Try VMRay Platform
Malicious
Classifications

Spyware Injector

Threat Names

XBinder XLoader Mal/Generic-S Mal/HTMLGen-A

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "20 hours, 21 minutes, 21 seconds" to "23 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Remarks

(0x0200004A): 2 dumps were skipped because they exceeded the maximum dump size of 7 MB. The largest one was 27 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\sample.jar Sample File Java Archive
malicious
»
MIME Type application/java-archive
File Size 706.03 KB
MD5 3c0ab7ca460491b57892aecf093dca97 Copy to Clipboard
SHA1 685a7aa5d866c222119a1d4b3d485e2c72a02b9a Copy to Clipboard
SHA256 33ff9bb1a784b8896ab920c2e0fab1f9e9a631d9b5a8b204f0455acece52630e Copy to Clipboard
SSDeep 12288:q/wCW2+HpZChZpaDQjZ72kX58jza8TYMrkyWLNGrKp4hJhh3bYdITa:q/vR+HpZNi7H180MYMrKpohpbYd8a Copy to Clipboard
ImpHash -
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
XBinder Packer used to distribute malware -
5/5
C:\Users\RDhJ0CNFevzX\gIkAOpZB.exe Dropped File Binary
malicious
»
Also Known As c:\users\rdhj0cnfevzx\appdata\local\temp\xmpxd9\hl-ili.exe (Dropped File)
c:\program files (x86)\xmpxd9\hl-ili.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 612.00 KB
MD5 ff882802d113ed02fa070c496f89d797 Copy to Clipboard
SHA1 aad1eed1c53f1d33ab52e13442b036bfeee91f1b Copy to Clipboard
SHA256 4216ff4fa7533209a6e50c6f05c5216b8afb456e6a3ab6b65ed9fcbdbd275096 Copy to Clipboard
SSDeep 12288:N7MTwrEg4nkEo2sH2yefktZkgHAyRsrGGFJr23+sejpAmiL:lMTwrEgskEorogHA0slrsfejc Copy to Clipboard
ImpHash c4824f327856ec0705e7797356a7405e Copy to Clipboard
File Reputation Information
»
Verdict
malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x4367cb
Size Of Code 0x50000
Size Of Initialized Data 0x48000
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2016-12-06 11:32:08+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x50000 0x50000 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.36
.rdata 0x451000 0x17000 0x17000 0x51000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.61
.data 0x468000 0xb848 0x8000 0x68000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.93
.zrjfv 0x474000 0x28ee9 0x29000 0x70000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.98
Imports (12)
»
OPENGL32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
glGenTextures - 0x4512e8 0x65a0c 0x65a0c 0x6a
glBindTexture - 0x4512ec 0x65a10 0x65a10 0xc
glTexParameteri - 0x4512f0 0x65a14 0x65a14 0x138
glTexImage2D - 0x4512f4 0x65a18 0x65a18 0x135
glBegin - 0x4512f8 0x65a1c 0x65a1c 0xb
glArrayElement - 0x4512fc 0x65a20 0x65a20 0xa
KERNEL32.dll (122)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlUnwind - 0x4510cc 0x657f0 0x657f0 0x22f
HeapAlloc - 0x4510d0 0x657f4 0x657f4 0x199
HeapFree - 0x4510d4 0x657f8 0x657f8 0x19f
HeapReAlloc - 0x4510d8 0x657fc 0x657fc 0x1a2
GetTimeZoneInformation - 0x4510dc 0x65800 0x65800 0x170
GetSystemTime - 0x4510e0 0x65804 0x65804 0x15d
GetLocalTime - 0x4510e4 0x65808 0x65808 0x11b
GetStartupInfoA - 0x4510e8 0x6580c 0x6580c 0x150
GetCommandLineA - 0x4510ec 0x65810 0x65810 0xca
ExitProcess - 0x4510f0 0x65814 0x65814 0x7d
RaiseException - 0x4510f4 0x65818 0x65818 0x20b
TerminateProcess - 0x4510f8 0x6581c 0x6581c 0x29e
HeapSize - 0x4510fc 0x65820 0x65820 0x1a3
GetACP - 0x451100 0x65824 0x65824 0xb9
HeapDestroy - 0x451104 0x65828 0x65828 0x19d
HeapCreate - 0x451108 0x6582c 0x6582c 0x19b
VirtualFree - 0x45110c 0x65830 0x65830 0x2bf
VirtualAlloc - 0x451110 0x65834 0x65834 0x2bb
IsBadWritePtr - 0x451114 0x65838 0x65838 0x1b8
