Keylogger Packed with Open-Source C# Crypter | Files
Logo
Try VMRay Analyzer
VTI SCORE: 96/100
Dynamic Analysis Report
Classification: Trojan, Dropper, Keylogger

62dcc35536fc49377722d40cf6fe4d924bd415aeb9a9036be067b25a306dd845 (SHA256)

muziko66.EXE

Windows Exe (x86-32)

Created at 2018-11-20 16:22:00

...

Notifications (2/3)

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

The operating system was rebooted during the analysis.

Remarks

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Filters:
Filename Category Type Severity Actions
C:\Users\CIiHmnxMn6Ps\Desktop\muziko66.EXE Sample File Binary
Blacklisted
...
»
Also Known As C:\Users\CIiHmnxMn6Ps\AppData\Local\winamp.exe (Created File)
Mime Type application/x-dosexec
File Size 638.50 KB
MD5 d82d5def9a8c3184e7116ea172c70e09 Copy to Clipboard
SHA1 0886bb5f98a43c7464115644756c9a15bd95af54 Copy to Clipboard
SHA256 62dcc35536fc49377722d40cf6fe4d924bd415aeb9a9036be067b25a306dd845 Copy to Clipboard
SSDeep 12288:xvGPh1DOPLOgzyArtDaWZXpbGQENdag2gY7gQdAQ4+uG6at31SI5vG:8Z1DOPLXzyArtlMBcgQiL+WatlSIe Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Blacklisted
First Seen 2018-11-18 01:59 (UTC+1)
Last Seen 2018-11-19 19:24 (UTC+1)
Names ByteCode-MSIL.Trojan.Generickd
Families Generickd
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x49036e
Size Of Code 0x8e400
Size Of Initialized Data 0x11200
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2018-11-17 20:52:59+00:00
Version Information (9)
»
Assembly Version 61.79.19.25
LegalCopyright Copyright © 2000
InternalName muziko66.EXE
FileVersion 82.63.92.59
Comments WindowsApplication26
ProductName WindowsApplication26
ProductVersion 82.63.92.59
FileDescription WindowsApplication26
OriginalFilename muziko66.EXE
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x8e374 0x8e400 0x400 cnt_code, mem_execute, mem_read 7.81
.sdata 0x492000 0x1e8 0x200 0x8e800 cnt_initialized_data, mem_read, mem_write 6.63
.rsrc 0x494000 0x10c60 0x10e00 0x8ea00 cnt_initialized_data, mem_read 3.95
.reloc 0x4a6000 0xc 0x200 0x9f800 cnt_initialized_data, mem_discardable, mem_read 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x90348 0x8e748 0x0
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\CIiHmnxMn6Ps-wchelper.dll Created File Text
Suspicious
...
»
Mime Type text/plain
File Size 150.67 KB
MD5 cf43d0f929ae3335692d014f4df05e6d Copy to Clipboard
SHA1 1cd8ec4e84a50167af2ce157138224535833543d Copy to Clipboard
SHA256 b3ee6953ff49705ae90ce8b2cafbed7df9674b227f4aed0279fdf44f358d3e8e Copy to Clipboard
SSDeep 3072:vcJEm2+l1AHreW8xa4TfsBbxNkNx+ce5L69an8j2wEqD5r947d:EJEmL12rn8xa4Lsx7kNx+vgOu5+7d Copy to Clipboard
File Reputation Information
»
Severity
Suspicious
First Seen 2012-11-01 02:12 (UTC+1)
Last Seen 2018-09-10 17:22 (UTC+2)
Names Script-VBS.Trojan.Zbot
Families Zbot
Classification Trojan
C:\Users\CIiHmnxMn6Ps\AppData\Local\uTorrent.exe Created File Binary
Whitelisted
...
»
Also Known As c:\windows\syswow64\install\svchost.exe (Created File)
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\install\svchost.exe (Created File)
Mime Type application/x-dosexec
File Size 1.12 MB
MD5 e618b1550d4ccf3a62dd471bb87ef834 Copy to Clipboard
SHA1 a552f7f4f0bd46ae187820ef8ad884e292bbb57b Copy to Clipboard
SHA256 f1b531118f5522b898b9fcda838032d4fdcfec9d7ba4592946a5cbb987baeb52 Copy to Clipboard
SSDeep 24576:Up2silPhMAXGWClfuRcUqIJUKB5QskQZL:Up2sMOjVzUXJDB5QEZL Copy to Clipboard
ImpHash 5b989c7f24f9b07840e9a2a654544c93 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2015-06-18 10:17 (UTC+2)
Last Seen 2018-08-08 02:13 (UTC+2)
PE Information
»
Image Base 0x400000
Entry Point 0x4748a2
Size Of Code 0xe6600
Size Of Initialized Data 0x36400
File Type executable
Subsystem windows_cui
Machine Type i386
Compile Timestamp 2015-05-07 08:55:33+00:00
Version Information (8)
»
LegalCopyright © Microsoft Corporation. All rights reserved.
