ddfd1d60...545f | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Downloader
Exploit
...
Threat Names:
Equation Group
Mimikatz
Gen:Trojan.Downloader.fmqaa08eR0ii
...

down.txt.exe

Windows Exe (x86-32)

Created at 2020-01-13T14:40:00

...

Remarks (2/3)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "58 minutes" to "4 minutes" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x0200000C): The maximum memory dump size was exceeded. Some dumps may be missing in the report.

Filters:
Filename Category Type Severity Actions
C:\ProgramData\poc.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 1.83 MB
MD5 e56b28203a66d88da2c951c9b47fb2c0 Copy to Clipboard
SHA1 cabc42bda122ddebe428ce7e2b759ab1a7e36300 Copy to Clipboard
SHA256 47fa9c298b904d66a5eb92c67dee602198259d366ef4f078a8365beefb9fdc95 Copy to Clipboard
SSDeep 24576:suTner3lkYS8yrOj5jHquLF8iW9Gqt/2mcxhqqf2trTLwkszirpoVdViYcMrZ3gV:suTnJd8wK89RIhkvLwksdLWWZ3s Copy to Clipboard
ImpHash 5688b19b58c75a0462a77240ace49a5e Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-12 21:35 (UTC+1)
Last Seen 2020-01-12 22:12 (UTC+1)
Names Win32.Exploit.Shadowbrokers
Families Shadowbrokers
Classification Exploit
PE Information
»
Image Base 0x400000
Entry Point 0x40135e
Size Of Code 0xf200
Size Of Initialized Data 0x8200
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2020-01-10 06:37:56+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xf0f3 0xf200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.6
.rdata 0x411000 0x5ca0 0x5e00 0xf600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.81
.data 0x417000 0x120c 0x800 0x15400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.25
.reloc 0x419000 0xf7c 0x1000 0x15c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.46
.enigma1 0x41a000 0x1000 0x17c000 0x16c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.85
.enigma2 0x41b000 0x43000 0x43000 0x192c00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.05
Imports (18)
»
kernel32.dll (37)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteCriticalSection 0x0 0x45317c 0x5317c 0x1cad7c 0x0
LeaveCriticalSection 0x0 0x453180 0x53180 0x1cad80 0x0
EnterCriticalSection 0x0 0x453184 0x53184 0x1cad84 0x0
InitializeCriticalSection 0x0 0x453188 0x53188 0x1cad88 0x0
VirtualFree 0x0 0x45318c 0x5318c 0x1cad8c 0x0
VirtualAlloc 0x0 0x453190 0x53190 0x1cad90 0x0
LocalFree 0x0 0x453194 0x53194 0x1cad94 0x0
LocalAlloc 0x0 0x453198 0x53198 0x1cad98 0x0
GetTickCount 0x0 0x45319c 0x5319c 0x1cad9c 0x0
QueryPerformanceCounter 0x0 0x4531a0 0x531a0 0x1cada0 0x0
GetVersion 0x0 0x4531a4 0x531a4 0x1cada4 0x0
GetCurrentThreadId 0x0 0x4531a8 0x531a8 0x1cada8 0x0
InterlockedDecrement 0x0 0x4531ac 0x531ac 0x1cadac 0x0
InterlockedIncrement 0x0 0x4531b0 0x531b0 0x1cadb0 0x0
VirtualQuery 0x0 0x4531b4 0x531b4 0x1cadb4 0x0
WideCharToMultiByte 0x0 0x4531b8 0x531b8 0x1cadb8 0x0
MultiByteToWideChar 0x0 0x4531bc 0x531bc 0x1cadbc 0x0
lstrlenA 0x0 0x4531c0 0x531c0 0x1cadc0 0x0
lstrcpynA 0x0 0x4531c4 0x531c4 0x1cadc4 0x0
LoadLibraryExA 0x0 0x4531c8 0x531c8 0x1cadc8 0x0
GetThreadLocale 0x0 0x4531cc 0x531cc 0x1cadcc 0x0
GetStartupInfoA 0x0 0x4531d0 0x531d0 0x1cadd0 0x0
GetProcAddress 0x0 0x4531d4 0x531d4 0x1cadd4 0x0
GetModuleHandleA 0x0 0x4531d8 0x531d8 0x1cadd8 0x0
GetModuleFileNameA 0x0 0x4531dc 0x531dc 0x1caddc 0x0
GetLocaleInfoA 0x0 0x4531e0 0x531e0 0x1cade0 0x0
GetCommandLineA 0x0 0x4531e4 0x531e4 0x1cade4 0x0
FreeLibrary 0x0 0x4531e8 0x531e8 0x1cade8 0x0
FindFirstFileA 0x0 0x4531ec 0x531ec 0x1cadec 0x0
FindClose 0x0 0x4531f0 0x531f0 0x1cadf0 0x0
ExitProcess 0x0 0x4531f4 0x531f4 0x1cadf4 0x0
ExitThread 0x0 0x4531f8 0x531f8 0x1cadf8 0x0
WriteFile 0x0 0x4531fc 0x531fc 0x1cadfc 0x0
UnhandledExceptionFilter 0x0 0x453200 0x53200 0x1cae00 0x0
RtlUnwind 0x0 0x453204 0x53204 0x1cae04 0x0
RaiseException 0x0 0x453208 0x53208 0x1cae08 0x0
GetStdHandle 0x0 0x45320c 0x5320c 0x1cae0c 0x0
user32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetKeyboardType 0x0 0x453214 0x53214 0x1cae14 0x0
LoadStringA 0x0 0x453218 0x53218 0x1cae18 0x0
MessageBoxA 0x0 0x45321c 0x5321c 0x1cae1c 0x0
CharNextA 0x0 0x453220 0x53220 0x1cae20 0x0
advapi32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegQueryValueExA 0x0 0x453228 0x53228 0x1cae28 0x0
RegOpenKeyExA 0x0 0x45322c 0x5322c 0x1cae2c 0x0
RegCloseKey 0x0 0x453230 0x53230 0x1cae30 0x0
oleaut32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x0 0x453238 0x53238 0x1cae38 0x0