UnhandledExceptionFilter - 0x451118 0x6583c 0x6583c 0x2ad
FreeEnvironmentStringsA - 0x45111c 0x65840 0x65840 0xb2
FreeEnvironmentStringsW - 0x451120 0x65844 0x65844 0xb3
GetEnvironmentStrings - 0x451124 0x65848 0x65848 0x106
GetEnvironmentStringsW - 0x451128 0x6584c 0x6584c 0x108
SetHandleCount - 0x45112c 0x65850 0x65850 0x26d
GetStdHandle - 0x451130 0x65854 0x65854 0x152
GetFileType - 0x451134 0x65858 0x65858 0x115
SetUnhandledExceptionFilter - 0x451138 0x6585c 0x6585c 0x28b
LCMapStringA - 0x45113c 0x65860 0x65860 0x1bf
LCMapStringW - 0x451140 0x65864 0x65864 0x1c0
GetStringTypeA - 0x451144 0x65868 0x65868 0x153
GetStringTypeW - 0x451148 0x6586c 0x6586c 0x156
IsBadReadPtr - 0x45114c 0x65870 0x65870 0x1b5
IsBadCodePtr - 0x451150 0x65874 0x65874 0x1b2
SetStdHandle - 0x451154 0x65878 0x65878 0x27c
CompareStringA - 0x451158 0x6587c 0x6587c 0x21
CompareStringW - 0x45115c 0x65880 0x65880 0x22
SetEnvironmentVariableA - 0x451160 0x65884 0x65884 0x262
SetFileTime - 0x451164 0x65888 0x65888 0x26c
SystemTimeToFileTime - 0x451168 0x6588c 0x6588c 0x29b
LocalFileTimeToFileTime - 0x45116c 0x65890 0x65890 0x1ca
GetProfileStringA - 0x451170 0x65894 0x65894 0x14b
GetDiskFreeSpaceExA - 0x451174 0x65898 0x65898 0x101
GetVolumeInformationA - 0x451178 0x6589c 0x6589c 0x177
GetDriveTypeA - 0x45117c 0x658a0 0x658a0 0x104
VirtualProtect - 0x451180 0x658a4 0x658a4 0x2c3
GetProcAddress - 0x451184 0x658a8 0x658a8 0x13e
GetModuleHandleA - 0x451188 0x658ac 0x658ac 0x126
lstrcpyA - 0x45118c 0x658b0 0x658b0 0x302
GlobalDeleteAtom - 0x451190 0x658b4 0x658b4 0x183
GlobalFindAtomA - 0x451194 0x658b8 0x658b8 0x184
GlobalAddAtomA - 0x451198 0x658bc 0x658bc 0x17f
lstrcmpiA - 0x45119c 0x658c0 0x658c0 0x2ff
GlobalGetAtomNameA - 0x4511a0 0x658c4 0x658c4 0x189
GetCurrentThreadId - 0x4511a4 0x658c8 0x658c8 0xfa
lstrcatA - 0x4511a8 0x658cc 0x658cc 0x2f9
GetVersion - 0x4511ac 0x658d0 0x658d0 0x174
LockResource - 0x4511b0 0x658d4 0x658d4 0x1d5
LoadResource - 0x4511b4 0x658d8 0x658d8 0x1c7
FindResourceA - 0x4511b8 0x658dc 0x658dc 0xa3
FreeLibrary - 0x4511bc 0x658e0 0x658e0 0xb4
LoadLibraryA - 0x4511c0 0x658e4 0x658e4 0x1c2
InterlockedIncrement - 0x4511c4 0x658e8 0x658e8 0x1b0
InterlockedDecrement - 0x4511c8 0x658ec 0x658ec 0x1ad
lstrlenA - 0x4511cc 0x658f0 0x658f0 0x308
WideCharToMultiByte - 0x4511d0 0x658f4 0x658f4 0x2d2
MultiByteToWideChar - 0x4511d4 0x658f8 0x658f8 0x1e4
SetLastError - 0x4511d8 0x658fc 0x658fc 0x271
MulDiv - 0x4511dc 0x65900 0x65900 0x1e3
GlobalUnlock - 0x4511e0 0x65904 0x65904 0x193
GlobalLock - 0x4511e4 0x65908 0x65908 0x18c
lstrcpynA - 0x4511e8 0x6590c 0x6590c 0x305
GetLastError - 0x4511ec 0x65910 0x65910 0x11a
LocalFree - 0x4511f0 0x65914 0x65914 0x1cc
FormatMessageA - 0x4511f4 0x65918 0x65918 0xaf
GlobalFree - 0x4511f8 0x6591c 0x6591c 0x188
GetCurrentThread - 0x4511fc 0x65920 0x65920 0xf9
lstrcmpA - 0x451200 0x65924 0x65924 0x2fc
GlobalAlloc - 0x451204 0x65928 0x65928 0x181
GetModuleFileNameA - 0x451208 0x6592c 0x6592c 0x124
GetFileTime - 0x45120c 0x65930 0x65930 0x114
GetFileSize - 0x451210 0x65934 0x65934 0x112
GetFileAttributesA - 0x451214 0x65938 0x65938 0x10d
GetTickCount - 0x451218 0x6593c 0x6593c 0x16d
FileTimeToLocalFileTime - 0x45121c 0x65940 0x65940 0x89
FileTimeToSystemTime - 0x451220 0x65944 0x65944 0x8a
GetFullPathNameA - 0x451224 0x65948 0x65948 0x116
FindFirstFileA - 0x451228 0x6594c 0x6594c 0x94
FindClose - 0x45122c 0x65950 0x65950 0x90
DeleteFileA - 0x451230 0x65954 0x65954 0x57
SetEndOfFile - 0x451234 0x65958 0x65958 0x261
UnlockFile - 0x451238 0x6595c 0x6595c 0x2ae