InternalName vbc.exe
FileVersion 8.0.50727.8662
CompanyName Microsoft Corporation
ProductName Microsoft® Visual Studio® 2005
ProductVersion 8.0.50727.8662
FileDescription Visual Basic Command Line Compiler
OriginalFilename vbc.exe
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xe6405 0xe6600 0x400 cnt_code, mem_execute, mem_read 6.53
.data 0x4e8000 0x95fc 0x8e00 0xe6a00 cnt_initialized_data, mem_read, mem_write 1.97
.rsrc 0x4f2000 0x2cc30 0x2ce00 0xef800 cnt_initialized_data, mem_read 3.41
Imports (9)
»
mscoree.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryShim 0x0 0x401000 0xe61d4 0xe55d4 0x41
GetCORSystemDirectory 0x0 0x401004 0xe61d8 0xe55d8 0x22
StrongNameFreeBuffer 0x0 0x401008 0xe61dc 0xe55dc 0x5f
StrongNameErrorInfo 0x0 0x40100c 0xe61e0 0xe55e0 0x5e
StrongNameTokenFromPublicKey 0x0 0x401010 0xe61e4 0xe55e4 0x70
CorBindToCurrentRuntime 0x0 0x401014 0xe61e8 0xe55e8 0x9
GetRealProcAddress 0x0 0x401018 0xe61ec 0xe55ec 0x33
ole32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance 0x0 0x401020 0xe61f4 0xe55f4 0x10
CoTaskMemRealloc 0x0 0x401024 0xe61f8 0xe55f8 0x66
CoTaskMemAlloc 0x0 0x401028 0xe61fc 0xe55fc 0x64
CoTaskMemFree 0x0 0x40102c 0xe6200 0xe5600 0x65
CoUninitialize 0x0 0x401030 0xe6204 0xe5604 0x69
CoInitializeEx 0x0 0x401034 0xe6208 0xe5608 0x3c
CoGetClassObject 0x0 0x401038 0xe620c 0xe560c 0x22
IIDFromString 0x0 0x40103c 0xe6210 0xe5610 0xc6
StringFromGUID2 0x0 0x401040 0xe6214 0xe5614 0x135
CoCreateGuid 0x0 0x401044 0xe6218 0xe5618 0xf
OLEAUT32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VarR8FromStr 0x54 0x40104c 0xe6220 0xe5620 -
VarDecFix 0xbb 0x401050 0xe6224 0xe5624 -
SysFreeString 0x6 0x401054 0xe6228 0xe5628 -
SysStringLen 0x7 0x401058 0xe622c 0xe562c -
SysAllocStringLen 0x4 0x40105c 0xe6230 0xe5630 -
SysAllocString 0x2 0x401060 0xe6234 0xe5634 -
SetErrorInfo 0xc9 0x401064 0xe6238 0xe5638 -
CreateErrorInfo 0xca 0x401068 0xe623c 0xe563c -
VarBstrCat 0x139 0x40106c 0xe6240 0xe5640 -
SysAllocStringByteLen 0x96 0x401070 0xe6244 0xe5644 -
SysStringByteLen 0x95 0x401074 0xe6248 0xe5648 -
GetErrorInfo 0xc8 0x401078 0xe624c 0xe564c -
VarUI4FromStr 0x115 0x40107c 0xe6250 0xe5650 -
VarDecCmp 0xcc 0x401080 0xe6254 0xe5654 -
VarBstrFromDec 0xe8 0x401084 0xe6258 0xe5658 -
VarDecFromStr 0xc5 0x401088 0xe625c 0xe565c -
VarR4FromR8 0x47 0x40108c 0xe6260 0xe5660 -
VarDecFromR8 0xc2 0x401090 0xe6264 0xe5664 -
VarR8FromDec 0xdc 0x401094 0xe6268 0xe5668 -
VarUI4FromR4 0x111 0x401098 0xe626c 0xe566c -
VarUI4FromR8 0x112 0x40109c 0xe6270 0xe5670 -
VarUI4FromDec 0x11a 0x4010a0 0xe6274 0xe5674 -
VariantClear 0x9 0x4010a4 0xe6278 0xe5678 -
VariantInit 0x8 0x4010a8 0xe627c 0xe567c -
VarBstrCmp 0x13a 0x4010ac 0xe6280 0xe5680 -
