Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

Trojan.GenericKDZ.75562

Dynamic Analysis Report

Created on 2021-09-28T10:36:00

ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033.exe.dll

Windows DLL (x86-64)
...

Remarks (2/2)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 23 seconds" to "86.0 milliseconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033.exe.dll Sample File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.06 MB
MD5 c50f692a715db805e68e9655ff6a9ab2 Copy to Clipboard
SHA1 229b257301ed99d518364afd22c4276daa5b3d20 Copy to Clipboard
SHA256 ff3aa75e4d4637599d3e97fb8b42ce8a1254425f856671ae56377df2676b1033 Copy to Clipboard
SSDeep 12288:4dMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:SMIJxSDX3bqjhcfHk7MzH6z Copy to Clipboard
ImpHash c6b4c2eec8a93016c63563421e15f011 Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKDZ.75562
malicious
PE Information
»
Image Base 0x140000000
Entry Point 0x140078760
Size Of Code 0x7c000
Size Of Initialized Data 0x92000
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2021-05-26 06:36:52+00:00
Version Information (8)
»
CompanyName NirSoft
FileDescription ProduKey
FileVersion 9.74
InternalName TeltwFoo
LegalCopyright Copyright © 2005 - 2009 Nir Sofer
OriginalFilename TeltwFoo.exe
ProductName TeltwFoo
ProductVersion 9.74
Sections (28)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x7bb10 0x7c000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.85
.rdata 0x14007d000 0xc210 0xd000 0x7d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.62
.data 0x14008a000 0xd218 0xe000 0x8a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.89
.pdata 0x140098000 0x138 0x1000 0x98000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.59
.rsrc 0x140099000 0x2f98 0x3000 0x99000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.74
.reloc 0x14009c000 0x244 0x1000 0x9c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 1.24
- 0x14009d000 0x6cd0 0x7000 0x9d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a4000 0x1f2a 0x2000 0xa4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a6000 0x13e 0x1000 0xa6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a7000 0x6cd0 0x7000 0xa7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400ae000 0x7fd 0x1000 0xae000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400af000 0x13e 0x1000 0xaf000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b0000 0x1f7 0x1000 0xb0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b1000 0x23b 0x1000 0xb1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b2000 0x1278 0x2000 0xb2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b4000 0x13e 0x1000 0xb4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b5000 0x9cd 0x1000 0xb5000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b6000 0x1124 0x2000 0xb6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b8000 0x23b 0x1000 0xb8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b9000 0x896 0x1000 0xb9000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400ba000 0x6cd0 0x7000 0xba000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c1000 0x13e 0x1000 0xc1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c2000 0x1af 0x1000 0xc2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c3000 0x45174 0x46000 0xc3000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x140109000 0x197d 0x2000 0x109000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010b000 0x197d 0x2000 0x10b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010d000 0x1ee 0x1000 0x10d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010e000 0x36d 0x1000 0x10e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.67
