f9dfdce8...2a74 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

test.exe

Windows Exe (x86-32)

Created at 2019-06-01T18:40:00

...

Remarks (1/1)

(0x2000002): The maximum VM disk space was reached. The analysis was terminated prematurely.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\test.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 351.50 KB
MD5 345d140139d2d11713b06f1cd9a5669e Copy to Clipboard
SHA1 ca3c843964caa54471c136e8fc36bcb3534c1432 Copy to Clipboard
SHA256 f9dfdce85f83d7a416ecc162a9f68643357b1fd10ea29e6b2cd934b967192a74 Copy to Clipboard
SSDeep 6144:kNlHAp8tUArLrLrLfMemq5MmsCdKSXZ/cJlCJ6AWJE9V50DErTNg/ydlb4fQ6wFL:14DmGw6yDKNg6dNoQl+v Copy to Clipboard
ImpHash a18f19bfde6ec917a1a314ee3f6727cd Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2019-05-26 14:42 (UTC+2)
Last Seen 2019-05-30 05:09 (UTC+2)
Names Win32.Trojan.Mbt
Families Mbt
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x420f00
Size Of Code 0x37c00
Size Of Initialized Data 0x1fe00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-05-24 16:35:02+00:00
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x37a92 0x37c00 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.21
.rdata 0x439000 0xf9ea 0xfa00 0x38000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.26
.data 0x449000 0x10380 0x10400 0x47a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.97
Imports (13)
»
USER32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PostQuitMessage 0x0 0x4391f4 0x47e30 0x46e30 0x271
ShutdownBlockReasonCreate 0x0 0x4391f8 0x47e34 0x46e34 0x322
DefWindowProcA 0x0 0x4391fc 0x47e38 0x46e38 0xa0
MessageBoxW 0x0 0x439200 0x47e3c 0x46e3c 0x24d
wsprintfW 0x0 0x439204 0x47e40 0x46e40 0x37b
ShutdownBlockReasonDestroy 0x0 0x439208 0x47e44 0x46e44 0x323
RegisterClassExW 0x0 0x43920c 0x47e48 0x46e48 0x289
CreateWindowExW 0x0 0x439210 0x47e4c 0x46e4c 0x71
DeferWindowPos 0x0 0x439214 0x47e50 0x46e50 0xa2
CloseWindow 0x0 0x439218 0x47e54 0x46e54 0x4f
GetForegroundWindow 0x0 0x43921c 0x47e58 0x46e58 0x143
GetMessageA 0x0 0x439220 0x47e5c 0x46e5c 0x16f
TranslateMessage 0x0 0x439224 0x47e60 0x46e60 0x33f
DispatchMessageA 0x0 0x439228 0x47e64 0x46e64 0xb4
ReleaseDC 0x0 0x43922c 0x47e68 0x46e68 0x2a5
AnimateWindow 0x0 0x439230 0x47e6c 0x46e6c 0x7
AdjustWindowRect 0x0 0x439234 0x47e70 0x46e70 0x2
DestroyWindow 0x0 0x439238 0x47e74 0x46e74 0xad
EnumChildWindows 0x0 0x43923c 0x47e78 0x46e78 0xec
GDI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteObject 0x0 0x439064 0x47ca0 0x46ca0 0x10e
SetPixel 0x0 0x439068 0x47ca4 0x46ca4 0x2f8
SetPaletteEntries 0x0 0x43906c 0x47ca8 0x46ca8 0x2f7
GetDeviceCaps 0x0 0x439070 0x47cac 0x46cac 0x1f6
SelectPalette 0x0 0x439074 0x47cb0 0x46cb0 0x2d5
