e9056b55...1b70 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Wiper
Dropper
Threat Names:
Trojan.GenericKD.33780716
Gen:Variant.Ursu.858841

video_driver.exe

Windows Exe (x86-32)

Created at 2020-05-06T23:41:00

...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\video_driver.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\5P5NRG~1\AppData\Local\Temp\video_driver.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 776.17 KB
MD5 d32ff14c37b0b7e6c554ce3de5a85454 Copy to Clipboard
SHA1 66667fc7c218d4d07adea4092d7b94861eaf168c Copy to Clipboard
SHA256 e9056b5596854e3473033e3b28577c83a70f1b5be20e4b1cf529688ad7591b70 Copy to Clipboard
SSDeep 24576:xD2lHV4a/G9x1UhjU+EwhrrngwmsemZEqda7E:VGHV477/bornT9xZddx Copy to Clipboard
ImpHash e3ac6f0086cfc9c262d58f98094f8199 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
PE Information
»
Image Base 0x400000
Entry Point 0x401280
Size Of Code 0x2000
Size Of Initialized Data 0xbb600
Size Of Uninitialized Data 0x200
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 1972-09-03 14:31:12+00:00
Version Information (10)
»
Comments A pack of easy to use video drivers.
CompanyName Microsoft
FileDescription Video driver
FileVersion -
InternalName -
LegalCopyright -
LegalTrademarks -
OriginalFilename Video driver
ProductName Video driver
ProductVersion -
Sections (14)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x1e04 0x2000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.57
.data 0x403000 0x10 0x200 0x2400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.12
.rdata 0x404000 0x19b8 0x1a00 0x2600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 5.72
/4 0x406000 0x3a0 0x400 0x4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ 4.21
.bss 0x407000 0x60 0x0 0x0 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.idata 0x408000 0x560 0x600 0x4400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.35
.CRT 0x409000 0x18 0x200 0x4a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.11
.tls 0x40a000 0x20 0x200 0x4c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.22
.rsrc 0x40b000 0xb6a04 0xb6c00 0x4e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.64
/14 0x4c2000 0x58 0x200 0xbba00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.41
/29 0x4c3000 0x12d4 0x1400 0xbbc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.63
/41 0x4c5000 0x1f3 0x200 0xbd000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.35
/55 0x4c6000 0x3ec 0x400 0xbd200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.18
/67 0x4c7000 0xe0 0x200 0xbd600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 2.46
Imports (3)
»
KERNEL32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AllocConsole 0x0 0x408114 0x8050 0x4450 0x10
CloseHandle 0x0 0x408118 0x8054 0x4454 0x52