Imports (1)
»
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptImportPublicKeyInfo - 0x14007d000 0x891d8 0x891d8 0xa1
Exports (24)
»
Api name EAT Address Ordinal
CheckDriverSoftwareDependenciesSatisfied 0x296ac 0x1
DeviceInternetSettingUiW 0x4a758 0x2
DiInstallDevice 0x6f114 0x3
DiInstallDriverA 0x97c8 0x4
DiInstallDriverW 0x430c8 0x5
DiRollbackDriver 0x46938 0x6
DiShowUpdateDevice 0xd420 0x7
DiShowUpdateDriver 0x43b6c 0x8
DiUninstallDevice 0x2b514 0x9
DiUninstallDriverA 0x1b7c0 0xa
DiUninstallDriverW 0x59c8c 0xb
GetInternetPolicies 0x4b8a4 0xc
InstallNewDevice 0x38e68 0xd
InstallSelectedDriver 0x45cac 0xe
InstallWindowsUpdateDriver 0x2e854 0xf
InstallWindowsUpdateDriverEx 0x5c290 0x10
InstallWindowsUpdateDrivers 0x116a8 0x11
QueryWindowsUpdateDriverStatus 0x782d0 0x12
SetInternetPolicies 0x2bb64 0x13
UpdateDriverForPlugAndPlayDevicesA 0x5c30 0x14
UpdateDriverForPlugAndPlayDevicesW 0x558a0 0x15
pDiDoDeviceInstallAsAdmin 0x4f77c 0x16
pDiDoNullDriverInstall 0x52f18 0x17
pDiRunFinishInstallOperations 0x669bc 0x18
C:\Users\RDhJ0CNFevzX\AppData\Local\YFh\VERSION.dll Dropped File Binary
malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Internet Explorer\UserData\VE05r\VERSION.dll (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 1.06 MB
MD5 77a540951d1c479561933d2005078f17 Copy to Clipboard
SHA1 c4cb4ba4a3429b9ff41df06b5a173c6d46213efa Copy to Clipboard
SHA256 20c6936caa6a742435ff7f5dcc3b1cf62036fbcec0cea9024ea10aa86fdcd62a Copy to Clipboard
SSDeep 12288:0dMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:2MIJxSDX3bqjhcfHk7MzH6z Copy to Clipboard
ImpHash c6b4c2eec8a93016c63563421e15f011 Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKDZ.75562
malicious
PE Information
»
Image Base 0x140000000
Entry Point 0x140078760
Size Of Code 0x7c000
Size Of Initialized Data 0x93000
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2021-05-26 06:36:52+00:00
Version Information (8)
»
CompanyName NirSoft
FileDescription ProduKey
FileVersion 9.74
InternalName TeltwFoo
LegalCopyright Copyright © 2005 - 2009 Nir Sofer
OriginalFilename TeltwFoo.exe
ProductName TeltwFoo
ProductVersion 9.74
Sections (29)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x7bb10 0x7c000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.85
.rdata 0x14007d000 0xc210 0xd000 0x7d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.62
.data 0x14008a000 0xd218 0xe000 0x8a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.89
.pdata 0x140098000 0x138 0x1000 0x98000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.59
.rsrc 0x140099000 0x2f98 0x3000 0x99000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.74
.reloc 0x14009c000 0x244 0x1000 0x9c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 1.24