SysReAllocStringLen 0x0 0x45323c 0x5323c 0x1cae3c 0x0
SysAllocStringLen 0x0 0x453240 0x53240 0x1cae40 0x0
kernel32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsSetValue 0x0 0x453248 0x53248 0x1cae48 0x0
TlsGetValue 0x0 0x45324c 0x5324c 0x1cae4c 0x0
TlsFree 0x0 0x453250 0x53250 0x1cae50 0x0
TlsAlloc 0x0 0x453254 0x53254 0x1cae54 0x0
LocalFree 0x0 0x453258 0x53258 0x1cae58 0x0
LocalAlloc 0x0 0x45325c 0x5325c 0x1cae5c 0x0
advapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegOpenKeyA 0x0 0x453264 0x53264 0x1cae64 0x0
kernel32.dll (105)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteProcessMemory 0x0 0x45326c 0x5326c 0x1cae6c 0x0
WriteFile 0x0 0x453270 0x53270 0x1cae70 0x0
WideCharToMultiByte 0x0 0x453274 0x53274 0x1cae74 0x0
WaitForSingleObject 0x0 0x453278 0x53278 0x1cae78 0x0
VirtualQuery 0x0 0x45327c 0x5327c 0x1cae7c 0x0
VirtualProtectEx 0x0 0x453280 0x53280 0x1cae80 0x0
VirtualProtect 0x0 0x453284 0x53284 0x1cae84 0x0
VirtualFree 0x0 0x453288 0x53288 0x1cae88 0x0
VirtualAllocEx 0x0 0x45328c 0x5328c 0x1cae8c 0x0
VirtualAlloc 0x0 0x453290 0x53290 0x1cae90 0x0
SystemTimeToFileTime 0x0 0x453294 0x53294 0x1cae94 0x0
SizeofResource 0x0 0x453298 0x53298 0x1cae98 0x0
SetThreadContext 0x0 0x45329c 0x5329c 0x1cae9c 0x0
SetLastError 0x0 0x4532a0 0x532a0 0x1caea0 0x0
SetFileTime 0x0 0x4532a4 0x532a4 0x1caea4 0x0
SetFilePointer 0x0 0x4532a8 0x532a8 0x1caea8 0x0
SetFileAttributesW 0x0 0x4532ac 0x532ac 0x1caeac 0x0
SetFileAttributesA 0x0 0x4532b0 0x532b0 0x1caeb0 0x0
SetEvent 0x0 0x4532b4 0x532b4 0x1caeb4 0x0
SetErrorMode 0x0 0x4532b8 0x532b8 0x1caeb8 0x0
SetEndOfFile 0x0 0x4532bc 0x532bc 0x1caebc 0x0
SetCurrentDirectoryW 0x0 0x4532c0 0x532c0 0x1caec0 0x0
SetCurrentDirectoryA 0x0 0x4532c4 0x532c4 0x1caec4 0x0
ResetEvent 0x0 0x4532c8 0x532c8 0x1caec8 0x0
RemoveDirectoryW 0x0 0x4532cc 0x532cc 0x1caecc 0x0
RemoveDirectoryA 0x0 0x4532d0 0x532d0 0x1caed0 0x0
ReadProcessMemory 0x0 0x4532d4 0x532d4 0x1caed4 0x0
ReadFile 0x0 0x4532d8 0x532d8 0x1caed8 0x0
QueryDosDeviceW 0x0 0x4532dc 0x532dc 0x1caedc 0x0
PostQueuedCompletionStatus 0x0 0x4532e0 0x532e0 0x1caee0 0x0
MultiByteToWideChar 0x0 0x4532e4 0x532e4 0x1caee4 0x0
LockResource 0x0 0x4532e8 0x532e8 0x1caee8 0x0
LoadResource 0x0 0x4532ec 0x532ec 0x1caeec 0x0
LoadLibraryW 0x0 0x4532f0 0x532f0 0x1caef0 0x0
LoadLibraryA 0x0 0x4532f4 0x532f4 0x1caef4 0x0
LeaveCriticalSection 0x0 0x4532f8 0x532f8 0x1caef8 0x0
IsBadWritePtr 0x0 0x4532fc 0x532fc 0x1caefc 0x0
IsBadStringPtrW 0x0 0x453300 0x53300 0x1caf00 0x0
IsBadReadPtr 0x0 0x453304 0x53304 0x1caf04 0x0
InitializeCriticalSection 0x0 0x453308 0x53308 0x1caf08 0x0
GetWindowsDirectoryW 0x0 0x45330c 0x5330c 0x1caf0c 0x0
GetWindowsDirectoryA 0x0 0x453310 0x53310 0x1caf10 0x0
GetVersionExA 0x0 0x453314 0x53314 0x1caf14 0x0
GetVersion 0x0 0x453318 0x53318 0x1caf18 0x0
GetThreadLocale 0x0 0x45331c 0x5331c 0x1caf1c 0x0
GetThreadContext 0x0 0x453320 0x53320 0x1caf20 0x0
GetTempPathW 0x0 0x453324 0x53324 0x1caf24 0x0
GetTempPathA 0x0 0x453328 0x53328 0x1caf28 0x0
GetTempFileNameW 0x0 0x45332c 0x5332c 0x1caf2c 0x0
GetTempFileNameA 0x0 0x453330 0x53330 0x1caf30 0x0
GetSystemDirectoryW 0x0 0x453334 0x53334 0x1caf34 0x0
GetSystemDirectoryA 0x0 0x453338 0x53338 0x1caf38 0x0
GetStringTypeExW 0x0 0x45333c 0x5333c 0x1caf3c 0x0
GetStringTypeExA 0x0 0x453340 0x53340 0x1caf40 0x0
GetStdHandle 0x0 0x453344 0x53344 0x1caf44 0x0
GetProcAddress 0x0 0x453348 0x53348 0x1caf48 0x0
GetModuleHandleA 0x0 0x45334c 0x5334c 0x1caf4c 0x0
GetModuleFileNameW 0x0 0x453350 0x53350 0x1caf50 0x0
GetModuleFileNameA 0x0 0x453354 0x53354 0x1caf54 0x0
GetLogicalDriveStringsW 0x0 0x453358 0x53358 0x1caf58 0x0
GetLocaleInfoW 0x0 0x45335c 0x5335c 0x1caf5c 0x0
GetLocaleInfoA 0x0 0x453360 0x53360 0x1caf60 0x0
GetLocalTime 0x0 0x453364 0x53364 0x1caf64 0x0
GetLastError 0x0 0x453368 0x53368 0x1caf68 0x0
GetFullPathNameW 0x0 0x45336c 0x5336c 0x1caf6c 0x0
GetFullPathNameA 0x0 0x453370 0x53370 0x1caf70 0x0
GetFileSize 0x0 0x453374 0x53374 0x1caf74 0x0
GetFileAttributesW 0x0 0x453378 0x53378 0x1caf78 0x0
GetFileAttributesA 0x0 0x45337c 0x5337c 0x1caf7c 0x0
GetDiskFreeSpaceA 0x0 0x453380 0x53380 0x1caf80 0x0
GetDateFormatA 0x0 0x453384 0x53384 0x1caf84 0x0
GetCurrentThreadId 0x0 0x453388 0x53388 0x1caf88 0x0
GetCurrentProcessId 0x0 0x45338c 0x5338c 0x1caf8c 0x0
GetCurrentProcess 0x0 0x453390 0x53390 0x1caf90 0x0
