IQY File uses PowerShell to Download a Malicious .exe | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Backdoor, Trojan, Dropper, Downloader

76917b219ad5a1ff8229a75eb23c34a9ad1ce98264257d3cca538ac59c49a15f (SHA256)

29082018_64943.iqy

Excel Document

Created at 2018-08-30 14:38:00

...

Notifications (1/1)

The operating system was rebooted during the analysis.

Filters:
Filename Category Type Severity Actions
C:\Users\aDU0VK IWA5kLS\AppData\Local\Temp\total.exe Created File Binary
Blacklisted
...
»
Mime Type application/x-dosexec
File Size 804.65 KB
MD5 23241a6021334635dc512f3bfd812f1c Copy to Clipboard
SHA1 c70bf8abb2c0adad8696cb688b13155fa26f0e5b Copy to Clipboard
SHA256 8a674c5b1324ceb20ac3a93982268cd777f9abc6fe9ec7310be4dbe7bf8aad3e Copy to Clipboard
SSDeep 24576:SdeUKz6LtsChewe/tOYhJvo+Ihjr5ZFAtleyP:PUZts2eweNhJvtIRtile6 Copy to Clipboard
ImpHash 3abe302b6d9a1256e6a915429af4ffd2 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-08-30 10:52 (UTC+2)
Last Seen 2018-08-30 16:15 (UTC+2)
Names Win32.Trojan.Gpcg
Families Gpcg
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x40320c
Size Of Code 0x6400
Size Of Initialized Data 0x27c00
Size Of Uninitialized Data 0x400
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-01-30 03:57:45+00:00
Version Information (5)
»
LegalCopyright Company NetworkJ LLC
CompanyName Company NetworkJ LLC
FileDescription Company NetworkJ LLC 1.0
FileVersion 1
ProductName NetworkJ LLC
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x628f 0x6400 0x400 cnt_code, mem_execute, mem_read 6.44
.rdata 0x408000 0x1354 0x1400 0x6800 cnt_initialized_data, mem_read 5.24
.data 0x40a000 0x25518 0x600 0x7c00 cnt_initialized_data, mem_read, mem_write 4.05
.ndata 0x430000 0x9000 0x0 0x0 cnt_uninitialized_data, mem_read, mem_write 0.0
.rsrc 0x439000 0xcd0 0xe00 0x8200 cnt_initialized_data, mem_read 4.21
Imports (7)
»
KERNEL32.dll (61)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTempPathA 0x0 0x408070 0x8644 0x6e44 0x1d5
GetFileSize 0x0 0x408074 0x8648 0x6e48 0x163
GetModuleFileNameA 0x0 0x408078 0x864c 0x6e4c 0x17d
GetCurrentProcess 0x0 0x40807c 0x8650 0x6e50 0x142
CopyFileA 0x0 0x408080 0x8654 0x6e54 0x43
ExitProcess 0x0 0x408084 0x8658 0x6e58 0xb9
SetEnvironmentVariableA 0x0 0x408088 0x865c 0x6e5c 0x313
Sleep 0x0 0x40808c 0x8660 0x6e60 0x356
GetTickCount 0x0 0x408090 0x8664 0x6e64 0x1df
GetCommandLineA 0x0 0x408094 0x8668 0x6e68 0x110
lstrlenA 0x0 0x408098 0x866c 0x6e6c 0x3cc
GetVersion 0x0 0x40809c 0x8670 0x6e70 0x1e8
SetErrorMode 0x0 0x4080a0 0x8674 0x6e74 0x315
lstrcpynA 0x0 0x4080a4 0x8678 0x6e78 0x3c9
GetDiskFreeSpaceA 0x0 0x4080a8 0x867c 0x6e7c 0x14d
GlobalUnlock 0x0 0x4080ac 0x8680 0x6e80 0x20a
GetWindowsDirectoryA 0x0 0x4080b0 0x8684 0x6e84 0x1f3