- 0x14009d000 0x6cd0 0x7000 0x9d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a4000 0x1f2a 0x2000 0xa4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a6000 0x13e 0x1000 0xa6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a7000 0x6cd0 0x7000 0xa7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400ae000 0x7fd 0x1000 0xae000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400af000 0x13e 0x1000 0xaf000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b0000 0x1f7 0x1000 0xb0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b1000 0x23b 0x1000 0xb1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b2000 0x1278 0x2000 0xb2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b4000 0x13e 0x1000 0xb4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b5000 0x9cd 0x1000 0xb5000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b6000 0x1124 0x2000 0xb6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b8000 0x23b 0x1000 0xb8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b9000 0x896 0x1000 0xb9000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400ba000 0x6cd0 0x7000 0xba000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c1000 0x13e 0x1000 0xc1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c2000 0x1af 0x1000 0xc2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c3000 0x45174 0x46000 0xc3000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x140109000 0x197d 0x2000 0x109000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010b000 0x197d 0x2000 0x10b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010d000 0x1ee 0x1000 0x10d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010e000 0x36d 0x1000 0x10e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010f000 0x23b 0x1000 0x10f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.12
Imports (1)
»
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptImportPublicKeyInfo - 0x14007d000 0x891d8 0x891d8 0xa1
Exports (17)
»
Api name EAT Address Ordinal
GetFileVersionInfoA 0x1dc8c 0x1
GetFileVersionInfoByHandle 0x28d9c 0x2
GetFileVersionInfoExA 0x259d4 0x3
GetFileVersionInfoExW 0x41fdc 0x4
GetFileVersionInfoSizeA 0x3fe80 0x5
GetFileVersionInfoSizeExA 0xfe64 0x6
GetFileVersionInfoSizeExW 0x64a9c 0x7
GetFileVersionInfoSizeW 0x3d290 0x8
GetFileVersionInfoW 0x2357c 0x9
VerFindFileA 0x767d4 0xa
VerFindFileW 0x6eb4 0xb
VerInstallFileA 0xd0d8 0xc
VerInstallFileW 0x2f428 0xd
VerLanguageNameA 0x7021c 0xe
VerLanguageNameW 0x23f30 0xf
VerQueryValueA 0x4634c 0x10
VerQueryValueW 0x7a508 0x11
C:\Users\RDhJ0CNFevzX\AppData\Local\cVf9G\FVEWIZ.dll Dropped File Binary
malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.06 MB
MD5 b843d5c4c510b4b577d2222216111b77 Copy to Clipboard
SHA1 db6c5b1e461d020d687163e8c04bc6f9c64bec4e Copy to Clipboard
SHA256 6d629a44acf0a5dc1bca33fb840b888f441b697a7e44e648913ff6d62ca2f285 Copy to Clipboard
SSDeep 12288:YdMIwS97wJs6tSKDXEabXaC+jhc1S8XXk7CZzHsZH9dq0T:yMIJxSDX3bqjhcfHk7MzH6z Copy to Clipboard
ImpHash c6b4c2eec8a93016c63563421e15f011 Copy to Clipboard
AV Matches (1)
»
Threat Name Verdict
Trojan.GenericKDZ.75562
malicious
PE Information
»
Image Base 0x140000000
Entry Point 0x140078760
Size Of Code 0x7c000
Size Of Initialized Data 0x93000
File Type FileType.dll
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2021-05-26 06:36:52+00:00
Version Information (8)
»
CompanyName NirSoft
FileDescription ProduKey
FileVersion 9.74
InternalName TeltwFoo
LegalCopyright Copyright © 2005 - 2009 Nir Sofer
OriginalFilename TeltwFoo.exe
ProductName TeltwFoo
ProductVersion 9.74
Sections (29)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x7bb10 0x7c000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.85