LockFile - 0x45123c 0x65960 0x65960 0x1d3
FlushFileBuffers - 0x451240 0x65964 0x65964 0xaa
SetFilePointer - 0x451244 0x65968 0x65968 0x26a
WriteFile - 0x451248 0x6596c 0x6596c 0x2df
ReadFile - 0x45124c 0x65970 0x65970 0x218
CreateFileA - 0x451250 0x65974 0x65974 0x34
GetCurrentProcess - 0x451254 0x65978 0x65978 0xf7
DuplicateHandle - 0x451258 0x6597c 0x6597c 0x63
SetErrorMode - 0x45125c 0x65980 0x65980 0x264
GetThreadLocale - 0x451260 0x65984 0x65984 0x168
GetCurrentDirectoryA - 0x451264 0x65988 0x65988 0xf5
WritePrivateProfileStringA - 0x451268 0x6598c 0x6598c 0x2e5
SizeofResource - 0x45126c 0x65990 0x65990 0x295
GetOEMCP - 0x451270 0x65994 0x65994 0x131
GetCPInfo - 0x451274 0x65998 0x65998 0xbf
GetProcessVersion - 0x451278 0x6599c 0x6599c 0x145
GlobalFlags - 0x45127c 0x659a0 0x659a0 0x187
TlsGetValue - 0x451280 0x659a4 0x659a4 0x2a4
LocalReAlloc - 0x451284 0x659a8 0x659a8 0x1cf
TlsSetValue - 0x451288 0x659ac 0x659ac 0x2a5
EnterCriticalSection - 0x45128c 0x659b0 0x659b0 0x66
GlobalReAlloc - 0x451290 0x659b4 0x659b4 0x18f
LeaveCriticalSection - 0x451294 0x659b8 0x659b8 0x1c1
TlsFree - 0x451298 0x659bc 0x659bc 0x2a3
GlobalHandle - 0x45129c 0x659c0 0x659c0 0x18b
DeleteCriticalSection - 0x4512a0 0x659c4 0x659c4 0x55
TlsAlloc - 0x4512a4 0x659c8 0x659c8 0x2a2
InitializeCriticalSection - 0x4512a8 0x659cc 0x659cc 0x1aa
LocalAlloc - 0x4512ac 0x659d0 0x659d0 0x1c8
CloseHandle - 0x4512b0 0x659d4 0x659d4 0x1b
USER32.dll (124)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBeep - 0x451304 0x65a28 0x65a28 0x1bd
CharUpperA - 0x451308 0x65a2c 0x65a2c 0x2f
RegisterClipboardFormatA - 0x45130c 0x65a30 0x65a30 0x1f6
PostThreadMessageA - 0x451310 0x65a34 0x65a34 0x1e1
LoadStringA - 0x451314 0x65a38 0x65a38 0x1ab
DestroyMenu - 0x451318 0x65a3c 0x65a3c 0x8d
GetSysColorBrush - 0x45131c 0x65a40 0x65a40 0x144
LoadCursorA - 0x451320 0x65a44 0x65a44 0x19a
GetDesktopWindow - 0x451324 0x65a48 0x65a48 0xff
PtInRect - 0x451328 0x65a4c 0x65a4c 0x1ea
GetClassNameA - 0x45132c 0x65a50 0x65a50 0xed
MapDialogRect - 0x451330 0x65a54 0x65a54 0x1b4
SetWindowContextHelpId - 0x451334 0x65a58 0x65a58 0x257
GetMessageA - 0x451338 0x65a5c 0x65a5c 0x12a
TranslateMessage - 0x45133c 0x65a60 0x65a60 0x282
ValidateRect - 0x451340 0x65a64 0x65a64 0x29a
GetCursorPos - 0x451344 0x65a68 0x65a68 0xfc
SetCursor - 0x451348 0x65a6c 0x65a6c 0x226
PostQuitMessage - 0x45134c 0x65a70 0x65a70 0x1e0
EndDialog - 0x451350 0x65a74 0x65a74 0xb9
GetActiveWindow - 0x451354 0x65a78 0x65a78 0xdd
CreateDialogIndirectParamA - 0x451358 0x65a7c 0x65a7c 0x4c
GrayStringA - 0x45135c 0x65a80 0x65a80 0x164
DrawTextA - 0x451360 0x65a84 0x65a84 0xaf
TabbedTextOutA - 0x451364 0x65a88 0x65a88 0x273
EndPaint - 0x451368 0x65a8c 0x65a8c 0xbb
BeginPaint - 0x45136c 0x65a90 0x65a90 0xc
GetWindowDC - 0x451370 0x65a94 0x65a94 0x154
ReleaseDC - 0x451374 0x65a98 0x65a98 0x203
GetDC - 0x451378 0x65a9c 0x65a9c 0xfd
ClientToScreen - 0x45137c 0x65aa0 0x65aa0 0x3a
GetMenuCheckMarkDimensions - 0x451380 0x65aa4 0x65aa4 0x11e
GetMenuState - 0x451384 0x65aa8 0x65aa8 0x127
ModifyMenuA - 0x451388 0x65aac 0x65aac 0x1c4
SetMenuItemBitmaps - 0x45138c 0x65ab0 0x65ab0 0x239
CheckMenuItem - 0x451390 0x65ab4 0x65ab4 0x34
EnableMenuItem - 0x451394 0x65ab8 0x65ab8 0xb5
GetNextDlgGroupItem - 0x451398 0x65abc 0x65abc 0x132
IsWindowEnabled - 0x45139c 0x65ac0 0x65ac0 0x190
ShowWindow - 0x4513a0 0x65ac4 0x65ac4 0x26a
MoveWindow - 0x4513a4 0x65ac8 0x65ac8 0x1c9
SetWindowTextA - 0x4513a8 0x65acc 0x65acc 0x25e
IsDialogMessageA - 0x4513ac 0x65ad0 0x65ad0 0x188
