edb69759...6f14

C:\Users\FD1HVy\Desktop\DaVinci.exe

Sample File

Binary

Malicious

»

Mime Type	application/vnd.microsoft.portable-executable
File Size	59.00 KB
MD5	fead5e658a971c795a73f22f42e72545
SHA1	03a9b30691515e8ae8fc762ac06345e4638a5fe3
SHA256	edb69759a3bdc83c610ce401f1dc7bfcad2dc28a2c0e4c2e4130a0b4cd926f14
SSDeep	768:DgripuEOtXH1bLKXwPQuOBbjG9Y4iLRVHVaqE2qUiZV+paRLYE9RGuHLSXYcKV1:Dgu6XKLu0X4iLRiqat4i8yRGOLSWV1
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

PE Information

»

Image Base	0x400000
Entry Point	0x40f59e
Size Of Code	0xd600
Size Of Initialized Data	0x1400
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2065-11-10 10:29:55+00:00

Version Information (11)

»

Assembly Version	1.0.0.0
Comments	-
CompanyName	-
FileDescription	DaVinci
FileVersion	1.0.0.0
InternalName	DaVinci.exe
LegalCopyright	Copyright © 2020
LegalTrademarks	-
OriginalFilename	DaVinci.exe
ProductName	DaVinci
ProductVersion	1.0.0.0

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0xd5a4	0xd600	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.23
.rsrc	0x410000	0x1100	0x1200	0xd800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.09
.reloc	0x412000	0xc	0x200	0xea00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.08

Imports (1)

»

mscoree.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	0x0	0x402000	0xf574	0xd774	0x0

Memory Dumps (18)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
davinci.exe	1	0x00FF0000	0x01003FFF	Relevant Image	64-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	1	0x7FFC6A3FB000	0x7FFC6A3FBFFF	First Execution	64-bit	0x7FFC6A3FB000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4CD000	0x7FFC6A4CDFFF	First Execution	64-bit	0x7FFC6A4CD032	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4CF000	0x7FFC6A4CFFFF	First Execution	64-bit	0x7FFC6A4CF040	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4CD000	0x7FFC6A4CDFFF	Content Changed	64-bit	0x7FFC6A4CD1A0	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A3FB000	0x7FFC6A3FBFFF	Content Changed	64-bit	0x7FFC6A3FBE60	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4D1000	0x7FFC6A4D1FFF	First Execution	64-bit	0x7FFC6A4D1060	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A484000	0x7FFC6A484FFF	First Execution	64-bit	0x7FFC6A484000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4D2000	0x7FFC6A4D2FFF	First Execution	64-bit	0x7FFC6A4D2020	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4CF000	0x7FFC6A4CFFFF	Content Changed	64-bit	0x7FFC6A4CFC80	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4E6000	0x7FFC6A4E6FFF	First Execution	64-bit	0x7FFC6A4E6010	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4E7000	0x7FFC6A4E7FFF	First Execution	64-bit	0x7FFC6A4E7022	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4E9000	0x7FFC6A4E9FFF	First Execution	64-bit	0x7FFC6A4E9030	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4EA000	0x7FFC6A4EAFFF	First Execution	64-bit	0x7FFC6A4EA000	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4EB000	0x7FFC6A4EBFFF	First Execution	64-bit	0x7FFC6A4EB002	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4EC000	0x7FFC6A4ECFFF	First Execution	64-bit	0x7FFC6A4EC050	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4ED000	0x7FFC6A4EDFFF	First Execution	64-bit	0x7FFC6A4ED010	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x7FFC6A4E9000	0x7FFC6A4E9FFF	Content Changed	64-bit	0x7FFC6A4E91F0	... Memory Dump Actions Go to Process Download Dump

YARA Matches (1)

»

Rule Name	Rule Description	Classification	Score	Actions
ransomware_windows_wannacry	WannaCry / WannaCryptor ransomware	Worm, Ransomware	5/5	... YARA Actions Show Ruleset Show Match

C:\Users\FD1HVy\Desktop\-jbi.jpg.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	137.83 KB
MD5	6d99dc761ba1026f9923d5de082758f2
SHA1	96a9db8827941d73a9252651e619aea34c8c178d
SHA256	aec888d1c39dc577794625cee340947c12491bf26cdf2c1435596abdf1a63247
SSDeep	3072:kJXnN9gN4YFrHDtDf/DwfxKcMiWNwW9lP+Afao4CBlsqdnKFe8SSMmTk:k+N4CDkft4wW94to4C8QKFv7Hk
ImpHash	-

C:\Users\FD1HVy\Desktop\-QjsZ7.m4a.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	54.24 KB
MD5	d6a13c7e725241ad29a18c2e9210fb28
SHA1	8a4d7117e62e3763c7b98836f92c9f6c7c7f1dca
SHA256	523415cc3e18db61c0061f365f80fac82e0f8af12ccfadc21728c701f4051bce
SSDeep	1536:FWafSCIxPNZxfZdAcEwpHwoiWQlpwkaromnnC:nxIxFHEMFiWQkHromnC
ImpHash	-