.rdata 0x14007d000 0xc210 0xd000 0x7d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.62
.data 0x14008a000 0xd218 0xe000 0x8a000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.89
.pdata 0x140098000 0x138 0x1000 0x98000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.59
.rsrc 0x140099000 0x2f98 0x3000 0x99000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.74
.reloc 0x14009c000 0x244 0x1000 0x9c000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 1.24
- 0x14009d000 0x6cd0 0x7000 0x9d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a4000 0x1f2a 0x2000 0xa4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a6000 0x13e 0x1000 0xa6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400a7000 0x6cd0 0x7000 0xa7000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400ae000 0x7fd 0x1000 0xae000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400af000 0x13e 0x1000 0xaf000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b0000 0x1f7 0x1000 0xb0000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b1000 0x23b 0x1000 0xb1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b2000 0x1278 0x2000 0xb2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b4000 0x13e 0x1000 0xb4000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b5000 0x9cd 0x1000 0xb5000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b6000 0x1124 0x2000 0xb6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b8000 0x23b 0x1000 0xb8000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400b9000 0x896 0x1000 0xb9000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400ba000 0x6cd0 0x7000 0xba000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c1000 0x13e 0x1000 0xc1000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c2000 0x1af 0x1000 0xc2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x1400c3000 0x45174 0x46000 0xc3000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x140109000 0x197d 0x2000 0x109000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010b000 0x197d 0x2000 0x10b000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010d000 0x1ee 0x1000 0x10d000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010e000 0x36d 0x1000 0x10e000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
- 0x14010f000 0x82b 0x1000 0x10f000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.61
Imports (1)
»
CRYPT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptImportPublicKeyInfo - 0x14007d000 0x891d8 0x891d8 0xa1
Exports (40)
»
Api name EAT Address Ordinal
??0VolumeFveStatus@@IEAA@XZ 0x60920 0x1
??0VolumeFveStatus@@QEAA@K_KJW4_FVE_WIPING_STATE@@@Z 0xdca8 0x2
??4BuiVolume@@QEAAAEAV0@AEBV0@@Z 0x78078 0x3
??4VolumeFveStatus@@QEAAAEAV0@AEBV0@@Z 0xf394 0x4
?FailedDryRun@VolumeFveStatus@@QEBA_NXZ 0x74a94 0x5
?GetExtendedFlags@VolumeFveStatus@@QEBA_KXZ 0x4b79c 0x6
?GetLastConvertStatus@VolumeFveStatus@@QEBAJXZ 0x3341c 0x7
?GetStatusFlags@VolumeFveStatus@@QEBAKXZ 0x6b3f8 0x8
?HasExternalKey@VolumeFveStatus@@QEBA_NXZ 0x77050 0x9
?HasPBKDF2RecoveryPassword@VolumeFveStatus@@QEBA_NXZ 0xcc14 0xa
?HasPassphraseProtector@VolumeFveStatus@@QEBA_NXZ 0x749e4 0xb
?HasPinProtector@VolumeFveStatus@@QEBA_NXZ 0x2120 0xc
?HasRecoveryData@VolumeFveStatus@@QEBA_NXZ 0x43764 0xd
?HasRecoveryPassword@VolumeFveStatus@@QEBA_NXZ 0x3c1f4 0xe
?HasSmartCardProtector@VolumeFveStatus@@QEBA_NXZ 0x2421c 0xf