KERNEL32.dll (77)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LocalAlloc 0x0 0x43907c 0x47cb8 0x46cb8 0x3ae
ReadFile 0x0 0x439080 0x47cbc 0x46cbc 0x44f
CloseHandle 0x0 0x439084 0x47cc0 0x46cc0 0x7f
WriteFile 0x0 0x439088 0x47cc4 0x46cc4 0x5df
DeviceIoControl 0x0 0x43908c 0x47cc8 0x46cc8 0x112
OpenMutexW 0x0 0x439090 0x47ccc 0x46ccc 0x3ea
CreateMutexW 0x0 0x439094 0x47cd0 0x46cd0 0xd1
lstrlenA 0x0 0x439098 0x47cd4 0x46cd4 0x608
GetModuleHandleA 0x0 0x43909c 0x47cd8 0x46cd8 0x264
LoadLibraryA 0x0 0x4390a0 0x47cdc 0x46cdc 0x3a5
lstrcpyA 0x0 0x4390a4 0x47ce0 0x46ce0 0x602
CreateFileW 0x0 0x4390a8 0x47ce4 0x46ce4 0xc2
HeapAlloc 0x0 0x4390ac 0x47ce8 0x46ce8 0x32f
lstrcatA 0x0 0x4390b0 0x47cec 0x46cec 0x5f9
GetProcAddress 0x0 0x4390b4 0x47cf0 0x46cf0 0x29d
GetTickCount 0x0 0x4390b8 0x47cf4 0x46cf4 0x2f2
lstrcatW 0x0 0x4390bc 0x47cf8 0x46cf8 0x5fa
GetLastError 0x0 0x4390c0 0x47cfc 0x46cfc 0x250
ExitProcess 0x0 0x4390c4 0x47d00 0x46d00 0x151
VirtualAlloc 0x0 0x4390c8 0x47d04 0x46d04 0x599
ExitThread 0x0 0x4390cc 0x47d08 0x46d08 0x152
TlsSetValue 0x0 0x4390d0 0x47d0c 0x46d0c 0x574
OutputDebugStringW 0x0 0x4390d4 0x47d10 0x46d10 0x3fa
GetFileSize 0x0 0x4390d8 0x47d14 0x46d14 0x23b
WaitForSingleObject 0x0 0x4390dc 0x47d18 0x46d18 0x5a9
TlsGetValue 0x0 0x4390e0 0x47d1c 0x46d1c 0x573
CreateToolhelp32Snapshot 0x0 0x4390e4 0x47d20 0x46d20 0xf1
Process32FirstW 0x0 0x4390e8 0x47d24 0x46d24 0x40d
Process32NextW 0x0 0x4390ec 0x47d28 0x46d28 0x40f
GetModuleHandleW 0x0 0x4390f0 0x47d2c 0x46d2c 0x267
GetSystemDirectoryW 0x0 0x4390f4 0x47d30 0x46d30 0x2cd
CreateProcessW 0x0 0x4390f8 0x47d34 0x46d34 0xdb
GetShortPathNameW 0x0 0x4390fc 0x47d38 0x46d38 0x2bb
CreateFileA 0x0 0x439100 0x47d3c 0x46d3c 0xba
Sleep 0x0 0x439104 0x47d40 0x46d40 0x550
GetCurrentProcessId 0x0 0x439108 0x47d44 0x46d44 0x20a
VirtualQuery 0x0 0x43910c 0x47d48 0x46d48 0x5a1
VirtualProtect 0x0 0x439110 0x47d4c 0x46d4c 0x59f
IsBadReadPtr 0x0 0x439114 0x47d50 0x46d50 0x35e
FreeLibrary 0x0 0x439118 0x47d54 0x46d54 0x19e
lstrcmpA 0x0 0x43911c 0x47d58 0x46d58 0x5fc
UnmapViewOfFile 0x0 0x439120 0x47d5c 0x46d5c 0x583
lstrcmpiW 0x0 0x439124 0x47d60 0x46d60 0x600
lstrlenW 0x0 0x439128 0x47d64 0x46d64 0x609
lstrcpyW 0x0 0x43912c 0x47d68 0x46d68 0x603
MoveFileExW 0x0 0x439130 0x47d6c 0x46d6c 0x3ca
FindFirstFileW 0x0 0x439134 0x47d70 0x46d70 0x173
lstrcmpW 0x0 0x439138 0x47d74 0x46d74 0x5fd
FindNextFileW 0x0 0x43913c 0x47d78 0x46d78 0x17f
FindClose 0x0 0x439140 0x47d7c 0x46d7c 0x168
CreateThread 0x0 0x439144 0x47d80 0x46d80 0xe8
WaitForMultipleObjects 0x0 0x439148 0x47d84 0x46d84 0x5a7
GetDriveTypeW 0x0 0x43914c 0x47d88 0x46d88 0x21f
GetTickCount64 0x0 0x439150 0x47d8c 0x46d8c 0x2f3
SetThreadExecutionState 0x0 0x439154 0x47d90 0x46d90 0x52c