GetCurrentDirectoryW 0x0 0x453394 0x53394 0x1caf94 0x0
GetCurrentDirectoryA 0x0 0x453398 0x53398 0x1caf98 0x0
GetCPInfo 0x0 0x45339c 0x5339c 0x1caf9c 0x0
GetACP 0x0 0x4533a0 0x533a0 0x1cafa0 0x0
FreeResource 0x0 0x4533a4 0x533a4 0x1cafa4 0x0
FreeLibrary 0x0 0x4533a8 0x533a8 0x1cafa8 0x0
FormatMessageA 0x0 0x4533ac 0x533ac 0x1cafac 0x0
FlushInstructionCache 0x0 0x4533b0 0x533b0 0x1cafb0 0x0
FindResourceW 0x0 0x4533b4 0x533b4 0x1cafb4 0x0
FindNextFileW 0x0 0x4533b8 0x533b8 0x1cafb8 0x0
FindNextFileA 0x0 0x4533bc 0x533bc 0x1cafbc 0x0
FindFirstFileW 0x0 0x4533c0 0x533c0 0x1cafc0 0x0
FindFirstFileA 0x0 0x4533c4 0x533c4 0x1cafc4 0x0
FindClose 0x0 0x4533c8 0x533c8 0x1cafc8 0x0
FileTimeToLocalFileTime 0x0 0x4533cc 0x533cc 0x1cafcc 0x0
FileTimeToDosDateTime 0x0 0x4533d0 0x533d0 0x1cafd0 0x0
ExitProcess 0x0 0x4533d4 0x533d4 0x1cafd4 0x0
EnumCalendarInfoA 0x0 0x4533d8 0x533d8 0x1cafd8 0x0
EnterCriticalSection 0x0 0x4533dc 0x533dc 0x1cafdc 0x0
DeleteFileW 0x0 0x4533e0 0x533e0 0x1cafe0 0x0
DeleteFileA 0x0 0x4533e4 0x533e4 0x1cafe4 0x0
DeleteCriticalSection 0x0 0x4533e8 0x533e8 0x1cafe8 0x0
CreateRemoteThread 0x0 0x4533ec 0x533ec 0x1cafec 0x0
CreateFileW 0x0 0x4533f0 0x533f0 0x1caff0 0x0
CreateFileA 0x0 0x4533f4 0x533f4 0x1caff4 0x0
CreateEventA 0x0 0x4533f8 0x533f8 0x1caff8 0x0
CreateDirectoryW 0x0 0x4533fc 0x533fc 0x1caffc 0x0
CreateDirectoryA 0x0 0x453400 0x53400 0x1cb000 0x0
CompareStringW 0x0 0x453404 0x53404 0x1cb004 0x0
CompareStringA 0x0 0x453408 0x53408 0x1cb008 0x0
CloseHandle 0x0 0x45340c 0x5340c 0x1cb00c 0x0
user32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA 0x0 0x453414 0x53414 0x1cb014 0x0
LoadStringA 0x0 0x453418 0x53418 0x1cb018 0x0
GetSystemMetrics 0x0 0x45341c 0x5341c 0x1cb01c 0x0
CharUpperBuffW 0x0 0x453420 0x53420 0x1cb020 0x0
CharUpperW 0x0 0x453424 0x53424 0x1cb024 0x0
CharLowerBuffW 0x0 0x453428 0x53428 0x1cb028 0x0
CharLowerW 0x0 0x45342c 0x5342c 0x1cb02c 0x0
CharNextA 0x0 0x453430 0x53430 0x1cb030 0x0
CharLowerA 0x0 0x453434 0x53434 0x1cb034 0x0
CharUpperA 0x0 0x453438 0x53438 0x1cb038 0x0
CharToOemA 0x0 0x45343c 0x5343c 0x1cb03c 0x0
kernel32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x453444 0x53444 0x1cb044 0x0
kernel32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ActivateActCtx 0x0 0x45344c 0x5344c 0x1cb04c 0x0
CreateActCtxW 0x0 0x453450 0x53450 0x1cb050 0x0
QueryDosDeviceW 0x0 0x453454 0x53454 0x1cb054 0x0
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateStreamOnHGlobal 0x0 0x45345c 0x5345c 0x1cb05c 0x0
CoUninitialize 0x0 0x453460 0x53460 0x1cb060 0x0
CoInitialize 0x0 0x453464 0x53464 0x1cb064 0x0
oleaut32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetErrorInfo 0x0 0x45346c 0x5346c 0x1cb06c 0x0
SysFreeString 0x0 0x453470 0x53470 0x1cb070 0x0
oleaut32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayPtrOfIndex 0x0 0x453478 0x53478 0x1cb078 0x0
SafeArrayGetUBound 0x0 0x45347c 0x5347c 0x1cb07c 0x0
SafeArrayGetLBound 0x0 0x453480 0x53480 0x1cb080 0x0
SafeArrayCreate 0x0 0x453484 0x53484 0x1cb084 0x0
VariantChangeType 0x0 0x453488 0x53488 0x1cb088 0x0
VariantCopy 0x0 0x45348c 0x5348c 0x1cb08c 0x0
VariantClear 0x0 0x453490 0x53490 0x1cb090 0x0
VariantInit 0x0 0x453494 0x53494 0x1cb094 0x0
ntdll.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlInitUnicodeString 0x0 0x45349c 0x5349c 0x1cb09c 0x0
RtlFreeUnicodeString 0x0 0x4534a0 0x534a0 0x1cb0a0 0x0
RtlFormatCurrentUserKeyPath 0x0 0x4534a4 0x534a4 0x1cb0a4 0x0
RtlDosPathNameToNtPathName_U 0x0 0x4534a8 0x534a8 0x1cb0a8 0x0
SHFolder.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW 0x0 0x4534b0 0x534b0 0x1cb0b0 0x0
SHGetFolderPathA 0x0 0x4534b4 0x534b4 0x1cb0b4 0x0
ntdll.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ZwProtectVirtualMemory 0x0 0x4534bc 0x534bc 0x1cb0bc 0x0
shlwapi.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathMatchSpecW 0x0 0x4534c4 0x534c4 0x1cb0c4 0x0
ntdll.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LdrGetProcedureAddress 0x0 0x4534cc 0x534cc 0x1cb0cc 0x0
RtlFreeUnicodeString 0x0 0x4534d0 0x534d0 0x1cb0d0 0x0
RtlInitAnsiString 0x0 0x4534d4 0x534d4 0x1cb0d4 0x0
RtlAnsiStringToUnicodeString 0x0 0x4534d8 0x534d8 0x1cb0d8 0x0
LdrLoadDll 0x0 0x4534dc 0x534dc 0x1cb0dc 0x0
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.32937697
Malicious
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
APLib_Compressed_PE PE file compressed by APLib -
2/5
...