VarDecNeg 0xbd 0x4010b0 0xe6284 0xe5684 -
VarDecAdd 0xb1 0x4010b4 0xe6288 0xe5688 -
VarDecSub 0xb5 0x4010b8 0xe628c 0xe568c -
VarDecMul 0xb3 0x4010bc 0xe6290 0xe5690 -
VarDecDiv 0xb2 0x4010c0 0xe6294 0xe5694 -
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnregisterClassA 0x0 0x4010c8 0xe629c 0xe569c 0x2b3
SHLWAPI.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathIsUNCW 0x0 0x4010d0 0xe62a4 0xe56a4 0x5a
PathRemoveFileSpecW 0x0 0x4010d4 0xe62a8 0xe56a8 0x72
PathAppendW 0x0 0x4010d8 0xe62ac 0xe56ac 0x1e
PathIsURLW 0x0 0x4010dc 0xe62b0 0xe56b0 0x5c
PSAPI.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleFileNameExW 0x0 0x4010e4 0xe62b8 0xe56b8 0xf
MSVCR80.dll (99)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
strcat_s 0x0 0x4010ec 0xe62c0 0xe56c0 0x55d
vsprintf_s 0x0 0x4010f0 0xe62c4 0xe56c4 0x58f
_purecall 0x0 0x4010f4 0xe62c8 0xe56c8 0x339
atof 0x0 0x4010f8 0xe62cc 0xe56cc 0x4ce
strncat_s 0x0 0x4010fc 0xe62d0 0xe56d0 0x569
iswspace 0x0 0x401100 0xe62d4 0xe56d4 0x520
exit 0x0 0x401104 0xe62d8 0xe56d8 0x4dc
_resetstkoflw 0x0 0x401108 0xe62dc 0xe56dc 0x347
printf 0x0 0x40110c 0xe62e0 0xe56e0 0x53e
wcscat_s 0x0 0x401110 0xe62e4 0xe56e4 0x596
qsort 0x0 0x401114 0xe62e8 0xe56e8 0x545
_ui64tow_s 0x0 0x401118 0xe62ec 0xe56ec 0x3e4
_i64tow_s 0x0 0x40111c 0xe62f0 0xe56f0 0x20e
memmove 0x0 0x401120 0xe62f4 0xe56f4 0x538
_CxxThrowException 0x0 0x401124 0xe62f8 0xe56f8 0x5d
_ultow_s 0x0 0x401128 0xe62fc 0xe56fc 0x3e8
_vscwprintf 0x0 0x40112c 0xe6300 0xe5700 0x413
_mktime64 0x0 0x401130 0xe6304 0xe5704 0x325
wcspbrk 0x0 0x401134 0xe6308 0xe5708 0x5a5
_CIfmod 0x0 0x401138 0xe630c 0xe570c 0x51
floor 0x0 0x40113c 0xe6310 0xe5710 0x4e8
wcsncmp 0x0 0x401140 0xe6314 0xe5714 0x5a1
bsearch 0x0 0x401144 0xe6318 0xe5718 0x4d1
_local_unwind4 0x0 0x401148 0xe631c 0xe571c 0x27d
_isnan 0x0 0x40114c 0xe6320 0xe5720 0x25d
_CIpow 0x0 0x401150 0xe6324 0xe5724 0x54
_wcsicmp 0x0 0x401154 0xe6328 0xe5728 0x43e
_wmakepath_s 0x0 0x401158 0xe632c 0xe572c 0x488
_wtol 0x0 0x40115c 0xe6330 0xe5730 0x4bd
_access_s 0x0 0x401160 0xe6334 0xe5734 0x104
_waccess_s 0x0 0x401164 0xe6338 0xe5738 0x431
_swab 0x0 0x401168 0xe633c 0xe573c 0x3c9
_stricmp 0x0 0x40116c 0xe6340 0xe5740 0x3a8
_strnicmp 0x0 0x401170 0xe6344 0xe5744 0x3b2
strncpy 0x0 0x401174 0xe6348 0xe5748 0x56b
_amsg_exit 0x0 0x401178 0xe634c 0xe574c 0x11d
__wgetmainargs 0x0 0x40117c 0xe6350 0xe5750 0xff
_cexit 0x0 0x401180 0xe6354 0xe5754 0x134
_exit 0x0 0x401184 0xe6358 0xe5758 0x184
_XcptFilter 0x0 0x401188 0xe635c 0xe575c 0x69
__winitenv 0x0 0x40118c 0xe6360 0xe5760 0x100
_initterm 0x0 0x401190 0xe6364 0xe5764 0x210
_initterm_e 0x0 0x401194 0xe6368 0xe5768 0x211
_configthreadlocale 0x0 0x401198 0xe636c 0xe576c 0x144
