Try VMRay Platform
Malicious
Classifications

Downloader

Threat Names

Trojan.Agent.FYJF Generic.Exploit.Shellcode.RDI.2.2539BF14 Emotet Gen:Variant.Ulise.385083 +1

Dynamic Analysis Report

Created on 2022-10-09T21:21:58+00:00

5Dq6sWcmD.dll.ocx

Windows ActiveX Control (x86-64)
...

Remarks (2/3)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 47 seconds" to "20 seconds" to reveal dormant functionality.

(0x02000005): The operating system was rebooted during the analysis because the sample installed a new system service.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\5Dq6sWcmD.dll.ocx Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDHJ0C~1\Desktop\5Dq6sWcmD.dll.ocx (Accessed File)
C:\Windows\system32\GnynPsiyLKdYjn\GQeyw.dll (Dropped File, Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 548.00 KB
MD5 b232b0df5d369ef0f7597f215c32043a Copy to Clipboard
SHA1 4a4fb865f1243ea1983044337500448e38557af0 Copy to Clipboard
SHA256 19fcf233637e0ca65c4eef3b234d3c79ad1604b524da1b1f292cf7e7dcaf13aa Copy to Clipboard
SSDeep 12288:Zt5888qi2yYmoYa8Zp3C/EogW4cpaxUhNV/b/:Zz7coTg3C/a3cIgJb Copy to Clipboard
ImpHash 089cd79cc1eaac3fa7d34f758db58a4a Copy to Clipboard
Anti Virus Matches (1)
»
Threat Name Verdict
Trojan.Agent.FYJF
Malicious
PE Information
»
Image Base 0x180000000
Entry Point 0x180003040
Size Of Code 0x00012200
Size Of Initialized Data 0x00077C00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2022-06-30 20:21 (UTC+2)
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x180001000 0x00012160 0x00012200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.rdata 0x180014000 0x0000B854 0x0000BA00 0x00012600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.02
.data 0x180020000 0x00002028 0x00001000 0x0001E000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.49
.pdata 0x180023000 0x000013BC 0x00001400 0x0001F000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.09
_RDATA 0x180025000 0x000000FC 0x00000200 0x00020400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.99
.rsrc 0x180026000 0x000680F0 0x00068200 0x00020600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.31
.reloc 0x18008F000 0x0000067C 0x00000800 0x00088800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.93
Imports (5)
»
DWrite.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DWriteCreateFactory - 0x180014000 0x0001EF30 0x0001D530 0x00000000
KERNEL32.dll (73)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VirtualAlloc - 0x180014010 0x0001EF40 0x0001D540 0x000005F1
WriteConsoleW - 0x180014018 0x0001EF48 0x0001D548 0x0000063C
CloseHandle - 0x180014020 0x0001EF50 0x0001D550 0x0000008E
CreateFileW - 0x180014028 0x0001EF58 0x0001D558 0x000000D3
SetFilePointerEx - 0x180014030 0x0001EF60 0x0001D560 0x00000549
GetConsoleMode - 0x180014038 0x0001EF68 0x0001D568 0x0000020E
GetConsoleOutputCP - 0x180014040 0x0001EF70 0x0001D570 0x00000212