PostMessageA - 0x4513b0 0x65ad4 0x65ad4 0x1de
UpdateWindow - 0x4513b4 0x65ad8 0x65ad8 0x291
SendDlgItemMessageA - 0x4513b8 0x65adc 0x65adc 0x20f
MapWindowPoints - 0x4513bc 0x65ae0 0x65ae0 0x1b9
GetSysColor - 0x4513c0 0x65ae4 0x65ae4 0x143
PeekMessageA - 0x4513c4 0x65ae8 0x65ae8 0x1dc
DispatchMessageA - 0x4513c8 0x65aec 0x65aec 0x95
GetFocus - 0x4513cc 0x65af0 0x65af0 0x107
SetActiveWindow - 0x4513d0 0x65af4 0x65af4 0x21c
IsWindow - 0x4513d4 0x65af8 0x65af8 0x18f
SetFocus - 0x4513d8 0x65afc 0x65afc 0x22f
AdjustWindowRectEx - 0x4513dc 0x65b00 0x65b00 0x2
ScreenToClient - 0x4513e0 0x65b04 0x65b04 0x20a
CopyRect - 0x4513e4 0x65b08 0x65b08 0x44
IsWindowVisible - 0x4513e8 0x65b0c 0x65b0c 0x192
InflateRect - 0x4513ec 0x65b10 0x65b10 0x171
FillRect - 0x4513f0 0x65b14 0x65b14 0xd4
GetClientRect - 0x4513f4 0x65b18 0x65b18 0xf0
UnregisterClassA - 0x4513f8 0x65b1c 0x65b1c 0x28b
LoadBitmapA - 0x4513fc 0x65b20 0x65b20 0x198
HideCaret - 0x451400 0x65b24 0x65b24 0x166
ShowCaret - 0x451404 0x65b28 0x65b28 0x265
ExcludeUpdateRgn - 0x451408 0x65b2c 0x65b2c 0xd2
GetTopWindow - 0x45140c 0x65b30 0x65b30 0x14c
MessageBoxA - 0x451410 0x65b34 0x65b34 0x1be
IsChild - 0x451414 0x65b38 0x65b38 0x185
GetParent - 0x451418 0x65b3c 0x65b3c 0x135
GetCapture - 0x45141c 0x65b40 0x65b40 0xe4
WinHelpA - 0x451420 0x65b44 0x65b44 0x2a6
wsprintfA - 0x451424 0x65b48 0x65b48 0x2ac
GetClassInfoA - 0x451428 0x65b4c 0x65b4c 0xe7
RegisterClassA - 0x45142c 0x65b50 0x65b50 0x1f2
GetMenu - 0x451430 0x65b54 0x65b54 0x11c
GetMenuItemCount - 0x451434 0x65b58 0x65b58 0x122
GetSubMenu - 0x451438 0x65b5c 0x65b5c 0x142
SetRect - 0x45143c 0x65b60 0x65b60 0x244
CopyAcceleratorTableA - 0x451440 0x65b64 0x65b64 0x40
CharNextA - 0x451444 0x65b68 0x65b68 0x25
GetNextDlgTabItem - 0x451448 0x65b6c 0x65b6c 0x133
GetMenuItemID - 0x45144c 0x65b70 0x65b70 0x123
DrawFocusRect - 0x451450 0x65b74 0x65b74 0xa6
DefDlgProcA - 0x451454 0x65b78 0x65b78 0x7e
IsWindowUnicode - 0x451458 0x65b7c 0x65b7c 0x191
InvalidateRect - 0x45145c 0x65b80 0x65b80 0x17a
EnableWindow - 0x451460 0x65b84 0x65b84 0xb7
GetSystemMetrics - 0x451464 0x65b88 0x65b88 0x146
DrawIcon - 0x451468 0x65b8c 0x65b8c 0xa9
SendMessageA - 0x45146c 0x65b90 0x65b90 0x214
IsIconic - 0x451470 0x65b94 0x65b94 0x18c
LoadIconA - 0x451474 0x65b98 0x65b98 0x19e
GetWindowRect - 0x451478 0x65b9c 0x65b9c 0x15c
GetWindowPlacement - 0x45147c 0x65ba0 0x65ba0 0x15b
SystemParametersInfoA - 0x451480 0x65ba4 0x65ba4 0x271
IntersectRect - 0x451484 0x65ba8 0x65ba8 0x179
OffsetRect - 0x451488 0x65bac 0x65bac 0x1d2
RegisterWindowMessageA - 0x45148c 0x65bb0 0x65bb0 0x200
SetWindowPos - 0x451490 0x65bb4 0x65bb4 0x25b
SetWindowLongA - 0x451494 0x65bb8 0x65bb8 0x258
GetWindowLongA - 0x451498 0x65bbc 0x65bbc 0x156
GetWindow - 0x45149c 0x65bc0 0x65bc0 0x152
SetForegroundWindow - 0x4514a0 0x65bc4 0x65bc4 0x230
GetForegroundWindow - 0x4514a4 0x65bc8 0x65bc8 0x108
GetLastActivePopup - 0x4514a8 0x65bcc 0x65bcc 0x119
GetMessagePos - 0x4514ac 0x65bd0 0x65bd0 0x12c
GetMessageTime - 0x4514b0 0x65bd4 0x65bd4 0x12d
RemovePropA - 0x4514b4 0x65bd8 0x65bd8 0x205
CallWindowProcA - 0x4514b8 0x65bdc 0x65bdc 0x16
GetPropA - 0x4514bc 0x65be0 0x65be0 0x13a
UnhookWindowsHookEx - 0x4514c0 0x65be4 0x65be4 0x286
SetPropA - 0x4514c4 0x65be8 0x65be8 0x242
GetClassLongA - 0x4514c8 0x65bec 0x65bec 0xeb
CallNextHookEx - 0x4514cc 0x65bf0 0x65bf0 0x15
SetWindowsHookExA - 0x4514d0 0x65bf4 0x65bf4 0x262
CreateWindowExA - 0x4514d4 0x65bf8 0x65bf8 0x59
DestroyWindow - 0x4514d8 0x65bfc 0x65bfc 0x8e
GetDlgItem - 0x4514dc 0x65c00 0x65c00 0x102
