Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

-

Dynamic Analysis Report

Created on 2022-03-22T11:03:00

10101010.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\10101010.exe Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 308.00 KB
MD5 2b99e5c85cd8b0e6decf30d6daee094e Copy to Clipboard
SHA1 c3e7652e16a2e03d96b0274b5520d19b96196a03 Copy to Clipboard
SHA256 e4defd8a187a513212cb19c9f2a800505395e66d9cd9eb3a96c291060224e7dd Copy to Clipboard
SSDeep 6144:9mEdSunAqHdroKcykhPBbiMV5xzr2fXGzN:94ujKyUp+gOg Copy to Clipboard
ImpHash 818c0e000ca7da0505349e2306c68948 Copy to Clipboard
Parser Error Remark Static engine was unable to completely parse the analyzed file
PE Information
»
Image Base 0x400000
Entry Point 0x401b74
Size Of Code 0x43000
Size Of Initialized Data 0x9000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2022-03-22 07:59:19+00:00
Version Information (10)
»
Comments Microsoft corporation
CompanyName Microsoft corporation
FileDescription Microsoft corporation
LegalCopyright Microsoft corporation
LegalTrademarks Microsoft corporation
ProductName Microsoft corporation
FileVersion 1.00
ProductVersion 1.00
InternalName 10101010
OriginalFilename 10101010.exe
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x42ec4 0x43000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.53
.data 0x444000 0xb80 0x1000 0x44000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x445000 0x7f40 0x8000 0x45000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.25
Imports (1)
»
MSVBVM60.DLL (123)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__vbaStrI2 - 0x401000 0x436bc 0x436bc 0x13c
_CIcos - 0x401004 0x436c0 0x436c0 0x53
_adj_fptan - 0x401008 0x436c4 0x436c4 0x1b3
__vbaVarMove - 0x40100c 0x436c8 0x436c8 0x178
__vbaStrI4 - 0x401010 0x436cc 0x436cc 0x13d
__vbaAryMove - 0x401014 0x436d0 0x436d0 0x5f
__vbaFreeVar - 0x401018 0x436d4 0x436d4 0xb1
__vbaLenBstr - 0x40101c 0x436d8 0x436d8 0xe9
__vbaStrVarMove - 0x401020 0x436dc 0x436dc 0x148
__vbaFreeVarList - 0x401024 0x436e0 0x436e0 0xb2
__vbaEnd - 0x401028 0x436e4 0x436e4 0x88
_adj_fdiv_m64 - 0x40102c 0x436e8 0x436e8 0x1aa
__vbaPut4 - 0x401030 0x436ec 0x436ec 0x108
__vbaFreeObjList - 0x401034 0x436f0 0x436f0 0xae
(by ordinal) 0x204 0x401038 0x436f4 0x436f4 -
_adj_fprem1 - 0x40103c 0x436f8 0x436f8 0x1b2
__vbaRecAnsiToUni - 0x401040 0x436fc 0x436fc 0x11e
(by ordinal) 0x206 0x401044 0x43700 0x43700 -
