e5d828de...3971 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Downloader
Ransomware
Threat Names:
Djvu
STOP
Trojan.GenericKDZ.71456
...

2367.exe

Windows Exe (x86-32)

Created at 2020-11-20T06:26:00

...

Remarks (2/3)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 39 seconds" to "10 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

(0x0200003A): 2 tasks were rescheduled ahead of time to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\2367.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\1e0f3478-f5c6-4d34-8528-dedd9dcd2df7\2367.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 707.00 KB
MD5 09ffa95859a2dd8324b57e56afef92e4 Copy to Clipboard
SHA1 d40d01d3d562931777afd593daa0245debde7367 Copy to Clipboard
SHA256 e5d828de929e401ba528c5a6d85c2cc7fe5897a67b73c23556ee04a392df3971 Copy to Clipboard
SSDeep 12288:8rht1AiDpliAAIZ2zmznLFl53XWCyjSKA/l8gdXFQC8pxUsF9:8rhJF9AIZ9zLFl1e6Fr8pxU Copy to Clipboard
ImpHash d7563a2579d4391796e271b5314b47a9 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x404039
Size Of Code 0xa6600
Size Of Initialized Data 0x2b9da00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-09-25 08:32:19+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xa6466 0xa6600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.96
.rdata 0x4a8000 0x4574 0x4600 0xa6a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.31
.data 0x4ad000 0x2b8b0bc 0x1a00 0xab000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.6
.rsrc 0x3039000 0x4100 0x4200 0xaca00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.78
Imports (3)
»
KERNEL32.dll (105)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetNumberOfConsoleInputEvents 0x0 0x4a8010 0xabbe4 0xaa5e4 0x211
ReadConsoleA 0x0 0x4a8014 0xabbe8 0xaa5e8 0x35c
CompareFileTime 0x0 0x4a8018 0xabbec 0xaa5ec 0x51
GetModuleHandleW 0x0 0x4a801c 0xabbf0 0xaa5f0 0x1f9
GetTickCount 0x0 0x4a8020 0xabbf4 0xaa5f4 0x266
GetSystemTimeAsFileTime 0x0 0x4a8024 0xabbf8 0xaa5f8 0x24f
SetProcessPriorityBoost 0x0 0x4a8028 0xabbfc 0xaa5fc 0x3f8
TlsSetValue 0x0 0x4a802c 0xabc00 0xaa600 0x435
GetPriorityClass 0x0 0x4a8030 0xabc04 0xaa604 0x215
GlobalAlloc 0x0 0x4a8034 0xabc08 0xaa608 0x285
GetPrivateProfileIntA 0x0 0x4a8038 0xabc0c 0xaa60c 0x216
LoadLibraryW 0x0 0x4a803c 0xabc10 0xaa610 0x2f4
GetConsoleMode 0x0 0x4a8040 0xabc14 0xaa614 0x195
GetPrivateProfileStructW 0x0 0x4a8044 0xabc18 0xaa618 0x21f
Beep 0x0 0x4a8048 0xabc1c 0xaa61c 0x27
TerminateProcess 0x0 0x4a804c 0xabc20 0xaa620 0x42d
OpenFile 0x0 0x4a8050 0xabc24 0xaa624 0x329
GetBinaryTypeW 0x0 0x4a8054 0xabc28 0xaa628 0x159
lstrlenW 0x0 0x4a8058 0xabc2c 0xaa62c 0x4b6
GetNamedPipeHandleStateW 0x0 0x4a805c 0xabc30 0xaa630 0x202
SetCurrentDirectoryA 0x0 0x4a8060 0xabc34 0xaa634 0x3c6
GetProcAddress 0x0 0x4a8064 0xabc38 0xaa638 0x220
GetTapeStatus 0x0 0x4a8068 0xabc3c 0xaa63c 0x257
SearchPathA 0x0 0x4a806c 0xabc40 0xaa640 0x396
DisableThreadLibraryCalls 0x0 0x4a8070 0xabc44 0xaa644 0xcb
GetLocalTime 0x0 0x4a8074 0xabc48 0xaa648 0x1e7
CreateSemaphoreW 0x0 0x4a8078 0xabc4c 0xaa64c 0x9c
AddAtomA 0x0 0x4a807c 0xabc50 0xaa650 0x3
GetTapeParameters 0x0 0x4a8080 0xabc54 0xaa654 0x255
_lread 0x0 0x4a8084 0xabc58 0xaa658 0x4a3
DebugBreak 0x0 0x4a8088 0xabc5c 0xaa65c 0xb4
lstrcpyW 0x0 0x4a808c 0xabc60 0xaa660 0x4b0
SetVolumeLabelA 0x0 0x4a8090 0xabc64 0xaa664 0x418
SetThreadContext 0x0 0x4a8094 0xabc68 0xaa668 0x406
lstrcatA 0x0 0x4a8098 0xabc6c 0xaa66c 0x4a6
EnumResourceNamesW 0x0 0x4a809c 0xabc70 0xaa670 0xed
WideCharToMultiByte 0x0 0x4a80a0 0xabc74 0xaa674 0x47a
InterlockedIncrement 0x0 0x4a80a4 0xabc78 0xaa678 0x2c0
InterlockedDecrement 0x0 0x4a80a8 0xabc7c 0xaa67c 0x2bc
InterlockedCompareExchange 0x0 0x4a80ac 0xabc80 0xaa680 0x2ba
InterlockedExchange 0x0 0x4a80b0 0xabc84 0xaa684 0x2bd
MultiByteToWideChar 0x0 0x4a80b4 0xabc88 0xaa688 0x31a
Sleep 0x0 0x4a80b8 0xabc8c 0xaa68c 0x421
InitializeCriticalSection 0x0 0x4a80bc 0xabc90 0xaa690 0x2b4
DeleteCriticalSection 0x0 0x4a80c0 0xabc94 0xaa694 0xbe
EnterCriticalSection 0x0 0x4a80c4 0xabc98 0xaa698 0xd9