?HasStartupKeyProtector@VolumeFveStatus@@QEBA_NXZ 0x46ec0 0x10
?HasTpmProtector@VolumeFveStatus@@QEBA_NXZ 0x15e38 0x11
?IsConverting@VolumeFveStatus@@QEBA_NXZ 0x7246c 0x12
?IsCsvMetadataVolume@VolumeFveStatus@@QEBA_NXZ 0x5daf4 0x13
?IsDEAutoProvisioned@VolumeFveStatus@@QEBA_NXZ 0x56bec 0x14
?IsDecrypted@VolumeFveStatus@@QEBA_NXZ 0x6270 0x15
?IsDecrypting@VolumeFveStatus@@QEBA_NXZ 0x699e8 0x16
?IsDisabled@VolumeFveStatus@@QEBA_NXZ 0x1c174 0x17
?IsEDriveVolume@VolumeFveStatus@@QEBA_NXZ 0x4c88c 0x18
?IsEncrypted@VolumeFveStatus@@QEBA_NXZ 0x6e6bc 0x19
?IsEncrypting@VolumeFveStatus@@QEBA_NXZ 0xf6e4 0x1a
?IsLocked@VolumeFveStatus@@QEBA_NXZ 0x663d0 0x1b
?IsOn@VolumeFveStatus@@QEBA_NXZ 0x140bc 0x1c
?IsOsVolume@VolumeFveStatus@@QEBA_NXZ 0x100d0 0x1d
?IsPartiallyConverted@VolumeFveStatus@@QEBA_NXZ 0x5de70 0x1e
?IsPaused@VolumeFveStatus@@QEBA_NXZ 0x24e4 0x1f
?IsPreProvisioned@VolumeFveStatus@@QEBA_NXZ 0x3aa98 0x20
?IsRoamingDevice@VolumeFveStatus@@QEBA_NXZ 0x31cfc 0x21
?IsSecure@VolumeFveStatus@@QEBA_NXZ 0x6fcc0 0x22
?IsUnknownFveVersion@VolumeFveStatus@@QEBA_NXZ 0x5cf4c 0x23
?IsWiping@VolumeFveStatus@@QEBA_NXZ 0x25c80 0x24
?NO_DRIVE_LETTER@BuiVolume@@2IB 0x2be5c 0x25
?NeedsRestart@VolumeFveStatus@@QEBA_NXZ 0x4eb0 0x26
FveuiWizard 0x3a864 0x27
FveuipClearFveWizOnStartup 0x57d58 0x28
C:\Users\RDhJ0CNFevzX\AppData\Local\YFh\dvdupgrd.exe Dropped File Binary
suspicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\Microsoft\Internet Explorer\UserData\VE05r\dvdupgrd.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 27.50 KB
MD5 42cd88829d27f2691fccd0ef37b3205e Copy to Clipboard
SHA1 f213c01b65107c1f1182b9cad2bd67922f3b1e69 Copy to Clipboard
SHA256 dd5da1c14bc303e137338330c6871c6a5ae013a472c0d29f9158e244aea50f2b Copy to Clipboard
SSDeep 768:HEfMp9oYEFJ+YhWBUYss3JFf5AvGdxd4K:D/obJ+FxnJFfyvGdxd4K Copy to Clipboard
ImpHash 3e0388eebab18a17843d076f986ed08c Copy to Clipboard
PE Information
»
Image Base 0x140000000
Entry Point 0x140003cf0
Size Of Code 0x3800
Size Of Initialized Data 0x3600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2015-10-30 02:37:00+00:00
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription DVDUpgrd
FileVersion 10.0.10586.0 (th2_release.151029-1700)
InternalName DVDUpgrd
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename DVDUpgrd.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.10586.0
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x3660 0x3800 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.01
.rdata 0x140005000 0x2082 0x2200 0x3c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.18
.data 0x140008000 0x600 0x200 0x5e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.3
.pdata 0x140009000 0x2a0 0x400 0x6000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.03
.rsrc 0x14000a000 0x7e8 0x800 0x6400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.33
.reloc 0x14000b000 0x20 0x200 0x6c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.43
Imports (15)
»
ADVAPI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AllocateAndInitializeSid - 0x140005000 0x66c8 0x52c8 0x20
CheckTokenMembership - 0x140005008 0x66d0 0x52d0 0x5f
RegSetValueExA - 0x140005010 0x66d8 0x52d8 0x2a5
RegQueryValueExA - 0x140005018 0x66e0 0x52e0 0x295
RegOpenKeyExA - 0x140005020 0x66e8 0x52e8 0x288
RegDeleteValueA - 0x140005028 0x66f0 0x52f0 0x26f
