order ref ftp (HawkEye) | VTI
Try VMRay Analyzer
VTI SCORE: 98/100
Dynamic Analysis Report
Classification: -

ef1613f88744acec36908126b21bcba9ba775f8af25a1e86988e36985dd6f6fb (SHA256)

order ref ftp.exe

Windows Exe (x86-32)

Created at 2018-10-16 10:55:00

Severity Category Operation Classification
4/5
Information Stealing Reads browser data -
4/5
Injection Writes into the memory of another running process -
  • "c:\users\ciihmnxmn6ps\desktop\order ref ftp.exe" modifies memory of "c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe"
4/5
Injection Modifies control flow of another process -
  • "c:\users\ciihmnxmn6ps\desktop\order ref ftp.exe" alters context of "c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe"
2/5
Anti Analysis Resolves APIs dynamically to possibly evade static detection -
2/5
Network Associated with known malicious/suspicious URLs -
  • URL "ftp.r2v2.co.uk" is known as malicious URL.
1/5
Process Creates system object -
1/5
Process Creates process with hidden window -
  • The process "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" starts with hidden window.
1/5
Process Reads from memory of another process -
  • "c:\users\ciihmnxmn6ps\desktop\order ref ftp.exe" reads from "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe".
1/5
Process Creates a page with write and execute permissions -
  • Allocates a page in a foreign process with "PAGE_EXECUTE_READWRITE" permissions, often used to dynamically unpack code.
1/5
Network Performs DNS request -
1/5
Network Connects to remote host -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image