SetCurrentDirectoryA 0x0 0x4080b4 0x8688 0x6e88 0x30a
GetLastError 0x0 0x4080b8 0x868c 0x6e8c 0x171
CreateDirectoryA 0x0 0x4080bc 0x8690 0x6e90 0x4b
CreateProcessA 0x0 0x4080c0 0x8694 0x6e94 0x66
RemoveDirectoryA 0x0 0x4080c4 0x8698 0x6e98 0x2c4
CreateFileA 0x0 0x4080c8 0x869c 0x6e9c 0x53
GetTempFileNameA 0x0 0x4080cc 0x86a0 0x6ea0 0x1d3
ReadFile 0x0 0x4080d0 0x86a4 0x6ea4 0x2b5
WriteFile 0x0 0x4080d4 0x86a8 0x6ea8 0x3a4
lstrcpyA 0x0 0x4080d8 0x86ac 0x6eac 0x3c6
MoveFileExA 0x0 0x4080dc 0x86b0 0x6eb0 0x26f
lstrcatA 0x0 0x4080e0 0x86b4 0x6eb4 0x3bd
GetSystemDirectoryA 0x0 0x4080e4 0x86b8 0x6eb8 0x1c1
GetProcAddress 0x0 0x4080e8 0x86bc 0x6ebc 0x1a0
GetExitCodeProcess 0x0 0x4080ec 0x86c0 0x6ec0 0x15a
WaitForSingleObject 0x0 0x4080f0 0x86c4 0x6ec4 0x390
CompareFileTime 0x0 0x4080f4 0x86c8 0x6ec8 0x39
SetFileAttributesA 0x0 0x4080f8 0x86cc 0x6ecc 0x319
GetFileAttributesA 0x0 0x4080fc 0x86d0 0x6ed0 0x15e
GetShortPathNameA 0x0 0x408100 0x86d4 0x6ed4 0x1b5
MoveFileA 0x0 0x408104 0x86d8 0x6ed8 0x26e
GetFullPathNameA 0x0 0x408108 0x86dc 0x6edc 0x169
SetFileTime 0x0 0x40810c 0x86e0 0x6ee0 0x31f
SearchPathA 0x0 0x408110 0x86e4 0x6ee4 0x2db
CloseHandle 0x0 0x408114 0x86e8 0x6ee8 0x34
lstrcmpiA 0x0 0x408118 0x86ec 0x6eec 0x3c3
CreateThread 0x0 0x40811c 0x86f0 0x6ef0 0x6f
GlobalLock 0x0 0x408120 0x86f4 0x6ef4 0x203
lstrcmpA 0x0 0x408124 0x86f8 0x6ef8 0x3c0
FindFirstFileA 0x0 0x408128 0x86fc 0x6efc 0xd2
FindNextFileA 0x0 0x40812c 0x8700 0x6f00 0xdc
DeleteFileA 0x0 0x408130 0x8704 0x6f04 0x83
SetFilePointer 0x0 0x408134 0x8708 0x6f08 0x31b
GetPrivateProfileStringA 0x0 0x408138 0x870c 0x6f0c 0x19c
FindClose 0x0 0x40813c 0x8710 0x6f10 0xce
MultiByteToWideChar 0x0 0x408140 0x8714 0x6f14 0x275
FreeLibrary 0x0 0x408144 0x8718 0x6f18 0xf8
MulDiv 0x0 0x408148 0x871c 0x6f1c 0x274
WritePrivateProfileStringA 0x0 0x40814c 0x8720 0x6f20 0x3a9
LoadLibraryExA 0x0 0x408150 0x8724 0x6f24 0x253
GetModuleHandleA 0x0 0x408154 0x8728 0x6f28 0x17f
GlobalAlloc 0x0 0x408158 0x872c 0x6f2c 0x1f8
GlobalFree 0x0 0x40815c 0x8730 0x6f30 0x1ff
ExpandEnvironmentStringsA 0x0 0x408160 0x8734 0x6f34 0xbc
USER32.dll (63)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ScreenToClient 0x0 0x408184 0x8758 0x6f58 0x231
GetSystemMenu 0x0 0x408188 0x875c 0x6f5c 0x15c
SetClassLongA 0x0 0x40818c 0x8760 0x6f60 0x247
IsWindowEnabled 0x0 0x408190 0x8764 0x6f64 0x1ae
SetWindowPos 0x0 0x408194 0x8768 0x6f68 0x283
GetSysColor 0x0 0x408198 0x876c 0x6f6c 0x15a
GetWindowLongA 0x0 0x40819c 0x8770 0x6f70 0x16e
SetCursor 0x0 0x4081a0 0x8774 0x6f74 0x24d
LoadCursorA 0x0 0x4081a4 0x8778 0x6f78 0x1ba
CheckDlgButton 0x0 0x4081a8 0x877c 0x6f7c 0x38
GetMessagePos 0x0 0x4081ac 0x8780 0x6f80 0x13c
LoadBitmapA 0x0 0x4081b0 0x8784 0x6f84 0x1b8
CallWindowProcA 0x0 0x4081b4 0x8788 0x6f88 0x1b
