This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
There are no files for this filter
There are no files in this analysis
|
Filename
|
Category
|
Type
|
Severity
|
Actions
|
|
Also Known As
|
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\svchost.exe (Dropped File)
|
|
Mime Type
|
application/vnd.microsoft.portable-executable
|
|
File Size
|
344.00 KB
|
|
MD5
|
61506482ddd28756e443b3de05a3b1cf
|
|
SHA1
|
8d7effb5a456289d13f725486a30bed727a01be0
|
|
SHA256
|
15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50
|
|
SSDeep
|
6144:lulpMmWxFAppqxH1Hj1uJGEYpxQoCM4TU79zJlDpIafgul3:klp8Huqv8YTQoC9U7HlDpZY
|
|
ImpHash
|
bcd242babe76d65887a5afa410efd13c
|
|
Parser Error Remark
|
Static engine was unable to completely parse the analyzed file
|
|
Image Base
|
0x400000
|
|
Entry Point
|
0x42a8d0
|
|
Size Of Code
|
0x4bc00
|
|
Size Of Initialized Data
|
0x1a400
|
|
File Type
|
FileType.executable
|
|
Subsystem
|
Subsystem.windows_gui
|
|
Machine Type
|
MachineType.i386
|
|
Compile Timestamp
|
2019-07-03 12:20:21+00:00
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x401000
|
0x4bb99
|
0x4bc00
|
0x400
|
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
|
7.34
|
|
.data
|
0x44d000
|
0x13638
|
0x3400
|
0x4c000
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
1.62
|
|
.tls
|
0x461000
|
0x9
|
0x200
|
0x4f400
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
0.0
|
|
.rsrc
|
0x462000
|
0xd9c50
|
0x2e00
|
0x4f600
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
4.4
|
|
.reloc
|
0x53c000
|
0x3a56
|
0x3c00
|
0x52400
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
|
3.94
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
QueryDosDeviceA
|
0x0
|
0x401000
|
0x4c288
|
0x4b688
|
0x34d
|
|
GetTickCount
|
0x0
|
0x401004
|
0x4c28c
|
0x4b68c
|
0x266
|
|
EnumCalendarInfoExW
|
0x0
|
0x401008
|
0x4c290
|
0x4b690
|
0xdd
|
|
ReadConsoleW
|
0x0
|
0x40100c
|
0x4c294
|
0x4b694
|
0x366
|
|
CreateActCtxW
|
0x0
|
0x401010
|
0x4c298
|
0x4b698
|
0x68
|
|
AddRefActCtx
|
0x0
|
0x401014
|
0x4c29c
|
0x4b69c
|
0x9
|
|
LoadLibraryW
|
0x0
|
0x401018
|
0x4c2a0
|
0x4b6a0
|
0x2f4
|
|
SetCommConfig
|
0x0
|
0x40101c
|
0x4c2a4
|
0x4b6a4
|
0x39d
|
|
GetConsoleWindow
|
0x0
|
0x401020
|
0x4c2a8
|
0x4b6a8
|
0x1a0
|
|
GetStringTypeExW
|