c:\programdata\mmkt.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 384.00 KB
MD5 fa144438f5074d6fd0d11ac6b392f15d Copy to Clipboard
SHA1 58bc28b6e7ad5388fcc6d1498f85534f4d347c08 Copy to Clipboard
SHA256 5d12b1fc6627b0a0df0680d6556e782b8ae9270135457a81fe4edbbccc0f3552 Copy to Clipboard
SSDeep 6144:EC1KrGGU3Pl8s+iHencvWklsOyfgT+pSmefWCjPkImX3Ga8A+UL5O4iJfeJY3lV:Wry8vqWsUfDSvfWDITz54tJYr Copy to Clipboard
ImpHash 922f3dd5e390f978b222a3538c209ce1 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-05 07:49 (UTC+1)
Last Seen 2019-12-04 19:02 (UTC+1)
Names Win32.Trojan.Mimikatz
Families Mimikatz
Classification Trojan
PE Information
»
Image Base 0x140000000
Entry Point 0x1400eb69a
Size Of Code 0xa4400
Size Of Initialized Data 0x42200
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.amd64
Compile Timestamp 2019-10-30 11:59:57+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.MPRESS1 0x140001000 0xea000 0x5e800 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 8.0
.MPRESS2 0x1400eb000 0x1194 0x1200 0x5ea00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.77
.rsrc 0x1400ed000 0x27c 0x400 0x5fc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.85
Imports (25)
»
KERNEL32 (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA 0x0 0x1400eb230 0xeb230 0x5ec30 0x0
GetProcAddress 0x0 0x1400eb238 0xeb238 0x5ec38 0x0
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CopySid 0x0 0x1400eb248 0xeb248 0x5ec48 0x0
Cabinet.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0xe 0x1400eb258 0xeb258 0x5ec58 -
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CertOpenStore 0x0 0x1400eb268 0xeb268 0x5ec68 0x0
cryptdll.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MD5Init 0x0 0x1400eb278 0xeb278 0x5ec78 0x0
DNSAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DnsFree 0x0 0x1400eb288 0xeb288 0x5ec88 0x0
FLTLIB.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FilterFindNext 0x0 0x1400eb298 0xeb298 0x5ec98 0x0
NETAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NetRemoteTOD 0x0 0x1400eb2a8 0xeb2a8 0x5eca8 0x0
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitializeEx 0x0 0x1400eb2b8 0xeb2b8 0x5ecb8 0x0
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantInit 0x8 0x1400eb2c8 0xeb2c8 0x5ecc8 -
RPCRT4.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UuidCreate 0x0 0x1400eb2d8 0xeb2d8 0x5ecd8 0x0
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathCombineW 0x0 0x1400eb2e8 0xeb2e8 0x5ece8 0x0
SAMLIB.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SamConnect 0x0 0x1400eb2f8 0xeb2f8 0x5ecf8 0x0
Secur32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FreeContextBuffer 0x0 0x1400eb308 0xeb308 0x5ed08 0x0
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CommandLineToArgvW 0x0 0x1400eb318 0xeb318 0x5ed18 0x0
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetMessageW 0x0 0x1400eb328 0xeb328 0x5ed28 0x0
USERENV.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateEnvironmentBlock 0x0 0x1400eb338 0xeb338 0x5ed38 0x0
VERSION.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VerQueryValueW 0x0 0x1400eb348 0xeb348 0x5ed48 0x0
HID.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HidP_GetCaps 0x0 0x1400eb358 0xeb358 0x5ed58 0x0
SETUPAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetupDiGetClassDevsW 0x0 0x1400eb368 0xeb368 0x5ed68 0x0
WinSCard.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SCardControl 0x0 0x1400eb378 0xeb378 0x5ed78 0x0
WINSTA.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinStationConnectW 0x0 0x1400eb388 0xeb388 0x5ed88 0x0
WLDAP32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x45 0x1400eb398 0xeb398 0x5ed98 -
msasn1.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ASN1_CloseModule 0x0 0x1400eb3a8 0xeb3a8 0x5eda8 0x0
ntdll.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NtQueryObject 0x0 0x1400eb3b8 0xeb3b8 0x5edb8 0x0
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.41983806
Malicious
c:\programdata\blue.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 77.50 KB
MD5 8accffa5e7d5b14ee8109a8f99c72661 Copy to Clipboard
SHA1 104aa10d4cd8f617b24df0f5adb1174f7e96b61d Copy to Clipboard
SHA256 8e348105cde49cad8bfbe0acca0da67990289e108799c88805023888ead74300 Copy to Clipboard
SSDeep 1536:6oEFELBju002BDuJThVbR7T3U5IikIcqP8hXyJ53CBq:6oEiBR02BDMVtNUCikIF8hX+w Copy to Clipboard
ImpHash fdc2cf5f716a1d5947bd86f2a3659ba5 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 21:04 (UTC+1)
Last Seen 2019-11-20 09:14 (UTC+1)
Names Win32.Trojan.Eqtonex
Families Eqtonex
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x424cc0
Size Of Code 0x13000
Size Of Initialized Data 0x1000
Size Of Uninitialized Data 0x11000
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2013-05-28 14:14:33+00:00
Packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0x11000 0x0 0x400 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
UPX1 0x412000 0x13000 0x13000 0x400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.69
UPX2 0x425000 0x1000 0x200 0x13400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.56
Imports (6)
»
KERNEL32.DLL (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x42508c 0x2508c 0x1348c 0x0
GetProcAddress 0x0 0x425090 0x25090 0x13490 0x0
VirtualProtect 0x0 0x425094 0x25094 0x13494 0x0
VirtualAlloc 0x0 0x425098 0x25098 0x13498 0x0
VirtualFree 0x0 0x42509c 0x2509c 0x1349c 0x0
ExitProcess 0x0 0x4250a0 0x250a0 0x134a0 0x0
coli-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
coli_setID 0x0 0x4250a8 0x250a8 0x134a8 0x0
msvcrt.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
pow 0x0 0x4250b0 0x250b0 0x134b0 0x0
trch-1.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Parameter_hasValue 0x0 0x4250b8 0x250b8 0x134b8 0x0
tucl-1.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TcLog 0x0 0x4250c0 0x250c0 0x134c0 0x0
WS2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
inet_addr 0xb 0x4250c8 0x250c8 0x134c8 -
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Razy.182067
Malicious
c:\programdata\star.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 25.00 KB
MD5 ca3c0851c7451fc34dc37c2c53e2f70a Copy to Clipboard
SHA1 fb4e84ac06a1da30f7978562b64b1c794dc8e3eb Copy to Clipboard
SHA256 23205bf9c36bbd56189e3f430c25db2a27eb089906b173601cd42c66a25829a7 Copy to Clipboard
SSDeep 384:9vLBWDRL//PoBncRA0YaQ7rsgi8ZM4oLZDI4owY6KmjCezMbgOlMcMIdU7vvxlL:99WD1TC0YaQ/3i8+LWfIEbLlI2U7D Copy to Clipboard
ImpHash bebfdb050c71e8e1aa8af4cf61a8fb52 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 19:47 (UTC+1)
Last Seen 2019-11-20 18:14 (UTC+1)
Names Win32.Trojan.Doublepulsar
Families Doublepulsar
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x40f262
Size Of Code 0x3400
Size Of Initialized Data 0x7a00
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2013-01-02 20:03:18+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.MPRESS1 0x401000 0xe000 0x5200 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.99
.MPRESS2 0x40f000 0xdcc 0xe00 0x5400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.91
.rsrc 0x410000 0x1b4 0x200 0x6200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.45
Imports (11)
»
KERNEL32.DLL (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA 0x0 0x40f0f0 0xf0f0 0x54f0 0x0
GetProcAddress 0x0 0x40f0f4 0xf0f4 0x54f4 0x0
trfo-2.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TfFree 0x0 0x40f0fc 0xf0fc 0x54fc 0x0
trch-1.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Params_findParameter 0x0 0x40f104 0xf104 0x5504 0x0
tucl-1.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TcLog 0x0 0x40f10c 0xf10c 0x550c 0x0
WS2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
inet_addr 0xb 0x40f114 0xf114 0x5514 -
coli-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
coli_setID 0x0 0x40f11c 0xf11c 0x551c 0x0
tibe-2.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TbPutLong 0x0 0x40f124 0xf124 0x5524 0x0
cnli-1.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
byteSwapLong 0x0 0x40f12c 0xf12c 0x552c 0x0
xdvl-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
XDevLib_xorMask 0x0 0x40f134 0xf134 0x5534 0x0
SSLEAY32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x60 0x40f13c 0xf13c 0x553c -
msvcrt.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
exit 0x0 0x40f144 0xf144 0x5544 0x0
Local AV Matches (1)
»
Threat Name Severity
GenPack:Backdoor.DoublePulsar.B
Malicious
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
EquationGroup_Toolset_Apr17_Erraticgopher_1_0_1 EquationGroup Tool - April Leak -
5/5
...