CreateThread 0x0 0x40811c 0x8058 0x4458 0xb3
DeleteCriticalSection 0x0 0x408120 0x805c 0x445c 0xcf
EnterCriticalSection 0x0 0x408124 0x8060 0x4460 0xec
ExitProcess 0x0 0x408128 0x8064 0x4464 0x117
FindResourceA 0x0 0x40812c 0x8068 0x4468 0x149
GetDriveTypeA 0x0 0x408130 0x806c 0x446c 0x1d0
GetLastError 0x0 0x408134 0x8070 0x4470 0x1fe
GetModuleHandleA 0x0 0x408138 0x8074 0x4474 0x211
GetProcAddress 0x0 0x40813c 0x8078 0x4478 0x241
InitializeCriticalSection 0x0 0x408140 0x807c 0x447c 0x2de
LeaveCriticalSection 0x0 0x408144 0x8080 0x4480 0x32e
LoadResource 0x0 0x408148 0x8084 0x4484 0x336
LockResource 0x0 0x40814c 0x8088 0x4488 0x349
SetUnhandledExceptionFilter 0x0 0x408150 0x808c 0x448c 0x474
SizeofResource 0x0 0x408154 0x8090 0x4490 0x47f
TlsGetValue 0x0 0x408158 0x8094 0x4494 0x495
VirtualProtect 0x0 0x40815c 0x8098 0x4498 0x4bd
VirtualQuery 0x0 0x408160 0x809c 0x449c 0x4bf
WaitForMultipleObjects 0x0 0x408164 0x80a0 0x44a0 0x4c5
msvcrt.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__getmainargs 0x0 0x40816c 0x80a8 0x44a8 0x37
__p__environ 0x0 0x408170 0x80ac 0x44ac 0x4d
__p__fmode 0x0 0x408174 0x80b0 0x44b0 0x4f
__set_app_type 0x0 0x408178 0x80b4 0x44b4 0x63
_cexit 0x0 0x40817c 0x80b8 0x44b8 0x93
_iob 0x0 0x408180 0x80bc 0x44bc 0x10a
_onexit 0x0 0x408184 0x80c0 0x44c0 0x17f
_setmode 0x0 0x408188 0x80c4 0x44c4 0x1aa
abort 0x0 0x40818c 0x80c8 0x44c8 0x247
atexit 0x0 0x408190 0x80cc 0x44cc 0x24e
calloc 0x0 0x408194 0x80d0 0x44d0 0x253
fclose 0x0 0x408198 0x80d4 0x44d4 0x25f
fopen 0x0 0x40819c 0x80d8 0x44d8 0x26a
free 0x0 0x4081a0 0x80dc 0x44dc 0x271
fwrite 0x0 0x4081a4 0x80e0 0x44e0 0x279
getenv 0x0 0x4081a8 0x80e4 0x44e4 0x27d
memcpy 0x0 0x4081ac 0x80e8 0x44e8 0x2aa
memset 0x0 0x4081b0 0x80ec 0x44ec 0x2ac
signal 0x0 0x4081b4 0x80f0 0x44f0 0x2c2
strcat 0x0 0x4081b8 0x80f4 0x44f4 0x2c9
strlen 0x0 0x4081bc 0x80f8 0x44f8 0x2d1
system 0x0 0x4081c0 0x80fc 0x44fc 0x2e0
vfprintf 0x0 0x4081c4 0x8100 0x4500 0x2ec
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindWindowA 0x0 0x4081cc 0x8108 0x4508 0xd2
ShowWindow 0x0 0x4081d0 0x810c 0x450c 0x249
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
video_driver.exe 1 0x00400000 0x004C7FFF Relevant Image True 32-bit - True False
...
video_driver.exe 1 0x00400000 0x004C7FFF Final Dump True 32-bit 0x004017B4 True False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.33780716
Malicious
C:\Users\5P5NRG~1\AppData\Local\Temp\mod_01.exe Dropped File Binary
Whitelisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 716.50 KB
MD5 744d0e63bcb20438dd3efcd764503490 Copy to Clipboard
SHA1 4e9d49a41201e25cf56658578b23f7384a13dc6d Copy to Clipboard
SHA256 77613cca716edf68b9d5bab951463ed7fade5bc0ec465b36190a76299c50f117 Copy to Clipboard
