Evasive Gootkit Banking Trojan | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Backdoor, Dropper, Spyware, Downloader

6ded37a61962a6a6626bd47adb66f5f73742d8d2125cdff1dc3f932d0a8e5d2e (SHA256)

gootkit_vbs-6ded37a6.vir.vbs

VBScript

Created at 2018-12-13 14:00:00

...

Notifications (2/2)

Code overwrite was observed during this analysis. Note that the analysis results may be affected by this modification by the sample.

The overall sleep time of all monitored processes was truncated from "29 minutes, 45 seconds" to "1 minute, 40 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\Nd9E1FYi\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_0ac90668-b7fb-46d6-80e6-01a947284e18 Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 1.16 KB
MD5 9832b59b183bb6318e62f1385d345c6d Copy to Clipboard
SHA1 54b856a180fb3723403f9aad24ca548de63dc376 Copy to Clipboard
SHA256 bfd60204585f1603ee9faac7c44adb9fcd6fa56b7748f03ecb1a9beaa7c56ea1 Copy to Clipboard
SSDeep 24:WM83yV+ty+qXlIZXxf/DXdQXPZX3X6S+Z+Wz+q:BSy8PilIhNTWPhn6lgDq Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-04-29 10:14 (UTC+2)
Last Seen 2017-10-06 18:19 (UTC+2)
C:\Users\Nd9E1FYi\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_96fb2ebe-5768-403c-8fbc-1b0ef0323733 Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 10.76 KB
MD5 8845f276e426accd51223008b6aed4bf Copy to Clipboard
SHA1 c9fa81aa57e7c32c4bcefd33788967cc3170fe91 Copy to Clipboard
SHA256 72831bc6962c8017ea71abc038a8f60e79976ebaf05d363c80f32c975a55d0d9 Copy to Clipboard
SSDeep 192:8wUOJGqwAf5CBbXuQuxs0B8HX64MnENxUyrTEAsr9jQ0uwm/CgGZYySo0nbSRNNo:8wUOJGqwARCBbXxss0B8364MnENxUyr3 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-05-09 14:28 (UTC+2)
Last Seen 2017-10-07 22:08 (UTC+2)
C:\Users\Nd9E1FYi\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheEntry_41c67784-5a05-4d3a-a346-47e4d3e9d32f Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 1.77 KB
MD5 c9fa9488f8854802c6f5eff3234d8a8a Copy to Clipboard
SHA1 8b9029e83008d74b8c5414a2ef064629a340c9ae Copy to Clipboard
SHA256 12bd362291f72f2c2e7756742b7377549d13d5bf231455d23ef250c5bdf18121 Copy to Clipboard
SSDeep 24:WM83yV+ty+ZcnPZcMGcZcFc7Vc4vcEvcXc6c4ncSZncJ5S+Z+Wz+q:BSy8PiPiMLim64EEEM34cYcJ5lgDq Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2016-05-09 14:28 (UTC+2)
Last Seen 2017-10-07 22:08 (UTC+2)
C:\Users\Nd9E1FYi\AppData\Local\Temp\bwaykzvy.uyx.ps1 Created File Stream
Whitelisted
...
»
Also Known As C:\Users\Nd9E1FYi\AppData\Local\Temp\iiqbe4ps.w2t.psm1 (Created File)
Mime Type application/octet-stream
File Size 0.00 KB
MD5 c4ca4238a0b923820dcc509a6f75849b Copy to Clipboard
SHA1 356a192b7913b04c54574d18c28d46e6395428ab Copy to Clipboard
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Copy to Clipboard
SSDeep 3:U:U Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-06-14 17:40 (UTC+2)
Last Seen 2018-12-04 20:02 (UTC+1)
C:\Users\Nd9E1FYi\AppData\Local\Temp\tmp8C77.tmp Created File Unknown
Whitelisted
...
»
Also Known As C:\Users\Nd9E1FYi\AppData\Local\Temp\SMSvcHost32.exe (Created File)
Mime Type application/x-empty
File Size 0.00 KB
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-05-27 11:27 (UTC+2)
Last Seen 2017-04-19 12:47 (UTC+2)
C:\Users\Nd9E1FYi\Desktop\gootkit_vbs-6ded37a6.vir.vbs Sample File Text
Unknown
...