0x0
|
0x401024
|
0x4c2ac
|
0x4b6ac
|
0x23f
|
|
SetConsoleMode
|
0x0
|
0x401028
|
0x4c2b0
|
0x4b6b0
|
0x3b7
|
|
IsBadWritePtr
|
0x0
|
0x40102c
|
0x4c2b4
|
0x4b6b4
|
0x2cb
|
|
GetOverlappedResult
|
0x0
|
0x401030
|
0x4c2b8
|
0x4b6b8
|
0x214
|
|
GetSystemWindowsDirectoryW
|
0x0
|
0x401034
|
0x4c2bc
|
0x4b6bc
|
0x252
|
|
GetProcAddress
|
0x0
|
0x401038
|
0x4c2c0
|
0x4b6c0
|
0x220
|
|
GetProcessHeaps
|
0x0
|
0x40103c
|
0x4c2c4
|
0x4b6c4
|
0x224
|
|
ResetEvent
|
0x0
|
0x401040
|
0x4c2c8
|
0x4b6c8
|
0x38a
|
|
WriteConsoleA
|
0x0
|
0x401044
|
0x4c2cc
|
0x4b6cc
|
0x482
|
|
LocalAlloc
|
0x0
|
0x401048
|
0x4c2d0
|
0x4b6d0
|
0x2f9
|
|
CreateEventW
|
0x0
|
0x40104c
|
0x4c2d4
|
0x4b6d4
|
0x75
|
|
GetOEMCP
|
0x0
|
0x401050
|
0x4c2d8
|
0x4b6d8
|
0x213
|
|
lstrcatW
|
0x0
|
0x401054
|
0x4c2dc
|
0x4b6dc
|
0x4a7
|
|
EndUpdateResourceA
|
0x0
|
0x401058
|
0x4c2e0
|
0x4b6e0
|
0xd7
|
|
InterlockedIncrement
|
0x0
|
0x40105c
|
0x4c2e4
|
0x4b6e4
|
0x2c0
|
|
EnumDateFormatsExW
|
0x0
|
0x401060
|
0x4c2e8
|
0x4b6e8
|
0xe2
|
|
lstrlenA
|
0x0
|
0x401064
|
0x4c2ec
|
0x4b6ec
|
0x4b5
|
|
FindFirstChangeNotificationW
|
0x0
|
0x401068
|
0x4c2f0
|
0x4b6f0
|
0x11c
|
|
GetCommandLineA
|
0x0
|
0x40106c
|
0x4c2f4
|
0x4b6f4
|
0x16f
|
|
GetStartupInfoA
|
0x0
|
0x401070
|
0x4c2f8
|
0x4b6f8
|
0x239
|
|
HeapValidate
|
0x0
|
0x401074
|
0x4c2fc
|
0x4b6fc
|
0x2a9
|
|
IsBadReadPtr
|
0x0
|
0x401078
|
0x4c300
|
0x4b700
|
0x2c8
|
|
RaiseException
|
0x0
|
0x40107c
|
0x4c304
|
0x4b704
|
0x35a
|
|
TerminateProcess
|
0x0
|
0x401080
|
0x4c308
|
0x4b708
|
0x42d
|
|
GetCurrentProcess
|
0x0
|
0x401084
|
0x4c30c
|
0x4b70c
|
0x1a9
|
|
UnhandledExceptionFilter
|
0x0
|
0x401088
|
0x4c310
|
0x4b710
|
0x43e
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x40108c
|
0x4c314
|
0x4b714
|
0x415
|
|
IsDebuggerPresent
|
0x0
|
0x401090
|
0x4c318
|
0x4b718
|
0x2d1
|
|
DeleteCriticalSection
|
0x0
|
0x401094
|
0x4c31c
|
0x4b71c
|
0xbe
|
|
EnterCriticalSection
|
0x0
|
0x401098
|
0x4c320
|
0x4b720
|
0xd9
|
|
LeaveCriticalSection
|
0x0
|
0x40109c
|
0x4c324
|
0x4b724
|
0x2ef
|
|
GetModuleFileNameW
|
0x0
|
0x4010a0
|
0x4c328
|
0x4b728
|
0x1f5
|
|
QueryPerformanceCounter
|
0x0
|
0x4010a4
|
0x4c32c
|
0x4b72c
|
0x354
|
|
GetCurrentThreadId
|
0x0
|
0x4010a8
|
0x4c330
|
0x4b730
|
0x1ad
|
|
GetCurrentProcessId