__setusermatherr 0x0 0x40119c 0xe6370 0xe5770 0xeb
_adjust_fdiv 0x0 0x4011a0 0xe6374 0xe5774 0x113
__p__commode 0x0 0x4011a4 0xe6378 0xe5778 0xce
__p__fmode 0x0 0x4011a8 0xe637c 0xe577c 0xd2
_encode_pointer 0x0 0x4011ac 0xe6380 0xe5780 0x172
__set_app_type 0x0 0x4011b0 0xe6384 0xe5784 0xe8
_except_handler4_common 0x0 0x4011b4 0xe6388 0xe5788 0x17b
_unlock 0x0 0x4011b8 0xe638c 0xe578c 0x3f3
__dllonexit 0x0 0x4011bc 0xe6390 0xe5790 0x99
_lock 0x0 0x4011c0 0xe6394 0xe5794 0x282
_onexit 0x0 0x4011c4 0xe6398 0xe5798 0x328
_decode_pointer 0x0 0x4011c8 0xe639c 0xe579c 0x168
?terminate@@YAXXZ 0x0 0x4011cc 0xe63a0 0xe57a0 0x43
_invoke_watson 0x0 0x4011d0 0xe63a4 0xe57a4 0x217
_controlfp_s 0x0 0x4011d4 0xe63a8 0xe57a8 0x147
_crt_debugger_hook 0x0 0x4011d8 0xe63ac 0xe57ac 0x153
?_type_info_dtor_internal_method@type_info@@QAEXXZ 0x0 0x4011dc 0xe63b0 0xe57b0 0x36
wcschr 0x0 0x4011e0 0xe63b4 0xe57b4 0x597
wcscpy_s 0x0 0x4011e4 0xe63b8 0xe57b8 0x59b
iswalpha 0x0 0x4011e8 0xe63bc 0xe57bc 0x517
_wcsnicmp 0x0 0x4011ec 0xe63c0 0xe57c0 0x448
??2@YAPAXI@Z 0x0 0x4011f0 0xe63c4 0xe57c4 0xf
??_U@YAPAXI@Z 0x0 0x4011f4 0xe63c8 0xe57c8 0x1f
_wcstoi64 0x0 0x4011f8 0xe63cc 0xe57cc 0x452
_recalloc 0x0 0x4011fc 0xe63d0 0xe57d0 0x345
wcsncpy_s 0x0 0x401200 0xe63d4 0xe57d4 0x5a3
free 0x0 0x401204 0xe63d8 0xe57d8 0x4f4
malloc 0x0 0x401208 0xe63dc 0xe57dc 0x52b
_wsplitpath_s 0x0 0x40120c 0xe63e0 0xe57e0 0x4aa
memcpy 0x0 0x401210 0xe63e4 0xe57e4 0x536
wcstoul 0x0 0x401214 0xe63e8 0xe57e8 0x5b1
_errno 0x0 0x401218 0xe63ec 0xe57ec 0x178
fclose 0x0 0x40121c 0xe63f0 0xe57f0 0x4df
_open_osfhandle 0x0 0x401220 0xe63f4 0xe57f4 0x32a
_fdopen 0x0 0x401224 0xe63f8 0xe57f8 0x18a
fwrite 0x0 0x401228 0xe63fc 0xe57fc 0x4ff
wcsftime 0x0 0x40122c 0xe6400 0xe5800 0x59d
fwprintf 0x0 0x401230 0xe6404 0xe5804 0x4fd
fputws 0x0 0x401234 0xe6408 0xe5808 0x4f1
memset 0x0 0x401238 0xe640c 0xe580c 0x53a
__iob_func 0x0 0x40123c 0xe6410 0xe5810 0xa4
fgetws 0x0 0x401240 0xe6414 0xe5814 0x4e7
wcsrchr 0x0 0x401244 0xe6418 0xe5818 0x5a6
_time64 0x0 0x401248 0xe641c 0xe581c 0x3d7
_localtime64 0x0 0x40124c 0xe6420 0xe5820 0x280
memcpy_s 0x0 0x401250 0xe6424 0xe5824 0x537
_wtoi 0x0 0x401254 0xe6428 0xe5828 0x4b9
_itow_s 0x0 0x401258 0xe642c 0xe582c 0x274
isspace 0x0 0x40125c 0xe6430 0xe5830 0x514
_wcslwr_s 0x0 0x401260 0xe6434 0xe5834 0x444
wcstok_s 0x0 0x401264 0xe6438 0xe5838 0x5ad
_vsnwprintf_s 0x0 0x401268 0xe643c 0xe583c 0x41f
??_V@YAXPAX@Z 0x0 0x40126c 0xe6440 0xe5840 0x21
??3@YAXPAX@Z 0x0 0x401270 0xe6444 0xe5844 0x11
_ecvt_s 0x0 0x401274 0xe6448 0xe5848 0x171
ADVAPI32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey 0x0 0x40127c 0xe6450 0xe5850 0x1cb
CryptGetHashParam 0x0 0x401280 0xe6454 0xe5854 0x99
CryptReleaseContext 0x0 0x401284 0xe6458 0xe5858 0xa0