LeaveCriticalSection 0x0 0x4a80c8 0xabc9c 0xaa69c 0x2ef
GetLastError 0x0 0x4a80cc 0xabca0 0xaa6a0 0x1e6
HeapFree 0x0 0x4a80d0 0xabca4 0xaa6a4 0x2a1
HeapAlloc 0x0 0x4a80d4 0xabca8 0xaa6a8 0x29d
GetCurrentProcess 0x0 0x4a80d8 0xabcac 0xaa6ac 0x1a9
UnhandledExceptionFilter 0x0 0x4a80dc 0xabcb0 0xaa6b0 0x43e
SetUnhandledExceptionFilter 0x0 0x4a80e0 0xabcb4 0xaa6b4 0x415
IsDebuggerPresent 0x0 0x4a80e4 0xabcb8 0xaa6b8 0x2d1
GetCommandLineA 0x0 0x4a80e8 0xabcbc 0xaa6bc 0x16f
GetStartupInfoA 0x0 0x4a80ec 0xabcc0 0xaa6c0 0x239
GetCPInfo 0x0 0x4a80f0 0xabcc4 0xaa6c4 0x15b
RtlUnwind 0x0 0x4a80f4 0xabcc8 0xaa6c8 0x392
RaiseException 0x0 0x4a80f8 0xabccc 0xaa6cc 0x35a
LCMapStringW 0x0 0x4a80fc 0xabcd0 0xaa6d0 0x2e3
LCMapStringA 0x0 0x4a8100 0xabcd4 0xaa6d4 0x2e1
GetStringTypeW 0x0 0x4a8104 0xabcd8 0xaa6d8 0x240
HeapCreate 0x0 0x4a8108 0xabcdc 0xaa6dc 0x29f
VirtualFree 0x0 0x4a810c 0xabce0 0xaa6e0 0x457
VirtualAlloc 0x0 0x4a8110 0xabce4 0xaa6e4 0x454
HeapReAlloc 0x0 0x4a8114 0xabce8 0xaa6e8 0x2a4
ExitProcess 0x0 0x4a8118 0xabcec 0xaa6ec 0x104
WriteFile 0x0 0x4a811c 0xabcf0 0xaa6f0 0x48d
GetStdHandle 0x0 0x4a8120 0xabcf4 0xaa6f4 0x23b
GetModuleFileNameA 0x0 0x4a8124 0xabcf8 0xaa6f8 0x1f4
TlsGetValue 0x0 0x4a8128 0xabcfc 0xaa6fc 0x434
TlsAlloc 0x0 0x4a812c 0xabd00 0xaa700 0x432
TlsFree 0x0 0x4a8130 0xabd04 0xaa704 0x433
SetLastError 0x0 0x4a8134 0xabd08 0xaa708 0x3ec
GetCurrentThreadId 0x0 0x4a8138 0xabd0c 0xaa70c 0x1ad
GetACP 0x0 0x4a813c 0xabd10 0xaa710 0x152
GetOEMCP 0x0 0x4a8140 0xabd14 0xaa714 0x213
IsValidCodePage 0x0 0x4a8144 0xabd18 0xaa718 0x2db
FreeEnvironmentStringsA 0x0 0x4a8148 0xabd1c 0xaa71c 0x14a
GetEnvironmentStrings 0x0 0x4a814c 0xabd20 0xaa720 0x1bf
FreeEnvironmentStringsW 0x0 0x4a8150 0xabd24 0xaa724 0x14b
GetEnvironmentStringsW 0x0 0x4a8154 0xabd28 0xaa728 0x1c1
SetHandleCount 0x0 0x4a8158 0xabd2c 0xaa72c 0x3e8
GetFileType 0x0 0x4a815c 0xabd30 0xaa730 0x1d7
QueryPerformanceCounter 0x0 0x4a8160 0xabd34 0xaa734 0x354
GetCurrentProcessId 0x0 0x4a8164 0xabd38 0xaa738 0x1aa
GetStringTypeA 0x0 0x4a8168 0xabd3c 0xaa73c 0x23d
HeapSize 0x0 0x4a816c 0xabd40 0xaa740 0x2a6
GetUserDefaultLCID 0x0 0x4a8170 0xabd44 0xaa744 0x26d
GetLocaleInfoA 0x0 0x4a8174 0xabd48 0xaa748 0x1e8
EnumSystemLocalesA 0x0 0x4a8178 0xabd4c 0xaa74c 0xf8
IsValidLocale 0x0 0x4a817c 0xabd50 0xaa750 0x2dd
InitializeCriticalSectionAndSpinCount 0x0 0x4a8180 0xabd54 0xaa754 0x2b5
LoadLibraryA 0x0 0x4a8184 0xabd58 0xaa758 0x2f1
SetFilePointer 0x0 0x4a8188 0xabd5c 0xaa75c 0x3df
GetConsoleCP 0x0 0x4a818c 0xabd60 0xaa760 0x183
GetModuleHandleA 0x0 0x4a8190 0xabd64 0xaa764 0x1f6
GetLocaleInfoW 0x0 0x4a8194 0xabd68 0xaa768 0x1ea
SetStdHandle 0x0 0x4a8198 0xabd6c 0xaa76c 0x3fc
WriteConsoleA 0x0 0x4a819c 0xabd70 0xaa770 0x482
GetConsoleOutputCP 0x0 0x4a81a0 0xabd74 0xaa774 0x199
WriteConsoleW 0x0 0x4a81a4 0xabd78 0xaa778 0x48c
FlushFileBuffers 0x0 0x4a81a8 0xabd7c 0xaa77c 0x141
CreateFileA 0x0 0x4a81ac 0xabd80 0xaa780 0x78
CloseHandle 0x0 0x4a81b0 0xabd84 0xaa784 0x43
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCharWidthA 0x0 0x4a8008 0xabbdc 0xaa5dc 0x1a2
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetThreadToken 0x0 0x4a8000 0xabbd4 0xaa5d4 0x2bb
Icons (1)
»
Memory Dumps (7)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
buffer 1 0x04870000 0x04900FFF First Execution False 32-bit 0x04870020 False False
...
buffer 1 0x04910000 0x04A29FFF First Execution False 32-bit 0x04910000 False True
...
buffer 1 0x04910000 0x04A29FFF Content Changed False 32-bit 0x049104F6 False True
...
buffer 1 0x04910000 0x04A29FFF Content Changed False 32-bit 0x04910920 False True
...
buffer 6 0x00220000 0x002B0FFF First Execution False 32-bit 0x00220020 False False
...
buffer 6 0x03040000 0x03159FFF First Execution False 32-bit 0x03040000 False True
...
buffer 6 0x06378000 0x06378FFF Image In Buffer False 32-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKDZ.71456
Malicious
C:\Windows\System32\drivers\etc\hosts Modified File Text
Malicious
...