»
Mime Type text/plain
File Size 114.79 KB
MD5 e5031e1adceac15c5db78da6f4303905 Copy to Clipboard
SHA1 53c7e365d8f55e0b3cf5e958e3b5da05b456a61b Copy to Clipboard
SHA256 6ded37a61962a6a6626bd47adb66f5f73742d8d2125cdff1dc3f932d0a8e5d2e Copy to Clipboard
SSDeep 3072:Dg+cIZ071HOQBVJ7nxCtGcH8C3fVJ9YTT4pIAFxoftxqKudFAV8cw7OJO4:DgVN1HOQjJ7xCtGcH8OP98T4pZxirju+ Copy to Clipboard
c:\users\nd9e1fyi\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 0.12 KB
MD5 637026929ebd81f12ba900b120be2e6c Copy to Clipboard
SHA1 b22c135f30e37e86172e00683cee428feb7ac073 Copy to Clipboard
SHA256 18116a5c09285f02aaa01e297f37ceee97acdbff8035b34c7ccf1de9a449bc61 Copy to Clipboard
SSDeep 3:kTltB:elt Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 19.46 KB
MD5 c9c50ae0691385cfaacd3e92f289bf6b Copy to Clipboard
SHA1 bdb5036049e55bc7f386f70a0fc3ee6250ef0d46 Copy to Clipboard
SHA256 d9184ecb0e61d52465ed927b1c9cacd90c10a57b2a2c82cded2f2f5b811067fd Copy to Clipboard
SSDeep 384:yEsbXrBaxb7k02/0pdIGs+VW6lIZFi7xal0Rxfk2/i4JB9tG+sQRwuA01Jn6ioKA:1F03+oYG Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 19.46 KB
MD5 7f393766e0f6225d98acdb893a5f418c Copy to Clipboard
SHA1 cd052ac4835f207edbbe9e9281e92d87b3b4454b Copy to Clipboard
SHA256 aa53cc5fab633b04729595c31a1e5cfb40f52f9af6721db5483e2c4b3513d8a5 Copy to Clipboard
SSDeep 384:yEsbArBaxb7k02/0pdIGs+VW6lIZFi7xal0Rxfk2/i4JB9tG+sQRwuA01Jn6ioKA:aF03+oYG Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 19.46 KB
MD5 6882238308f271219ef31923f15890df Copy to Clipboard
SHA1 814f24ecd5b95562b2a4704f2ff988ff8737d398 Copy to Clipboard
SHA256 1dc600b2e870db4bc42c23305c50a60810691341e4d951887c66a8e2371977ac Copy to Clipboard
SSDeep 384:yEsbArBxxb7k02/0pdIGs+VW6lZZFi7xal0Rxfk2/i4JB9tG+sQRwuA01Jn6ioKA:5Y03+oYG Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 19.46 KB
MD5 40e29531e81493d6e680e38c3ace3714 Copy to Clipboard
SHA1 ee078721826355eae9ef0e96d476edf307d54046 Copy to Clipboard
SHA256 57b17ab692375358c25c34caf15c1f0b4705a67ea5bedbd852fdec393a40eac0 Copy to Clipboard
SSDeep 384:yEsbArBxxb7k02/0pdIGs+VW6lIZFi7xal0Rxfk2/i4JB9tG+sQRwuA01Jn6ioKA:5F03+oYG Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Temp\SMSvcHost32.inf Created File Unknown
Unknown
...
»
Mime Type application/x-setupscript
File Size 0.27 KB
MD5 f25c271f0546fe0eed669c069bb05704 Copy to Clipboard
SHA1 e521751ce40704cafa5411c91dcb93051b7e5957 Copy to Clipboard
SHA256 8eebfec342b27bbbf07b0d8a98e33c8f30641ee825380cd2720fc1bcac6977ac Copy to Clipboard
SSDeep 6:AkAh+BIHgVooT4WY/fWg6Jmfu43mfuX8Phn23fobAd9:Q+BIASL/fOmf/mfb0o49 Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Temp\SMSvcHost32.inf Created File Unknown
Unknown
...