IsProcessorFeaturePresent 0x0 0x439158 0x47d94 0x46d94 0x36d
SetFilePointerEx 0x0 0x43915c 0x47d98 0x46d98 0x4fc
CreateFileMappingW 0x0 0x439160 0x47d9c 0x46d9c 0xbf
MapViewOfFile 0x0 0x439164 0x47da0 0x46da0 0x3c0
GetCurrentProcess 0x0 0x439168 0x47da4 0x46da4 0x209
LocalFree 0x0 0x43916c 0x47da8 0x46da8 0x3b2
GetUserDefaultUILanguage 0x0 0x439170 0x47dac 0x46dac 0x2ff
InitializeCriticalSection 0x0 0x439174 0x47db0 0x46db0 0x347
DeleteCriticalSection 0x0 0x439178 0x47db4 0x46db4 0x105
SetLastError 0x0 0x43917c 0x47db8 0x46db8 0x50a
EnterCriticalSection 0x0 0x439180 0x47dbc 0x46dbc 0x125
LeaveCriticalSection 0x0 0x439184 0x47dc0 0x46dc0 0x3a2
TerminateThread 0x0 0x439188 0x47dc4 0x46dc4 0x560
GlobalAlloc 0x0 0x43918c 0x47dc8 0x46dc8 0x317
GlobalFree 0x0 0x439190 0x47dcc 0x46dcc 0x31e
Beep 0x0 0x439194 0x47dd0 0x46dd0 0x5d
GetWindowsDirectoryA 0x0 0x439198 0x47dd4 0x46dd4 0x30f
MoveFileExA 0x0 0x43919c 0x47dd8 0x46dd8 0x3c9
GetVersionExA 0x0 0x4391a0 0x47ddc 0x46ddc 0x304
ExpandEnvironmentStringsW 0x0 0x4391a4 0x47de0 0x46de0 0x155
VirtualFree 0x0 0x4391a8 0x47de4 0x46de4 0x59c
GetFileSizeEx 0x0 0x4391ac 0x47de8 0x46de8 0x23c
ADVAPI32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LsaClose 0x0 0x439000 0x47c3c 0x46c3c 0x1b3
CryptGenRandom 0x0 0x439004 0x47c40 0x46c40 0xd1
LsaCreateTrustedDomainEx 0x0 0x439008 0x47c44 0x46c44 0x1b7
LsaFreeMemory 0x0 0x43900c 0x47c48 0x46c48 0x1c1
CryptDecrypt 0x0 0x439010 0x47c4c 0x46c4c 0xc4
CryptEncrypt 0x0 0x439014 0x47c50 0x46c50 0xca
CryptImportKey 0x0 0x439018 0x47c54 0x46c54 0xda
GetSidSubAuthority 0x0 0x43901c 0x47c58 0x46c58 0x16b
GetSidSubAuthorityCount 0x0 0x439020 0x47c5c 0x46c5c 0x16c
CryptReleaseContext 0x0 0x439024 0x47c60 0x46c60 0xdb
CryptDestroyKey 0x0 0x439028 0x47c64 0x46c64 0xc7
CryptExportKey 0x0 0x43902c 0x47c68 0x46c68 0xcf
CryptGenKey 0x0 0x439030 0x47c6c 0x46c6c 0xd0
CryptAcquireContextW 0x0 0x439034 0x47c70 0x46c70 0xc1
LookupAccountSidW 0x0 0x439038 0x47c74 0x46c74 0x1a7
LsaQueryTrustedDomainInfo 0x0 0x43903c 0x47c78 0x46c78 0x1e1
EncryptionDisable 0x0 0x439040 0x47c7c 0x46c7c 0x10b
EqualDomainSid 0x0 0x439044 0x47c80 0x46c80 0x116
AreAllAccessesGranted 0x0 0x439048 0x47c84 0x46c84 0x22
InitializeSecurityDescriptor 0x0 0x43904c 0x47c88 0x46c88 0x18d
LsaAddAccountRights 0x0 0x439050 0x47c8c 0x46c8c 0x1b0
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteExW 0x0 0x4391d4 0x47e10 0x46e10 0x136
SHGetFolderPathW 0x0 0x4391d8 0x47e14 0x46e14 0xd2
Secur32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LsaConnectUntrusted 0x0 0x4391ec 0x47e28 0x46e28 0x26
NETAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DsRoleFreeMemory 0x0 0x4391c8 0x47e04 0x46e04 0x1d