CryptDestroyHash 0x0 0x401288 0xe645c 0xe585c 0x8b
CryptCreateHash 0x0 0x40128c 0xe6460 0xe5860 0x88
CryptAcquireContextA 0x0 0x401290 0xe6464 0xe5864 0x85
RegQueryValueExA 0x0 0x401294 0xe6468 0xe5868 0x1f7
RegOpenKeyExA 0x0 0x401298 0xe646c 0xe586c 0x1ec
CryptHashData 0x0 0x40129c 0xe6470 0xe5870 0x9d
KERNEL32.dll (85)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLocaleInfoA 0x0 0x4012a4 0xe6478 0xe5878 0x174
SetFilePointer 0x0 0x4012a8 0xe647c 0xe587c 0x31b
CreateFileMappingA 0x0 0x4012ac 0xe6480 0xe5880 0x54
ReadFile 0x0 0x4012b0 0xe6484 0xe5884 0x2b5
GetProcessHeap 0x0 0x4012b4 0xe6488 0xe5888 0x1a3
CreateFileA 0x0 0x4012b8 0xe648c 0xe588c 0x53
DeleteFileA 0x0 0x4012bc 0xe6490 0xe5890 0x83
GetFullPathNameA 0x0 0x4012c0 0xe6494 0xe5894 0x169
FindNextFileA 0x0 0x4012c4 0xe6498 0xe5898 0xdc
FindFirstFileA 0x0 0x4012c8 0xe649c 0xe589c 0xd2
GetFileSize 0x0 0x4012cc 0xe64a0 0xe58a0 0x163
GetShortPathNameA 0x0 0x4012d0 0xe64a4 0xe58a4 0x1b5
GetFileTime 0x0 0x4012d4 0xe64a8 0xe58a8 0x165
SetLastError 0x0 0x4012d8 0xe64ac 0xe58ac 0x328
CreateToolhelp32Snapshot 0x0 0x4012dc 0xe64b0 0xe58b0 0x72
Module32FirstW 0x0 0x4012e0 0xe64b4 0xe58b4 0x26b
Module32NextW 0x0 0x4012e4 0xe64b8 0xe58b8 0x26d
ReadProcessMemory 0x0 0x4012e8 0xe64bc 0xe58bc 0x2b8
OpenThread 0x0 0x4012ec 0xe64c0 0xe58c0 0x28a
CompareFileTime 0x0 0x4012f0 0xe64c4 0xe58c4 0x39
VirtualFree 0x0 0x4012f4 0xe64c8 0xe58c8 0x383
VirtualAlloc 0x0 0x4012f8 0xe64cc 0xe58cc 0x381
GetSystemInfo 0x0 0x4012fc 0xe64d0 0xe58d0 0x1c5
HeapReAlloc 0x0 0x401300 0xe64d4 0xe58d4 0x21a
HeapDestroy 0x0 0x401304 0xe64d8 0xe58d8 0x214
HeapCreate 0x0 0x401308 0xe64dc 0xe58dc 0x212
LockResource 0x0 0x40130c 0xe64e0 0xe58e0 0x265
IsDebuggerPresent 0x0 0x401310 0xe64e4 0xe58e4 0x239
DuplicateHandle 0x0 0x401314 0xe64e8 0xe58e8 0x93
GetCurrentProcessId 0x0 0x401318 0xe64ec 0xe58ec 0x143
GetCurrentThreadId 0x0 0x40131c 0xe64f0 0xe58f0 0x146
GetThreadLocale 0x0 0x401320 0xe64f4 0xe58f4 0x1da
SetEvent 0x0 0x401324 0xe64f8 0xe58f8 0x316
ReleaseMutex 0x0 0x401328 0xe64fc 0xe58fc 0x2c2
UnmapViewOfFile 0x0 0x40132c 0xe6500 0xe5900 0x371
MapViewOfFile 0x0 0x401330 0xe6504 0xe5904 0x268
HeapAlloc 0x0 0x401334 0xe6508 0xe5908 0x210
lstrlenA 0x0 0x401338 0xe650c 0xe590c 0x3cc
HeapFree 0x0 0x40133c 0xe6510 0xe5910 0x216
GetCommandLineW 0x0 0x401340 0xe6514 0xe5914 0x111
GetCommandLineA 0x0 0x401344 0xe6518 0xe5918 0x110
LoadResource 0x0 0x401348 0xe651c 0xe591c 0x257
SizeofResource 0x0 0x40134c 0xe6520 0xe5920 0x355
GetACP 0x0 0x401350 0xe6524 0xe5924 0xfd
InterlockedDecrement 0x0 0x401354 0xe6528 0xe5928 0x228
InterlockedIncrement 0x0 0x401358 0xe652c 0xe592c 0x22c
LeaveCriticalSection 0x0 0x40135c 0xe6530 0xe5930 0x251