IsWindowVisible 0x0 0x4081b8 0x878c 0x6f8c 0x1b1
CloseClipboard 0x0 0x4081bc 0x8790 0x6f90 0x42
SetClipboardData 0x0 0x4081c0 0x8794 0x6f94 0x24a
EmptyClipboard 0x0 0x4081c4 0x8798 0x6f98 0xc1
PostQuitMessage 0x0 0x4081c8 0x879c 0x6f9c 0x204
GetWindowRect 0x0 0x4081cc 0x87a0 0x6fa0 0x174
EnableMenuItem 0x0 0x4081d0 0x87a4 0x6fa4 0xc2
CreatePopupMenu 0x0 0x4081d4 0x87a8 0x6fa8 0x5e
GetSystemMetrics 0x0 0x4081d8 0x87ac 0x6fac 0x15d
SetDlgItemTextA 0x0 0x4081dc 0x87b0 0x6fb0 0x253
GetDlgItemTextA 0x0 0x4081e0 0x87b4 0x6fb4 0x113
MessageBoxIndirectA 0x0 0x4081e4 0x87b8 0x6fb8 0x1e2
CharPrevA 0x0 0x4081e8 0x87bc 0x6fbc 0x2d
DispatchMessageA 0x0 0x4081ec 0x87c0 0x6fc0 0xa1
PeekMessageA 0x0 0x4081f0 0x87c4 0x6fc4 0x200
ReleaseDC 0x0 0x4081f4 0x87c8 0x6fc8 0x22a
EnableWindow 0x0 0x4081f8 0x87cc 0x6fcc 0xc4
InvalidateRect 0x0 0x4081fc 0x87d0 0x6fd0 0x193
SendMessageA 0x0 0x408200 0x87d4 0x6fd4 0x23b
DefWindowProcA 0x0 0x408204 0x87d8 0x6fd8 0x8e
BeginPaint 0x0 0x408208 0x87dc 0x6fdc 0xd
GetClientRect 0x0 0x40820c 0x87e0 0x6fe0 0xff
FillRect 0x0 0x408210 0x87e4 0x6fe4 0xe2
DrawTextA 0x0 0x408214 0x87e8 0x6fe8 0xbc
EndDialog 0x0 0x408218 0x87ec 0x6fec 0xc6
RegisterClassA 0x0 0x40821c 0x87f0 0x6ff0 0x216
SystemParametersInfoA 0x0 0x408220 0x87f4 0x6ff4 0x299
CreateWindowExA 0x0 0x408224 0x87f8 0x6ff8 0x60
GetClassInfoA 0x0 0x408228 0x87fc 0x6ffc 0xf6
DialogBoxParamA 0x0 0x40822c 0x8800 0x7000 0x9e
CharNextA 0x0 0x408230 0x8804 0x7004 0x2a
ExitWindowsEx 0x0 0x408234 0x8808 0x7008 0xe1
GetDC 0x0 0x408238 0x880c 0x700c 0x10c
CreateDialogParamA 0x0 0x40823c 0x8810 0x7010 0x55
SetTimer 0x0 0x408240 0x8814 0x7014 0x27a
GetDlgItem 0x0 0x408244 0x8818 0x7018 0x111
SetWindowLongA 0x0 0x408248 0x881c 0x701c 0x280
SetForegroundWindow 0x0 0x40824c 0x8820 0x7020 0x257
LoadImageA 0x0 0x408250 0x8824 0x7024 0x1c0
IsWindow 0x0 0x408254 0x8828 0x7028 0x1ad
SendMessageTimeoutA 0x0 0x408258 0x882c 0x702c 0x23e
FindWindowExA 0x0 0x40825c 0x8830 0x7030 0xe4
OpenClipboard 0x0 0x408260 0x8834 0x7034 0x1f6
TrackPopupMenu 0x0 0x408264 0x8838 0x7038 0x2a4
AppendMenuA 0x0 0x408268 0x883c 0x703c 0x8
EndPaint 0x0 0x40826c 0x8840 0x7040 0xc8
DestroyWindow 0x0 0x408270 0x8844 0x7044 0x99
wsprintfA 0x0 0x408274 0x8848 0x7048 0x2d7
ShowWindow 0x0 0x408278 0x884c 0x704c 0x292
SetWindowTextA 0x0 0x40827c 0x8850 0x7050 0x286
GDI32.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SelectObject 0x0 0x40804c 0x8620 0x6e20 0x20e
SetBkMode 0x0 0x408050 0x8624 0x6e24 0x216
CreateFontIndirectA 0x0 0x408054 0x8628 0x6e28 0x3a
SetTextColor 0x0 0x408058 0x862c 0x6e2c 0x23c
DeleteObject 0x0 0x40805c 0x8630 0x6e30 0x8f
GetDeviceCaps 0x0 0x408060 0x8634 0x6e34 0x16b
CreateBrushIndirect 0x0 0x408064 0x8638 0x6e38 0x29
SetBkColor 0x0 0x408068 0x863c 0x6e3c 0x215