»
Mime Type application/x-setupscript
File Size 0.29 KB
MD5 43a97b98561250a80a6e4796184a2448 Copy to Clipboard
SHA1 8e4834df9c9cfd7ea8e56ceae3eda919562242d4 Copy to Clipboard
SHA256 0d26b62e32131ff929ff0fe92a4e5f47f7072b3450777ba992d149a20c2d6568 Copy to Clipboard
SSDeep 6:AkAh+BIHgVooT4WY/fWg1HVPABHfdCtHVPABHfnhn23fobAd9:Q+BIASL/frHixfd6Hixfco49 Copy to Clipboard
c:\users\nd9e1fyi\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2172869166-1497266965-2109836178-1000\578c3c4f2234dc4bd77dc4898cd130e8_94f34c22-5cd3-4d50-aa5e-52adff408a05 Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.43 KB
MD5 6a03a546bfb131724e287f21b81ac413 Copy to Clipboard
SHA1 a22a071ae0bfb566db0bdebb864f4f5dc5c22f04 Copy to Clipboard
SHA256 bfc99ece8e979c586d21891d6351f6340b16ec3a26a4e4d61c3e312974dadbf5 Copy to Clipboard
SSDeep 24:ktD4sMUxtUIDUv3ryiBerzELKlM7XUutgB4TZRvITfrIbpnd3+su6+h49QwIlZKJ:ktD4sVxtUIY/ryicijUuQOR6TIbpksuS Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Temp\tmp8C77.tmp Created File Binary
Unknown
...
»
Also Known As C:\Users\Nd9E1FYi\AppData\Local\Temp\SMSvcHost32.exe (Created File)
Mime Type application/x-dosexec
File Size 245.50 KB
MD5 3cf7a348da34fbb5b7a77f49e6219a76 Copy to Clipboard
SHA1 ace28cb17ef956527798c4dc77c50e5559c74cdb Copy to Clipboard
SHA256 1eceed1163da873e4988bd7b232c751a3f7699035e458db2abf8c4483a627409 Copy to Clipboard
SSDeep 6144:22C5kIiyCoHmrokIR7CcGIt11H+9cfKa:2Z5zPGrokIR77FhH+T Copy to Clipboard
ImpHash f0f7dae6b97576ab31c076a04ab91303 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x405000
Size Of Code 0x5e00
Size Of Initialized Data 0x37600
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2015-04-07 23:02:24+00:00
Sections (2)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x5cbf 0x5e00 0x200 mem_execute, mem_read, mem_write 2.31
.xyl 0x407000 0x3759c 0x37600 0x6000 cnt_initialized_data, mem_write 7.79
Imports (5)
»
dsprop.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CrackName 0x0 0x407000 0x3e1a8 0x3d1a8 0x0
CheckADsError 0x0 0x407004 0x3e1ac 0x3d1ac 0x0
FindSheet 0x0 0x407008 0x3e1b0 0x3d1b0 0x0
eappcfg.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EapHostPeerFreeErrorMemory 0x0 0x407010 0x3e1b8 0x3d1b8 0x0
EapHostPeerConfigBlob2Xml 0x0 0x407014 0x3e1bc 0x3d1bc 0x0
kernel32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDateFormatA 0x0 0x40701c 0x3e1c4 0x3d1c4 0x21c
InterlockedIncrement 0x0 0x407020 0x3e1c8 0x3d1c8 0x2ed
FindFirstFileW 0x0 0x407024 0x3e1cc 0x3d1cc 0x134
GetTempPathA 0x0 0x407028 0x3e1d0 0x3d1d0 0x1f2
CopyFileExA 0x0 0x40702c 0x3e1d4 0x3d1d4 0x1a1
CreateProcessA 0x0 0x407030 0x3e1d8 0x3d1d8 0x265
FindClose 0x0 0x407034 0x3e1dc 0x3d1dc 0xad
WriteFile 0x0 0x407038 0x3e1e0 0x3d1e0 0x7f
GetCurrentThread 0x0 0x40703c 0x3e1e4 0x3d1e4 0x1c8
VirtualAllocEx 0x0 0x407040 0x3e1e8 0x3d1e8 0x4b6
GetEnvironmentVariableW 0x0 0x407044 0x3e1ec 0x3d1ec 0x3a0
GetModuleHandleA 0x0 0x407048 0x3e1f0 0x3d1f0 0x218
UpdateResourceA 0x0 0x40704c 0x3e1f4 0x3d1f4 0x160
ReplaceFileA 0x0 0x407050 0x3e1f8 0x3d1f8 0xd5