EnterCriticalSection 0x0 0x401360 0xe6534 0xe5934 0x98
AreFileApisANSI 0x0 0x401364 0xe6538 0xe5938 0xc
MultiByteToWideChar 0x0 0x401368 0xe653c 0xe593c 0x275
IsValidCodePage 0x0 0x40136c 0xe6540 0xe5940 0x23f
GetFileType 0x0 0x401370 0xe6544 0xe5944 0x166
GetSystemDefaultLangID 0x0 0x401374 0xe6548 0xe5948 0x1bf
TerminateProcess 0x0 0x401378 0xe654c 0xe594c 0x35e
GetCurrentProcess 0x0 0x40137c 0xe6550 0xe5950 0x142
WideCharToMultiByte 0x0 0x401380 0xe6554 0xe5954 0x394
WriteFile 0x0 0x401384 0xe6558 0xe5958 0x3a4
GetVersionExA 0x0 0x401388 0xe655c 0xe595c 0x1e9
CloseHandle 0x0 0x40138c 0xe6560 0xe5960 0x34
DeleteCriticalSection 0x0 0x401390 0xe6564 0xe5964 0x81
InitializeCriticalSection 0x0 0x401394 0xe6568 0xe5968 0x223
GetUserDefaultLCID 0x0 0x401398 0xe656c 0xe596c 0x1e3
GetSystemDefaultLCID 0x0 0x40139c 0xe6570 0xe5970 0x1be
ConvertDefaultLocale 0x0 0x4013a0 0xe6574 0xe5974 0x3f
GetConsoleOutputCP 0x0 0x4013a4 0xe6578 0xe5978 0x135
FindClose 0x0 0x4013a8 0xe657c 0xe597c 0xce
RaiseException 0x0 0x4013ac 0xe6580 0xe5980 0x2a7
InterlockedExchange 0x0 0x4013b0 0xe6584 0xe5984 0x229
GetLastError 0x0 0x4013b4 0xe6588 0xe5988 0x171
GetProcAddress 0x0 0x4013b8 0xe658c 0xe598c 0x1a0
FreeLibrary 0x0 0x4013bc 0xe6590 0xe5990 0xf8
LocalAlloc 0x0 0x4013c0 0xe6594 0xe5994 0x258
LocalFree 0x0 0x4013c4 0xe6598 0xe5998 0x25c
GetStdHandle 0x0 0x4013c8 0xe659c 0xe599c 0x1b9
GetConsoleScreenBufferInfo 0x0 0x4013cc 0xe65a0 0xe59a0 0x137
LoadLibraryA 0x0 0x4013d0 0xe65a4 0xe59a4 0x252
Sleep 0x0 0x4013d4 0xe65a8 0xe59a8 0x356
InterlockedCompareExchange 0x0 0x4013d8 0xe65ac 0xe59ac 0x226
SetUnhandledExceptionFilter 0x0 0x4013dc 0xe65b0 0xe59b0 0x34a
QueryPerformanceCounter 0x0 0x4013e0 0xe65b4 0xe59b4 0x2a3
GetTickCount 0x0 0x4013e4 0xe65b8 0xe59b8 0x1df
GetSystemTimeAsFileTime 0x0 0x4013e8 0xe65bc 0xe59bc 0x1ca
UnhandledExceptionFilter 0x0 0x4013ec 0xe65c0 0xe59c0 0x36e
WaitForSingleObject 0x0 0x4013f0 0xe65c4 0xe59c4 0x390
GetModuleFileNameA 0x0 0x4013f4 0xe65c8 0xe59c8 0x17d
Digital Signatures (2)
»
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA
Country Name US
Valid From 2014-04-22 17:39:00+00:00
Valid Until 2015-07-22 17:39:00+00:00
Algorithm sha1_rsa
Serial Number 33 00 00 00 CA 6C D5 32 12 35 C4 E1 55 00 01 00 00 00 CA
Thumbprint 67 B1 75 78 63 E3 EF F7 60 EA 9E BB 02 84 9A F0 7D 3A 80 80
Certificate: Microsoft Code Signing PCA
»
Issued by Microsoft Code Signing PCA
Country Name US
Valid From 2010-08-31 22:19:32+00:00
Valid Until 2020-08-31 22:29:32+00:00
Algorithm sha1_rsa
Serial Number 61 33 26 1A 00 00 00 00 00 31
Thumbprint 3C AF 9B A2 DB 55 70 CA F7 69 42 FF 99 10 1B 99 38 88 E2 57
C:\Users\CIiHmnxMn6Ps\AppData\Local\uTorrent.exe Created File Unknown
Whitelisted
...