RegOpenKeyA - 0x140005030 0x66f8 0x52f8 0x287
RegCloseKey - 0x140005038 0x6700 0x5300 0x258
KERNEL32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLastError - 0x140005048 0x6710 0x5310 0x257
lstrcmpiA - 0x140005050 0x6718 0x5318 0x627
GlobalFree - 0x140005058 0x6720 0x5320 0x32b
HeapSetInformation - 0x140005060 0x6728 0x5328 0x344
CloseHandle - 0x140005068 0x6730 0x5330 0x7c
GetUserDefaultLCID - 0x140005070 0x6738 0x5338 0x309
GetSystemDefaultLCID - 0x140005078 0x6740 0x5340 0x2d2
GetSystemDirectoryW - 0x140005080 0x6748 0x5348 0x2d7
Sleep - 0x140005088 0x6750 0x5350 0x570
GetPrivateProfileStringA - 0x140005090 0x6758 0x5358 0x2a1
FindClose - 0x140005098 0x6760 0x5360 0x16e
FindFirstFileA - 0x1400050a0 0x6768 0x5368 0x172
GetSystemDirectoryA - 0x1400050a8 0x6770 0x5370 0x2d6
ReadFile - 0x1400050b0 0x6778 0x5378 0x45f
WideCharToMultiByte - 0x1400050b8 0x6780 0x5380 0x5ef
GetWindowsDirectoryA - 0x1400050c0 0x6788 0x5388 0x31c
lstrlenA - 0x1400050c8 0x6790 0x5390 0x630
lstrcmpA - 0x1400050d0 0x6798 0x5398 0x624
CreateFileA - 0x1400050d8 0x67a0 0x53a0 0xb8
lstrlenW - 0x1400050e0 0x67a8 0x53a8 0x631
CreateProcessW - 0x1400050e8 0x67b0 0x53b0 0xda
USER32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadStringW - 0x140005138 0x6800 0x5400 0x243
CharUpperW - 0x140005140 0x6808 0x5408 0x3c
MessageBoxW - 0x140005148 0x6810 0x5410 0x260
msvcrt.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_callnewh - 0x140005230 0x68f8 0x54f8 0xbf
memcpy - 0x140005238 0x6900 0x5500 0x492
_acmdln - 0x140005240 0x6908 0x5508 0xa2
malloc - 0x140005248 0x6910 0x5510 0x486
?terminate@@YAXXZ - 0x140005250 0x6918 0x5518 0x2f
_commode - 0x140005258 0x6920 0x5520 0xd2
_fmode - 0x140005260 0x6928 0x5528 0x127
memset - 0x140005268 0x6930 0x5530 0x496
__C_specific_handler - 0x140005270 0x6938 0x5538 0x57
_initterm - 0x140005278 0x6940 0x5540 0x17d
__setusermatherr - 0x140005280 0x6948 0x5548 0x90
_ismbblead - 0x140005288 0x6950 0x5550 0x199
_cexit - 0x140005290 0x6958 0x5558 0xc1
_exit - 0x140005298 0x6960 0x5560 0x10e
exit - 0x1400052a0 0x6968 0x5568 0x432
__set_app_type - 0x1400052a8 0x6970 0x5570 0x8e
__getmainargs - 0x1400052b0 0x6978 0x5578 0x7f
_amsg_exit - 0x1400052b8 0x6980 0x5580 0xae
_XcptFilter - 0x1400052c0 0x6988 0x5588 0x55
_vsnwprintf - 0x1400052c8 0x6990 0x5590 0x369
_vsnprintf - 0x1400052d0 0x6998 0x5598 0x363
free - 0x1400052d8 0x69a0 0x55a0 0x44c
api-ms-win-core-com-l1-1-1.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance - 0x140005178 0x6840 0x5440 0x8
CoUninitialize - 0x140005180 0x6848 0x5448 0x42
api-ms-win-core-processthreads-l1-1-2.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCurrentThreadId - 0x1400051b8 0x6880 0x5480 0x11
GetCurrentProcessId - 0x1400051c0 0x6888 0x5488 0xd
GetCurrentProcess - 0x1400051c8 0x6890 0x5490 0xc
TerminateProcess - 0x1400051d0 0x6898 0x5498 0x4b
GetStartupInfoW - 0x1400051d8 0x68a0 0x54a0 0x20
api-ms-win-core-rtlsupport-l1-2-0.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlLookupFunctionEntry - 0x1400051f8 0x68c0 0x54c0 0x9
RtlVirtualUnwind - 0x140005200 0x68c8 0x54c8 0xf
RtlCaptureContext - 0x140005208 0x68d0 0x54d0 0x2
api-ms-win-core-errorhandling-l1-1-1.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnhandledExceptionFilter - 0x140005190 0x6858 0x5458 0x11
SetUnhandledExceptionFilter - 0x140005198 0x6860 0x5460 0xf