»
Mime Type text/plain
File Size 7.92 KB
MD5 360d265eddea8679c434a205f7ade7ad Copy to Clipboard
SHA1 e17d843f610e0283904e201195360525ae449a68 Copy to Clipboard
SHA256 5a1597c0d29dd475e33cd8889d7d848037a8c17bad0f3daa022fb889e0db7ead Copy to Clipboard
SSDeep 96:vDZEurK9q3WlSyU0FXmGZll0TOHyF9fAHLmttA/ZKTKdIlMHqzoCGbXx:RrK9FU0FXmGZll06m9fAH6AhKTK9Cax Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
Local AV Matches (1)
»
Threat Name Severity
Gen:Trojan.Qhost.1
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\updatewin1.exe Downloaded File Binary
Malicious
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\updatewin1.exe (Downloaded File)
Mime Type application/vnd.microsoft.portable-executable
File Size 272.50 KB
MD5 5b4bd24d6240f467bfbc74803c9f15b0 Copy to Clipboard
SHA1 c17f98c182d299845c54069872e8137645768a1a Copy to Clipboard
SHA256 14c7bec7369d4175c6d92554b033862b3847ff98a04dfebdf9f5bb30180ed13e Copy to Clipboard
SSDeep 6144:7qZQGv0d4dW6efSyahstfKVkW5XXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXk:2ZQGXdPe6qU6W5XXnXXfXXXWXXXXHXXE Copy to Clipboard
ImpHash 0bcca924efe6e6fa741675d8e687fbb3 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x402d76
Size Of Code 0x1c200
Size Of Initialized Data 0x2c200
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2017-07-24 12:23:54+00:00
Version Information (3)
»
FileVersion 7.7.7.18
InternalName rawudiyeh.exe
LegalCopyright Copyright (C) 2018, sacuwedimufoy
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x1c07e 0x1c200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.62
.rdata 0x41e000 0x463e 0x4800 0x1c600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.26
.data 0x423000 0x1c6a8 0x17400 0x20e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.83
.rsrc 0x440000 0xa578 0xa600 0x38200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.88
.reloc 0x44b000 0x1968 0x1a00 0x42800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.34
Imports (4)
»
KERNEL32.dll (102)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ExitThread 0x0 0x41e028 0x21afc 0x200fc 0x105
GetStartupInfoW 0x0 0x41e02c 0x21b00 0x20100 0x23a
GetLastError 0x0 0x41e030 0x21b04 0x20104 0x1e6
GetProcAddress 0x0 0x41e034 0x21b08 0x20108 0x220
CreateJobSet 0x0 0x41e038 0x21b0c 0x2010c 0x87
GlobalFree 0x0 0x41e03c 0x21b10 0x20110 0x28c
LoadLibraryA 0x0 0x41e040 0x21b14 0x20114 0x2f1
OpenWaitableTimerW 0x0 0x41e044 0x21b18 0x20118 0x339
AddAtomA 0x0 0x41e048 0x21b1c 0x2011c 0x3
FindFirstChangeNotificationA 0x0 0x41e04c 0x21b20 0x20120 0x11b
VirtualProtect 0x0 0x41e050 0x21b24 0x20124 0x45a
GetCurrentDirectoryA 0x0 0x41e054 0x21b28 0x20128 0x1a7
GetACP 0x0 0x41e058 0x21b2c 0x2012c 0x152
InterlockedPushEntrySList 0x0 0x41e05c 0x21b30 0x20130 0x2c2
CompareStringW 0x0 0x41e060 0x21b34 0x20134 0x55
CompareStringA 0x0 0x41e064 0x21b38 0x20138 0x52
CreateFileA 0x0 0x41e068 0x21b3c 0x2013c 0x78
GetTimeZoneInformation 0x0 0x41e06c 0x21b40 0x20140 0x26b
WriteConsoleW 0x0 0x41e070 0x21b44 0x20144 0x48c
GetConsoleOutputCP 0x0 0x41e074 0x21b48 0x20148 0x199
WriteConsoleA 0x0 0x41e078 0x21b4c 0x2014c 0x482
CloseHandle 0x0 0x41e07c 0x21b50 0x20150 0x43
IsValidLocale 0x0 0x41e080 0x21b54 0x20154 0x2dd
EnumSystemLocalesA 0x0 0x41e084 0x21b58 0x20158 0xf8
GetUserDefaultLCID 0x0 0x41e088 0x21b5c 0x2015c 0x26d
GetSystemTimeAdjustment 0x0 0x41e08c 0x21b60 0x20160 0x24e
GetSystemTimes 0x0 0x41e090 0x21b64 0x20164 0x250
GetTickCount 0x0 0x41e094 0x21b68 0x20168 0x266
FreeEnvironmentStringsA 0x0 0x41e098 0x21b6c 0x2016c 0x14a
GetComputerNameW 0x0 0x41e09c 0x21b70 0x20170 0x178
FindCloseChangeNotification 0x0 0x41e0a0 0x21b74 0x20174 0x11a
FindResourceExW 0x0 0x41e0a4 0x21b78 0x20178 0x138
GetCPInfo 0x0 0x41e0a8 0x21b7c 0x2017c 0x15b
SetProcessShutdownParameters 0x0 0x41e0ac 0x21b80 0x20180 0x3f9
GetModuleHandleExA 0x0 0x41e0b0 0x21b84 0x20184 0x1f7
GetDateFormatA 0x0 0x41e0b4 0x21b88 0x20188 0x1ae
GetTimeFormatA 0x0 0x41e0b8 0x21b8c 0x2018c 0x268
GetStringTypeW 0x0 0x41e0bc 0x21b90 0x20190 0x240
GetStringTypeA 0x0 0x41e0c0 0x21b94 0x20194 0x23d
LCMapStringW 0x0 0x41e0c4 0x21b98 0x20198 0x2e3
GetCommandLineA 0x0 0x41e0c8 0x21b9c 0x2019c 0x16f
GetStartupInfoA 0x0 0x41e0cc 0x21ba0 0x201a0 0x239
RaiseException 0x0 0x41e0d0 0x21ba4 0x201a4 0x35a
RtlUnwind 0x0 0x41e0d4 0x21ba8 0x201a8 0x392
TerminateProcess 0x0 0x41e0d8 0x21bac 0x201ac 0x42d
GetCurrentProcess 0x0 0x41e0dc 0x21bb0 0x201b0 0x1a9
UnhandledExceptionFilter 0x0 0x41e0e0 0x21bb4 0x201b4 0x43e
SetUnhandledExceptionFilter 0x0 0x41e0e4 0x21bb8 0x201b8 0x415
IsDebuggerPresent 0x0 0x41e0e8 0x21bbc 0x201bc 0x2d1