»
Also Known As c:\windows\syswow64\install\svchost.exe (Created File)
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\install\svchost.exe (Created File)
Mime Type application/x-empty
File Size 0.00 KB
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
First Seen 2011-05-27 11:27 (UTC+2)
Last Seen 2017-04-19 12:47 (UTC+2)
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps8 (Created File)
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 cd58a6e3deb31a3408880f7ec26c44ca Copy to Clipboard
SHA1 69b783c9df7d1e7c00e1a451fffb81b0fe3e6c38 Copy to Clipboard
SHA256 95f1966db6c767d5ce564d5ff2d6653c7d83c355cd34ff845c4bc8e5dc311fdb Copy to Clipboard
SSDeep 3:KfR:Kp Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps2.txt Created File Text
Unknown
...
»
Mime Type text/plain
File Size 385.12 KB
MD5 a317c7281bd18ad4bea976df0e02144f Copy to Clipboard
SHA1 c7fec219b00a35d60b6a415ec09945f5d6702358 Copy to Clipboard
SHA256 699eb8dca2b0918265d5073ddb279e1abe6e134c2340b10f346aaea4ed46227f Copy to Clipboard
SSDeep 6144:rA0nitqv/nHrHxVPGTZTzq9SkTr2m7mrUsqWBn837FNldObO3k1jh:rBi8vvrHxVPKyv2m77sZB07FxObO32l Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 c3bcaed710909e32fdd105c10455febc Copy to Clipboard
SHA1 9abb0888ba30cd35a6a56356c52992b7df9b8b9d Copy to Clipboard
SHA256 94a9803f5b36ffcb30af44ce9a65301444c2e268328a6152b143d218f77b0610 Copy to Clipboard
SSDeep 3:KfU:Ks Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 92bfa1b6dca10a604cdce67900d747ab Copy to Clipboard
SHA1 19f4afce1cbc914b9e0d3d7c1cd8a9a85635f9b6 Copy to Clipboard
SHA256 c76529e2f3545090366fa8e21cfc0bbe69b9ee5000e53070d704d489994bc5f1 Copy to Clipboard
SSDeep 3:OY:OY Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps2.txt Created File Text
Unknown
...
»
Mime Type text/plain
File Size 385.10 KB
MD5 b2af7af5965cfbe7c37072fe9196e7dd Copy to Clipboard
SHA1 edd23c5f0d1fe65827fb5a678bd590425e1c2b87 Copy to Clipboard
SHA256 18999411b2fb51ed2cb6044a3e38bf76567fd6cdf1ac1155fe511a84d83606cd Copy to Clipboard
SSDeep 6144:gA0nitqv/nHrHxVPGTZTzq9SkTr2m7mrUsqWBn837FNldObO3k1jh:gBi8vvrHxVPKyv2m77sZB07FxObO32l Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 f3bd5373cddbf133fd862cf2fbeb5239 Copy to Clipboard
SHA1 1cfd136bdd8425796edd15f7b1270f24ab562972 Copy to Clipboard
SHA256 fc5ff02dd2a0d42d148aba0f7af2f466edb263d8265cc6a53270c98ee3a52d25 Copy to Clipboard
SSDeep 3:KfS:Kq Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps8 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 dd10a37d7c14a670e3ac7eb9333eb638 Copy to Clipboard
SHA1 61e4c5dea488d0d8f9e19e9a07dbf4f5f4fa32ba Copy to Clipboard
SHA256 da23fab7c94a605936b4ac9df3da66f5104b040777acf1e30c0b40b8e3749291 Copy to Clipboard
SSDeep 3:O8n:O8n Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 f80455e34ff5881a7c42231ac16d3e89 Copy to Clipboard
SHA1 8514588816939921040ef030b253bcaf2cc9282d Copy to Clipboard
SHA256 0c37922dc8c0e9efa79b07ed75ee07e0761da9bc4a8e7331e57aa3ad940ed8c6 Copy to Clipboard
SSDeep 3:OZ:OZ Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\D2CA4DEF\21-11-2018 Created File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 0.08 KB
MD5 af900417584624e7071641559d29e3c7 Copy to Clipboard
SHA1 f44abd35c252539ab183aa20b3c24ac2369c8674 Copy to Clipboard
SHA256 68c33b1c6248cc3ed73dd758420ed370ff6dc082d607557c5e2e3da821fb71d8 Copy to Clipboard
SSDeep 3:TlbC1c5TUmh/VJS1Joanh:Q1yAmhdyoWh Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps8 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 7f77d674b1e8b92c8517b85260557f7f Copy to Clipboard
SHA1 49874a83cb0c1c3750ddf07592d0c5ae025a9259 Copy to Clipboard
SHA256 ffd96dec29021897a31ded76d58626b66b01b02b3926f5ebd1b1f860ac76a137 Copy to Clipboard
SSDeep 3:OW:OW Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 52fee28b460a0e82b479288ed9aad51b Copy to Clipboard
SHA1 16719a4829c12afae1904b12406dc2a4ce548017 Copy to Clipboard
SHA256 f1afa44be2980873252236d40071744e99df3014293f9ad5a49398152bd4344b Copy to Clipboard
SSDeep 3:O/n:O/ Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\AppData\Local\cBxBGxB Created File Stream
Unknown
...