api-ms-win-core-libraryloader-l1-2-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleW - 0x1400051a8 0x6870 0x5470 0x13
api-ms-win-core-profile-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
QueryPerformanceCounter - 0x1400051e8 0x68b0 0x54b0 0x0
api-ms-win-core-sysinfo-l1-2-1.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetSystemTimeAsFileTime - 0x140005218 0x68e0 0x54e0 0x14
GetTickCount - 0x140005220 0x68e8 0x54e8 0x18
ole32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemFree - 0x1400052e8 0x69b0 0x55b0 0x8c
CLSIDFromString - 0x1400052f0 0x69b8 0x55b8 0x10
CoInitialize - 0x1400052f8 0x69c0 0x55c0 0x60
OLEAUT32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SafeArrayUnaccessData 0x18 0x1400050f8 0x67c0 0x53c0 -
SafeArrayAccessData 0x17 0x140005100 0x67c8 0x53c8 -
SysFreeString 0x6 0x140005108 0x67d0 0x53d0 -
VariantClear 0x9 0x140005110 0x67d8 0x53d8 -
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetFolderPathW - 0x140005120 0x67e8 0x53e8 0x157
ShellExecuteW - 0x140005128 0x67f0 0x53f0 0x1b6
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoSizeA - 0x140005158 0x6820 0x5420 0x4
VerQueryValueA - 0x140005160 0x6828 0x5428 0xf
GetFileVersionInfoA - 0x140005168 0x6830 0x5430 0x0
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 53 Bytes
MD5 9c3c1a69a3c43835d6a2579570e6aa0d Copy to Clipboard
SHA1 8af2c3b90473b35f1bb936de12a8bf72fe658468 Copy to Clipboard
SHA256 e641ff8107a4197ded9f558d1891e716811e9a7f109f14e876f5a8394844dc34 Copy to Clipboard
SSDeep 3:/l4l5mrc9l:e4rc9l Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\cVf9G\BitLockerWizard.exe Dropped File Binary
clean
Known to be clean.
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 100.00 KB
MD5 265904988bfe84f0698ca23e47433c79 Copy to Clipboard
SHA1 bc15195ffefe46cb4fdcf42deeecd5970b9c8f7c Copy to Clipboard
SHA256 124cf0f3fa82ad26939a649d4351186e56fcbf47e5b4ae93f356d359dbb4832a Copy to Clipboard
SSDeep 3072:IGKmgwnVS570M9kdatGCO+xmBc+hMPhPsx:I3kVs7nyatGt+SYF Copy to Clipboard
ImpHash 3dab2c100ad3c14c71c0d82efe545251 Copy to Clipboard
PE Information
»
Image Base 0x140000000
Entry Point 0x140001600
Size Of Code 0x1000
Size Of Initialized Data 0x18000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2015-10-30 02:39:33+00:00
Version Information (9)
»
CompanyName Microsoft Corporation
FileDescription BitLocker Drive Encryption Wizard
FileVersion 10.0.10586.0 (th2_release.151029-1700)
InternalName BitLocker Drive Encryption Wizard
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename BitLockerWizard.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.10586.0
OleSelfRegister -
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0xed0 0x1000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.8
.rdata 0x140002000 0x112e 0x1200 0x1400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.97
.data 0x140004000 0x5f8 0x200 0x2600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.3
.pdata 0x140005000 0xf0 0x200 0x2800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.94
.rsrc 0x140006000 0x16348 0x16400 0x2a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.13
.reloc 0x14001d000 0x20 0x200 0x18e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.42
Imports (5)
»
KERNEL32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
HeapSetInformation - 0x140002018 0x2c80 0x2080 0x344