HeapAlloc 0x0 0x41e0ec 0x21bc0 0x201c0 0x29d
HeapFree 0x0 0x41e0f0 0x21bc4 0x201c4 0x2a1
EnterCriticalSection 0x0 0x41e0f4 0x21bc8 0x201c8 0xd9
LeaveCriticalSection 0x0 0x41e0f8 0x21bcc 0x201cc 0x2ef
SetHandleCount 0x0 0x41e0fc 0x21bd0 0x201d0 0x3e8
GetStdHandle 0x0 0x41e100 0x21bd4 0x201d4 0x23b
GetFileType 0x0 0x41e104 0x21bd8 0x201d8 0x1d7
DeleteCriticalSection 0x0 0x41e108 0x21bdc 0x201dc 0xbe
GetModuleHandleW 0x0 0x41e10c 0x21be0 0x201e0 0x1f9
Sleep 0x0 0x41e110 0x21be4 0x201e4 0x421
ExitProcess 0x0 0x41e114 0x21be8 0x201e8 0x104
WriteFile 0x0 0x41e118 0x21bec 0x201ec 0x48d
GetModuleFileNameA 0x0 0x41e11c 0x21bf0 0x201f0 0x1f4
GetEnvironmentStrings 0x0 0x41e120 0x21bf4 0x201f4 0x1bf
FreeEnvironmentStringsW 0x0 0x41e124 0x21bf8 0x201f8 0x14b
WideCharToMultiByte 0x0 0x41e128 0x21bfc 0x201fc 0x47a
GetEnvironmentStringsW 0x0 0x41e12c 0x21c00 0x20200 0x1c1
TlsGetValue 0x0 0x41e130 0x21c04 0x20204 0x434
TlsAlloc 0x0 0x41e134 0x21c08 0x20208 0x432
TlsSetValue 0x0 0x41e138 0x21c0c 0x2020c 0x435
TlsFree 0x0 0x41e13c 0x21c10 0x20210 0x433
InterlockedIncrement 0x0 0x41e140 0x21c14 0x20214 0x2c0
SetLastError 0x0 0x41e144 0x21c18 0x20218 0x3ec
GetCurrentThreadId 0x0 0x41e148 0x21c1c 0x2021c 0x1ad
InterlockedDecrement 0x0 0x41e14c 0x21c20 0x20220 0x2bc
GetCurrentThread 0x0 0x41e150 0x21c24 0x20224 0x1ac
HeapCreate 0x0 0x41e154 0x21c28 0x20228 0x29f
HeapDestroy 0x0 0x41e158 0x21c2c 0x2022c 0x2a0
VirtualFree 0x0 0x41e15c 0x21c30 0x20230 0x457
QueryPerformanceCounter 0x0 0x41e160 0x21c34 0x20234 0x354
GetCurrentProcessId 0x0 0x41e164 0x21c38 0x20238 0x1aa
GetSystemTimeAsFileTime 0x0 0x41e168 0x21c3c 0x2023c 0x24f
FatalAppExitA 0x0 0x41e16c 0x21c40 0x20240 0x10b
VirtualAlloc 0x0 0x41e170 0x21c44 0x20244 0x454
HeapReAlloc 0x0 0x41e174 0x21c48 0x20248 0x2a4
MultiByteToWideChar 0x0 0x41e178 0x21c4c 0x2024c 0x31a
ReadFile 0x0 0x41e17c 0x21c50 0x20250 0x368
InitializeCriticalSectionAndSpinCount 0x0 0x41e180 0x21c54 0x20254 0x2b5
HeapSize 0x0 0x41e184 0x21c58 0x20258 0x2a6
SetConsoleCtrlHandler 0x0 0x41e188 0x21c5c 0x2025c 0x3a7
FreeLibrary 0x0 0x41e18c 0x21c60 0x20260 0x14c
InterlockedExchange 0x0 0x41e190 0x21c64 0x20264 0x2bd
GetOEMCP 0x0 0x41e194 0x21c68 0x20268 0x213
IsValidCodePage 0x0 0x41e198 0x21c6c 0x2026c 0x2db
GetConsoleCP 0x0 0x41e19c 0x21c70 0x20270 0x183
GetConsoleMode 0x0 0x41e1a0 0x21c74 0x20274 0x195
FlushFileBuffers 0x0 0x41e1a4 0x21c78 0x20278 0x141
SetFilePointer 0x0 0x41e1a8 0x21c7c 0x2027c 0x3df
SetStdHandle 0x0 0x41e1ac 0x21c80 0x20280 0x3fc
GetLocaleInfoW 0x0 0x41e1b0 0x21c84 0x20284 0x1ea
GetLocaleInfoA 0x0 0x41e1b4 0x21c88 0x20288 0x1e8
LCMapStringA 0x0 0x41e1b8 0x21c8c 0x2028c 0x2e1
SetEnvironmentVariableA 0x0 0x41e1bc 0x21c90 0x20290 0x3d0
USER32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseClipboard 0x0 0x41e1d8 0x21cac 0x202ac 0x47
BeginPaint 0x0 0x41e1dc 0x21cb0 0x202b0 0xe
CallMsgFilterW 0x0 0x41e1e0 0x21cb4 0x202b4 0x1a
PeekMessageA 0x0 0x41e1e4 0x21cb8 0x202b8 0x21b
MapVirtualKeyExW 0x0 0x41e1e8 0x21cbc 0x202bc 0x1f1
RegisterRawInputDevices 0x0 0x41e1ec 0x21cc0 0x202c0 0x242
GetClipboardSequenceNumber 0x0 0x41e1f0 0x21cc4 0x202c4 0x113
CountClipboardFormats 0x0 0x41e1f4 0x21cc8 0x202c8 0x50
GetDialogBaseUnits 0x0 0x41e1f8 0x21ccc 0x202cc 0x11d
GetClassLongW 0x0 0x41e1fc 0x21cd0 0x202d0 0x109
GDI32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PolyTextOutW 0x0 0x41e000 0x21ad4 0x200d4 0x23c
CreateCompatibleDC 0x0 0x41e004 0x21ad8 0x200d8 0x2e
Rectangle 0x0 0x41e008 0x21adc 0x200dc 0x246
SetStretchBltMode 0x0 0x41e00c 0x21ae0 0x200e0 0x289
SetPixelV 0x0 0x41e010 0x21ae4 0x200e4 0x284
GetClipBox 0x0 0x41e014 0x21ae8 0x200e8 0x1aa
CreateDiscardableBitmap 0x0 0x41e018 0x21aec 0x200ec 0x35
StrokeAndFillPath 0x0 0x41e01c 0x21af0 0x200f0 0x29c
GetBitmapBits 0x0 0x41e020 0x21af4 0x200f4 0x191
SHELL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x41e1c4 0x21c98 0x20298 0x118
ShellAboutW 0x0 0x41e1c8 0x21c9c 0x2029c 0x110
DuplicateIcon 0x0 0x41e1cc 0x21ca0 0x202a0 0x23
DragQueryFileA 0x0 0x41e1d0 0x21ca4 0x202a4 0x1e
Icons (1)
»
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.31534187
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\updatewin2.exe Downloaded File Binary
Malicious
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\updatewin2.exe (Downloaded File)
Mime Type application/vnd.microsoft.portable-executable
File Size 274.50 KB
MD5 996ba35165bb62473d2a6743a5200d45 Copy to Clipboard
SHA1 52169b0b5cce95c6905873b8d12a759c234bd2e0 Copy to Clipboard