»
Also Known As C:\Users\CIiHmnxMn6Ps\AppData\Local\cBxBGxB (Created File)
Mime Type application/octet-stream
File Size 428.01 KB
MD5 2a335af28de46ab0c68fc8f38cf4a1ce Copy to Clipboard
SHA1 dc5d95d6c8ceb93d04dc5a4c2ae0928267784130 Copy to Clipboard
SHA256 0c436da0aec39721cbacbccd7cea43ef0848440c79195c13169ab89cf9311327 Copy to Clipboard
SSDeep 12288:iDk11YUzEhUFNGI8hpG+qLV9YzzHdEVGhPr:3HzEoNGIKGJHYzzHSVGR Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\D2CA4DEF\ak.tmp Created File Text
Unknown
...
»
Mime Type text/plain
File Size 0.05 KB
MD5 fd67f0d2e500c599cab42685b05639f9 Copy to Clipboard
SHA1 aa373295b498c16ac40f61aadcb832b42c7bfb23 Copy to Clipboard
SHA256 711f804d198e39db0e915fd6ccc57fcd7d1a8191db2d86a9d656e88fddcef271 Copy to Clipboard
SSDeep 3:sZmP4tRBBFQtTUuybB:x4tRBBFQtTw Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 7dd19ec7de17d6ba938ed733c514ef20 Copy to Clipboard
SHA1 84dbb347b4ab71cc77df94532014b7df76adfb6c Copy to Clipboard
SHA256 f838550cf4f44b2f3c44804ca2c4cbc2b3a42ffea9c0835533b72bf81ff7e38b Copy to Clipboard
SSDeep 3:O+n:O+n Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Unknown
...
»
Also Known As C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 (Created File)
Mime Type text/plain
File Size 0.01 KB
MD5 c92b9edd5e62426a769875b1146290b7 Copy to Clipboard
SHA1 5aedd83ec79466ce24ff92c75abf2989f6bd0126 Copy to Clipboard
SHA256 0052a516da7df2a8166603c3e259fc79275fdaa681a727d2b5b58e1d8f9baf85 Copy to Clipboard
SSDeep 3:KfT:Kr Copy to Clipboard
C:\Users\CIIHMN~1\AppData\Local\Temp\CIiHmnxMn6Ps7 Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.01 KB
MD5 95500e551a451a5a4e882cdc125024b4 Copy to Clipboard
SHA1 26c2b0aa79389778012999f7d8f5541ee3d725f8 Copy to Clipboard
SHA256 dfa472fec314521f4c76c4c35544ef966d74b33c2a11db8730920ed5daeea554 Copy to Clipboard
SSDeep 3:KfV:Kt Copy to Clipboard
C:\Users\CIiHmnxMn6Ps\AppData\Roaming\D2CA4DEF\ak.tmp Created File Text
Not Queried
...
»
Mime Type text/plain
File Size 0.03 KB
MD5 aae305addaaaa35be9e6c3b41a07a48c Copy to Clipboard
SHA1 9a0c0aaac61cae7e701a3baf9da767189c5e65a7 Copy to Clipboard
SHA256 e5e97847049055d0e6bdac235a2904799d552b4fbebbaf11d5c540d5cf019741 Copy to Clipboard
SSDeep 3:sZmP4tRBBFQF:x4tRBBFQF Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image