SSDeep 12288:jDGME0uBHVw8VOa/iJ9x1mJhXTUOr/swII0urngQfmsa9mn+WEqdxaxD7B:jD2lHV4a/G9x1UhjU+EwhrrngwmsemZe Copy to Clipboard
ImpHash 97afb108b72a3d7397a41aa475152d5a Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
PE Information
»
Image Base 0x400000
Entry Point 0x49085e
Size Of Code 0x97200
Size Of Initialized Data 0x22a00
File Type FileType.executable
Subsystem Subsystem.windows_cui
Machine Type MachineType.i386
Compile Timestamp 2018-04-30 12:00:00+00:00
Version Information (8)
»
CompanyName Igor Pavlov
FileDescription 7-Zip Standalone Console
FileVersion 18.05
InternalName 7za
LegalCopyright Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename 7za.exe
ProductName 7-Zip
ProductVersion 18.05
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x97185 0x97200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.7
.rdata 0x499000 0x140f4 0x14200 0x97600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.61
.data 0x4ae000 0x72bc 0x600 0xab800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.46
.sxdata 0x4b6000 0x4 0x200 0xabe00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x4b7000 0x6f8 0x800 0xac000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.46
.reloc 0x4b8000 0x6898 0x6a00 0xac800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.15
Imports (5)
»
OLEAUT32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VariantCopy 0xa 0x499200 0xac7e4 0xaade4 -
SysAllocStringLen 0x4 0x499204 0xac7e8 0xaade8 -
SysAllocString 0x2 0x499208 0xac7ec 0xaadec -
SysFreeString 0x6 0x49920c 0xac7f0 0xaadf0 -
SysStringLen 0x7 0x499210 0xac7f4 0xaadf4 -
VariantClear 0x9 0x499214 0xac7f8 0xaadf8 -
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharPrevExA 0x0 0x49921c 0xac800 0xaae00 0x2e
CharUpperW 0x0 0x499220 0xac804 0xaae04 0x37
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetFileSecurityW 0x0 0x499000 0xac5e4 0xaabe4 0x224
OpenProcessToken 0x0 0x499004 0xac5e8 0xaabe8 0x1aa
LookupPrivilegeValueW 0x0 0x499008 0xac5ec 0xaabec 0x14e
AdjustTokenPrivileges 0x0 0x49900c 0xac5f0 0xaabf0 0x1c
GetFileSecurityW 0x0 0x499010 0xac5f4 0xaabf4 0xf0
MSVCRT.dll (40)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_controlfp 0x0 0x49915c 0xac740 0xaad40 0xb7
__set_app_type 0x0 0x499160 0xac744 0xaad44 0x81
__p__fmode 0x0 0x499164 0xac748 0xaad48 0x6f
__p__commode 0x0 0x499168 0xac74c 0xaad4c 0x6a
_adjust_fdiv 0x0 0x49916c 0xac750 0xaad50 0x9d
__setusermatherr 0x0 0x499170 0xac754 0xaad54 0x83
_initterm 0x0 0x499174 0xac758 0xaad58 0x10f
__getmainargs 0x0 0x499178 0xac75c 0xaad5c 0x58
__p___initenv 0x0 0x49917c 0xac760 0xaad60 0x64
exit 0x0 0x499180 0xac764 0xaad64 0x249
_XcptFilter 0x0 0x499184 0xac768 0xaad68 0x48
_exit 0x0 0x499188 0xac76c 0xaad6c 0xd3
_onexit 0x0 0x49918c 0xac770 0xaad70 0x186