__vbaResume - 0x401048 0x43704 0x43704 0x12a
__vbaStrCat - 0x40104c 0x43708 0x43708 0x133
__vbaError - 0x401050 0x4370c 0x4370c 0x8c
__vbaLsetFixstr - 0x401054 0x43710 0x43710 0xef
__vbaRecDestruct - 0x401058 0x43714 0x43714 0x120
__vbaSetSystemError - 0x40105c 0x43718 0x43718 0x12d
__vbaHresultCheckObj - 0x401060 0x4371c 0x4371c 0xc0
_adj_fdiv_m32 - 0x401064 0x43720 0x43720 0x1a8
(by ordinal) 0x29a 0x401068 0x43724 0x43724 -
__vbaAryDestruct - 0x40106c 0x43728 0x43728 0x5d
(by ordinal) 0x251 0x401070 0x4372c 0x4372c -
__vbaExitProc - 0x401074 0x43730 0x43730 0x92
__vbaBoolStr - 0x401078 0x43734 0x43734 0x67
__vbaStrBool - 0x40107c 0x43738 0x43738 0x132
(by ordinal) 0x252 0x401080 0x4373c 0x4373c -
__vbaFileCloseAll - 0x401084 0x43740 0x43740 0x98
__vbaOnError - 0x401088 0x43744 0x43744 0x102
__vbaObjSet - 0x40108c 0x43748 0x43748 0xff
(by ordinal) 0x253 0x401090 0x4374c 0x4374c -
_adj_fdiv_m16i - 0x401094 0x43750 0x43750 0x1a7
_adj_fdivr_m16i - 0x401098 0x43754 0x43754 0x1ac
(by ordinal) 0x256 0x40109c 0x43758 0x43758 -
__vbaStrFixstr - 0x4010a0 0x4375c 0x4375c 0x13b
__vbaBoolVarNull - 0x4010a4 0x43760 0x43760 0x69
_CIsin - 0x4010a8 0x43764 0x43764 0x56
__vbaErase - 0x4010ac 0x43768 0x43768 0x89
(by ordinal) 0x278 0x4010b0 0x4376c 0x4376c -
__vbaChkstk - 0x4010b4 0x43770 0x43770 0x6f
__vbaFileClose - 0x4010b8 0x43774 0x43774 0x97
EVENT_SINK_AddRef - 0x4010bc 0x43778 0x43778 0x11
(by ordinal) 0x210 0x4010c0 0x4377c 0x4377c -
__vbaGenerateBoundsError - 0x4010c4 0x43780 0x43780 0xb4
(by ordinal) 0x211 0x4010c8 0x43784 0x43784 -
__vbaStrCmp - 0x4010cc 0x43788 0x43788 0x134
__vbaVarTstEq - 0x4010d0 0x4378c 0x4378c 0x193
__vbaAryConstruct2 - 0x4010d4 0x43790 0x43790 0x5b
__vbaGet4 - 0x4010d8 0x43794 0x43794 0xb6
__vbaI2I4 - 0x4010dc 0x43798 0x43798 0xc5
DllFunctionCall - 0x4010e0 0x4379c 0x4379c 0xb
__vbaStrR4 - 0x4010e4 0x437a0 0x437a0 0x140
_adj_fpatan - 0x4010e8 0x437a4 0x437a4 0x1b0
(by ordinal) 0x239 0x4010ec 0x437a8 0x437a8 -
__vbaRedim - 0x4010f0 0x437ac 0x437ac 0x123
__vbaRecUniToAnsi - 0x4010f4 0x437b0 0x437b0 0x122
EVENT_SINK_Release - 0x4010f8 0x437b4 0x437b4 0x15
(by ordinal) 0x258 0x4010fc 0x437b8 0x437b8 -
__vbaUI1I2 - 0x401100 0x437bc 0x437bc 0x14c
_CIsqrt - 0x401104 0x437c0 0x437c0 0x57
EVENT_SINK_QueryInterface - 0x401108 0x437c4 0x437c4 0x14
__vbaUI1I4 - 0x40110c 0x437c8 0x437c8 0x14d
__vbaExceptHandler - 0x401110 0x437cc 0x437cc 0x8e
__vbaStrToUnicode - 0x401114 0x437d0 0x437d0 0x145
__vbaPrintFile - 0x401118 0x437d4 0x437d4 0x105
(by ordinal) 0x2c8 0x40111c 0x437d8 0x437d8 -
__vbaInputFile - 0x401120 0x437dc 0x437dc 0xd4
_adj_fprem - 0x401124 0x437e0 0x437e0 0x1b1