GetWindowTextLengthA - 0x4514e0 0x65c04 0x65c04 0x15f
GetWindowTextA - 0x4514e4 0x65c08 0x65c08 0x15e
GetDlgCtrlID - 0x4514e8 0x65c0c 0x65c0c 0x101
GetKeyState - 0x4514ec 0x65c10 0x65c10 0x112
DefWindowProcA - 0x4514f0 0x65c14 0x65c14 0x84
GDI32.dll (43)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStockObject - 0x45101c 0x65740 0x65740 0x15f
SetBkMode - 0x451020 0x65744 0x65744 0x1ce
SetMapMode - 0x451024 0x65748 0x65748 0x1e2
SetViewportOrgEx - 0x451028 0x6574c 0x6574c 0x1f6
OffsetViewportOrgEx - 0x45102c 0x65750 0x65750 0x18c
SetViewportExtEx - 0x451030 0x65754 0x65754 0x1f5
ScaleViewportExtEx - 0x451034 0x65758 0x65758 0x1c1
SetWindowExtEx - 0x451038 0x6575c 0x6575c 0x1f9
ScaleWindowExtEx - 0x45103c 0x65760 0x65760 0x1c2
IntersectClipRect - 0x451040 0x65764 0x65764 0x180
DeleteObject - 0x451044 0x65768 0x65768 0x53
SelectObject - 0x451048 0x6576c 0x6576c 0x1c7
GetDeviceCaps - 0x45104c 0x65770 0x65770 0x125
GetViewportExtEx - 0x451050 0x65774 0x65774 0x178
GetWindowExtEx - 0x451054 0x65778 0x65778 0x17b
CreatePen - 0x451058 0x6577c 0x6577c 0x44
PtVisible - 0x45105c 0x65780 0x65780 0x1aa
RectVisible - 0x451060 0x65784 0x65784 0x1ae
TextOutA - 0x451064 0x65788 0x65788 0x205
ExtTextOutA - 0x451068 0x6578c 0x6578c 0x9e
Escape - 0x45106c 0x65790 0x65790 0x95
GetMapMode - 0x451070 0x65794 0x65794 0x147
PatBlt - 0x451074 0x65798 0x65798 0x194
DPtoLP - 0x451078 0x6579c 0x6579c 0x4e
GetTextColor - 0x45107c 0x657a0 0x657a0 0x169
GetBkColor - 0x451080 0x657a4 0x657a4 0x107
LPtoDP - 0x451084 0x657a8 0x657a8 0x182
RestoreDC - 0x451088 0x657ac 0x657ac 0x1b9
SaveDC - 0x45108c 0x657b0 0x657b0 0x1c0
DeleteDC - 0x451090 0x657b4 0x657b4 0x50
CreateBitmap - 0x451094 0x657b8 0x657b8 0x24
GetObjectA - 0x451098 0x657bc 0x657bc 0x14f
SetBkColor - 0x45109c 0x657c0 0x657c0 0x1cd
SetTextColor - 0x4510a0 0x657c4 0x657c4 0x1f3
GetClipBox - 0x4510a4 0x657c8 0x657c8 0x11a
LineDDA - 0x4510a8 0x657cc 0x657cc 0x183
Pie - 0x4510ac 0x657d0 0x657d0 0x196
CreateFontA - 0x4510b0 0x657d4 0x657d4 0x36
CreateDIBitmap - 0x4510b4 0x657d8 0x657d8 0x30
GetTextExtentPointA - 0x4510b8 0x657dc 0x657dc 0x170
BitBlt - 0x4510bc 0x657e0 0x657e0 0x11
CreateCompatibleDC - 0x4510c0 0x657e4 0x657e4 0x2a
CreateSolidBrush - 0x4510c4 0x657e8 0x657e8 0x4d
comdlg32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileTitleA - 0x451508 0x65c2c 0x65c2c 0x7
WINSPOOL.DRV (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DocumentPropertiesA - 0x4514f8 0x65c1c 0x65c1c 0x47
OpenPrinterA - 0x4514fc 0x65c20 0x65c20 0x7c
ClosePrinter - 0x451500 0x65c24 0x65c24 0x1c
ADVAPI32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey - 0x451000 0x65724 0x65724 0x15b
RegSetValueExA - 0x451004 0x65728 0x65728 0x186
RegOpenKeyExA - 0x451008 0x6572c 0x6572c 0x172
RegCreateKeyExA - 0x45100c 0x65730 0x65730 0x15f
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x11 0x451014 0x65738 0x65738 -
oledlg.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0x8 0x451550 0x65c74 0x65c74 -
ole32.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoFreeUnusedLibraries - 0x451510 0x65c34 0x65c34 0x16
CoRegisterMessageFilter - 0x451514 0x65c38 0x65c38 0x40
OleInitialize - 0x451518 0x65c3c 0x65c3c 0xc9
CoTaskMemAlloc - 0x45151c 0x65c40 0x65c40 0x4e
CoTaskMemFree - 0x451520 0x65c44 0x65c44 0x4f
CreateILockBytesOnHGlobal - 0x451524 0x65c48 0x65c48 0x60
StgCreateDocfileOnILockBytes - 0x451528 0x65c4c 0x65c4c 0xfe
StgOpenStorageOnILockBytes - 0x45152c 0x65c50 0x65c50 0x10a
CoGetClassObject - 0x451530 0x65c54 0x65c54 0x1c
