daeea857...d3db | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names:
Dharma
Gen:Variant.Ulise.99735
Gen:Variant.Ransom.Phobos.62

Fast.exeXX.exe

Windows Exe (x86-32)

Created at 2020-04-07T14:07:00

...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Fast.exeXX.exe Sample File Binary
Malicious
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\start menu\programs\startup\Fast.exeXX.exe (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Fast.exeXX.exe (Dropped File)
c:\programdata\microsoft\windows\start menu\programs\startup\Fast.exeXX.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 55.50 KB
MD5 034711ded900d781e170c660bec9ab86 Copy to Clipboard
SHA1 e21b41459d8ec1d685cbd5bdf8e80b2e0c5fe5f6 Copy to Clipboard
SHA256 daeea857831d0d022fbbae530557cb48480ff0370decec3d41d4dbdfc672d3db Copy to Clipboard
SSDeep 1536:BkcgYgbig9EhjWNMSTdwp++ln/EFkQ6Em:Bj8ijWNw++l2kQ6 Copy to Clipboard
ImpHash 03cae632c46883e0fd8e744440cd27c0 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x402e94
Size Of Code 0x8600
Size Of Initialized Data 0x3e00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-25 14:37:23+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x8468 0x8600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.56
.rdata 0x40a000 0xe7c 0x1000 0x8a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.27
.data 0x40b000 0x26b9 0x600 0x9a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.18
.reloc 0x40e000 0x5de 0x600 0xa000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.65
.cdata 0x40f000 0x36f8 0x3800 0xa600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.83
Imports (9)
»
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetEnumResourceW 0x0 0x40a154 0xa650 0x9050 0x1c
WNetUseConnectionW 0x0 0x40a158 0xa654 0x9054 0x49
WNetOpenEnumW 0x0 0x40a15c 0xa658 0x9058 0x3d
WNetCloseEnum 0x0 0x40a160 0xa65c 0x905c 0x10
WS2_32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ioctlsocket 0xa 0x40a198 0xa694 0x9094 -
getpeername 0x5 0x40a19c 0xa698 0x9098 -
ntohl 0xe 0x40a1a0 0xa69c 0x909c -
select 0x12 0x40a1a4 0xa6a0 0x90a0 -
WSAGetLastError 0x6f 0x40a1a8 0xa6a4 0x90a4 -
htons 0x9 0x40a1ac 0xa6a8 0x90a8 -
recv 0x10 0x40a1b0 0xa6ac 0x90ac -
socket 0x17 0x40a1b4 0xa6b0 0x90b0 -
closesocket 0x3 0x40a1b8 0xa6b4 0x90b4 -
getsockopt 0x7 0x40a1bc 0xa6b8 0x90b8 -
WSAAddressToStringW 0x0 0x40a1c0 0xa6bc 0x90bc 0xf
htonl 0x8 0x40a1c4 0xa6c0 0x90c0 -
connect 0x4 0x40a1c8 0xa6c4 0x90c4 -
IPHLPAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetIpAddrTable 0x0 0x40a038 0xa534 0x8f34 0x54