SHELL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHGetSpecialFolderLocation 0x0 0x408168 0x873c 0x6f3c 0xc3
ShellExecuteExA 0x0 0x40816c 0x8740 0x6f40 0x109
SHGetPathFromIDListA 0x0 0x408170 0x8744 0x6f44 0xbc
SHBrowseForFolderA 0x0 0x408174 0x8748 0x6f48 0x79
SHGetFileInfoA 0x0 0x408178 0x874c 0x6f4c 0xac
SHFileOperationA 0x0 0x40817c 0x8750 0x6f50 0x9a
ADVAPI32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustTokenPrivileges 0x0 0x408000 0x85d4 0x6dd4 0x1c
RegCreateKeyExA 0x0 0x408004 0x85d8 0x6dd8 0x1d1
RegOpenKeyExA 0x0 0x408008 0x85dc 0x6ddc 0x1ec
SetFileSecurityA 0x0 0x40800c 0x85e0 0x6de0 0x22e
OpenProcessToken 0x0 0x408010 0x85e4 0x6de4 0x1ac
LookupPrivilegeValueA 0x0 0x408014 0x85e8 0x6de8 0x14f
RegEnumValueA 0x0 0x408018 0x85ec 0x6dec 0x1e1
RegDeleteKeyA 0x0 0x40801c 0x85f0 0x6df0 0x1d4
RegDeleteValueA 0x0 0x408020 0x85f4 0x6df4 0x1d8
RegCloseKey 0x0 0x408024 0x85f8 0x6df8 0x1cb
RegSetValueExA 0x0 0x408028 0x85fc 0x6dfc 0x204
RegQueryValueExA 0x0 0x40802c 0x8600 0x6e00 0x1f7
RegEnumKeyA 0x0 0x408030 0x8604 0x6e04 0x1dd
COMCTL32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ImageList_Create 0x0 0x408038 0x860c 0x6e0c 0x37
ImageList_AddMasked 0x0 0x40803c 0x8610 0x6e10 0x34
ImageList_Destroy 0x0 0x408040 0x8614 0x6e14 0x38
(by ordinal) 0x11 0x408044 0x8618 0x6e18 -
ole32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OleUninitialize 0x0 0x408284 0x8858 0x7058 0x105
OleInitialize 0x0 0x408288 0x885c 0x705c 0xee
CoTaskMemFree 0x0 0x40828c 0x8860 0x7060 0x65
CoCreateInstance 0x0 0x408290 0x8864 0x7064 0x10
Icons (1)
»
Digital Signatures (3)
»
Certificate: VAL TRADEMARK TWO LIMITED
»
Issued by VAL TRADEMARK TWO LIMITED
Parent Certificate COMODO RSA Code Signing CA
Country Name GB
Valid From 2018-08-10 00:00:00+00:00
Valid Until 2019-08-10 23:59:59+00:00
Algorithm sha256_rsa
Serial Number 8C E1 29 3F 4F 45 DA 3F A7 D6 FE 21 CA C5 D4 40
Thumbprint 9B 46 54 B2 EE 12 F7 19 6C 68 34 75 BF 51 C4 58 8D 21 E0 75
Certificate: COMODO RSA Code Signing CA
»
Issued by COMODO RSA Code Signing CA
Parent Certificate COMODO RSA Certification Authority
Country Name GB
Valid From 2013-05-09 00:00:00+00:00
Valid Until 2028-05-08 23:59:59+00:00
Algorithm sha384_rsa
Serial Number 2E 7C 87 CC 0E 93 4A 52 FE 94 FD 1C B7 CD 34 AF
Thumbprint B6 9E 75 2B BE 88 B4 45 82 00 A7 C0 F4 F5 B3 CC E6 F3 5B 47
Certificate: COMODO RSA Certification Authority
»
Issued by COMODO RSA Certification Authority
Country Name GB
Valid From 2010-01-19 00:00:00+00:00
Valid Until 2038-01-18 23:59:59+00:00
Algorithm sha384_rsa
Serial Number 4C AA F9 CA DB 63 6F E0 1F F7 4E D8 5B 03 86 9D
Thumbprint AF E5 D2 44 A8 D1 19 42 30 FF 47 9F E2 F8 97 BB CD 7A 8C B4
C:\Users\aDU0VK IWA5kLS\AppData\Roaming\winpoint.exe Created File Binary
Blacklisted
...