ReadProcessMemory 0x0 0x407054 0x3e1fc 0x3d1fc 0xcd
FileTimeToLocalFileTime 0x0 0x407058 0x3e200 0x3d200 0x126
SetLastError 0x0 0x40705c 0x3e204 0x3d204 0x4c8
SetErrorMode 0x0 0x407060 0x3e208 0x3d208 0x459
OpenSemaphoreW 0x0 0x407064 0x3e20c 0x3d20c 0x37e
odbctrac.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TraceSQLError 0x0 0x40706c 0x3e214 0x3d214 0x0
TraceSQLBindCol 0x0 0x407070 0x3e218 0x3d218 0x0
advapi32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegDeleteValueW 0x0 0x407078 0x3e220 0x3d220 0x658
RegCreateKeyExA 0x0 0x40707c 0x3e224 0x3d224 0x664
RegRestoreKeyW 0x0 0x407080 0x3e228 0x3d228 0x684
IsValidAcl 0x0 0x407084 0x3e22c 0x3d22c 0x583
RegUnLoadKeyA 0x0 0x407088 0x3e230 0x3d230 0x144
RegOpenKeyW 0x0 0x40708c 0x3e234 0x3d234 0x670
CryptSignHashA 0x0 0x407090 0x3e238 0x3d238 0x67d
IsValidAcl 0x0 0x407094 0x3e23c 0x3d23c 0x641
InitializeAcl 0x0 0x407098 0x3e240 0x3d240 0x662
RegReplaceKeyA 0x0 0x40709c 0x3e244 0x3d244 0x682
RegSaveKeyA 0x0 0x4070a0 0x3e248 0x3d248 0x686
RegLoadKeyW 0x0 0x4070a4 0x3e24c 0x3d24c 0x66a
RegEnumKeyW 0x0 0x4070a8 0x3e250 0x3d250 0x65e
OpenEventLogA 0x0 0x4070ac 0x3e254 0x3d254 0x648
C:\Users\Nd9E1FYi\AppData\Local\Temp\SMSvcHost32.inf Created File Unknown
Unknown
...
»
Mime Type application/x-setupscript
File Size 0.32 KB
MD5 24f141ab1d24504e4ed2a44d2d01d6d4 Copy to Clipboard
SHA1 8f8a7e2dc9a5f24676e6f446fcd8ab56fa892d1b Copy to Clipboard
SHA256 a30f3bbb951c4dff93c903d825d8a1abe70f7a4bdc70e5e1c1f4d942ffc152c0 Copy to Clipboard
SSDeep 6:AkAh+BIHgVooT4WY/fWg50tbI3iU0tbIahn23fobAd9:Q+BIASL/frMuMWo49 Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Temp\SMSvcHost32.exe Created File Binary
Unknown
...
»
Mime Type application/x-dosexec
File Size 233.00 KB
MD5 b976604a3d1b7ad8fd551e834e9403b5 Copy to Clipboard
SHA1 6ac5ccc2b3bd1cffaab41b35b7b70ca42ba7a3da Copy to Clipboard
SHA256 e8c89103d3c1c23f7bad82c61d563d842f796a900ce201953d6339bd2af917eb Copy to Clipboard
SSDeep 6144:wS3Qz86ucBW5wLr9QR9z5b+KNXnE8RAr2WJSfjEi:wSztXw/90zZ+wGq Copy to Clipboard
ImpHash cf08f8362f9233fc35684cc21630969d Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401400
Size Of Code 0x5200
Size Of Initialized Data 0x34e00
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2013-07-12 03:05:39+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.code 0x401000 0x51c6 0x5200 0x400 mem_execute, mem_read 3.97
.tss 0x407000 0x462 0x600 0x5600 mem_read, mem_write 3.54
.fdata 0x408000 0x938 0xa00 0x5c00 mem_read, mem_write 6.16
.rssc 0x409000 0x33cba 0x33e00 0x6600 cnt_initialized_data, mem_read, mem_write 7.99
Imports (3)
»
cmpbk32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PhoneBookFreeFilter 0x0 0x407000 0x70f8 0x56f8 0x0
PhoneBookCopyFilter 0x0 0x407004 0x70fc 0x56fc 0x0
PhoneBookEnumCountries 0x0 0x407008 0x7100 0x5700 0x0
PhoneBookLoad 0x0 0x40700c 0x7104 0x5704 0x0
PhoneBookEnumNumbers 0x0 0x407010 0x7108 0x5708 0x0
user32.dll (11)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadIconA 0x0 0x407018 0x7110 0x5710 0x0