C:\Program Files\Common Files\System\c.exe Downloaded File Binary
Malicious
...
»
Also Known As C:\Program Files\Common Files\System\c.exe (Downloaded File)
Mime Type application/vnd.microsoft.portable-executable
File Size 2.16 MB
MD5 01a9b1f9a9db526a54a64e39a605dd30 Copy to Clipboard
SHA1 a436e3f5a9ee5e88671823b43fa77ed871c1475b Copy to Clipboard
SHA256 9a1365c42f4aca3e9c1c5dcf38b967b73ab56e4af0b4a4380af7e2bf185478bc Copy to Clipboard
SSDeep 49152:HukzsCYr5TZNnFiL/FUEA0x2YBp4j8VThthc48Lezv:Ok4CwJsL/HAFYBp4jMM48Le Copy to Clipboard
ImpHash ebbe1df96d320d99b31763fcf51e0bf7 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-12 19:55 (UTC+1)
Last Seen 2020-01-13 12:19 (UTC+1)
Names Win32.Trojan.Generic
Families Generic
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x7161c7
Size Of Code 0x90200
Size Of Initialized Data 0x281000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-11 19:19:54+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.MPRESS1 0x401000 0x315000 0x227400 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 8.0
.MPRESS2 0x716000 0xd31 0xe00 0x227600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.83
.rsrc 0x717000 0x1d8 0x200 0x228400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.71
Imports (8)
»
KERNEL32.DLL (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA 0x0 0x7160b4 0x3160b4 0x2276b4 0x0
GetProcAddress 0x0 0x7160b8 0x3160b8 0x2276b8 0x0
MPR.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetAddConnection2A 0x0 0x7160c0 0x3160c0 0x2276c0 0x0
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x7160c8 0x3160c8 0x2276c8 0x0
WS2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
connect 0x4 0x7160d0 0x3160d0 0x2276d0 -
ole32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitializeEx 0x0 0x7160d8 0x3160d8 0x2276d8 0x0
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantClear 0x9 0x7160e0 0x3160e0 0x2276e0 -
ODBC32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x1f 0x7160e8 0x3160e8 0x2276e8 -
WINHTTP.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinHttpOpen 0x0 0x7160f0 0x3160f0 0x2276f0 0x0
Local AV Matches (1)
»
Threat Name Severity
Dropped:Trojan.GenericKD.32937697
Malicious
C:\Program Files\Common Files\System\cpt.exe Downloaded File Binary
Malicious
...
»
Also Known As c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\cpt[1].dat (Downloaded File)
Mime Type application/vnd.microsoft.portable-executable
File Size 1.17 MB
MD5 853358339279b590fb1c40c3dc0cdb72 Copy to Clipboard
SHA1 84825801eac21a8d6eb060ddd8a0cd902dcead25 Copy to Clipboard
SHA256 ca154fa6ff0d1ebc786b4ea89cefae022e05497d095c2391331f24113aa31e3c Copy to Clipboard
SSDeep 24576:iX2a9xmONW3KfIJxp7tgrdSh6AuMAG9y0wc0txzcvmgbC4z+4:im4xxDfIjp7+Rs6AuFG9ypxAmH Copy to Clipboard
ImpHash afc963227fa8e215bf964f90cd181b90 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2020-01-12 18:37 (UTC+1)
Last Seen 2020-01-13 12:16 (UTC+1)
Names Win32.Trojan.Filecoder
Families Filecoder
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x6b71e3
Size Of Code 0x15ee00
Size Of Initialized Data 0xb4400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-11 19:54:25+00:00
Version Information (8)
»
CompanyName TODO: 5SS5C
FileDescription TODO: 5SS5C Encoder
FileVersion 1.0.0.1
InternalName cpt.exe
LegalCopyright Copyright (C) 2019
OriginalFilename cpt.exe
ProductName TODO: 5SS5C Encoder
ProductVersion 1.0.0.1
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.MPRESS1 0x401000 0x2b6000 0x11aa00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 8.0
.MPRESS2 0x6b7000 0xd4d 0xe00 0x11ac00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.86
.rsrc 0x6b8000 0x10db8 0x10e00 0x11ba00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.01
Imports (8)
»
KERNEL32.DLL (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA 0x0 0x6b70b4 0x2b70b4 0x11acb4 0x0
GetProcAddress 0x0 0x6b70b8 0x2b70b8 0x11acb8 0x0
WINHTTP.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WinHttpOpen 0x0 0x6b70c0 0x2b70c0 0x11acc0 0x0
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxW 0x0 0x6b70c8 0x2b70c8 0x11acc8 0x0
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x6b70d0 0x2b70d0 0x11acd0 0x0
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA 0x0 0x6b70d8 0x2b70d8 0x11acd8 0x0
WS2_32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSASetLastError 0x70 0x6b70e0 0x2b70e0 0x11ace0 -
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CertOpenStore 0x0 0x6b70e8 0x2b70e8 0x11ace8 0x0
bcrypt.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BCryptGenRandom 0x0 0x6b70f0 0x2b70f0 0x11acf0 0x0
Icons (1)
»
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
cpt.exe 3 0x00400000 0x006C8FFF First Execution True 32-bit 0x006B71E3 True False
...