RtlVirtualUnwind - 0x140002020 0x2c88 0x2088 0x4c8
RtlLookupFunctionEntry - 0x140002028 0x2c90 0x2090 0x4c1
RtlCaptureContext - 0x140002030 0x2c98 0x2098 0x4ba
GetTickCount - 0x140002038 0x2ca0 0x20a0 0x2fd
GetSystemTimeAsFileTime - 0x140002040 0x2ca8 0x20a8 0x2e0
GetLastError - 0x140002048 0x2cb0 0x20b0 0x257
GetCurrentProcessId - 0x140002050 0x2cb8 0x20b8 0x211
QueryPerformanceCounter - 0x140002058 0x2cc0 0x20c0 0x439
GetModuleHandleW - 0x140002060 0x2cc8 0x20c8 0x26e
SetUnhandledExceptionFilter - 0x140002068 0x2cd0 0x20d0 0x561
GetStartupInfoW - 0x140002070 0x2cd8 0x20d8 0x2c7
Sleep - 0x140002078 0x2ce0 0x20e0 0x570
GetCurrentProcess - 0x140002080 0x2ce8 0x20e8 0x210
TerminateProcess - 0x140002088 0x2cf0 0x20f0 0x57f
GetProcessHeap - 0x140002090 0x2cf8 0x20f8 0x2ab
GetCurrentThreadId - 0x140002098 0x2d00 0x2100 0x215
GetCommandLineW - 0x1400020a0 0x2d08 0x2108 0x1d0
UnhandledExceptionFilter - 0x1400020a8 0x2d10 0x2110 0x5a1
msvcrt.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
?terminate@@YAXXZ - 0x1400020d0 0x2d38 0x2138 0x2f
_commode - 0x1400020d8 0x2d40 0x2140 0xd2
__iob_func - 0x1400020e0 0x2d48 0x2148 0x81
_acmdln - 0x1400020e8 0x2d50 0x2150 0xa2
__C_specific_handler - 0x1400020f0 0x2d58 0x2158 0x57
_fmode - 0x1400020f8 0x2d60 0x2160 0x127
_initterm - 0x140002100 0x2d68 0x2168 0x17d
__setusermatherr - 0x140002108 0x2d70 0x2170 0x90
_ismbblead - 0x140002110 0x2d78 0x2178 0x199
_cexit - 0x140002118 0x2d80 0x2180 0xc1
_exit - 0x140002120 0x2d88 0x2188 0x10e
exit - 0x140002128 0x2d90 0x2190 0x432
__set_app_type - 0x140002130 0x2d98 0x2198 0x8e
__getmainargs - 0x140002138 0x2da0 0x21a0 0x7f
_amsg_exit - 0x140002140 0x2da8 0x21a8 0xae
_XcptFilter - 0x140002148 0x2db0 0x21b0 0x55
towupper - 0x140002150 0x2db8 0x21b8 0x4ec
fwprintf - 0x140002158 0x2dc0 0x21c0 0x455
memset - 0x140002160 0x2dc8 0x21c8 0x496
FVEWIZ.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FveuiWizard - 0x140002000 0x2c68 0x2068 0x26
FveuipClearFveWizOnStartup - 0x140002008 0x2c70 0x2070 0x27
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoUninitialize - 0x140002170 0x2dd8 0x21d8 0x90
CoInitialize - 0x140002178 0x2de0 0x21e0 0x60
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW - 0x1400020b8 0x2d20 0x2120 0x1b6
CommandLineToArgvW - 0x1400020c0 0x2d28 0x2128 0x7
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 fe1fca6468be5450d2a1b119101735ef Copy to Clipboard
SHA1 fd6e22114318c011aef6cba09407d3ee88bdc54e Copy to Clipboard
SHA256 a275ad52fb843562197b67a56bfb5e284a064a0bea54794eae835795739b51ab Copy to Clipboard
SSDeep 24:ewlA2dUgXp50Arsik37NuDXkvSnBrdijAvXiKIxY7NEEW3cMbRJrgrlNEfCR:xa2dUi/S7cakBrkjA//e3cuPMlN2S Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 253250ecef24e59cbe308e437e2fef34 Copy to Clipboard
SHA1 cecf6a97c73c87eb8153ded4da6365f2f576a902 Copy to Clipboard
SHA256 4459de34f31d879717f63fcf0b48c4b322ee763c7e60d4b0e2a2a61a7805cf43 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778 Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.42 KB
MD5 503dfe3310454e8645953cc300c9f380 Copy to Clipboard
SHA1 7ae9cf88a0407a6b2eafc758b4177680e076dfd9 Copy to Clipboard
SHA256 3ab99e33693bf1aab02c810e0d51bccda300b27c9837c66edc410fc653b8ecdd Copy to Clipboard
SSDeep 24:ewlA2dUg/G9YerJpW/K+jO1f4wPclPNVxxECDn9n3F1Tb0ug2XufPnWYs:xa2dUkG9Ywf4O1f4wPclVVrECDn9nz/t Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image