__dllonexit 0x0 0x499190 0xac774 0xaad74 0x55
??1type_info@@UAE@XZ 0x0 0x499194 0xac778 0xaad78 0xe
?terminate@@YAXXZ 0x0 0x499198 0xac77c 0xaad7c 0x2e
_except_handler3 0x0 0x49919c 0xac780 0xaad80 0xca
_beginthreadex 0x0 0x4991a0 0xac784 0xaad84 0xa6
realloc 0x0 0x4991a4 0xac788 0xaad88 0x2a7
strlen 0x0 0x4991a8 0xac78c 0xaad8c 0x2be
memset 0x0 0x4991ac 0xac790 0xaad90 0x299
wcscmp 0x0 0x4991b0 0xac794 0xaad94 0x2e1
wcsstr 0x0 0x4991b4 0xac798 0xaad98 0x2ed
strcmp 0x0 0x4991b8 0xac79c 0xaad9c 0x2b8
memmove 0x0 0x4991bc 0xac7a0 0xaada0 0x298
fputs 0x0 0x4991c0 0xac7a4 0xaada4 0x25a
fputc 0x0 0x4991c4 0xac7a8 0xaada8 0x259
fflush 0x0 0x4991c8 0xac7ac 0xaadac 0x24f
fgetc 0x0 0x4991cc 0xac7b0 0xaadb0 0x250
fclose 0x0 0x4991d0 0xac7b4 0xaadb4 0x24c
_iob 0x0 0x4991d4 0xac7b8 0xaadb8 0x113
free 0x0 0x4991d8 0xac7bc 0xaadbc 0x25e
_CxxThrowException 0x0 0x4991dc 0xac7c0 0xaadc0 0x41
malloc 0x0 0x4991e0 0xac7c4 0xaadc4 0x291
memcmp 0x0 0x4991e4 0xac7c8 0xaadc8 0x296
_purecall 0x0 0x4991e8 0xac7cc 0xaadcc 0x192
memcpy 0x0 0x4991ec 0xac7d0 0xaadd0 0x297
__CxxFrameHandler 0x0 0x4991f0 0xac7d4 0xaadd4 0x49
_isatty 0x0 0x4991f4 0xac7d8 0xaadd8 0x114
_fileno 0x0 0x4991f8 0xac7dc 0xaaddc 0xde
KERNEL32.dll (80)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ResetEvent 0x0 0x499018 0xac5fc 0xaabfc 0x2c4
CreateSemaphoreW 0x0 0x49901c 0xac600 0xaac00 0x66
CreateEventW 0x0 0x499020 0xac604 0xaac04 0x4a
WaitForSingleObject 0x0 0x499024 0xac608 0xaac08 0x385
ReleaseSemaphore 0x0 0x499028 0xac60c 0xaac0c 0x2b9
InitializeCriticalSection 0x0 0x49902c 0xac610 0xaac10 0x219
VirtualFree 0x0 0x499030 0xac614 0xaac14 0x378
SetEvent 0x0 0x499034 0xac618 0xaac18 0x30b
MoveFileW 0x0 0x499038 0xac61c 0xaac1c 0x267
VirtualAlloc 0x0 0x49903c 0xac620 0xaac20 0x375
QueryPerformanceCounter 0x0 0x499040 0xac624 0xaac24 0x299
LocalFileTimeToFileTime 0x0 0x499044 0xac628 0xaac28 0x250
SetConsoleMode 0x0 0x499048 0xac62c 0xaac2c 0x2f2
GetConsoleMode 0x0 0x49904c 0xac630 0xaac30 0x12b
GetVersionExW 0x0 0x499050 0xac634 0xaac34 0x1e0
SetFileApisToOEM 0x0 0x499054 0xac638 0xaac38 0x30d
GetCommandLineW 0x0 0x499058 0xac63c 0xaac3c 0x109
GetConsoleScreenBufferInfo 0x0 0x49905c 0xac640 0xaac40 0x12f
SetConsoleCtrlHandler 0x0 0x499060 0xac644 0xaac44 0x2e3
DeleteCriticalSection 0x0 0x499064 0xac648 0xaac48 0x7a
IsProcessorFeaturePresent 0x0 0x499068 0xac64c 0xaac4c 0x232
GetProcessTimes 0x0 0x49906c 0xac650 0xaac50 0x1a2
OpenEventW 0x0 0x499070 0xac654 0xaac54 0x274
OpenFileMappingW 0x0 0x499074 0xac658 0xaac58 0x277
MapViewOfFile 0x0 0x499078 0xac65c 0xaac5c 0x25e
UnmapViewOfFile 0x0 0x49907c 0xac660 0xaac60 0x365
SetProcessAffinityMask 0x0 0x499080 0xac664 0xaac64 0x327
WaitForMultipleObjects 0x0 0x499084 0xac668 0xaac68 0x383
EnterCriticalSection 0x0 0x499088 0xac66c 0xaac6c 0x8f