SHA256 5caffdc76a562e098c471feaede5693f9ead92d5c6c10fb3951dd1fa6c12d21d Copy to Clipboard
SSDeep 6144:vLgbC0mVQlY+3aKn7n4CTHcXXnXXfXXXWXXXXHXXXXBXXXXgXXXXX5XXXXiXXXXP:vGCtQlb3aKzvT8XXnXXfXXXWXXXXHXXf Copy to Clipboard
ImpHash 5921adaaf66f8c259aeda9e22686cd4b Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x402d64
Size Of Code 0x1c200
Size Of Initialized Data 0x2c800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2017-11-21 06:08:45+00:00
Version Information (3)
»
FileVersion 5.3.7.82
InternalName gigifaw.exe
LegalCopyright Copyright (C) 2018, guvaxiz
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x1c03e 0x1c200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.62
.rdata 0x41e000 0x45ec 0x4600 0x1c600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.34
.data 0x423000 0x1cde8 0x17c00 0x20c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.8
.rsrc 0x440000 0xa724 0xa800 0x38800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.88
.reloc 0x44b000 0x195c 0x1a00 0x43000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.33
Imports (4)
»
KERNEL32.dll (98)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ExitThread 0x0 0x41e024 0x21ae8 0x200e8 0x105
GetStartupInfoW 0x0 0x41e028 0x21aec 0x200ec 0x23a
GetLastError 0x0 0x41e02c 0x21af0 0x200f0 0x1e6
GetProcAddress 0x0 0x41e030 0x21af4 0x200f4 0x220
GlobalFree 0x0 0x41e034 0x21af8 0x200f8 0x28c
LoadLibraryA 0x0 0x41e038 0x21afc 0x200fc 0x2f1
AddAtomA 0x0 0x41e03c 0x21b00 0x20100 0x3
FindFirstChangeNotificationA 0x0 0x41e040 0x21b04 0x20104 0x11b
VirtualProtect 0x0 0x41e044 0x21b08 0x20108 0x45a
GetCurrentDirectoryA 0x0 0x41e048 0x21b0c 0x2010c 0x1a7
SetProcessShutdownParameters 0x0 0x41e04c 0x21b10 0x20110 0x3f9
GetACP 0x0 0x41e050 0x21b14 0x20114 0x152
CompareStringA 0x0 0x41e054 0x21b18 0x20118 0x52
CreateFileA 0x0 0x41e058 0x21b1c 0x2011c 0x78
GetTimeZoneInformation 0x0 0x41e05c 0x21b20 0x20120 0x26b
WriteConsoleW 0x0 0x41e060 0x21b24 0x20124 0x48c
GetConsoleOutputCP 0x0 0x41e064 0x21b28 0x20128 0x199
WriteConsoleA 0x0 0x41e068 0x21b2c 0x2012c 0x482
CloseHandle 0x0 0x41e06c 0x21b30 0x20130 0x43
IsValidLocale 0x0 0x41e070 0x21b34 0x20134 0x2dd
EnumSystemLocalesA 0x0 0x41e074 0x21b38 0x20138 0xf8
GetUserDefaultLCID 0x0 0x41e078 0x21b3c 0x2013c 0x26d
GetDateFormatA 0x0 0x41e07c 0x21b40 0x20140 0x1ae
GetTimeFormatA 0x0 0x41e080 0x21b44 0x20144 0x268
InitAtomTable 0x0 0x41e084 0x21b48 0x20148 0x2ae
GetSystemTimes 0x0 0x41e088 0x21b4c 0x2014c 0x250
GetTickCount 0x0 0x41e08c 0x21b50 0x20150 0x266
FreeEnvironmentStringsA 0x0 0x41e090 0x21b54 0x20154 0x14a
GetComputerNameW 0x0 0x41e094 0x21b58 0x20158 0x178
FindCloseChangeNotification 0x0 0x41e098 0x21b5c 0x2015c 0x11a
FindResourceExW 0x0 0x41e09c 0x21b60 0x20160 0x138
CompareStringW 0x0 0x41e0a0 0x21b64 0x20164 0x55
GetCPInfo 0x0 0x41e0a4 0x21b68 0x20168 0x15b
GetStringTypeW 0x0 0x41e0a8 0x21b6c 0x2016c 0x240
GetStringTypeA 0x0 0x41e0ac 0x21b70 0x20170 0x23d
LCMapStringW 0x0 0x41e0b0 0x21b74 0x20174 0x2e3
LCMapStringA 0x0 0x41e0b4 0x21b78 0x20178 0x2e1
GetLocaleInfoA 0x0 0x41e0b8 0x21b7c 0x2017c 0x1e8
GetCommandLineA 0x0 0x41e0bc 0x21b80 0x20180 0x16f
GetStartupInfoA 0x0 0x41e0c0 0x21b84 0x20184 0x239
RaiseException 0x0 0x41e0c4 0x21b88 0x20188 0x35a
RtlUnwind 0x0 0x41e0c8 0x21b8c 0x2018c 0x392
TerminateProcess 0x0 0x41e0cc 0x21b90 0x20190 0x42d
GetCurrentProcess 0x0 0x41e0d0 0x21b94 0x20194 0x1a9
UnhandledExceptionFilter 0x0 0x41e0d4 0x21b98 0x20198 0x43e
SetUnhandledExceptionFilter 0x0 0x41e0d8 0x21b9c 0x2019c 0x415
IsDebuggerPresent 0x0 0x41e0dc 0x21ba0 0x201a0 0x2d1
HeapAlloc 0x0 0x41e0e0 0x21ba4 0x201a4 0x29d
HeapFree 0x0 0x41e0e4 0x21ba8 0x201a8 0x2a1
EnterCriticalSection 0x0 0x41e0e8 0x21bac 0x201ac 0xd9
LeaveCriticalSection 0x0 0x41e0ec 0x21bb0 0x201b0 0x2ef
SetHandleCount 0x0 0x41e0f0 0x21bb4 0x201b4 0x3e8
GetStdHandle 0x0 0x41e0f4 0x21bb8 0x201b8 0x23b
GetFileType 0x0 0x41e0f8 0x21bbc 0x201bc 0x1d7
DeleteCriticalSection 0x0 0x41e0fc 0x21bc0 0x201c0 0xbe
GetModuleHandleW 0x0 0x41e100 0x21bc4 0x201c4 0x1f9
Sleep 0x0 0x41e104 0x21bc8 0x201c8 0x421
ExitProcess 0x0 0x41e108 0x21bcc 0x201cc 0x104
WriteFile 0x0 0x41e10c 0x21bd0 0x201d0 0x48d
GetModuleFileNameA 0x0 0x41e110 0x21bd4 0x201d4 0x1f4
GetEnvironmentStrings 0x0 0x41e114 0x21bd8 0x201d8 0x1bf
FreeEnvironmentStringsW 0x0 0x41e118 0x21bdc 0x201dc 0x14b
WideCharToMultiByte 0x0 0x41e11c 0x21be0 0x201e0 0x47a
GetEnvironmentStringsW 0x0 0x41e120 0x21be4 0x201e4 0x1c1
TlsGetValue 0x0 0x41e124 0x21be8 0x201e8 0x434
TlsAlloc 0x0 0x41e128 0x21bec 0x201ec 0x432
TlsSetValue 0x0 0x41e12c 0x21bf0 0x201f0 0x435
TlsFree 0x0 0x41e130 0x21bf4 0x201f4 0x433