WINHTTP.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinHttpReceiveResponse 0x0 0x40a17c 0xa678 0x9078 0x16
WinHttpOpenRequest 0x0 0x40a180 0xa67c 0x907c 0x10
WinHttpConnect 0x0 0x40a184 0xa680 0x9080 0x8
WinHttpCloseHandle 0x0 0x40a188 0xa684 0x9084 0x7
WinHttpOpen 0x0 0x40a18c 0xa688 0x9088 0xf
WinHttpSendRequest 0x0 0x40a190 0xa68c 0x908c 0x17
KERNEL32.dll (68)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SystemTimeToFileTime 0x0 0x40a040 0xa53c 0x8f3c 0x4bd
QueryPerformanceCounter 0x0 0x40a044 0xa540 0x8f40 0x3a7
GetLocalTime 0x0 0x40a048 0xa544 0x8f44 0x203
ReadProcessMemory 0x0 0x40a04c 0xa548 0x8f48 0x3c3
FindNextFileW 0x0 0x40a050 0xa54c 0x8f4c 0x145
SetFileAttributesW 0x0 0x40a054 0xa550 0x8f50 0x461
MoveFileW 0x0 0x40a058 0xa554 0x8f54 0x363
GetFileSizeEx 0x0 0x40a05c 0xa558 0x8f58 0x1f1
GetFileAttributesW 0x0 0x40a060 0xa55c 0x8f5c 0x1ea
SetFilePointerEx 0x0 0x40a064 0xa560 0x8f60 0x467
SetEndOfFile 0x0 0x40a068 0xa564 0x8f64 0x453
ExitProcess 0x0 0x40a06c 0xa568 0x8f68 0x119
SetFilePointer 0x0 0x40a070 0xa56c 0x8f6c 0x466
WaitForSingleObject 0x0 0x40a074 0xa570 0x8f70 0x4f9
GetComputerNameW 0x0 0x40a078 0xa574 0x8f74 0x18f
SetEvent 0x0 0x40a07c 0xa578 0x8f78 0x459
GetLogicalDrives 0x0 0x40a080 0xa57c 0x8f7c 0x209
GetTickCount 0x0 0x40a084 0xa580 0x8f80 0x293
Sleep 0x0 0x40a088 0xa584 0x8f84 0x4b2
CopyFileW 0x0 0x40a08c 0xa588 0x8f88 0x75
ReadFile 0x0 0x40a090 0xa58c 0x8f8c 0x3c0
CreateFileW 0x0 0x40a094 0xa590 0x8f90 0x8f
MultiByteToWideChar 0x0 0x40a098 0xa594 0x8f94 0x367
CreateEventW 0x0 0x40a09c 0xa598 0x8f98 0x85
WaitForMultipleObjects 0x0 0x40a0a0 0xa59c 0x8f9c 0x4f7
CloseHandle 0x0 0x40a0a4 0xa5a0 0x8fa0 0x52
CreateThread 0x0 0x40a0a8 0xa5a4 0x8fa4 0xb5
InitializeCriticalSectionAndSpinCount 0x0 0x40a0ac 0xa5a8 0x8fa8 0x2e3
LeaveCriticalSection 0x0 0x40a0b0 0xa5ac 0x8fac 0x339
EnterCriticalSection 0x0 0x40a0b4 0xa5b0 0x8fb0 0xee
ResetEvent 0x0 0x40a0b8 0xa5b4 0x8fb4 0x40f
DeleteCriticalSection 0x0 0x40a0bc 0xa5b8 0x8fb8 0xd1
AllocConsole 0x0 0x40a0c0 0xa5bc 0x8fbc 0x10
WriteFile 0x0 0x40a0c4 0xa5c0 0x8fc0 0x525
WideCharToMultiByte 0x0 0x40a0c8 0xa5c4 0x8fc4 0x511
WriteConsoleW 0x0 0x40a0cc 0xa5c8 0x8fc8 0x524
GetStdHandle 0x0 0x40a0d0 0xa5cc 0x8fcc 0x264
CreateMutexW 0x0 0x40a0d4 0xa5d0 0x8fd0 0x9e
CreateProcessW 0x0 0x40a0d8 0xa5d4 0x8fd4 0xa8
GetCurrentProcess 0x0 0x40a0dc 0xa5d8 0x8fd8 0x1c0
SetHandleInformation 0x0 0x40a0e0 0xa5dc 0x8fdc 0x470
OpenProcess 0x0 0x40a0e4 0xa5e0 0x8fe0 0x380
GetLocaleInfoW 0x0 0x40a0e8 0xa5e4 0x8fe4 0x206
FindClose 0x0 0x40a0ec 0xa5e8 0x8fe8 0x12e
TerminateProcess 0x0 0x40a0f0 0xa5ec 0x8fec 0x4c0