WriteFile - 0x180014048 0x0001EF78 0x0001D578 0x0000063D
FlushFileBuffers - 0x180014050 0x0001EF80 0x0001D580 0x000001B1
SetStdHandle - 0x180014058 0x0001EF88 0x0001D588 0x00000572
HeapReAlloc - 0x180014060 0x0001EF90 0x0001D590 0x0000036A
HeapSize - 0x180014068 0x0001EF98 0x0001D598 0x0000036C
RtlCaptureContext - 0x180014070 0x0001EFA0 0x0001D5A0 0x000004E9
RtlLookupFunctionEntry - 0x180014078 0x0001EFA8 0x0001D5A8 0x000004F1
RtlVirtualUnwind - 0x180014080 0x0001EFB0 0x0001D5B0 0x000004F8
UnhandledExceptionFilter - 0x180014088 0x0001EFB8 0x0001D5B8 0x000005D8
SetUnhandledExceptionFilter - 0x180014090 0x0001EFC0 0x0001D5C0 0x00000597
GetCurrentProcess - 0x180014098 0x0001EFC8 0x0001D5C8 0x0000022A
TerminateProcess - 0x1800140A0 0x0001EFD0 0x0001D5D0 0x000005B6
IsProcessorFeaturePresent - 0x1800140A8 0x0001EFD8 0x0001D5D8 0x0000039E
QueryPerformanceCounter - 0x1800140B0 0x0001EFE0 0x0001D5E0 0x00000464
GetCurrentProcessId - 0x1800140B8 0x0001EFE8 0x0001D5E8 0x0000022B
GetCurrentThreadId - 0x1800140C0 0x0001EFF0 0x0001D5F0 0x0000022F
GetSystemTimeAsFileTime - 0x1800140C8 0x0001EFF8 0x0001D5F8 0x00000301
InitializeSListHead - 0x1800140D0 0x0001F000 0x0001D600 0x00000381
IsDebuggerPresent - 0x1800140D8 0x0001F008 0x0001D608 0x00000397
GetStartupInfoW - 0x1800140E0 0x0001F010 0x0001D610 0x000002E8
GetModuleHandleW - 0x1800140E8 0x0001F018 0x0001D618 0x0000028C
RtlUnwindEx - 0x1800140F0 0x0001F020 0x0001D620 0x000004F7
InterlockedFlushSList - 0x1800140F8 0x0001F028 0x0001D628 0x00000385
RtlPcToFileHeader - 0x180014100 0x0001F030 0x0001D630 0x000004F3
RaiseException - 0x180014108 0x0001F038 0x0001D638 0x0000047B
GetLastError - 0x180014110 0x0001F040 0x0001D640 0x00000274
SetLastError - 0x180014118 0x0001F048 0x0001D648 0x00000557
EncodePointer - 0x180014120 0x0001F050 0x0001D650 0x0000013D
EnterCriticalSection - 0x180014128 0x0001F058 0x0001D658 0x00000141
LeaveCriticalSection - 0x180014130 0x0001F060 0x0001D660 0x000003D6
DeleteCriticalSection - 0x180014138 0x0001F068 0x0001D668 0x0000011B
InitializeCriticalSectionAndSpinCount - 0x180014140 0x0001F070 0x0001D670 0x0000037D
TlsAlloc - 0x180014148 0x0001F078 0x0001D678 0x000005C8
TlsGetValue - 0x180014150 0x0001F080 0x0001D680 0x000005CA
TlsSetValue - 0x180014158 0x0001F088 0x0001D688 0x000005CB
TlsFree - 0x180014160 0x0001F090 0x0001D690 0x000005C9
FreeLibrary - 0x180014168 0x0001F098 0x0001D698 0x000001BD
GetProcAddress - 0x180014170 0x0001F0A0 0x0001D6A0 0x000002C4
LoadLibraryExW - 0x180014178 0x0001F0A8 0x0001D6A8 0x000003DC
ExitProcess - 0x180014180 0x0001F0B0 0x0001D6B0 0x00000170
GetModuleHandleExW - 0x180014188 0x0001F0B8 0x0001D6B8 0x0000028B
GetModuleFileNameW - 0x180014190 0x0001F0C0 0x0001D6C0 0x00000288
HeapAlloc - 0x180014198 0x0001F0C8 0x0001D6C8 0x00000363
HeapFree - 0x1800141A0 0x0001F0D0 0x0001D6D0 0x00000367