cpt.exe 3 0x00400000 0x006C8FFF Process Termination True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ulise.85367
Malicious
c:\programdata\blue.fb Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 503 Bytes
MD5 756b6353239874d64291e399584ac9e5 Copy to Clipboard
SHA1 e2aa9f35c51f91f3b42a9ebf67b6d6777bcc1f41 Copy to Clipboard
SHA256 ad3c0b153d5b5ba4627daa89cd2adbb18ee5831cb67feeb7394c51ebc1660f41 Copy to Clipboard
SSDeep 12:TMGPaMCwyOrugvNnofpo43a5gKWNFoa50KWNlUon:38OrfvRamKHxu/UA Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-05-13 08:50 (UTC+2)
Last Seen 2020-01-12 20:38 (UTC+1)
Names Document-XML.Trojan.CVE-2017-0143
Families CVE-2017-0143
Classification Trojan
c:\programdata\cnli-1.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 56.50 KB
MD5 7a3a8c38ba278a1265d221841e89e0e5 Copy to Clipboard
SHA1 6ba9694d373bb1c4aa8aaf1a07b9909c72b07438 Copy to Clipboard
SHA256 91e1fcbad8e341a6116afeba8eaea821ef3ccd88b79c4bd56f63aabaa7bd62e8 Copy to Clipboard
SSDeep 1536:/45/nxGp+ZiDwdPgiHY6ldmf5fd71JP4jNvf5GtMhe2Xscj:/45/xG+ZiDJiHY5xlxJPt1 Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 19:31 (UTC+1)
Last Seen 2019-12-02 21:45 (UTC+1)
Names Win32.Trojan.Equation
Families Equation
Classification Trojan
c:\programdata\coli-0.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 9.50 KB
MD5 a79c92664c151fbd0aa4da9f5bb4ff04 Copy to Clipboard
SHA1 87e6ec32b0815bbec74d509d09a1a5c06d35e511 Copy to Clipboard
SHA256 2ee04ae84fe9c6825eee82c767298558afcca20359cf04ff502d993406d1fe00 Copy to Clipboard
SSDeep 192:T4dRdXu8kFn6Zb6Zxh/jxq8JSf+fcb9bIb/3lVJYp:T4da8kFwmH5dbJSfZMhVJYp Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 19:47 (UTC+1)
Last Seen 2019-11-21 15:37 (UTC+1)
Names Win32.Trojan.Shadowbrokers
Families Shadowbrokers
Classification Trojan
c:\programdata\crli-0.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 9.00 KB
MD5 a195de84ddef47de623d52ac44b30287 Copy to Clipboard
SHA1 4ce2092bb8f3a295df57ca9b7c4420b291e8e96c Copy to Clipboard
SHA256 5a9abd86a065306b7b83da9f492b3f5af736f1a33eb372783843ba24f2d32b7d Copy to Clipboard
SSDeep 192:5ZKfDlKe5yhs8MYaOs7xhyJq8fCIb/Hl8rkc4JGWYp:5iDlNMa8MYNcyJP7l2sdYp Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 19:49 (UTC+1)
Last Seen 2019-11-21 15:54 (UTC+1)
Names Win32.Trojan.Equation
Families Equation
Classification Trojan
c:\programdata\dmgd-4.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 43.00 KB
MD5 cb447d6607cce27d29fa8be1b4fde777 Copy to Clipboard
SHA1 a53ab185504199bd1a29933abd0dbf6346502f81 Copy to Clipboard
SHA256 c4de77147f1c46554356f2ee08f7338ae63eced56105cefa28725ba8a03e1de2 Copy to Clipboard
SSDeep 768:tJ7dlYuZko5LntRRcPQP5APWKR2WuMlRhxAqHY0Ogtmi5WttlkHsPKQDH3jIpl6b:tRdl5RyGGL2WhTLOsmpPUsiMH3j0lJ Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 21:35 (UTC+1)
Last Seen 2019-11-17 10:11 (UTC+1)
Names Win32.Trojan.Shadowbrokers
Families Shadowbrokers
Classification Trojan
c:\programdata\exma-1.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 7.00 KB
MD5 e856bb092a406ee80bfaf0e6bbf8f41e Copy to Clipboard
SHA1 b6c5f4d46df12754282541328ed84d082c45a7c1 Copy to Clipboard
SHA256 89d9fa3c77e06f5073d8fb40c808262715901ed9529d8d5a739862d65496c4b1 Copy to Clipboard
SSDeep 192:epFMZpfQ6+RGM9WYfC0JkEhysxIbzh9Yp:4MDY6+pU3+kEoHh9Yp Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 21:04 (UTC+1)
Last Seen 2019-11-20 16:31 (UTC+1)
Names Win32.Trojan.Shadowbrokers
Families Shadowbrokers
Classification Trojan
c:\programdata\libeay32.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 396.00 KB
MD5 92ffcede8ada8cf378fe34639e69ebf0 Copy to Clipboard
SHA1 0d23427f66185053689516ab23cbb5c69be49a9a Copy to Clipboard
SHA256 bdc9a2c31d4492021a171a0a763e3b68faf630e462f6cd813a9307f51303c4db Copy to Clipboard
SSDeep 12288:gBB/cz9DOnGSBkGAWIX0VwYHEqjVFgmb:g/grSBjAWJw2EqjVFgm Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 21:31 (UTC+1)
Last Seen 2019-11-21 15:42 (UTC+1)
Names Win32.Trojan.Equation
Families Equation
Classification Trojan
c:\programdata\libxml2.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 486.00 KB
MD5 446943f016f050a42724886fa10a670b Copy to Clipboard
SHA1 f50ede66bcee834ed0896af06fb4d3b235837ca7 Copy to Clipboard
SHA256 3279a7b87cde02e15fce90b31540df32b43cf60cda9c2085fd4917bdad320427 Copy to Clipboard
SSDeep 12288:s+AA9uW4bm3hdJ1Sids3/4JsJKoXemGTmxz0FwiuI/dpIWx:suyuhdJMos3/4GBGTmJ0Sa/dp Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 21:20 (UTC+1)
Last Seen 2019-11-17 08:21 (UTC+1)
Names Win32.Trojan.Equation
Families Equation
Classification Trojan
c:\programdata\posh-0.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 11.00 KB
MD5 2f0a52ce4f445c6e656ecebbcaceade5 Copy to Clipboard
SHA1 35493e06b0b2cdab2211c0fc02286f45d5e2606d Copy to Clipboard
SHA256 cde45f7ff05f52b7215e4b0ea1f2f42ad9b42031e16a3be9772aa09e014bacdb Copy to Clipboard
SSDeep 192:BNn+r+YB4cdCjWXGyby8Eaw5Xs+dNjnGy6W4l5t1Ib/X:BdW+k4z3yu8rwy+dNjnGlW40 Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-04-15 03:02 (UTC+2)
Last Seen 2020-01-07 11:33 (UTC+1)
Names Win32.Trojan.Shadowbrokers
Families Shadowbrokers
Classification Trojan
c:\programdata\ssleay32.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 81.00 KB
MD5 6776104c8238aed697d89ac1e6d4624c Copy to Clipboard
SHA1 4f2b4a8d1849c3af42b235457b7ec6f3c67f8499 Copy to Clipboard
SHA256 9a9f90d34b22f9387231d1bda5e9d60c05a70280e130dfbaaf4b1efb444d9494 Copy to Clipboard
SSDeep 1536:AUBO5nBW9G43PGfgnp4PiQX8536xOyNmb62IxackwLLCBTzwNhl9cM:AUonBW+gp4ql5QOfbixZkwLLCBTzs Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 19:47 (UTC+1)
Last Seen 2019-11-21 15:42 (UTC+1)
Names Win32.Trojan.Equation
Families Equation
Classification Trojan
c:\programdata\star.xml Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 5.22 KB
MD5 09d45ae26830115fd8d9cdc2aa640ca5 Copy to Clipboard
SHA1 41a6ad8d88b6999ac8a3ff00dd9641a37ee20933 Copy to Clipboard
SHA256 cf33a92a05ba3c807447a5f6b7e45577ed53174699241da360876d4f4a2eb2de Copy to Clipboard