GetModuleFileNameW 0x0 0x40a0f4 0xa5f0 0x8ff0 0x214
FlushFileBuffers 0x0 0x40a0f8 0xa5f4 0x8ff4 0x157
OpenMutexW 0x0 0x40a0fc 0xa5f8 0x8ff8 0x37d
GetLastError 0x0 0x40a100 0xa5fc 0x8ffc 0x202
GetProcAddress 0x0 0x40a104 0xa600 0x9000 0x245
Process32FirstW 0x0 0x40a108 0xa604 0x9004 0x396
GetExitCodeThread 0x0 0x40a10c 0xa608 0x9008 0x1e0
CreatePipe 0x0 0x40a110 0xa60c 0x900c 0xa1
Process32NextW 0x0 0x40a114 0xa610 0x9010 0x398
GetModuleHandleA 0x0 0x40a118 0xa614 0x9014 0x215
CreateToolhelp32Snapshot 0x0 0x40a11c 0xa618 0x9018 0xbe
ReleaseMutex 0x0 0x40a120 0xa61c 0x901c 0x3fa
GetVersion 0x0 0x40a124 0xa620 0x9020 0x2a2
DeleteFileW 0x0 0x40a128 0xa624 0x9024 0xd6
GetCurrentProcessId 0x0 0x40a12c 0xa628 0x9028 0x1c1
GetVolumeInformationW 0x0 0x40a130 0xa62c 0x902c 0x2a7
ExpandEnvironmentStringsW 0x0 0x40a134 0xa630 0x9030 0x11d
HeapAlloc 0x0 0x40a138 0xa634 0x9034 0x2cb
GetProcessHeap 0x0 0x40a13c 0xa638 0x9038 0x24a
HeapReAlloc 0x0 0x40a140 0xa63c 0x903c 0x2d2
HeapFree 0x0 0x40a144 0xa640 0x9040 0x2cf
FindFirstFileW 0x0 0x40a148 0xa644 0x9044 0x139
GetCurrentThreadId 0x0 0x40a14c 0xa648 0x9048 0x1c5
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetWindowThreadProcessId 0x0 0x40a170 0xa66c 0x906c 0x1a4
GetShellWindow 0x0 0x40a174 0xa670 0x9070 0x179
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FreeSid 0x0 0x40a000 0xa4fc 0x8efc 0x120
LookupPrivilegeValueW 0x0 0x40a004 0xa500 0x8f00 0x197
OpenProcessToken 0x0 0x40a008 0xa504 0x8f04 0x1f7
GetTokenInformation 0x0 0x40a00c 0xa508 0x8f08 0x15a
EqualSid 0x0 0x40a010 0xa50c 0x8f0c 0x107
RegSetValueExW 0x0 0x40a014 0xa510 0x8f10 0x27e
RegCloseKey 0x0 0x40a018 0xa514 0x8f14 0x230
AdjustTokenPrivileges 0x0 0x40a01c 0xa518 0x8f18 0x1f
RegOpenKeyExW 0x0 0x40a020 0xa51c 0x8f1c 0x261
LookupAccountSidW 0x0 0x40a024 0xa520 0x8f20 0x191
AllocateAndInitializeSid 0x0 0x40a028 0xa524 0x8f24 0x20
DuplicateTokenEx 0x0 0x40a02c 0xa528 0x8f28 0xdf
RegQueryValueExW 0x0 0x40a030 0xa52c 0x8f2c 0x26e
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExW 0x0 0x40a168 0xa664 0x9064 0x121
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoGetObject 0x0 0x40a1d0 0xa6cc 0x90cc 0x35
CoInitializeEx 0x0 0x40a1d4 0xa6d0 0x90d0 0x3f
CoUninitialize 0x0 0x40a1d8 0xa6d4 0x90d4 0x6c
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
fast.exexx.exe 1 0x00270000 0x00282FFF Relevant Image True 32-bit 0x0027731B True False
...
fast.exexx.exe 2 0x00270000 0x00282FFF Relevant Image True 32-bit 0x00271236 True False
...
fast.exexx.exe 1 0x00270000 0x00282FFF Final Dump True 32-bit 0x00271236 True False
...