DsRoleGetPrimaryDomainInformation 0x0 0x4391cc 0x47e08 0x46e08 0x1e
SHLWAPI.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrStrW 0x0 0x4391e0 0x47e1c 0x46e1c 0x152
StrToIntA 0x0 0x4391e4 0x47e20 0x46e20 0x155
MPR.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetCloseEnum 0x0 0x4391b4 0x47df0 0x46df0 0x17
WNetAddConnection2W 0x0 0x4391b8 0x47df4 0x46df4 0xd
WNetEnumResourceW 0x0 0x4391bc 0x47df8 0x46df8 0x23
WNetOpenEnumW 0x0 0x4391c0 0x47dfc 0x46dfc 0x44
WS2_32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSAGetLastError 0x6f 0x439268 0x47ea4 0x46ea4 -
shutdown 0x16 0x43926c 0x47ea8 0x46ea8 -
closesocket 0x3 0x439270 0x47eac 0x46eac -
connect 0x4 0x439274 0x47eb0 0x46eb0 -
htons 0x9 0x439278 0x47eb4 0x46eb4 -
inet_pton 0x0 0x43927c 0x47eb8 0x46eb8 0xa7
inet_addr 0xb 0x439280 0x47ebc 0x46ebc -
WSACleanup 0x74 0x439284 0x47ec0 0x46ec0 -
socket 0x17 0x439288 0x47ec4 0x46ec4 -
WSAStartup 0x73 0x43928c 0x47ec8 0x46ec8 -
inet_ntoa 0xc 0x439290 0x47ecc 0x46ecc -
gethostbyname 0x34 0x439294 0x47ed0 0x46ed0 -
recv 0x10 0x439298 0x47ed4 0x46ed4 -
send 0x13 0x43929c 0x47ed8 0x46ed8 -
WININET.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HttpOpenRequestA 0x0 0x439244 0x47e80 0x46e80 0x75
InternetReadFile 0x0 0x439248 0x47e84 0x46e84 0xca
InternetCloseHandle 0x0 0x43924c 0x47e88 0x46e88 0x92
HttpQueryInfoA 0x0 0x439250 0x47e8c 0x46e8c 0x7a
HttpSendRequestA 0x0 0x439254 0x47e90 0x46e90 0x7c
InternetConnectA 0x0 0x439258 0x47e94 0x46e94 0x98
InternetCrackUrlA 0x0 0x43925c 0x47e98 0x46e98 0x9a
InternetOpenA 0x0 0x439260 0x47e9c 0x46e9c 0xc2
CRYPT32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptBinaryToStringA 0x0 0x439058 0x47c94 0x46c94 0x7d
CryptStringToBinaryA 0x0 0x43905c 0x47c98 0x46c98 0xe2
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance 0x0 0x4392a4 0x47ee0 0x46ee0 0x1a
CoInitializeEx 0x0 0x4392a8 0x47ee4 0x46ee4 0x50
CoUninitialize 0x0 0x4392ac 0x47ee8 0x46ee8 0x7f
Memory Dumps (1)
»
Name Process ID Start VA End VA Dump Reason PE Rebuilds Bitness Entry Points AV YARA Actions
test.exe 1 0x00400000 0x00459FFF Relevant Image - 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Heur.Ransom.Imps.1
Malicious
C:\Boot\BOOTSTAT.DAT Modified File Stream
Unknown
...
»
Also Known As C:\Boot\BOOTSTAT.DAT.R0GsRvs (Dropped File)
Mime Type application/octet-stream
File Size 64.26 KB
MD5 9d608e3d8417eb7c56907762c7405cfe Copy to Clipboard
SHA1 52578de1ff4b1714c9ecf46ec6bd3265b448ed55 Copy to Clipboard
SHA256 a56c3573e909ddf3620abce358b38ae1acfdd69d21130f39a2e5b6862f344dbb Copy to Clipboard
SSDeep 1536:2UqgOrNWMHTJxQ+jnatw5mLk4AS3rGg6R6KDX2:ygOrU2TJxQnQmLX3r88Kb2 Copy to Clipboard
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi Modified File Stream
Unknown
...