SSDeep 96:yJhKJ6yPl/rGH4rAH+6UlbscJsZPF97yr+HKSB+x+M+rEH:k4JFIXepb9ga Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-04-14 16:04 (UTC+2)
Last Seen 2019-10-28 04:35 (UTC+1)
Names Document-XML.Backdoor.Xjd
Families Xjd
Classification Backdoor
c:\programdata\tibe-2.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 131.00 KB
MD5 d467a4d1c83cac0d02c8044dbf45befd Copy to Clipboard
SHA1 19ae6cddedec9d193d970965fa34c213c479c599 Copy to Clipboard
SHA256 1d4b19f767af2a1e63cf5e383301014b44689b9c7d16431d60942395fc5072f2 Copy to Clipboard
SSDeep 3072:DwnNV2Y6dsmgf0L8Rs1rJzVuxXC5uO69gbNE8Z9GI9VQ1I6oP:8Nv6ymgfm8sBxYVCL6C5pZkI9V6IJ Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 20:59 (UTC+1)
Last Seen 2019-11-20 09:08 (UTC+1)
Names Win32.Trojan.Shadowbrokers
Families Shadowbrokers
Classification Trojan
c:\programdata\trch-1.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 30.50 KB
MD5 9b1c7077b17288f6b23637b390dac9d1 Copy to Clipboard
SHA1 28779faacf39468bbf61ba67035f73c0474ad451 Copy to Clipboard
SHA256 d7b94c5f9752197b4a2d8cd253f57cae30812c828e07a71490acac0082e3a5d4 Copy to Clipboard
SSDeep 384:gQ0ppv+PxsCvPB+v1p8cinUGX1btnsNF6uJ76YtIbTfW1XBMDB/qI7vvxlL:ZCv+psCv4vEnPXPsnx6YtIbT97D Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 19:46 (UTC+1)
Last Seen 2019-11-21 15:42 (UTC+1)
Names Win32.Trojan.Equation
Families Equation
Classification Trojan
c:\programdata\trfo-2.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 19.00 KB
MD5 89cdb280468bd1a7c45be6742a3bbade Copy to Clipboard
SHA1 1c4fb2ef401cdc92d0c1a3a339f448d116dcd087 Copy to Clipboard
SHA256 9b4605ee17e2b97b23ef825698c18e6b0fc94cd4fec386560cecf287ccfda157 Copy to Clipboard
SSDeep 384:jhPLaas3H+Eg8G53HV6h4DYTKXHjMpmboY882Yx1HEta/G0o7vvxlL:pmFXopE+DYTKzMpmblHHEtae97D Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 22:13 (UTC+1)
Last Seen 2019-11-22 09:40 (UTC+1)
Names Win32.Trojan.Equation
Families Equation
Classification Trojan
c:\programdata\tucl-1.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 9.00 KB
MD5 83076104ae977d850d1e015704e5730a Copy to Clipboard
SHA1 776e7079734bc4817e3af0049f42524404a55310 Copy to Clipboard
SHA256 cf25bdc6711a72713d80a4a860df724a79042be210930dcbfc522da72b39bb12 Copy to Clipboard
SSDeep 192:EXTHmlw2IjGFKL6rBbnbO8slVnZp7snHQNv8uU4l5XLIb/p2:yHm218DrB768mFZxsKv8v4/cF2 Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2017-04-15 02:59 (UTC+2)
Last Seen 2020-01-07 11:34 (UTC+1)
Names Win32.Trojan.Shadowbrokers
Families Shadowbrokers
Classification Trojan
c:\programdata\ucl.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 24.00 KB
MD5 d88ae761c643d6b6aa37b0e35392b227 Copy to Clipboard
SHA1 4e5946429343dd13933a63d1cdce039867877e63 Copy to Clipboard
SHA256 2750bf13652e7c4e60624fe582efe03129ff47811e49a924c998911e4e33698b Copy to Clipboard
SSDeep 384:QLJfMm2GZ38kV6Kgv8Fwr/0n8cC31kPOqRx8QJLfSW6rk1PcqiaFWkHaIGt4B/VI:qxzZPp6G8cskPPRNmqaqiazHaIGt4B/i Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 19:53 (UTC+1)
Last Seen 2019-11-17 10:09 (UTC+1)
Names Win32.Trojan.Equation
Families Equation
Classification Trojan
c:\programdata\xdvl-0.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 21.50 KB
MD5 c4aa0b42c07d15b04d19ac36cbb48cb9 Copy to Clipboard
SHA1 07d1ca081c46bd6563512ccebc51eeb3bc86fcf9 Copy to Clipboard
SHA256 8d3312cdca56934288c5d1bea980a1c905ce47756b69cf16fedfa00f09a4a32c Copy to Clipboard
SSDeep 384:DUbD+MXXeDLJ7hgZKDBPMFTQ+uR7vvxlLZ:toeDeK6Q+w7D Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 19:58 (UTC+1)
Last Seen 2019-11-24 08:45 (UTC+1)
Names Win32.Trojan.Ursu
Families Ursu
Classification Trojan
c:\programdata\zlib1.dll Dropped File Unknown
Blacklisted
...
»
Mime Type -
File Size 35.50 KB
MD5 74ee05564d94ae021a6e73f1baddcf20 Copy to Clipboard
SHA1 5d5ab9d4743d26d3211bc0741262c310c794a661 Copy to Clipboard
SHA256 9a2440bbd19d21fad39590e64d0cc070eeb73af33fdd50d420950c2c4687768a Copy to Clipboard
SSDeep 768:QbD36UT2Qu21ZH+8tD8dwA0uEiECANyTcbGB7Dq:8D6o3+eDWzXzw Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2019-11-04 21:33 (UTC+1)
Last Seen 2019-11-22 08:07 (UTC+1)
Names Win32.Trojan.Tescrypt
Families Tescrypt
Classification Trojan
c:\programdata\star.fb Dropped File Unknown
Suspicious
...
»
Mime Type -
File Size 242 Bytes
MD5 dc646bdbe28b453ba190a6356959d028 Copy to Clipboard
SHA1 74de4831605f018367556c75e5bdf3040e186e8b Copy to Clipboard
SHA256 a46481cdb4a9fc1dbdcccc49c3deadbf18c7b9f274a0eb5fdf73766a03f19a7f Copy to Clipboard
SSDeep 3:vFWWMNHUzfsBBzUJfVURJ5X4IlhbJSFsxHUJ2/KRJS4RKbuviynodFFFAMRCCWKi:TMV0uU/CGI8FsByrc4subGFnRw Copy to Clipboard
ImpHash None Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2017-04-14 16:04 (UTC+2)
Last Seen 2019-10-28 04:36 (UTC+1)
Names Win32.PUA.Equation
Families Equation
Classification Pua
c:\programdata\uname Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 132 Bytes
MD5 6e4134227775963a2292dfb24fc13589 Copy to Clipboard
SHA1 470a39c445b48942ce08bbebc5f863e194184169 Copy to Clipboard
SHA256 b9bc94de89d0614470cee4d796b558a8a7ae9324886d0d0d08d2b6c742f49446 Copy to Clipboard
SSDeep 3:A+aktGJoiTktGJoiTktGJoiTktGJoiTktGJoiTktGy:ALk4tTk4tTk4tTk4tTk4tTk4y Copy to Clipboard
ImpHash None Copy to Clipboard
c:\programdata\upass Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 66 Bytes
MD5 fcadd0a8f5a3edb4042dc65f08d2a9ce Copy to Clipboard
SHA1 ccc8ec23c42cebee231b4f4f0c0a381e55e5b115 Copy to Clipboard
SHA256 6e97db867acf54d449f54387a9efc21d49be72fa262ccd29fdc568cde4b44415 Copy to Clipboard
SSDeep 3:EB+mS2+mS2+mS2+mS2+mS2+v:rmSmSmSmSmSv Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\All Users\uname Dropped File Unknown
Unknown
...
»
Also Known As c:\programdata\uname.tmp (Dropped File)
Mime Type -
File Size 22 Bytes
MD5 70621146e9381a42f5c17c3bd50f3b8d Copy to Clipboard
SHA1 926eb1f34ecfbdefc655f2b3901a0d5bd8c875de Copy to Clipboard
SHA256 e35a5546cc9626d7a7f579b37ec72714dffcf4d7789d9b5cd868ed8fef5fbd35 Copy to Clipboard
SSDeep 3:A+aktGy:ALk4y Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Users\All Users\upass Dropped File Unknown
Unknown
...