LeaveCriticalSection 0x0 0x49908c 0xac670 0xaac70 0x247
GetStdHandle 0x0 0x499090 0xac674 0xaac74 0x1b1
GetSystemTimeAsFileTime 0x0 0x499094 0xac678 0xaac78 0x1c0
FileTimeToDosDateTime 0x0 0x499098 0xac67c 0xaac7c 0xba
DosDateTimeToFileTime 0x0 0x49909c 0xac680 0xaac80 0x88
GlobalMemoryStatus 0x0 0x4990a0 0xac684 0xaac84 0x1fa
GetSystemInfo 0x0 0x4990a4 0xac688 0xaac88 0x1bb
GetProcessAffinityMask 0x0 0x4990a8 0xac68c 0xaac8c 0x199
FileTimeToLocalFileTime 0x0 0x4990ac 0xac690 0xaac90 0xbb
FileTimeToSystemTime 0x0 0x4990b0 0xac694 0xaac94 0xbc
CompareFileTime 0x0 0x4990b4 0xac698 0xaac98 0x33
GetCurrentProcess 0x0 0x4990b8 0xac69c 0xaac9c 0x13a
GetDiskFreeSpaceW 0x0 0x4990bc 0xac6a0 0xaaca0 0x148
GetFileInformationByHandle 0x0 0x4990c0 0xac6a4 0xaaca4 0x15a
SetEndOfFile 0x0 0x4990c4 0xac6a8 0xaaca8 0x305
WriteFile 0x0 0x4990c8 0xac6ac 0xaacac 0x397
ReadFile 0x0 0x4990cc 0xac6b0 0xaacb0 0x2ab
DeviceIoControl 0x0 0x4990d0 0xac6b4 0xaacb4 0x83
SetFilePointer 0x0 0x4990d4 0xac6b8 0xaacb8 0x310
GetFileSize 0x0 0x4990d8 0xac6bc 0xaacbc 0x15b
GetLastError 0x0 0x4990dc 0xac6c0 0xaacc0 0x169
MultiByteToWideChar 0x0 0x4990e0 0xac6c4 0xaacc4 0x26b
WideCharToMultiByte 0x0 0x4990e4 0xac6c8 0xaacc8 0x389
FreeLibrary 0x0 0x4990e8 0xac6cc 0xaaccc 0xef
LoadLibraryW 0x0 0x4990ec 0xac6d0 0xaacd0 0x24b
GetModuleFileNameW 0x0 0x4990f0 0xac6d4 0xaacd4 0x176
LocalFree 0x0 0x4990f4 0xac6d8 0xaacd8 0x252
FormatMessageW 0x0 0x4990f8 0xac6dc 0xaacdc 0xeb
CloseHandle 0x0 0x4990fc 0xac6e0 0xaace0 0x2e
SetFileTime 0x0 0x499100 0xac6e4 0xaace4 0x314
CreateFileW 0x0 0x499104 0xac6e8 0xaace8 0x50
SetFileAttributesW 0x0 0x499108 0xac6ec 0xaacec 0x30f
RemoveDirectoryW 0x0 0x49910c 0xac6f0 0xaacf0 0x2bb
GetLogicalDriveStringsW 0x0 0x499110 0xac6f4 0xaacf4 0x16f
GetProcAddress 0x0 0x499114 0xac6f8 0xaacf8 0x198
GetModuleHandleW 0x0 0x499118 0xac6fc 0xaacfc 0x17a
CreateDirectoryW 0x0 0x49911c 0xac700 0xaad00 0x48
DeleteFileW 0x0 0x499120 0xac704 0xaad04 0x7d
SetLastError 0x0 0x499124 0xac708 0xaad08 0x31d
SetCurrentDirectoryW 0x0 0x499128 0xac70c 0xaad0c 0x300
GetCurrentDirectoryW 0x0 0x49912c 0xac710 0xaad10 0x139
GetTempPathW 0x0 0x499130 0xac714 0xaad14 0x1cc
GetCurrentProcessId 0x0 0x499134 0xac718 0xaad18 0x13b
GetTickCount 0x0 0x499138 0xac71c 0xaad1c 0x1d5
GetCurrentThreadId 0x0 0x49913c 0xac720 0xaad20 0x13e
FindClose 0x0 0x499140 0xac724 0xaad24 0xc5
FindFirstFileW 0x0 0x499144 0xac728 0xaad28 0xcc
FindNextFileW 0x0 0x499148 0xac72c 0xaad2c 0xd4
GetModuleHandleA 0x0 0x49914c 0xac730 0xaad30 0x177
GetFileAttributesW 0x0 0x499150 0xac734 0xaad34 0x159
InterlockedIncrement 0x0 0x499154 0xac738 0xaad38 0x222
Memory Dumps (1)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
mod_01.exe 24 0x00350000 0x0040EFFF Relevant Image True 32-bit 0x00351584 False False
...