»
Also Known As C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.XvZHI (Dropped File)
Mime Type application/octet-stream
File Size 3.02 MB
MD5 6c8cd304002ba6bd422c58e306fde103 Copy to Clipboard
SHA1 5a04bebd2b4993a53649095546831170c963d01f Copy to Clipboard
SHA256 2d8fd83fc4f4c5770c4176b143df31f83d5b5d07612fc0710dcc61e70504ee21 Copy to Clipboard
SSDeep 98304:95GoTKOQ7MgTjyYpjkRtrLSm9JD34TFDgU9mj:jrUTjRk791iF0UIj Copy to Clipboard
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim Modified File Stream
Unknown
...
»
Also Known As C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.9emKr (Dropped File)
Mime Type application/octet-stream
File Size 161.38 MB
MD5 e8a7823ba628d4c3b2dc7196fbf058bc Copy to Clipboard
SHA1 c7eee2c21342743a59ee335ff525330f4d273410 Copy to Clipboard
SHA256 364d5b08ed141e2cea519babf72a77285bba657d18bd2374db55bbd779d77b45 Copy to Clipboard
SSDeep 196608:xlp6UMEbiZG5ygm8j3k0EHZWbVFmvVYyyZvOXWBEY+1BVQ:x+UMaigoX8zY5bVSv0YEBVQ Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeCMapFnt10.lst.wHLcdW (Dropped File)
Mime Type application/octet-stream
File Size 34.55 KB
MD5 89de74772f8f5ca07afd7230d0f39b35 Copy to Clipboard
SHA1 a5b1fb84fe00d72e5d593e880d112b1f84a47fa1 Copy to Clipboard
SHA256 a6deb72e8ac69b7dde46ad14a75dae91c571ceb13de49286772ce8bb28598f4a Copy to Clipboard
SSDeep 768:B8uH1ZA7F5PgA7ao8MsLVqD8O0K/vmi53D5iEAGkVL21LFP+fE:yG/M5PgAeooLVqdur9VLSFms Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\AdobeSysFnt10.lst.34tSh1K (Dropped File)
Mime Type application/octet-stream
File Size 135.47 KB
MD5 e0b7853f83dbdb26816e9bde97bfeefc Copy to Clipboard
SHA1 71ddd74cab13a317877090dfa3ae4c53b49e5a32 Copy to Clipboard
SHA256 2db74a478b1f475b3a2ec965a9bf0a7ebd968d1a4189e124f04940865a8a2622 Copy to Clipboard
SSDeep 3072:7ZnFaqG0actu95eRZtg5FtXtnHd3PdAzG4zZ0BH5dTRiuxLqQn4M:RFaqGhKA5C+dnHd94NgH5BxLqlM Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\AcroFnt10.lst.iHt9 (Dropped File)
Mime Type application/octet-stream
File Size 52.20 KB
MD5 ac013e7d8d6ca0f301f387c10eba509d Copy to Clipboard
SHA1 9668c981fb918a5333829c256d85aa645507d7b1 Copy to Clipboard
SHA256 38a991403d5a297dac40971538baf4d9d86ca10ea84494735e86a2b115863ef5 Copy to Clipboard
SSDeep 1536:qJB424/1d7gbOq4Eegs85FkSYxxUgtjiMgidCRCJYRDt:KB44bj4gwogz8VRh Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\SharedDataEvents.6PFi (Dropped File)
Mime Type application/octet-stream
File Size 5.26 KB
MD5 bd95c89d91ebc03b4d088b6cdfbc867c Copy to Clipboard
SHA1 adbc196503e040d5f9641cf83d7cd09e67864014 Copy to Clipboard
SHA256 a0277c7ca4ed3e13dedc950b6041c098cc8d8b5302e8ad8c25dc49b4495a8ad6 Copy to Clipboard
SSDeep 96:soMHwaw9ZFoBV2N20l3LtdSoVvlsThwVyUOCaRpMzrQC8DdoXPpgLIiz2Z5E:soMHEFoBANDVZMesTh4yUOPvMzrz8Dd5 Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin Modified File Stream
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\UserCache.bin.KH4Dw9W (Dropped File)
Mime Type application/octet-stream
File Size 75.92 KB
MD5 8e9a56be470565a4c272341041e708fa Copy to Clipboard
SHA1 ecffc9227c20121ec401661afcc7b76d6bd9dd8f Copy to Clipboard
SHA256 eed9af6b4e4ae888c60631707c1b65f21a06f4561ce25fb342daa8ac32334fa3 Copy to Clipboard
SSDeep 1536:dmsdtkU2OS8u5mh8MS6EjLoTTPFBWBF7UKxvZ87+nCTh51/1HP9om+EwuYD:dTtaOS8uUhvS6woTz+BF7RxvAgC3OmO7 Copy to Clipboard
C:\\DECRYPT-FILES.html Dropped File Text
Unknown
...