CLSIDFromString - 0x451534 0x65c58 0x65c58 0x6
CLSIDFromProgID - 0x451538 0x65c5c 0x65c5c 0x5
CoRevokeClassObject - 0x45153c 0x65c60 0x65c60 0x47
OleFlushClipboard - 0x451540 0x65c64 0x65c64 0xc4
OleIsCurrentClipboard - 0x451544 0x65c68 0x65c68 0xcb
OleUninitialize - 0x451548 0x65c6c 0x65c6c 0xe0
OLEPRO32.DLL (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
(by ordinal) 0xfd 0x4512e0 0x65a04 0x65a04 -
OLEAUT32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString 0x6 0x4512b8 0x659dc 0x659dc -
SysAllocStringLen 0x4 0x4512bc 0x659e0 0x659e0 -
VariantClear 0x9 0x4512c0 0x659e4 0x659e4 -
VariantTimeToSystemTime 0xb9 0x4512c4 0x659e8 0x659e8 -
VariantCopy 0xa 0x4512c8 0x659ec 0x659ec -
VariantChangeType 0xc 0x4512cc 0x659f0 0x659f0 -
SysAllocString 0x2 0x4512d0 0x659f4 0x659f4 -
SysAllocStringByteLen 0x96 0x4512d4 0x659f8 0x659f8 -
SysStringLen 0x7 0x4512d8 0x659fc 0x659fc -
Memory Dumps (16)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
gikaopzb.exe 3 0x00400000 0x0049CFFF Relevant Image False 32-bit 0x0043900C False
gikaopzb.exe 3 0x00400000 0x0049CFFF Content Changed False 32-bit 0x00412000 False
buffer 3 0x007CE760 0x007F7648 Dump Rule: FormBookConfig False 32-bit - True
buffer 3 0x007731D0 0x007732E7 Process Termination False 32-bit - False
buffer 3 0x007A2880 0x007A38F3 Process Termination False 32-bit - False
buffer 3 0x007A5958 0x007CE757 Process Termination False 32-bit - False
buffer 3 0x00960004 0x00960103 Process Termination False 32-bit - False
buffer 3 0x009E4D48 0x009E5547 Process Termination False 32-bit - False
buffer 3 0x02230000 0x0232FFFF Process Termination False 32-bit - False
buffer 5 0x009C0000 0x00CB9FFF First Execution False 32-bit 0x00A37000 False
buffer 5 0x006A0000 0x006B0FFF First Execution False 32-bit 0x006A0000 False
buffer 5 0x00CC0000 0x00DDAFFF Marked Executable False 32-bit - False
buffer 5 0x004F0000 0x00518FFF Dump Rule: FormBookConfig False 32-bit - False
buffer 5 0x00580000 0x0067FFFF Process Termination False 32-bit - False
buffer 5 0x00680000 0x00690FFF Process Termination False 32-bit - False
buffer 5 0x00520000 0x00531FFF Image In Buffer False 32-bit - False
c:\users\rdhj0cnfevzx\appdata\local\temp\cielert.tmp Dropped File Binary
malicious
»
MIME Type application/vnd.microsoft.portable-executable
File Size 163.50 KB
MD5 59d9f6108a9df98384d110e847600d8b Copy to Clipboard
SHA1 c5ae360b288d8c60e7f163d3cd5f4fa3370b245d Copy to Clipboard
SHA256 82dd41529ae86f25911df1f4b3b032008b7bc7af33b47c5367863bde1291a410 Copy to Clipboard
SSDeep 3072:TGpV926s5wBS0M3bAg08id+P40t2pE/TZHG:T02ybM309Jd+Pp2AZm Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x41d470
Size Of Code 0x27c00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2007-12-16 02:52:03+00:00
Sections (1)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x27b8c 0x27c00 0x1000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.33
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
XLoader_Win32 XLoader Win32 Spyware
5/5
C:\ProgramData\Oracle\Java\.oracle_jre_usage\17dfc292991c7ca0.timestamp Modified File Text
clean
»
MIME Type text/plain
File Size 51 Bytes
MD5 9908dcb80c95602de47cbf02f0ca93df Copy to Clipboard
SHA1 b27b575242db7d9383ad05890ca97908d6e19f71 Copy to Clipboard
SHA256 6192749648567a7382636b4b567a787256a7c98e584aec0e3853c65f12f6dfc6 Copy to Clipboard
SSDeep 3:oFjQvNjoMTEVWFov:oyjoMT8WFy Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
clean
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 7f3a42a8f26deb5eba26ce36c4056b1b Copy to Clipboard