fast.exexx.exe 2 0x00270000 0x00282FFF Final Dump True 32-bit 0x002791B5 True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ulise.99735
Malicious
\\?\C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\desktop.ini.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 386 Bytes
MD5 f9eb510fa0937acf828b4b69799ec275 Copy to Clipboard
SHA1 b15db6499a364482471f9f4ef48b3fd89981adab Copy to Clipboard
SHA256 bf8f198dbffd5530288e1eb4a1d42675ca8c44f6ffb1dcb62e5fca9ea4f6679a Copy to Clipboard
SSDeep 6:MyBcij1LfWcJWPAd3dzYeeFx2zFfTxGWQb6bX9zwee43Sm0sw3SNjlgTso:MScAwYNdzYeeFxsnW6ah+0R+RMb Copy to Clipboard
ImpHash -
\\?\C:\Boot\BOOTSTAT.DAT.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 64.25 KB
MD5 8e546c1a38737c6c6c0cecb32334836b Copy to Clipboard
SHA1 141b92a47cd03724a115801de3daeeb314a88e5c Copy to Clipboard
SHA256 2348c9603039631e438fada5eeae617e3219ba1572b0ac678ddc006ca2212178 Copy to Clipboard
SSDeep 1536:xGd8org069fMR+qdAgsuES/HbcggbX0Rb6DCK1bUhYAAj6orb4Txm:xt0gH9fM0q3suEpA0CK1Fd0o Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelLR.cab (Dropped File)
Mime Type application/octet-stream
File Size 16.94 MB
MD5 2fb10a322517f7cbfb3a6cfe3f7ec571 Copy to Clipboard
SHA1 f50dbea0bf05e4a4f73abb265fef52fa43db4e07 Copy to Clipboard
SHA256 5ef870f132dab830dd5380a5f66f2db9ead790ee6610fc191c638c2aecd616a4 Copy to Clipboard
SSDeep 196608:6a8A7fKP0ReD0wXKLUEfRrDXP2ifogB2jHcSBLWiyvyWJRMLhdPWfi:6aRDKP0q0wM9JrL2ifJcjhW/6vL3Ai Copy to Clipboard
ImpHash -
\\?\C:\BOOTSECT.BAK.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 8.25 KB
MD5 918f80490e907b1cffb2578533065d79 Copy to Clipboard
SHA1 d2b2eeaff1f790366160b3202cf332a035e6a0b2 Copy to Clipboard
SHA256 bcf410b95c08ba48fe371fd093aecbb41b2e946d70afcf2e98e797e488c78071 Copy to Clipboard
SSDeep 192:25nSbgQhEKTeMnDWbd40ddxGZMcmoLzRplgunhgVGdi5K8m:uSbgQ7Tod4ER5AdounPd2K8m Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.msi (Dropped File)
Mime Type application/octet-stream
File Size 3.14 MB
MD5 8a6a845d810361b2753de97f61f30263 Copy to Clipboard
SHA1 c11e0542d0b7e63727a73fde4d80d2a99dc1331f Copy to Clipboard
SHA256 e65e4e6b9d4d1ddc8bfbcaf5daa50c27da8b4eefd7c13f97d878ce416bc38857 Copy to Clipboard
SSDeep 49152:zDxL8QBo0Tex4S120ytJyghRTPJ52/zwD+z:zR89t1oPD+/zwk Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\ExcelMUI.xml.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.77 KB
MD5 be1484ed1e4462475db5aa4baac04a35 Copy to Clipboard
SHA1 2f580f182b5f3c54fdab638efb33e0019d6c645a Copy to Clipboard
SHA256 0a345b0fcf4fd34f9944c69b6646f490d49fd66a86e4f4ed27f4eac1e0006599 Copy to Clipboard
SSDeep 48:DoK4Vjh9uJyZxeBUx0h7QGSqpSBaccrJhMm:qjh9ucXeBUx0h79SqgS2m Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0016-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.49 KB
MD5 1065a4e24b2da0ee907152f2f18721ee Copy to Clipboard
SHA1 bc55ce9049bbd30259133e7f5516f6c4be84735f Copy to Clipboard
SHA256 7e37e4953fba32e500462e45b073062f6eaa017bb9d62fae4120c431a716ada8 Copy to Clipboard