GetMessageW 0x0 0x40701c 0x7114 0x5714 0x0
LoadBitmapW 0x0 0x407020 0x7118 0x5718 0x0
GetClassLongA 0x0 0x407024 0x711c 0x571c 0x0
FindWindowA 0x0 0x407028 0x7120 0x5720 0x0
DrawStateW 0x0 0x40702c 0x7124 0x5724 0x0
FindWindowExA 0x0 0x407030 0x7128 0x5728 0x0
InsertMenuA 0x0 0x407034 0x712c 0x572c 0x0
CreateDesktopA 0x0 0x407038 0x7130 0x5730 0x0
PostMessageW 0x0 0x40703c 0x7134 0x5734 0x0
GetDlgItemTextA 0x0 0x407040 0x7138 0x5738 0x0
kernel32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VirtualProtect 0x0 0x407048 0x7140 0x5740 0x0
GetFileAttributesW 0x0 0x40704c 0x7144 0x5744 0x0
SetErrorMode 0x0 0x407050 0x7148 0x5748 0x0
CreateFileMappingW 0x0 0x407054 0x714c 0x574c 0x0
CreateNamedPipeA 0x0 0x407058 0x7150 0x5750 0x0
FindClose 0x0 0x40705c 0x7154 0x5754 0x0
GetWindowsDirectoryA 0x0 0x407060 0x7158 0x5758 0x0
FileTimeToSystemTime 0x0 0x407064 0x715c 0x575c 0x0
DeleteFileW 0x0 0x407068 0x7160 0x5760 0x0
LoadLibraryW 0x0 0x40706c 0x7164 0x5764 0x0
GetSystemTime 0x0 0x407070 0x7168 0x5768 0x0
GetStartupInfoA 0x0 0x407074 0x716c 0x576c 0x0
OpenJobObjectW 0x0 0x407078 0x7170 0x5770 0x0
OpenEventA 0x0 0x40707c 0x7174 0x5774 0x0
FindNextFileA 0x0 0x407080 0x7178 0x5778 0x0
CreateFileA 0x0 0x407084 0x717c 0x577c 0x0
MoveFileExW 0x0 0x407088 0x7180 0x5780 0x0
OpenSemaphoreA 0x0 0x40708c 0x7184 0x5784 0x0
LoadLibraryA 0x0 0x407090 0x7188 0x5788 0x0
SleepEx 0x0 0x407094 0x718c 0x578c 0x0
GetDateFormatW 0x0 0x407098 0x7190 0x5790 0x0
CreateMutexA 0x0 0x40709c 0x7194 0x5794 0x0
VirtualAlloc 0x0 0x4070a0 0x7198 0x5798 0x0
C:\Users\Nd9E1FYi\AppData\Local\Temp\SMSvcHost32.inf Created File Unknown
Unknown
...
»
Mime Type application/x-setupscript
File Size 0.29 KB
MD5 680bd3adc61ba11360e5237545ded69b Copy to Clipboard
SHA1 17b1b994c7a45fb4ad44f2a76060ee601a7e4ddb Copy to Clipboard
SHA256 3725d719d2f2dba93b0acbabc42be908be71ba742123690f8ea3e6142975a89a Copy to Clipboard
SSDeep 6:AkAh+BIHgVooT4WY/fWg574qShBME/T7SQJ4qShBME/SPhn23fobAd9:Q+BIASL/fsj9eQijVo49 Copy to Clipboard
c:\users\nd9e1fyi\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-2172869166-1497266965-2109836178-1000\578c3c4f2234dc4bd77dc4898cd130e8_94f34c22-5cd3-4d50-aa5e-52adff408a05 Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 0.06 KB
MD5 bf50918b43f55702fab547696cc28996 Copy to Clipboard
SHA1 299df4c707fe72602a3fbf06685efc1a2b1e320b Copy to Clipboard
SHA256 047c651ad317f5883686847ce068b0760bc5334f311009d4e153ef14b940c5bf Copy to Clipboard
SSDeep 3:/lTlaX+QRD1:Oft1 Copy to Clipboard
C:\Users\Nd9E1FYi\AppData\Local\Temp\SMSvcHost32.inf Created File Unknown
Unknown
...
»
Mime Type application/x-setupscript
File Size 0.27 KB
MD5 d63332b5a8254668fbae1255b085775d Copy to Clipboard
SHA1 4e82e31ad4e2eff91feec5f3827ed31168da3ca4 Copy to Clipboard
SHA256 66db29d5f893e6629dacd2a8097643fac25e67f707399b0b72e41506c164886b Copy to Clipboard
SSDeep 6:AkAh+BIHgVooT4WY/fWgJDIQlLJobNDHHAIQlLJobNDjPhn23fobAd9:Q+BIASL/fXJobRneJobRj0o49 Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image