SHA1 6f192ae623d3e538a5dcdaa571af5e7f869bfc81 Copy to Clipboard
SHA256 0315dff9329f9a35b194d26d383ab0a1dd07a7d96dc340a1d5ce0e015f78ca69 Copy to Clipboard
SSDeep 3:/lrll/llVl: Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Modified File OLE Compound
clean
»
MIME Type application/CDFV2
File Size 59.00 KB
MD5 7833449a2c4b4a2678c0479cb07f424e Copy to Clipboard
SHA1 8eee99f3a527459135d94b4e4ffa9219e2a7e2da Copy to Clipboard
SHA256 23e5f4241d8a44dd3afd2c98200c7f7e7c298701b23d39df53e9fd59eb4207fe Copy to Clipboard
SSDeep 384:PFxMrX4EJX1Vr3DBiujSGjTZl0Xnjq2Lt7JjVHPGp:O/Vr3DBiujS0lGjq2Lt7JjVHep Copy to Clipboard
ImpHash -
CFB Streams (44)
»
Name ID Size Actions
Root\ 1 729 Bytes
Root\2 2 456 Bytes
Root\3 3 456 Bytes
Root\4 4 455 Bytes
Root\DestList 5 10.48 KB
Root\ 6 452 Bytes
Root\6 7 453 Bytes
Root\7 8 686 Bytes
Root\8 9 722 Bytes
Root\9 10 241 Bytes
Root\c 11 772 Bytes
Root\d 12 856 Bytes
Root\e 13 345 Bytes
Root\f 14 1.05 KB
Root\ 15 1002 Bytes
Root\ 16 1.32 KB
Root\2 17 1.08 KB
Root\3 18 1.11 KB
Root\4 19 1.09 KB
Root\ 20 975 Bytes
Root\6 21 875 Bytes
Root\7 22 1.11 KB
Root\8 23 1.07 KB
Root\9 24 1.10 KB
Root\a 25 1.46 KB
Root\b 26 881 Bytes
Root\c 27 897 Bytes
Root\d 28 864 Bytes
Root\e 29 1.33 KB
Root\f 30 1017 Bytes
Root\20 31 866 Bytes
Root\21 32 989 Bytes
Root\22 33 800 Bytes
Root\23 34 659 Bytes
Root\24 35 1.08 KB
Root\25 36 1.23 KB
Root\26 37 772 Bytes
Root\27 38 1002 Bytes
Root\28 39 872 Bytes
Root\29 40 1021 Bytes
Root\2a 41 1.58 KB
Root\2b 42 984 Bytes
Root\2c 43 566 Bytes
Root\2d 44 657 Bytes
C:\Users\RDhJ0CNFevzX\m2rKEl2wJZ.txt Dropped File Text
clean
Known to be clean.
»
MIME Type text/plain
File Size 6 Bytes
MD5 c47c7c7383225ab55ff591cb59c41e6b Copy to Clipboard
SHA1 69e27356ef629022720d868ab0c0e3394775b6c1 Copy to Clipboard
SHA256 2b7814d3fca2e99e56c51b6ff2aa313ea6e9da6424804240aa8ad891fdfe0900 Copy to Clipboard
SSDeep 3:n9:n9 Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\webcache\webcachev01.dat Dropped File Unknown
clean
»
MIME Type application/x-ms-ese
File Size 10.00 MB
MD5 8658654ef31daac9930cbf25ebeeecec Copy to Clipboard
SHA1 30377309dd378b2a33f84a57fe741283e7ba5f3c Copy to Clipboard
SHA256 73b5116552583fdf407582d899f7feac3d251dbed7ec659a8b4584509714a0b9 Copy to Clipboard
SSDeep 6144:ebwRCSFZWI57h57HAZA/jzdPpblr72SfJ1kpDYC3G//Z+86:fP1b72n4L Copy to Clipboard
ImpHash -
C:\Users\RDHJ0C~1\AppData\Local\Temp\DB1 Dropped File Sqlite
clean
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Local\Google\Chrome\User Data\Default\Login Data (Dropped File)
MIME Type application/x-sqlite3
File Size 40.00 KB
MD5 7a83ad1d5d58dc84d539945f6fe834b2 Copy to Clipboard
SHA1 5ae8d7066f6aec1d5c91beea26280ca211553588 Copy to Clipboard
SHA256 eb689f55c70414dda4fc725dd47347bcce902fe9650cfce238af7bf2e95c4674 Copy to Clipboard
SSDeep 48:e31B+YcF/8LKBwUf9KfWfkMULlGgacbVEq8MX0D0HSDyJqht5:01Me7mlcPlGcbn8MZyDr Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Dropped File OLE Compound
clean
»
MIME Type application/CDFV2
File Size 58.00 KB
MD5 5f8a92778bb7321a6f4330387ec42f06 Copy to Clipboard
SHA1 761106db830cdef35e90e3b90b6621c9d99e96dc Copy to Clipboard
SHA256 08963f779e198ed52bef42cf932bbe1921338df156ea876f0907ca05cd58f67e Copy to Clipboard
SSDeep 384:2MrX4EJX1Vr3DBiujwGfHCp7Fcjvc827SV47xN:5/Vr3DBiujw/pqjvc827SV4FN Copy to Clipboard
ImpHash -
CFB Streams (43)
»
Name ID Size Actions
Root\ 1 729 Bytes
Root\2 2 456 Bytes
Root\3 3 456 Bytes
Root\4 4 455 Bytes
Root\DestList 5 10.30 KB
Root\ 6 452 Bytes
Root\6 7 453 Bytes
Root\7 8 686 Bytes
Root\8 9 722 Bytes