»
Also Known As c:\programdata\upass.tmp (Dropped File)
Mime Type -
File Size 11 Bytes
MD5 9eeb0b45c472b477e58b1b2e053a29c6 Copy to Clipboard
SHA1 342c1efe3950ec050f3a6705ae8abff876b6fe4e Copy to Clipboard
SHA256 af5d93bbb6d1e96dd3ccb830951790612e5f81d6765f081ed2ca8ee7a0d03b88 Copy to Clipboard
SSDeep 3:EB+v:rv Copy to Clipboard
ImpHash None Copy to Clipboard
c:\programdata\blue.xml Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 7.60 KB
MD5 f56025565de4f53f5771d4966c2b5555 Copy to Clipboard
SHA1 b22162a38cdd4b85254b6c909a9e5210711d77af Copy to Clipboard
SHA256 ea7caa08e115dbb438e29da46b47f54c62c29697617bae44464a9b63d9bddf18 Copy to Clipboard
SSDeep 192:O56qWdem0F0H6/OrYO/ysg7mBMCv7GHrCucPFTU:O5CdZ0F6Le Copy to Clipboard
ImpHash None Copy to Clipboard
c:\programdata\down64.dll Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 5.00 KB
MD5 9e8e4189c58d313dcf5cb16675651f4b Copy to Clipboard
SHA1 ac75c3dbf8aaf5caeb689340dcc86b2e4e18c15b Copy to Clipboard
SHA256 485fe4516d975e39e29914f07fb8bdfc0ad05497618f590a22ff537340c2ba2f Copy to Clipboard
SSDeep 24:ev1GSFGFiKT9D8iOWDKunsoZ9cniXPwLi/njpnNfuMAcaKq9KWZRCI6NO:qFGFxrdsoZ9cPL2cMPE9JZRCtO Copy to Clipboard
ImpHash None Copy to Clipboard
c:\users\5p5nrgjn0js halpmcxz\appdata\locallow\microsoft\cryptneturlcache\metadata\ee31cfc509a5172a3a06b97c29f34a5b Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 218 Bytes
MD5 0ec2f98f2f56b6940a928ae2100188fd Copy to Clipboard
SHA1 595e6b5809b047051be7570f009f6eb333eaf9ca Copy to Clipboard
SHA256 6c1e7a914ad3407d3007be7d715bb56ae616e3686c13f5a15d560fdc85af8830 Copy to Clipboard
SSDeep 3:kkFkl/lITvfllXlE/TVqtJllK0XQlRAPPqNQlBl+WRVRtwTJro6Rjdl/:kKfTEY8iPS6BoTFo6Rz Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Program Files\Common Files\System\Scanlog Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 135 Bytes
MD5 2cb1a19be02fd0f06360b03e5fc1ada5 Copy to Clipboard
SHA1 47a104a31ab486dee38bc8d22a49634c6d435b44 Copy to Clipboard
SHA256 c2c9c60c80907ace56816219c7e2e50146e001171eaf53e84675ab22bba9ba72 Copy to Clipboard
SSDeep 3:Cf6ektGc9JHBqHpJhLUs/AtLKJhLUPaktGZT29Psh:Pek4CeHnhp/AtAh/k4Zio Copy to Clipboard
ImpHash None Copy to Clipboard
C:\ProgramData\5ss5c_token Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 42 Bytes
MD5 d1feb6fa6f125b7c560bfee2b19bd6a8 Copy to Clipboard
SHA1 54cea098d1d96bb4ecc08f60cb6784dff28ed58e Copy to Clipboard
SHA256 d918d664cd56bee36a7d12f2e0bca442667a93fd9828599a8a513cf8e1b28ee4 Copy to Clipboard
SSDeep 3:iYsuSiVOwMn:i7uS2OwM Copy to Clipboard
ImpHash None Copy to Clipboard
C:\Program Files\Common Files\System\tmp Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 247.00 KB
MD5 23d58eb0d1c183263705884ccb6413fb Copy to Clipboard
SHA1 397a3d8c49f19d1fe59e2cf6cfeaab6769d0a7ec Copy to Clipboard
SHA256 58b0455d2896cd561e0e5642e6405b565bfca1747e163403b6cceec48514f922 Copy to Clipboard
SSDeep 384:oTQSQz4YuHuwCdcQ8YolKf35MKR67BvkleHZvFBMEEGpwuNYDY:oTQJ4uwCWYo2JMa6Vv4e5v/hjpwuCY Copy to Clipboard
ImpHash None Copy to Clipboard
a Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 5.06 KB
MD5 d0be6423363e54b47f61e1a32ee7e1a6 Copy to Clipboard
SHA1 e3d9b15aab1e773ad7c3f20c8737302fc8762139 Copy to Clipboard
SHA256 48242b7fb32d394980c99d5849f7746e85ced6108b42bffc50b4f73ed3b7116e Copy to Clipboard
SSDeep 96:N63j8S76c7SyE0zGSGagG5lQBWBOsWmWadSAmxrC256Ew68R8U88B:ExT79EaVjfQgkkRdwUJ Copy to Clipboard
ImpHash None Copy to Clipboard
c:\_ÈçºÎ½âÃÜÎÒµÄÎļþ_.txt Dropped File Unknown
Unknown
...
»
Mime Type -
File Size 1.55 KB
MD5 a5ae95af749a40252d09b7111ab57a53 Copy to Clipboard
SHA1 d632222209fd5aaa8cb0086d4bdb23dee1f2639f Copy to Clipboard
SHA256 11ff766327201d5bc906b23ccd45f9dd032c9c00a348b5f1f643ba5c596d0333 Copy to Clipboard
SSDeep 24:v7orP8qIe3ryfqZniTKwJVCjKyQNMrNWdZ5+qsZOx3IRDpUCJ6izYKfrDKC3HU:vK8qjVliTK48jc8WWOx3IBplzjt30 Copy to Clipboard
ImpHash None Copy to Clipboard
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\pmmr5k9k\c[1].dat Downloaded File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 5.47 KB
MD5 1a1f357a0119f0379fc2a1fbad40e268 Copy to Clipboard
SHA1 eb0ca58a4f4040eda2c0639e828530606257a46a Copy to Clipboard
SHA256 335e1fc376960b5f1640315d56b6db2d6f27c09b0192e132f4b97da445dd9eb8 Copy to Clipboard
SSDeep 96:H5amPGWCiewr8xaCR2HRSCBywfMxfkIdaSR7MDkdufVru4JNUqoogvuVG9vmX:ZamP1xeTR2HWDf5d/1MDkYfVy49ofvu3 Copy to Clipboard
ImpHash None Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x7161c7
Size Of Code 0x90200
Size Of Initialized Data 0x281000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-01-11 19:19:54+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.MPRESS1 0x401000 0x315000 0x227400 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.96
.MPRESS2 0x716000 0xd31 0xe00 0x227600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x717000 0x1d8 0x200 0x228400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
C:\Users\5P5NRG~1\AppData\Local\Temp\evb55BD.tmp Dropped File Unknown
Not Queried
...
»
Also Known As C:\Users\5P5NRG~1\AppData\Local\Temp\evbAD10.tmp (Dropped File)
C:\Windows\cer7BA4.tmp (Dropped File)
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash None Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image