C:\Users\5p5NrGJn0jS HALPmcxz\new_background.bmp Dropped File Image
Unknown
...
»
Mime Type image/jpeg
File Size 12.14 KB
MD5 4c0ce61d3802eb0cd4475546466bdbba Copy to Clipboard
SHA1 759175ad3b704997f9a5ab552447bfc40c178f42 Copy to Clipboard
SHA256 2066c9d9476f12743a74a708e57e8cb7e3e2770be288954ad4aa73b4b339cbe9 Copy to Clipboard
SSDeep 24:qhpK5yo0XxDuLHeOWXG4OZ7DAJuLHenX3bvB:ZuERAr Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\help.html Dropped File Text
Unknown
...
»
Mime Type text/html
File Size 883 Bytes
MD5 0c9ec5e6e7b938d3f01faef49139d4b9 Copy to Clipboard
SHA1 04a76eb2a679e453d8fa67f54ff84c9a67e5420d Copy to Clipboard
SHA256 44a57d79a92e958fafcf1adb820c1bdfc3a4fd34121793c40c041b356a477383 Copy to Clipboard
SSDeep 24:hY4+0NpJhsYPEskLXZnqfpKwR0peg9tBOnui:nLh/qEfpKOyOnN Copy to Clipboard
ImpHash -
Embedded URLs (1)
»
URL First Seen Categories Threat Names Reputation Status WHOIS Data Actions
http://gisele.liroy.free.fr/bitmap/ - - -
Unknown
Not Queried
...
C:\Users\5p5NrGJn0jS HALPmcxz\5p5NrGJn0jS HALPmcxz_desktop.vcrypt Dropped File 7z
Unknown
...
»
Mime Type application/x-7z-compressed
File Size 2.66 MB
MD5 7e96b7dd1d1f7e30322f92c2ff542923 Copy to Clipboard
SHA1 9405c3432425e4e05c4b97f7507c9e110f30a4cb Copy to Clipboard
SHA256 df08366dda0997d1f9fe52877cfb4a28d9681e905002b3277d153588b4d5d281 Copy to Clipboard
SSDeep 49152:f5UgB5/hCdCXgATObq7/OY5WJEUfQq0Eb8eEcWAUQtiWXXjdS3pfFcfKk:f5DBphuhu/OoWJpfAeE0tiWXXjdmyL Copy to Clipboard
ImpHash -
Error Remark No correct password supplied for protected sample
Local AV Information
»
Errors -
Failed AV scans The sample is encrypted
C:\Users\5p5NrGJn0jS HALPmcxz\5p5NrGJn0jS HALPmcxz_desktop.vcrypt.tmp Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 779.27 KB
MD5 951732897450366341f711ec4e887639 Copy to Clipboard
SHA1 59fdb9c5a7a1ce592fa62462d5273fbb1cb369d1 Copy to Clipboard
SHA256 2e701e01e5efa4a5116a2152dd9c700ecb6cfec9e63a0ba507b0c1a0d51cd0fb Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image