InterlockedIncrement 0x0 0x41e134 0x21bf8 0x201f8 0x2c0
SetLastError 0x0 0x41e138 0x21bfc 0x201fc 0x3ec
GetCurrentThreadId 0x0 0x41e13c 0x21c00 0x20200 0x1ad
InterlockedDecrement 0x0 0x41e140 0x21c04 0x20204 0x2bc
GetCurrentThread 0x0 0x41e144 0x21c08 0x20208 0x1ac
HeapCreate 0x0 0x41e148 0x21c0c 0x2020c 0x29f
HeapDestroy 0x0 0x41e14c 0x21c10 0x20210 0x2a0
VirtualFree 0x0 0x41e150 0x21c14 0x20214 0x457
QueryPerformanceCounter 0x0 0x41e154 0x21c18 0x20218 0x354
GetCurrentProcessId 0x0 0x41e158 0x21c1c 0x2021c 0x1aa
GetSystemTimeAsFileTime 0x0 0x41e15c 0x21c20 0x20220 0x24f
FatalAppExitA 0x0 0x41e160 0x21c24 0x20224 0x10b
VirtualAlloc 0x0 0x41e164 0x21c28 0x20228 0x454
HeapReAlloc 0x0 0x41e168 0x21c2c 0x2022c 0x2a4
MultiByteToWideChar 0x0 0x41e16c 0x21c30 0x20230 0x31a
ReadFile 0x0 0x41e170 0x21c34 0x20234 0x368
InitializeCriticalSectionAndSpinCount 0x0 0x41e174 0x21c38 0x20238 0x2b5
HeapSize 0x0 0x41e178 0x21c3c 0x2023c 0x2a6
SetConsoleCtrlHandler 0x0 0x41e17c 0x21c40 0x20240 0x3a7
FreeLibrary 0x0 0x41e180 0x21c44 0x20244 0x14c
InterlockedExchange 0x0 0x41e184 0x21c48 0x20248 0x2bd
GetOEMCP 0x0 0x41e188 0x21c4c 0x2024c 0x213
IsValidCodePage 0x0 0x41e18c 0x21c50 0x20250 0x2db
GetConsoleCP 0x0 0x41e190 0x21c54 0x20254 0x183
GetConsoleMode 0x0 0x41e194 0x21c58 0x20258 0x195
FlushFileBuffers 0x0 0x41e198 0x21c5c 0x2025c 0x141
SetFilePointer 0x0 0x41e19c 0x21c60 0x20260 0x3df
SetStdHandle 0x0 0x41e1a0 0x21c64 0x20264 0x3fc
GetLocaleInfoW 0x0 0x41e1a4 0x21c68 0x20268 0x1ea
SetEnvironmentVariableA 0x0 0x41e1a8 0x21c6c 0x2026c 0x3d0
USER32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CloseClipboard 0x0 0x41e1c4 0x21c88 0x20288 0x47
GetSubMenu 0x0 0x41e1c8 0x21c8c 0x2028c 0x16b
LoadBitmapA 0x0 0x41e1cc 0x21c90 0x20290 0x1d0
BeginPaint 0x0 0x41e1d0 0x21c94 0x20294 0xe
CallMsgFilterW 0x0 0x41e1d4 0x21c98 0x20298 0x1a
PeekMessageA 0x0 0x41e1d8 0x21c9c 0x2029c 0x21b
MapVirtualKeyExW 0x0 0x41e1dc 0x21ca0 0x202a0 0x1f1
RegisterRawInputDevices 0x0 0x41e1e0 0x21ca4 0x202a4 0x242
SetWindowsHookExW 0x0 0x41e1e4 0x21ca8 0x202a8 0x2b0
GetClipboardSequenceNumber 0x0 0x41e1e8 0x21cac 0x202ac 0x113
GetDialogBaseUnits 0x0 0x41e1ec 0x21cb0 0x202b0 0x11d
MessageBoxIndirectA 0x0 0x41e1f0 0x21cb4 0x202b4 0x1fb
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateCompatibleDC 0x0 0x41e000 0x21ac4 0x200c4 0x2e
PlayEnhMetaFile 0x0 0x41e004 0x21ac8 0x200c8 0x230
ScaleViewportExtEx 0x0 0x41e008 0x21acc 0x200cc 0x258
SetStretchBltMode 0x0 0x41e00c 0x21ad0 0x200d0 0x289
SetPixelV 0x0 0x41e010 0x21ad4 0x200d4 0x284
CreateDiscardableBitmap 0x0 0x41e014 0x21ad8 0x200d8 0x35
AddFontResourceW 0x0 0x41e018 0x21adc 0x200dc 0x7
SetDeviceGammaRamp 0x0 0x41e01c 0x21ae0 0x200e0 0x271
SHELL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ExtractAssociatedIconA 0x0 0x41e1b0 0x21c74 0x20274 0x24
ShellExecuteW 0x0 0x41e1b4 0x21c78 0x20278 0x118
ShellAboutW 0x0 0x41e1b8 0x21c7c 0x2027c 0x110
DragQueryFileA 0x0 0x41e1bc 0x21c80 0x20280 0x1e
Icons (1)
»
Local AV Matches (1)
»
Threat Name Severity
Trojan.AgentWDCR.SVC
Malicious
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\5.exe Downloaded File Binary
Malicious
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\68fff198-b032-4cc5-9a68-f439953f0783\5.exe (Downloaded File)
Mime Type application/vnd.microsoft.portable-executable
File Size 624.50 KB
MD5 fa45e8ddf1838b912c4204347f823ee5 Copy to Clipboard
SHA1 60fbfcff524cc37c6d16e1b8acacc0952207eafb Copy to Clipboard
SHA256 6ef95902583da843c0fb026a8c412940566a385aca2e8fb4c32f055d1dd3da11 Copy to Clipboard
SSDeep 12288:q5qcymZFkrwgFlZi6Bw+TvNHzBPXR3Cew+DfPS0N:qBfZFk0+Bw+TvRn3pz Copy to Clipboard
ImpHash 7095252bdbcadbc01e979ab9b606d362 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x4093ef
Size Of Code 0x1aa00
Size Of Initialized Data 0x10de00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-04-21 03:50:36+00:00
Version Information (3)
»
Copyright Copyrighz (C) 2020, pipkabop
FileVers 15.26.361
InternalName driteapoges.atb
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x1a948 0x1aa00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.66
.data 0x41c000 0xfcc14 0x6f800 0x1ae00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.88
.paw 0x519000 0x17 0x200 0x8a600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.hofukeh 0x51a000 0x6 0x200 0x8a800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.cama 0x51b000 0x3c3 0x400 0x8aa00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.rib 0x51c000 0x15a 0x200 0x8ae00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.02