Root\9 10 241 Bytes
Root\c 11 772 Bytes
Root\d 12 856 Bytes
Root\e 13 345 Bytes
Root\f 14 1.05 KB
Root\ 15 1002 Bytes
Root\ 16 1.32 KB
Root\2 17 1.08 KB
Root\3 18 1.11 KB
Root\4 19 1.09 KB
Root\ 20 975 Bytes
Root\6 21 875 Bytes
Root\7 22 1.11 KB
Root\8 23 1.07 KB
Root\9 24 1.10 KB
Root\a 25 1.46 KB
Root\b 26 881 Bytes
Root\c 27 897 Bytes
Root\d 28 864 Bytes
Root\e 29 1.33 KB
Root\f 30 1017 Bytes
Root\20 31 866 Bytes
Root\21 32 989 Bytes
Root\22 33 800 Bytes
Root\23 34 659 Bytes
Root\24 35 1.08 KB
Root\25 36 1.23 KB
Root\26 37 772 Bytes
Root\27 38 1002 Bytes
Root\28 39 872 Bytes
Root\29 40 1021 Bytes
Root\2a 41 1.58 KB
Root\2b 42 984 Bytes
Root\2c 43 566 Bytes
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Dropped File OLE Compound
clean
»
MIME Type application/CDFV2
File Size 59.00 KB
MD5 51003cbba4dbc42f872431051d336269 Copy to Clipboard
SHA1 bd55e5cbd1f99dfbb29b609479892d6ecc790c02 Copy to Clipboard
SHA256 ae343c2a680c4a2df51c952c986a004efbf00e34693ca20cfe98b58fda7e370f Copy to Clipboard
SSDeep 384:PzxMrX4EJX1Vr3DBiujSGjTZl0Xnjq2Lt7JjVHPGp:g/Vr3DBiujS0lGjq2Lt7JjVHep Copy to Clipboard
ImpHash -
CFB Streams (44)
»
Name ID Size Actions
Root\ 1 729 Bytes
Root\2 2 456 Bytes
Root\3 3 456 Bytes
Root\4 4 455 Bytes
Root\DestList 5 10.48 KB
Root\ 6 452 Bytes
Root\6 7 453 Bytes
Root\7 8 686 Bytes
Root\8 9 722 Bytes
Root\9 10 241 Bytes
Root\c 11 772 Bytes
Root\d 12 856 Bytes
Root\e 13 345 Bytes
Root\f 14 1.05 KB
Root\ 15 1002 Bytes
Root\ 16 1.32 KB
Root\2 17 1.08 KB
Root\3 18 1.11 KB
Root\4 19 1.09 KB
Root\ 20 975 Bytes
Root\6 21 875 Bytes
Root\7 22 1.11 KB
Root\8 23 1.07 KB
Root\9 24 1.10 KB
Root\a 25 1.46 KB
Root\b 26 881 Bytes
Root\c 27 897 Bytes
Root\d 28 864 Bytes
Root\e 29 1.33 KB
Root\f 30 1017 Bytes
Root\20 31 866 Bytes
Root\21 32 989 Bytes
Root\22 33 800 Bytes
Root\23 34 659 Bytes
Root\24 35 1.08 KB
Root\25 36 1.23 KB
Root\26 37 772 Bytes
Root\27 38 1002 Bytes
Root\28 39 872 Bytes
Root\29 40 1021 Bytes
Root\2a 41 1.58 KB
Root\2b 42 984 Bytes
Root\2c 43 566 Bytes
Root\2d 44 657 Bytes
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\windows\recent\automaticdestinations\f01b4d95cf55d32a.automaticdestinations-ms Dropped File OLE Compound
clean
»
MIME Type application/CDFV2
File Size 59.00 KB
MD5 ff3291202b2003917c231b8321ef099d Copy to Clipboard
SHA1 4637afa6c8a38760cebbadec2ec93c4796b63748 Copy to Clipboard
SHA256 525c2998c9d31bb06aa869dbf29915c9961ad715318549da3817e3dd901c6557 Copy to Clipboard
SSDeep 384:PrxMrX4EJX1Vr3DBiujSGjTZl0Xnjq2Lt7JjVHPGp:I/Vr3DBiujS0lGjq2Lt7JjVHep Copy to Clipboard
ImpHash -
CFB Streams (44)
»
Name ID Size Actions
Root\ 1 729 Bytes
Root\2 2 456 Bytes
Root\3 3 456 Bytes
Root\4 4 455 Bytes
Root\DestList 5 10.48 KB
Root\ 6 452 Bytes
Root\6 7 453 Bytes
Root\7 8 686 Bytes
Root\8 9 722 Bytes
Root\9 10 241 Bytes
Root\c 11 772 Bytes
Root\d 12 856 Bytes
Root\e 13 345 Bytes
Root\f 14 1.05 KB
Root\ 15 1002 Bytes
Root\ 16 1.32 KB
Root\2 17 1.08 KB
Root\3 18 1.11 KB
Root\4 19 1.09 KB
Root\ 20 975 Bytes
Root\6 21 875 Bytes
Root\7 22 1.11 KB
Root\8 23 1.07 KB
Root\9 24 1.10 KB
Root\a 25 1.46 KB
Root\b 26 881 Bytes
Root\c 27 897 Bytes
Root\d 28 864 Bytes
Root\e 29 1.33 KB
Root\f 30 1017 Bytes
Root\20 31 866 Bytes
Root\21 32 989 Bytes
Root\22 33 800 Bytes
Root\23 34 659 Bytes
Root\24 35 1.08 KB
Root\25 36 1.23 KB
Root\26 37 772 Bytes
Root\27 38 1002 Bytes
Root\28 39 872 Bytes
Root\29 40 1021 Bytes
Root\2a 41 1.58 KB
Root\2b 42 984 Bytes
Root\2c 43 566 Bytes
Root\2d 44 657 Bytes
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image