FindClose - 0x1800141A8 0x0001F0D8 0x0001D6D8 0x00000187
FindFirstFileExW - 0x1800141B0 0x0001F0E0 0x0001D6E0 0x0000018D
FindNextFileW - 0x1800141B8 0x0001F0E8 0x0001D6E8 0x0000019E
IsValidCodePage - 0x1800141C0 0x0001F0F0 0x0001D6F0 0x000003A4
GetACP - 0x1800141C8 0x0001F0F8 0x0001D6F8 0x000001C4
GetOEMCP - 0x1800141D0 0x0001F100 0x0001D700 0x000002AD
GetCPInfo - 0x1800141D8 0x0001F108 0x0001D708 0x000001D3
GetCommandLineA - 0x1800141E0 0x0001F110 0x0001D710 0x000001E8
GetCommandLineW - 0x1800141E8 0x0001F118 0x0001D718 0x000001E9
MultiByteToWideChar - 0x1800141F0 0x0001F120 0x0001D720 0x00000408
WideCharToMultiByte - 0x1800141F8 0x0001F128 0x0001D728 0x00000629
GetEnvironmentStringsW - 0x180014200 0x0001F130 0x0001D730 0x0000024B
FreeEnvironmentStringsW - 0x180014208 0x0001F138 0x0001D738 0x000001BC
FlsAlloc - 0x180014210 0x0001F140 0x0001D740 0x000001AC
FlsGetValue - 0x180014218 0x0001F148 0x0001D748 0x000001AE
FlsSetValue - 0x180014220 0x0001F150 0x0001D750 0x000001AF
FlsFree - 0x180014228 0x0001F158 0x0001D758 0x000001AD
LCMapStringW - 0x180014230 0x0001F160 0x0001D760 0x000003CA
GetProcessHeap - 0x180014238 0x0001F168 0x0001D768 0x000002CB
GetStdHandle - 0x180014240 0x0001F170 0x0001D770 0x000002EA
GetFileType - 0x180014248 0x0001F178 0x0001D778 0x00000262
GetStringTypeW - 0x180014250 0x0001F180 0x0001D780 0x000002EF
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x180014270 0x0001F1A0 0x0001D7A0 0x00000283
ShowWindow - 0x180014278 0x0001F1A8 0x0001D7A8 0x00000392
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW - 0x180014260 0x0001F190 0x0001D790 0x00000150
ole32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitialize - 0x180014288 0x0001F1B8 0x0001D7B8 0x00000060
CoTaskMemFree - 0x180014290 0x0001F1C0 0x0001D7C0 0x0000008C
CoCreateGuid - 0x180014298 0x0001F1C8 0x0001D7C8 0x0000002A
CoCreateInstance - 0x1800142A0 0x0001F1D0 0x0001D7D0 0x0000002B
CreateStreamOnHGlobal - 0x1800142A8 0x0001F1D8 0x0001D7D8 0x000000AC
CoUninitialize - 0x1800142B0 0x0001F1E0 0x0001D7E0 0x00000091
StringFromGUID2 - 0x1800142B8 0x0001F1E8 0x0001D7E8 0x0000020D
CoTaskMemAlloc - 0x1800142C0 0x0001F1F0 0x0001D7F0 0x0000008B
Exports (1)
»
API Name EAT Address Ordinal
DllRegisterServer 0x000019A0 0x00000001
C:\Users\RDHJ0C~1\AppData\Local\Temp\E6FE.tmp Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 2.28 KB
MD5 01e7d64436671e06ec216e897d1bf3e9 Copy to Clipboard
SHA1 01ced0e7f5293bb1e9d185f081980b04104b8fa5 Copy to Clipboard
SHA256 dc8d4e5a70e7afc4b5795af73cabd4f4628077ca739be04da4618341d2b61532 Copy to Clipboard
SSDeep 48:IzX63BA9cpXg/zlQdaZnoFhlq/VZ5PR8ZTe2u:ID6xA96X4zliaZno5q/VZ5p8ZKd Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\D1EE.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\srvsvc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\EBF0.tmp Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image