SSDeep 48:d0r5dfzYyTdV7Yv/exu6iWXLoKA5YUdVJipq3UUKgcmD0vSqqjcm:arfYvEusMr/cpqdcQsqjcm Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.msi (Dropped File)
Mime Type application/octet-stream
File Size 3.14 MB
MD5 70129afd0358a4d3fa29ea32fcde789e Copy to Clipboard
SHA1 52c0263b401249ca72f78ccb10e9503dedb0d435 Copy to Clipboard
SHA256 1779eb06a6bfb6c4333a375e9eeb62cbfecbd57269235fc9387ee232e3e2bd53 Copy to Clipboard
SSDeep 49152:zDxL8QBo6Tex4S120ytJy0TfkPnYe/dLv2L0G5o16W:zR89j1/PXdLv2L0Z11 Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PowerPointMUI.xml.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.67 KB
MD5 201efb7c24d19b3f5ecbd938a35b1148 Copy to Clipboard
SHA1 b05173ba1e4d24ecb9d7bb917f545f8d686a2137 Copy to Clipboard
SHA256 d75ee8b4689e88bd35b28215e59297b800a83058d08e5bb69b25a0db63de6fcf Copy to Clipboard
SSDeep 48:9XUkQthedqmfwJAT79N1KxbyRwSI/MHvxa1wo:9EkQHePfGA/9N1KxORdvxeH Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.08 KB
MD5 79f40b62b392e68adeb9397f81b92765 Copy to Clipboard
SHA1 67e5519da060278ef2094aedc762d1d2b0a90539 Copy to Clipboard
SHA256 d2e60095553289830d804a5ca340e05c9fac479fed0763577a3ab71fbac002b6 Copy to Clipboard
SSDeep 48:hOrO0zsJX11f+8fhqcUc+KZelFPWet83qefmO1pXv+vSm:6AF1qctelFA3qefVpISm Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0018-0409-1000-0000000FF1CE}-C\PptLR.cab (Dropped File)
Mime Type application/octet-stream
File Size 67.85 MB
MD5 6b078cbccbab0d5edeaa1d85f11ba58a Copy to Clipboard
SHA1 66820f091ea72f244d2d2019748cbda0b7b9702d Copy to Clipboard
SHA256 7597007b7fd82fa6fc079ad255cc80561c20be4bc515df7968b4b0e377292774 Copy to Clipboard
SSDeep 196608:H4KKCX5FvaeoDcBdxmOJR7nxOKOmE7dzaNQwr:H4KKCX5FvaVczxmUJnYSE7dzAT Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.msi (Dropped File)
Mime Type application/octet-stream
File Size 3.15 MB
MD5 a31f47fca9ee0d402583aa83e12f6044 Copy to Clipboard
SHA1 4786a700d03102785663b379207b5dd523639250 Copy to Clipboard
SHA256 4c13c8dcb2cf8b512db1bb2453d9ac0ff877c25d5eab2994ce489d82f43d118c Copy to Clipboard
SSDeep 49152:zDxL8QBonTex4S120ytJyJs9hbjPwIEivwxqCV:zR89K1RChbEnxv Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\PublisherMUI.xml.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.67 KB
MD5 9395e8a748c52e9c2c00627bcb4291c0 Copy to Clipboard
SHA1 c1d97d27575e70631657d3ee9bcd011a1a2ecd28 Copy to Clipboard
SHA256 43b8345254e1bb6c722b699bb29e8fbad1a8a12d9f6d799683917a946c9fdad9 Copy to Clipboard
SSDeep 24:hUUk4VK+7Zqu8Dj999NF7t/GCSCQjnn/HUCH+Q8Sbbjlhm9/jIyyAViiZeUwo:0+EBFft/pSCQbn/0ox8SbbRS/PuLUwo Copy to Clipboard
ImpHash -
\\?\C:\MSOCache\All Users\{90140000-0019-0409-1000-0000000FF1CE}-C\Setup.xml.id[9C354B42-2795].[werichbin@protonmail.com].revon Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.81 KB
MD5 0287d6e41cfedf55f21c84e60cc354b0 Copy to Clipboard
SHA1 48ea116fc2ffc90e9a64342db3e3893466e47103 Copy to Clipboard
SHA256 34c651e967c74c07d5cc9fe84708bfbb78f50ccf9a4dd240f0c7cd77a764d200 Copy to Clipboard
SSDeep 48:VsAblq7WAr2iZ/Luy5siKZzK6Zaw3kjnr/UaBm:VFBqaKJZ/S3ZzTaNjnDFm Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image