C:\Users\FD1HVy\Desktop\1SyMfajrpPolJidY.xlsx.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	145.97 KB
MD5	9c39e234889feebe5215f6152b8842b7
SHA1	89b1ca05456c8faa10807f0e927082c00f6c8c08
SHA256	d73f309bb61b097adca93652243ad11a56a3cdfedcf90dccebd65cff194d1ff2
SSDeep	3072:auGpKQV4YXq89zLWDJ6QOZIK1L/2+3ylEaQ:8K/W46JO2/RyaN
ImpHash	-

C:\Users\FD1HVy\Desktop\39B_YZSRl4n.mp4.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	53.99 KB
MD5	090b30acfcbf050767ccf7ae87ca2e38
SHA1	79f86de7b3d71475f8ffa7439e4a97d62e144b19
SHA256	424977db3962464d7c5e0e478ca6bfcb26dc2c874404e026ba2547e85866b2bc
SSDeep	1536:ACwum5NV/MPkjxjMQ3pPqrdlVT5QGuIfLP3:oumL6PkjxjMupPqBlrQGuID/
ImpHash	-

C:\Users\FD1HVy\Desktop\4UM9q1XXhmiB HePG.ots.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	95.03 KB
MD5	0decaa1a50c4ebb40b2f56265e58dcce
SHA1	18c9f1d8c8e344c3c5d897bcfcbd2784357bf8ca
SHA256	c6c2b99ff033f290ee68cd83c3b7380ad9c866e3ba3368ddd5c1175519ea3d46
SSDeep	1536:SL30gHTmtVoqawE1w1eCaqGFU2cewgGuxo0m4Yx0ZY+GTXR7lwjendTcAqO:qNTmtV57kQxaqoBA0m1wY3thwjenhcAf
ImpHash	-

C:\Users\FD1HVy\Desktop\78HQmp9lg5bcs Sgj.wav.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	169.06 KB
MD5	5ae59411abf3c9146f68b8ed8cb22e9a
SHA1	13b63be6605212c910e2a2071a8205c8af76e4b8
SHA256	c5a459ac3708111076007dd1162d85b95fda40f79ee5a75e8ffb99470ae6a4d4
SSDeep	3072:decXrOR1w2VqvSWMkxDeyqbc1/qSgT6GpS9POWzZSWhtpzumLb9l/kmsPx/jqO4A:pKRcQGDeMqbGPOQZNrFb9NWbqhIMC
ImpHash	-

C:\Users\FD1HVy\Desktop\AiOUu frck_8v aST-.jpg.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	109.52 KB
MD5	fde937664f7fd931f32ce549bc3f83b7
SHA1	40fd5375cc852402cf4bc85076589d6f7f023f59
SHA256	16e96bc694c208895c59b8ffdf48a1b9a951919cb5aacf05e887f3cbfdd434f0
SSDeep	3072:75c0PdPbB6D8BXjgbMK3+AhHT5+WTCO/V6:9rlPbBI8BTjEvTCOw
ImpHash	-

C:\Users\FD1HVy\Desktop\Ar4fG2MApBt 4lvAco.png.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	49.80 KB
MD5	20ea2bea80df513aa435467124fefc27
SHA1	1e734510d8b798444beb53fb3d758d2453fcf43b
SHA256	847090aba3856cf229a9d10914ba79039347e0135cfdd4a12fc5ab21411513a3
SSDeep	768:OOn1jsKrM9dA7FRunDusjOu9cImbz76J1wmGJ/AiqIPbEYj0sp87eHhg7m/H:Xn1jsLGzuVS+lIdmG/Pb30sppJ/H
ImpHash	-

C:\Users\FD1HVy\Desktop\AtVbHBAbzu.odp.DaVinci

Dropped File

Text

Unknown

»

Mime Type	text/plain
File Size	81.20 KB
MD5	1f7f203bc9d701f644f0587aeb63174f
SHA1	9e91758c80d1feb7d304181ccc1089b37216731c
SHA256	d642364aced7bdecaf18d6cc8e216f5a14196a9dd7ed2b7a2f96339bf8468595
SSDeep	1536:4e4e2+bXCPCA/adT3YoAcAXRPcTB8RI95j0/REsEwdG7Wn:V1X8CdTI9B0n7j0/62As
ImpHash	-

C:\WINDOWS\System32\spp\store\2.0\data.dat

Dropped File

Stream

Unknown

»

Also Known As	C:\WINDOWS\System32\spp\store\2.0\data.dat.bak (Dropped File)
Mime Type	application/octet-stream
File Size	27.16 KB
MD5	124384f966764602b21ce849f4422ae0
SHA1	741d4dc5f06c5019eb5e98bccc46fa78166885b8
SHA256	432ba8f8d5cc90f73ec33d23e79da490c78027119a430817cc85572a4c4ac40a
SSDeep	384:f3tJuNnCBys3Aydgs73WjC6Z71RQ7lF0ARd/m9z/uYCHAlEA26k+fZyzK9sGmCBt:f3fCiyvECjBfSuKMEA2ZMym3lOa
ImpHash	-

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After