»
Mime Type application/x-dosexec
File Size 744.00 KB
MD5 2b495afa839e2073388f86180a04dce3 Copy to Clipboard
SHA1 309b0af9198bacbe61f45106fa77bb4011fae25a Copy to Clipboard
SHA256 05f630aad1741d54768ad8eaf7fd9e1e8666f38af55e88bac892853bb72758ae Copy to Clipboard
SSDeep 12288:/8sRQCBnr44sUPCOSVBgDpSnw7oKVnq0PVGanIkxxkgUqFCy61J79Yqk:0uQCBr4rAmVWNJJVnqK+UxnUqEyAJ6q Copy to Clipboard
ImpHash 8f1e457a9ad2f66603a25226ba6d4c6b Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-08-30 10:13 (UTC+2)
Last Seen 2018-08-30 10:42 (UTC+2)
Names Win32.Backdoor.Ra-based
Families Ra-based
Classification Backdoor
PE Information
»
Image Base 0x400000
Entry Point 0x4b6340
Size Of Code 0xb6000
Size Of Initialized Data 0x3000
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-08-29 12:17:06+00:00
Packer Armadillo v1.71
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xb556e 0xb6000 0x1000 cnt_code, mem_shared, mem_execute, mem_read 6.26
.rdata 0x4b7000 0x140c 0x2000 0xb7000 cnt_initialized_data, mem_read, mem_write 5.35
.tls 0x4b9000 0x30 0x1000 0xb9000 cnt_initialized_data, mem_read, mem_write 0.0
Imports (3)
»
KERNEL32.dll (23)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA 0x0 0x4b7000 0xb80ec 0xb80ec 0x215
GetCommandLineA 0x0 0x4b7004 0xb80f0 0xb80f0 0x186
VirtualAlloc 0x0 0x4b7008 0xb80f4 0xb80f4 0x4e9
CreateEventA 0x0 0x4b700c 0xb80f8 0xb80f8 0x82
GetCommandLineW 0x0 0x4b7010 0xb80fc 0xb80fc 0x187
GetProcAddress 0x0 0x4b7014 0xb8100 0xb8100 0x245
LoadLibraryA 0x0 0x4b7018 0xb8104 0xb8104 0x33c
GetTickCount 0x0 0x4b701c 0xb8108 0xb8108 0x293
CreateMutexA 0x0 0x4b7020 0xb810c 0xb810c 0x9b
GetLastError 0x0 0x4b7024 0xb8110 0xb8110 0x202
GlobalSize 0x0 0x4b7028 0xb8114 0xb8114 0x2c2
GlobalReAlloc 0x0 0x4b702c 0xb8118 0xb8118 0x2c1
GlobalAlloc 0x0 0x4b7030 0xb811c 0xb811c 0x2b3
GetProcessHeap 0x0 0x4b7034 0xb8120 0xb8120 0x24a
InterlockedIncrement 0x0 0x4b7038 0xb8124 0xb8124 0x2ef
lstrlenA 0x0 0x4b703c 0xb8128 0xb8128 0x54d
HeapAlloc 0x0 0x4b7040 0xb812c 0xb812c 0x2cb
GetVersionExA 0x0 0x4b7044 0xb8130 0xb8130 0x2a3
HeapDestroy 0x0 0x4b7048 0xb8134 0xb8134 0x2ce
GetVersionExW 0x0 0x4b704c 0xb8138 0xb8138 0x2a4
LCMapStringW 0x0 0x4b7050 0xb813c 0xb813c 0x32d
GetModuleHandleW 0x0 0x4b7054 0xb8140 0xb8140 0x218
GetStartupInfoW 0x0 0x4b7058 0xb8144 0xb8144 0x263
SCARDDLG.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x1 0x4b70a0 0xb818c 0xb818c -
MSVCRT.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_exit 0x0 0x4b7060 0xb814c 0xb814c 0xd3
_XcptFilter 0x0 0x4b7064 0xb8150 0xb8150 0x48
exit 0x0 0x4b7068 0xb8154 0xb8154 0x249
_wcmdln 0x0 0x4b706c 0xb8158 0xb8158 0x1e7
__wgetmainargs 0x0 0x4b7070 0xb815c 0xb815c 0x8b
_initterm 0x0 0x4b7074 0xb8160 0xb8160 0x10f
__setusermatherr 0x0 0x4b7078 0xb8164 0xb8164 0x83
_adjust_fdiv 0x0 0x4b707c 0xb8168 0xb8168 0x9d
__p__commode 0x0 0x4b7080 0xb816c 0xb816c 0x6a
__p__fmode 0x0 0x4b7084 0xb8170 0xb8170 0x6f
__set_app_type 0x0 0x4b7088 0xb8174 0xb8174 0x81
_except_handler3 0x0 0x4b708c 0xb8178 0xb8178 0xca
_controlfp 0x0 0x4b7090 0xb817c 0xb817c 0xb7
__dllonexit 0x0 0x4b7094 0xb8180 0xb8180 0x55
_onexit 0x0 0x4b7098 0xb8184 0xb8184 0x186
C:\Users\ADU0VK~1\AppData\Local\Temp\nstFDB0.tmp\System.dll Created File Binary
Whitelisted
...