_adj_fdivr_m64 - 0x401128 0x437e4 0x437e4 0x1af
(by ordinal) 0x260 0x40112c 0x437e8 0x437e8 -
__vbaFPException - 0x401130 0x437ec 0x437ec 0x93
__vbaGetOwner3 - 0x401134 0x437f0 0x437f0 0xb9
__vbaStrVarVal - 0x401138 0x437f4 0x437f4 0x149
__vbaVarCat - 0x40113c 0x437f8 0x437f8 0x158
(by ordinal) 0x219 0x401140 0x437fc 0x437fc -
__vbaFileSeek - 0x401144 0x43800 0x43800 0x9b
(by ordinal) 0x284 0x401148 0x43804 0x43804 -
_CIlog - 0x40114c 0x43808 0x43808 0x55
__vbaErrorOverflow - 0x401150 0x4380c 0x4380c 0x8d
__vbaFileOpen - 0x401154 0x43810 0x43810 0x9a
(by ordinal) 0x23a 0x401158 0x43814 0x43814 -
__vbaR8Str - 0x40115c 0x43818 0x43818 0x11b
(by ordinal) 0x288 0x401160 0x4381c 0x4381c -
__vbaNew2 - 0x401164 0x43820 0x43820 0xf7
__vbaInStr - 0x401168 0x43824 0x43824 0xd0
(by ordinal) 0x23b 0x40116c 0x43828 0x43828 -
_adj_fdiv_m32i - 0x401170 0x4382c 0x4382c 0x1a9
_adj_fdivr_m32i - 0x401174 0x43830 0x43830 0x1ae
(by ordinal) 0x23d 0x401178 0x43834 0x43834 -
__vbaStrCopy - 0x40117c 0x43838 0x43838 0x137
(by ordinal) 0x2a9 0x401180 0x4383c 0x4383c -
__vbaI4Str - 0x401184 0x43840 0x43840 0xce
__vbaFreeStrList - 0x401188 0x43844 0x43844 0xb0
_adj_fdivr_m32 - 0x40118c 0x43848 0x43848 0x1ad
__vbaPowerR8 - 0x401190 0x4384c 0x4384c 0x104
_adj_fdiv_r - 0x401194 0x43850 0x43850 0x1ab
(by ordinal) 0x242 0x401198 0x43854 0x43854 -
(by ordinal) 0x2ad 0x40119c 0x43858 0x43858 -
(by ordinal) 0x64 0x4011a0 0x4385c 0x4385c -
__vbaI4Var - 0x4011a4 0x43860 0x43860 0xcf
__vbaVarDup - 0x4011a8 0x43864 0x43864 0x162
__vbaStrToAnsi - 0x4011ac 0x43868 0x43868 0x144
__vbaFpI2 - 0x4011b0 0x4386c 0x4386c 0xa8
__vbaFpI4 - 0x4011b4 0x43870 0x43870 0xa9
(by ordinal) 0x268 0x4011b8 0x43874 0x43874 -
__vbaRecDestructAnsi - 0x4011bc 0x43878 0x43878 0x121
(by ordinal) 0x269 0x4011c0 0x4387c 0x4387c -
_CIatan - 0x4011c4 0x43880 0x43880 0x52
__vbaStrMove - 0x4011c8 0x43884 0x43884 0x13f
(by ordinal) 0x26a 0x4011cc 0x43888 0x43888 -
(by ordinal) 0x26b 0x4011d0 0x4388c 0x4388c -
_allmul - 0x4011d4 0x43890 0x43890 0x1b4
_CItan - 0x4011d8 0x43894 0x43894 0x58
__vbaFPInt - 0x4011dc 0x43898 0x43898 0x95
_CIexp - 0x4011e0 0x4389c 0x4389c 0x54
__vbaFreeStr - 0x4011e4 0x438a0 0x438a0 0xaf
__vbaFreeObj - 0x4011e8 0x438a4 0x438a4 0xad
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
10101010.exe 1 0x00400000 0x0044CFFF Relevant Image False 32-bit 0x00401B74 False
...
buffer 1 0x00520000 0x005DFFFF Marked Executable False 32-bit - False
...
buffer 1 0x00520000 0x005DFFFF First Execution False 32-bit 0x005253D8 False
...
