0x994c 0x774c 0x5c
CreateUrlCacheContainerW - 0x1000906c 0x9950 0x7750 0x17
InternetQueryOptionA - 0x10009070 0x9954 0x7754 0xcb
CreateUrlCacheContainerA - 0x10009074 0x9958 0x7758 0x16
WSOCK32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSASetBlockingHook 0x6d 0x1000908c 0x9970 0x7770 -
getprotobyname 0x35 0x10009090 0x9974 0x7774 -
ord1115 0x45b 0x10009094 0x9978 0x7778 -
WSAIsBlocking 0x72 0x10009098 0x997c 0x777c -
bind 0x2 0x1000909c 0x9980 0x7780 -
WSASetLastError 0x70 0x100090a0 0x9984 0x7784 -
ntohl 0xe 0x100090a4 0x9988 0x7788 -
WSAAsyncGetServByPort 0x6a 0x100090a8 0x998c 0x778c -
ord1119 0x45f 0x100090ac 0x9990 0x7790 -
WS2_32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSCGetProviderPath - 0x1000907c 0x9960 0x7760 0x67
WSACloseEvent - 0x10009080 0x9964 0x7764 0x1f
WSAEnumNameSpaceProvidersW - 0x10009084 0x9968 0x7768 0x2a
Exports (1)
»
Api name EAT Address Ordinal
TclpOwkq 0x7500 0x1
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Dropped File OLE Compound
clean
...
»
MIME Type application/CDFV2
File Size 50.62 KB
MD5 31717ea106e6729070a831fee319d8a0 Copy to Clipboard
SHA1 7c11e578275eb83efdc7852a8a757c6ba942c1e2 Copy to Clipboard
SHA256 4a7839716f95d3bb2dd07172f2afedd6d440f370444f35e0eb1b7885d4177a93 Copy to Clipboard
SSDeep 384:YEgfeth58KE6IoKPQww1ugf5fcRUZfgwefMe3zP5k:YY5065/1KiZIj1k Copy to Clipboard
ImpHash -
CFB Streams (36)
»
Name ID Size Actions
Root\ 1 729 Bytes
...
Root\2 2 456 Bytes
...
Root\3 3 456 Bytes
...
Root\4 4 455 Bytes
...
Root\DestList 5 8.62 KB
...
Root\ 6 452 Bytes
...
Root\6 7 453 Bytes
...
Root\7 8 1.18 KB
...
Root\8 9 1019 Bytes
...
Root\9 10 1.19 KB
...
Root\a 11 1.16 KB
...
Root\b 12 1.28 KB
...
Root\c 13 887 Bytes
...
Root\d 14 809 Bytes
...
Root\e 15 967 Bytes
...
Root\f 16 1.20 KB
...
Root\ 17 783 Bytes
...
Root\ 18 1.31 KB
...
Root\2 19 1.18 KB
...
Root\3 20 864 Bytes
...
Root\4 21 987 Bytes
...
Root\ 22 1.06 KB
...
Root\6 23 896 Bytes
...
Root\7 24 902 Bytes
...
Root\8 25 1.04 KB
...
Root\9 26 1.07 KB
...
Root\a 27 1.08 KB
...
Root\b 28 1.16 KB
...
Root\c 29 859 Bytes
...
Root\d 30 961 Bytes
...
Root\e 31 861 Bytes
...
Root\f 32 1.09 KB
...
Root\20 33 659 Bytes
...
Root\21 34 1.20 KB
...
Root\22 35 1.09 KB
...
Root\23 36 566 Bytes
...
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Dropped File OLE Compound
clean
...
»
MIME Type application/CDFV2
File Size 51.50 KB
MD5 b9609057ca5af9492cbb8178e6331d2c Copy to Clipboard
SHA1 56f7ed73aebbbd55e7efd12bcf29ebfbd92671f3 Copy to Clipboard
SHA256 6ca5cdce3c66a07ad6c83572f2d006b18c44be92b509c3e9a3430f024add1e3b Copy to Clipboard
SSDeep 384:Ygafeth58KE6IoKmnwwougfKfYEZf0VUeHMe3FjdT:YW5065JoNEZ6f7 Copy to Clipboard
ImpHash -
CFB Streams (37)
»
Name ID Size Actions
Root\ 1 729 Bytes
...