»
Mime Type application/x-dosexec
File Size 11.50 KB
MD5 b0c77267f13b2f87c084fd86ef51ccfc Copy to Clipboard
SHA1 f7543f9e9b4f04386dfbf33c38cbed1bf205afb3 Copy to Clipboard
SHA256 a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77 Copy to Clipboard
SSDeep 192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC Copy to Clipboard
ImpHash 8c8a576201f68de1a3f26fc723b9f30f Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2018-01-31 19:18 (UTC+1)
Last Seen 2018-08-27 17:23 (UTC+2)
PE Information
»
Image Base 0x10000000
Entry Point 0x100028e5
Size Of Code 0x2000
Size Of Initialized Data 0xa00
File Type dll
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-01-30 03:57:02+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x1f4f 0x2000 0x400 cnt_code, mem_execute, mem_read 6.42
.rdata 0x10003000 0x363 0x400 0x2400 cnt_initialized_data, mem_read 3.96
.data 0x10004000 0x68 0x200 0x2800 cnt_initialized_data, mem_read, mem_write 0.35
.reloc 0x10005000 0x27c 0x400 0x2a00 cnt_initialized_data, mem_discardable, mem_read 3.92
Imports (3)
»
KERNEL32.dll (16)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MultiByteToWideChar 0x0 0x10003000 0x30fc 0x24fc 0x275
GlobalFree 0x0 0x10003004 0x3100 0x2500 0x1ff
GlobalSize 0x0 0x10003008 0x3104 0x2504 0x207
lstrcpynA 0x0 0x1000300c 0x3108 0x2508 0x3c9
lstrcpyA 0x0 0x10003010 0x310c 0x250c 0x3c6
GetProcAddress 0x0 0x10003014 0x3110 0x2510 0x1a0
VirtualFree 0x0 0x10003018 0x3114 0x2514 0x383
FreeLibrary 0x0 0x1000301c 0x3118 0x2518 0xf8
lstrlenA 0x0 0x10003020 0x311c 0x251c 0x3cc
LoadLibraryA 0x0 0x10003024 0x3120 0x2520 0x252
GetModuleHandleA 0x0 0x10003028 0x3124 0x2524 0x17f
GlobalAlloc 0x0 0x1000302c 0x3128 0x2528 0x1f8
WideCharToMultiByte 0x0 0x10003030 0x312c 0x252c 0x394
VirtualAlloc 0x0 0x10003034 0x3130 0x2530 0x381
VirtualProtect 0x0 0x10003038 0x3134 0x2534 0x386
GetLastError 0x0 0x1000303c 0x3138 0x2538 0x171
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
wsprintfA 0x0 0x10003044 0x3140 0x2540 0x2d7
ole32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StringFromGUID2 0x0 0x1000304c 0x3148 0x2548 0x135
CLSIDFromString 0x0 0x10003050 0x314c 0x254c 0x8
Exports (8)
»
Api name EAT Address Ordinal
Alloc 0x1000 0x1
Call 0x16df 0x2
Copy 0x1058 0x3
Free 0x15d5 0x4
Get 0x163c 0x5
Int64Op 0x183b 0x6
Store 0x10e0 0x7
StrAlloc 0x103d 0x8
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image