10101010.exe 1 0x00400000 0x0044CFFF Process Termination False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\1.bmp Dropped File Image
suspicious
...
»
MIME Type image/bmp
File Size 3.00 MB
MD5 b3deffe3527ef9f6d7b56b0dd4f6de4f Copy to Clipboard
SHA1 0bee5cb041c4802a2050e075e1c108ec424d7c41 Copy to Clipboard
SHA256 0fb2a16bb74da3c20e99a585e28f138ee4862987230916607bab4729d2f49888 Copy to Clipboard
SSDeep 12288:zuuLq4HecxGQOV7HsKc0oHzf0SEquyftQN0DojoMl8:CuLqE8zVbsKcHzfWyfaN0aoMa Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\temp\~dfa07b71dbcc340f2c.tmp Dropped File OLE Compound
clean
...
»
MIME Type application/CDFV2
File Size 31.79 KB
MD5 ddf7719bce6eb47258f4ae31b8745f41 Copy to Clipboard
SHA1 cfa690b8489a79f9dfa280794c6d8fd0fea7b680 Copy to Clipboard
SHA256 0562f9704a4c320bd0b4d3b93f691645063de71f0ec9d384aecdb0c5b3510dbf Copy to Clipboard
SSDeep 192:7OusIanXo7vgtSxD/h7WmdGVRK5UHN04yMa1Uqt+:7Oufano5wACtQMyBA Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\Desktop\key1.txt Dropped File Text
clean
...
»
MIME Type text/plain
File Size 34 Bytes
MD5 b2627fa4368a40ecedd8efda3cae2c53 Copy to Clipboard
SHA1 6f077f46df9851d9168ef8fc73291181f8740256 Copy to Clipboard
SHA256 fa50a993ff179c990aea12383a3e9e7e6e996d882f6fe712819be644f1f912a5 Copy to Clipboard
SSDeep 3:uslFKK:uslr Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\Desktop\INSTRUCTIONS.txt Dropped File Text
clean
...
»
MIME Type text/plain
File Size 607 Bytes
MD5 36798cbe04d6c1e98dc7958f706106ed Copy to Clipboard
SHA1 4ca83b86ca48dcb713627e0c9bfaf69ad0ef45d1 Copy to Clipboard
SHA256 59a1f296a4c94d7c676fb8e97400de56172a3bf854812aa36e15f78c4ffe527f Copy to Clipboard
SSDeep 6:GgJ1FrdkV0v07SKjKlHjA3xRSTo8vAL1lkM/Aie0wv:GgFrdc0ISKjKlDaXSk8IRlkMo10a Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\cpt.txt Dropped File Text
clean
Known to be clean.
...
»
MIME Type text/plain
File Size 3 Bytes
MD5 a5ea0ad9260b1550a14cc58d2c39b03d Copy to Clipboard
SHA1 f0aedf295071ed34ab8c6a7692223d22b6a19841 Copy to Clipboard
SHA256 f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04 Copy to Clipboard
SSDeep 3:p:p Copy to Clipboard
ImpHash -
ece7dff309c7fea3c65c5b98afaae0b3d0b5cde56ad70f25be40ff50764f8868 Embedded File Image
clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\10101010.exe
MIME Type image/png
File Size 5.66 KB
MD5 a794b52a9b4fefca76236c4748aef758 Copy to Clipboard
SHA1 49c213818190b15571c0e5688734b4e69c9a748d Copy to Clipboard
SHA256 ece7dff309c7fea3c65c5b98afaae0b3d0b5cde56ad70f25be40ff50764f8868 Copy to Clipboard
SSDeep 96:QDNBlWX6P9RugvGV37y6Txsr5u12UEqMYRyu9+1+bYZKwD0PPMOw1UX2zdRw8:Qh7WmdGVRK5UHN04yMa1Uq5 Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image