Root\2 2 456 Bytes
...
Root\3 3 456 Bytes
...
Root\4 4 455 Bytes
...
Root\DestList 5 8.81 KB
...
Root\ 6 452 Bytes
...
Root\6 7 453 Bytes
...
Root\7 8 1.18 KB
...
Root\8 9 1019 Bytes
...
Root\9 10 1.19 KB
...
Root\a 11 1.16 KB
...
Root\b 12 1.28 KB
...
Root\c 13 887 Bytes
...
Root\d 14 809 Bytes
...
Root\e 15 967 Bytes
...
Root\f 16 1.20 KB
...
Root\ 17 783 Bytes
...
Root\ 18 1.31 KB
...
Root\2 19 1.18 KB
...
Root\3 20 864 Bytes
...
Root\4 21 987 Bytes
...
Root\ 22 1.06 KB
...
Root\6 23 896 Bytes
...
Root\7 24 902 Bytes
...
Root\8 25 1.04 KB
...
Root\9 26 1.07 KB
...
Root\a 27 1.08 KB
...
Root\b 28 1.16 KB
...
Root\c 29 859 Bytes
...
Root\d 30 961 Bytes
...
Root\e 31 861 Bytes
...
Root\f 32 1.09 KB
...
Root\20 33 659 Bytes
...
Root\21 34 1.20 KB
...
Root\22 35 1.09 KB
...
Root\23 36 566 Bytes
...
Root\24 37 668 Bytes
...
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Dropped File OLE Compound
clean
...
»
MIME Type application/CDFV2
File Size 51.50 KB
MD5 1646aaca35e70bc30734ccdbf78159cf Copy to Clipboard
SHA1 674b8d5f04a0441b45f7cacaf06d5b1663cdfd0f Copy to Clipboard
SHA256 1a7c1aa751f133eb2f7b823b5c1a92de0d906bec4174b85af7de382ed03e0cd8 Copy to Clipboard
SSDeep 384:Yvafeth58KE6IoKmnwwougfKfYEZf0VUeHMe3FjdT:YV5065JoNEZ6f7 Copy to Clipboard
ImpHash -
CFB Streams (37)
»
Name ID Size Actions
Root\ 1 729 Bytes
...
Root\2 2 456 Bytes
...
Root\3 3 456 Bytes
...
Root\4 4 455 Bytes
...
Root\DestList 5 8.81 KB
...
Root\ 6 452 Bytes
...
Root\6 7 453 Bytes
...
Root\7 8 1.18 KB
...
Root\8 9 1019 Bytes
...
Root\9 10 1.19 KB
...
Root\a 11 1.16 KB
...
Root\b 12 1.28 KB
...
Root\c 13 887 Bytes
...
Root\d 14 809 Bytes
...
Root\e 15 967 Bytes
...
Root\f 16 1.20 KB
...
Root\ 17 783 Bytes
...
Root\ 18 1.31 KB
...
Root\2 19 1.18 KB
...
Root\3 20 864 Bytes
...
Root\4 21 987 Bytes
...
Root\ 22 1.06 KB
...
Root\6 23 896 Bytes
...
Root\7 24 902 Bytes
...
Root\8 25 1.04 KB
...
Root\9 26 1.07 KB
...
Root\a 27 1.08 KB
...
Root\b 28 1.16 KB
...
Root\c 29 859 Bytes
...
Root\d 30 961 Bytes
...
Root\e 31 861 Bytes
...
Root\f 32 1.09 KB
...
Root\20 33 659 Bytes
...
Root\21 34 1.20 KB
...
Root\22 35 1.09 KB
...
Root\23 36 566 Bytes
...
Root\24 37 668 Bytes
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image