.rsrc 0x51d000 0xe9d0 0xea00 0x8b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.29
.reloc 0x52c000 0x27e8 0x2800 0x99a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.02
Imports (1)
»
KERNEL32.dll (108)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleFileNameW 0x0 0x401000 0x1af9c 0x1a39c 0x1f5
CreateActCtxA 0x0 0x401004 0x1afa0 0x1a3a0 0x67
HeapUnlock 0x0 0x401008 0x1afa4 0x1a3a4 0x2a8
GetModuleHandleA 0x0 0x40100c 0x1afa8 0x1a3a8 0x1f6
InterlockedExchangeAdd 0x0 0x401010 0x1afac 0x1a3ac 0x2be
WaitNamedPipeW 0x0 0x401014 0x1afb0 0x1a3b0 0x46b
GetLastError 0x0 0x401018 0x1afb4 0x1a3b4 0x1e6
GetPrivateProfileSectionW 0x0 0x40101c 0x1afb8 0x1a3b8 0x21b
CancelDeviceWakeupRequest 0x0 0x401020 0x1afbc 0x1a3bc 0x32
EnterCriticalSection 0x0 0x401024 0x1afc0 0x1a3c0 0xd9
LocalHandle 0x0 0x401028 0x1afc4 0x1a3c4 0x2fe
WriteFile 0x0 0x40102c 0x1afc8 0x1a3c8 0x48d
SetFileShortNameW 0x0 0x401030 0x1afcc 0x1a3cc 0x3e2
ReadProcessMemory 0x0 0x401034 0x1afd0 0x1a3d0 0x36b
OpenEventW 0x0 0x401038 0x1afd4 0x1a3d4 0x328
SetEvent 0x0 0x40103c 0x1afd8 0x1a3d8 0x3d3
SetConsoleTextAttribute 0x0 0x401040 0x1afdc 0x1a3dc 0x3c0
SetConsoleTitleW 0x0 0x401044 0x1afe0 0x1a3e0 0x3c2
AllocConsole 0x0 0x401048 0x1afe4 0x1a3e4 0xe
LoadLibraryA 0x0 0x40104c 0x1afe8 0x1a3e8 0x2f1
LocalAlloc 0x0 0x401050 0x1afec 0x1a3ec 0x2f9
VirtualAlloc 0x0 0x401054 0x1aff0 0x1a3f0 0x454
GetFileAttributesW 0x0 0x401058 0x1aff4 0x1a3f4 0x1ce
GetAtomNameA 0x0 0x40105c 0x1aff8 0x1a3f8 0x155
HeapAlloc 0x0 0x401060 0x1affc 0x1a3fc 0x29d
lstrcpyW 0x0 0x401064 0x1b000 0x1a400 0x4b0
GetSystemDefaultLCID 0x0 0x401068 0x1b004 0x1a404 0x241
GetConsoleAliasW 0x0 0x40106c 0x1b008 0x1a408 0x17e
GetModuleHandleW 0x0 0x401070 0x1b00c 0x1a40c 0x1f9
CreateMailslotW 0x0 0x401074 0x1b010 0x1a410 0x89
GetCPInfoExA 0x0 0x401078 0x1b014 0x1a414 0x15c
SetEnvironmentVariableA 0x0 0x40107c 0x1b018 0x1a418 0x3d0
CommConfigDialogW 0x0 0x401080 0x1b01c 0x1a41c 0x4f
GetConsoleAliasesLengthW 0x0 0x401084 0x1b020 0x1a420 0x181
DeleteTimerQueue 0x0 0x401088 0x1b024 0x1a424 0xc5
GetFileAttributesExA 0x0 0x40108c 0x1b028 0x1a428 0x1ca
SetCalendarInfoW 0x0 0x401090 0x1b02c 0x1a42c 0x399
HeapLock 0x0 0x401094 0x1b030 0x1a430 0x2a2
ReleaseMutex 0x0 0x401098 0x1b034 0x1a434 0x377
WaitForSingleObject 0x0 0x40109c 0x1b038 0x1a438 0x464
lstrlenW 0x0 0x4010a0 0x1b03c 0x1a43c 0x4b6
WideCharToMultiByte 0x0 0x4010a4 0x1b040 0x1a440 0x47a
InterlockedIncrement 0x0 0x4010a8 0x1b044 0x1a444 0x2c0
InterlockedDecrement 0x0 0x4010ac 0x1b048 0x1a448 0x2bc
InterlockedCompareExchange 0x0 0x4010b0 0x1b04c 0x1a44c 0x2ba
InterlockedExchange 0x0 0x4010b4 0x1b050 0x1a450 0x2bd
MultiByteToWideChar 0x0 0x4010b8 0x1b054 0x1a454 0x31a
Sleep 0x0 0x4010bc 0x1b058 0x1a458 0x421
InitializeCriticalSection 0x0 0x4010c0 0x1b05c 0x1a45c 0x2b4
DeleteCriticalSection 0x0 0x4010c4 0x1b060 0x1a460 0xbe
LeaveCriticalSection 0x0 0x4010c8 0x1b064 0x1a464 0x2ef
RtlUnwind 0x0 0x4010cc 0x1b068 0x1a468 0x392
RaiseException 0x0 0x4010d0 0x1b06c 0x1a46c 0x35a
HeapFree 0x0 0x4010d4 0x1b070 0x1a470 0x2a1
TerminateProcess 0x0 0x4010d8 0x1b074 0x1a474 0x42d
GetCurrentProcess 0x0 0x4010dc 0x1b078 0x1a478 0x1a9
UnhandledExceptionFilter 0x0 0x4010e0 0x1b07c 0x1a47c 0x43e
SetUnhandledExceptionFilter 0x0 0x4010e4 0x1b080 0x1a480 0x415
IsDebuggerPresent 0x0 0x4010e8 0x1b084 0x1a484 0x2d1
GetStartupInfoW 0x0 0x4010ec 0x1b088 0x1a488 0x23a
LCMapStringA 0x0 0x4010f0 0x1b08c 0x1a48c 0x2e1
LCMapStringW 0x0 0x4010f4 0x1b090 0x1a490 0x2e3
GetCPInfo 0x0 0x4010f8 0x1b094 0x1a494 0x15b
GetStringTypeW 0x0 0x4010fc 0x1b098 0x1a498 0x240
GetProcAddress 0x0 0x401100 0x1b09c 0x1a49c 0x220
TlsGetValue 0x0 0x401104 0x1b0a0 0x1a4a0 0x434
TlsAlloc 0x0 0x401108 0x1b0a4 0x1a4a4 0x432
TlsSetValue 0x0 0x40110c 0x1b0a8 0x1a4a8 0x435
TlsFree 0x0 0x401110 0x1b0ac 0x1a4ac 0x433
SetLastError 0x0 0x401114 0x1b0b0 0x1a4b0 0x3ec
GetCurrentThreadId 0x0 0x401118 0x1b0b4 0x1a4b4 0x1ad
HeapCreate 0x0 0x40111c 0x1b0b8 0x1a4b8 0x29f
VirtualFree 0x0 0x401120 0x1b0bc 0x1a4bc 0x457
HeapReAlloc 0x0 0x401124 0x1b0c0 0x1a4c0 0x2a4
SetFilePointer 0x0 0x401128 0x1b0c4 0x1a4c4 0x3df
CloseHandle 0x0 0x40112c 0x1b0c8 0x1a4c8 0x43
ExitProcess 0x0 0x401130 0x1b0cc 0x1a4cc 0x104
GetStdHandle 0x0 0x401134 0x1b0d0 0x1a4d0 0x23b
GetModuleFileNameA 0x0 0x401138 0x1b0d4 0x1a4d4 0x1f4
FreeEnvironmentStringsW 0x0 0x40113c 0x1b0d8 0x1a4d8 0x14b
GetEnvironmentStringsW 0x0 0x401140 0x1b0dc 0x1a4dc 0x1c1
GetCommandLineW 0x0 0x401144 0x1b0e0 0x1a4e0 0x170
SetHandleCount 0x0 0x401148 0x1b0e4 0x1a4e4 0x3e8