»
Also Known As C:\$Recycle.Bin\\DECRYPT-FILES.html (Dropped File)
C:\$Recycle.Bin\S-1-5-21-3388679973-3930757225-3770151564-1000\\DECRYPT-FILES.html (Dropped File)
C:\Boot\\DECRYPT-FILES.html (Dropped File)
C:\Boot\cs-CZ\\DECRYPT-FILES.html (Dropped File)
C:\Boot\da-DK\\DECRYPT-FILES.html (Dropped File)
C:\Boot\de-DE\\DECRYPT-FILES.html (Dropped File)
C:\Boot\el-GR\\DECRYPT-FILES.html (Dropped File)
C:\Boot\en-US\\DECRYPT-FILES.html (Dropped File)
C:\Boot\es-ES\\DECRYPT-FILES.html (Dropped File)
C:\Boot\fi-FI\\DECRYPT-FILES.html (Dropped File)
C:\Boot\Fonts\\DECRYPT-FILES.html (Dropped File)
C:\Boot\fr-FR\\DECRYPT-FILES.html (Dropped File)
C:\Boot\hu-HU\\DECRYPT-FILES.html (Dropped File)
C:\Boot\it-IT\\DECRYPT-FILES.html (Dropped File)
C:\Boot\ja-JP\\DECRYPT-FILES.html (Dropped File)
C:\Boot\ko-KR\\DECRYPT-FILES.html (Dropped File)
C:\Boot\nb-NO\\DECRYPT-FILES.html (Dropped File)
C:\Boot\nl-NL\\DECRYPT-FILES.html (Dropped File)
C:\Boot\pl-PL\\DECRYPT-FILES.html (Dropped File)
C:\Boot\pt-BR\\DECRYPT-FILES.html (Dropped File)
C:\Boot\pt-PT\\DECRYPT-FILES.html (Dropped File)
C:\Boot\ru-RU\\DECRYPT-FILES.html (Dropped File)
C:\Boot\sv-SE\\DECRYPT-FILES.html (Dropped File)
C:\Boot\tr-TR\\DECRYPT-FILES.html (Dropped File)
C:\Boot\zh-CN\\DECRYPT-FILES.html (Dropped File)
C:\Boot\zh-HK\\DECRYPT-FILES.html (Dropped File)
C:\Boot\zh-TW\\DECRYPT-FILES.html (Dropped File)
C:\Config.Msi\\DECRYPT-FILES.html (Dropped File)
C:\Users\\DECRYPT-FILES.html (Dropped File)
C:\MSOCache\\DECRYPT-FILES.html (Dropped File)
C:\PerfLogs\\DECRYPT-FILES.html (Dropped File)
C:\PerfLogs\Admin\\DECRYPT-FILES.html (Dropped File)
C:\Recovery\\DECRYPT-FILES.html (Dropped File)
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\\DECRYPT-FILES.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\\DECRYPT-FILES.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\\DECRYPT-FILES.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\\DECRYPT-FILES.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\\DECRYPT-FILES.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\\DECRYPT-FILES.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\\DECRYPT-FILES.html (Dropped File)
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Adobe\Acrobat\10.0\Cache\\DECRYPT-FILES.html (Dropped File)
Mime Type text/html
File Size 6.43 KB
MD5 531773e2468abe0925223914e6e95d8b Copy to Clipboard
SHA1 844f9b65e1caf41f014d3fc7393ccf33d9a39c01 Copy to Clipboard
SHA256 ef84cd16c1f38d0749e5060286d624f75819940c34043e2cc3050756dbd596cd Copy to Clipboard
SSDeep 96:z2dMHJdgvOYEHdwLH+66GU2ZClg1D6A0Fl9B89HN2K3zaKo4W:sGwuHdwLH+DGURg1JAl9CHhur9 Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image