GetFileType 0x0 0x40114c 0x1b0e8 0x1a4e8 0x1d7
GetStartupInfoA 0x0 0x401150 0x1b0ec 0x1a4ec 0x239
QueryPerformanceCounter 0x0 0x401154 0x1b0f0 0x1a4f0 0x354
GetTickCount 0x0 0x401158 0x1b0f4 0x1a4f4 0x266
GetCurrentProcessId 0x0 0x40115c 0x1b0f8 0x1a4f8 0x1aa
GetSystemTimeAsFileTime 0x0 0x401160 0x1b0fc 0x1a4fc 0x24f
GetACP 0x0 0x401164 0x1b100 0x1a500 0x152
GetOEMCP 0x0 0x401168 0x1b104 0x1a504 0x213
IsValidCodePage 0x0 0x40116c 0x1b108 0x1a508 0x2db
GetLocaleInfoA 0x0 0x401170 0x1b10c 0x1a50c 0x1e8
GetStringTypeA 0x0 0x401174 0x1b110 0x1a510 0x23d
HeapSize 0x0 0x401178 0x1b114 0x1a514 0x2a6
GetUserDefaultLCID 0x0 0x40117c 0x1b118 0x1a518 0x26d
EnumSystemLocalesA 0x0 0x401180 0x1b11c 0x1a51c 0xf8
IsValidLocale 0x0 0x401184 0x1b120 0x1a520 0x2dd
InitializeCriticalSectionAndSpinCount 0x0 0x401188 0x1b124 0x1a524 0x2b5
SetStdHandle 0x0 0x40118c 0x1b128 0x1a528 0x3fc
GetConsoleCP 0x0 0x401190 0x1b12c 0x1a52c 0x183
GetConsoleMode 0x0 0x401194 0x1b130 0x1a530 0x195
FlushFileBuffers 0x0 0x401198 0x1b134 0x1a534 0x141
GetLocaleInfoW 0x0 0x40119c 0x1b138 0x1a538 0x1ea
WriteConsoleA 0x0 0x4011a0 0x1b13c 0x1a53c 0x482
GetConsoleOutputCP 0x0 0x4011a4 0x1b140 0x1a540 0x199
WriteConsoleW 0x0 0x4011a8 0x1b144 0x1a544 0x48c
CreateFileA 0x0 0x4011ac 0x1b148 0x1a548 0x78
Icons (2)
»
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKDZ.71430
Malicious
c:\users\5p5nrgjn0js halpmcxz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 340 Bytes
MD5 d2e81164e6c36fdb2ef0cb011d0cdbe9 Copy to Clipboard
SHA1 e753cbb757836a455f4a34f522197dea07de770d Copy to Clipboard
SHA256 829418075412ee03fd381f0fe089b3009162a05447c14ba1734e93c98943d4c5 Copy to Clipboard
SSDeep 6:kKfk81Ct4Y+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:Xk0yokPlE99SNxAhUegeT2 Copy to Clipboard
ImpHash -
c:\users\5p5nrg~1\appdata\local\temp\cabb26.tmp Dropped File CAB
Unknown
...
»
Also Known As c:\users\5p5nrg~1\appdata\local\temp\cabc80.tmp (Dropped File)
Mime Type application/vnd.ms-cab-compressed
File Size 52.71 KB
MD5 03f9e1f45c0d5fe8e08af7449ba1fa2f Copy to Clipboard
SHA1 da545c3133a914434cce940bae78d8ad180a529a Copy to Clipboard
SHA256 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311 Copy to Clipboard
SSDeep 1536:26Ley1Fr+ZuhxsffPTWBbJR51GpX/RCy7Y22JO8jd:NLZxufLURrGJ/UZdh Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 1
Number of Folders 0
Size of Packed Archive Contents 126.77 KB
Size of Unpacked Archive Contents 126.77 KB
File Format cab
Contents (1)
»
Filename Packed Size Unpacked Size Compression Is Encrypted Modify Time Actions
authroot.stl 126.77 KB 126.77 KB MSZip False 2017-09-22 16:47 (UTC+2)
...
authroot.stl Dropped File Stream
Unknown
...
»
Also Known As c:\users\5p5nrg~1\appdata\local\temp\tarb27.tmp (Dropped File)
authroot.stl (Embedded File)
Parent File c:\users\5p5nrg~1\appdata\local\temp\cabb26.tmp
Mime Type application/octet-stream
File Size 126.77 KB
MD5 4479a52b31b6bde89384fb63854ec382 Copy to Clipboard
SHA1 71386477836e4081befb501a266ccc4c984030e0 Copy to Clipboard
SHA256 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2 Copy to Clipboard
SSDeep 1536:blzA+FFTLO9oHCLYyBFfLARZk2YueKQR7A/MGs:blH7RHCVBFERxeKh/6 Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\geo[1].json Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 698 Bytes
MD5 fa82c76ed9660c2f7ded12439b41ff63 Copy to Clipboard
SHA1 fb68e04122ca3c7f1d569548354ebfb198eea4d9 Copy to Clipboard
SHA256 59e8c7ebe8cbf8cf3a570e5a28b3610cc2e461b3bdc97a21e8c0a93be68873f5 Copy to Clipboard
SSDeep 12:YRajmdVQVCRbI9pen4Z+XhCdEVQVPB8yPt0fRb4V2K8yPt0uYIRWHgEVQVKIdGpM:Y3QVCRbI9pW4wxCCQVvV0fRb4V22V0u1 Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\script.ps1 Dropped File Text
Unknown
...
»
Mime Type text/x-powershell
File Size 49 Bytes
MD5 f972c62f986b5ed49ad7713d93bf6c9f Copy to Clipboard
SHA1 4e157002bdb97e9526ab97bfafbf7c67e1d1efbf Copy to Clipboard
SHA256 b47f85974a7ec2fd5aa82d52f08eb0f6cea7e596a98dd29e8b85b5c37beca0a8 Copy to Clipboard
SSDeep 3:uIHeGAFcX5wTnl:/eGgHTl Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\bowsakkdestx.txt Downloaded File Text
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\bowsakkdestx.txt (Downloaded File)
Mime Type text/plain
File Size 555 Bytes
MD5 d31bc8dffc9fe769a61e06ea2473567b Copy to Clipboard
SHA1 243ca793c099754097fb1b439929425fed333049 Copy to Clipboard
SHA256 2f0cf6c38ac89a7588dd8d01657af29469117a3146eea094bbea5c0709763113 Copy to Clipboard
SSDeep 12:YGJ68cg6bjs5nOwGUiaI2lVwcu3g2CdypQ856O/S:YgJcg6M2aRlDu3gxypxH/S Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image