|
0x0
|
0x4010ac
|
0x4c334
|
0x4b734
|
0x1aa
|
|
GetSystemTimeAsFileTime
|
0x0
|
0x4010b0
|
0x4c338
|
0x4b738
|
0x24f
|
|
GetModuleHandleW
|
0x0
|
0x4010b4
|
0x4c33c
|
0x4b73c
|
0x1f9
|
|
Sleep
|
0x0
|
0x4010b8
|
0x4c340
|
0x4b740
|
0x421
|
|
InterlockedDecrement
|
0x0
|
0x4010bc
|
0x4c344
|
0x4b744
|
0x2bc
|
|
ExitProcess
|
0x0
|
0x4010c0
|
0x4c348
|
0x4b748
|
0x104
|
|
GetModuleFileNameA
|
0x0
|
0x4010c4
|
0x4c34c
|
0x4b74c
|
0x1f4
|
|
FreeEnvironmentStringsA
|
0x0
|
0x4010c8
|
0x4c350
|
0x4b750
|
0x14a
|
|
GetEnvironmentStrings
|
0x0
|
0x4010cc
|
0x4c354
|
0x4b754
|
0x1bf
|
|
FreeEnvironmentStringsW
|
0x0
|
0x4010d0
|
0x4c358
|
0x4b758
|
0x14b
|
|
WideCharToMultiByte
|
0x0
|
0x4010d4
|
0x4c35c
|
0x4b75c
|
0x47a
|
|
GetLastError
|
0x0
|
0x4010d8
|
0x4c360
|
0x4b760
|
0x1e6
|
|
GetEnvironmentStringsW
|
0x0
|
0x4010dc
|
0x4c364
|
0x4b764
|
0x1c1
|
|
SetHandleCount
|
0x0
|
0x4010e0
|
0x4c368
|
0x4b768
|
0x3e8
|
|
GetStdHandle
|
0x0
|
0x4010e4
|
0x4c36c
|
0x4b76c
|
0x23b
|
|
GetFileType
|
0x0
|
0x4010e8
|
0x4c370
|
0x4b770
|
0x1d7
|
|
TlsGetValue
|
0x0
|
0x4010ec
|
0x4c374
|
0x4b774
|
0x434
|
|
TlsAlloc
|
0x0
|
0x4010f0
|
0x4c378
|
0x4b778
|
0x432
|
|
TlsSetValue
|
0x0
|
0x4010f4
|
0x4c37c
|
0x4b77c
|
0x435
|
|
TlsFree
|
0x0
|
0x4010f8
|
0x4c380
|
0x4b780
|
0x433
|
|
SetLastError
|
0x0
|
0x4010fc
|
0x4c384
|
0x4b784
|
0x3ec
|
|
HeapDestroy
|
0x0
|
0x401100
|
0x4c388
|
0x4b788
|
0x2a0
|
|
HeapCreate
|
0x0
|
0x401104
|
0x4c38c
|
0x4b78c
|
0x29f
|
|
HeapFree
|
0x0
|
0x401108
|
0x4c390
|
0x4b790
|
0x2a1
|
|
VirtualFree
|
0x0
|
0x40110c
|
0x4c394
|
0x4b794
|
0x457
|
|
WriteFile
|
0x0
|
0x401110
|
0x4c398
|
0x4b798
|
0x48d
|
|
HeapAlloc
|
0x0
|
0x401114
|
0x4c39c
|
0x4b79c
|
0x29d
|
|
HeapSize
|
0x0
|
0x401118
|
0x4c3a0
|
0x4b7a0
|
0x2a6
|
|
HeapReAlloc
|
0x0
|
0x40111c
|
0x4c3a4
|
0x4b7a4
|
0x2a4
|
|
VirtualAlloc
|
0x0
|
0x401120
|
0x4c3a8
|
0x4b7a8
|
0x454
|
|
GetACP
|
0x0
|
0x401124
|
0x4c3ac
|
0x4b7ac
|
0x152
|
|
GetCPInfo
|
0x0
|
0x401128
|
0x4c3b0
|
0x4b7b0
|
0x15b
|
|
IsValidCodePage
|
0x0
|
0x40112c
|
0x4c3b4
|
0x4b7b4
|
0x2db
|
|
InitializeCriticalSectionAndSpinCount
|
0x0
|
0x401130
|
0x4c3b8
|
0x4b7b8
|
0x2b5
|
|
DebugBreak
|
0x0
|
0x401134
|
0x4c3bc
|
0x4b7bc
|
0xb4
|
|
OutputDebugStringA
|
0x0
|
0x401138
|
0x4c3c0
|
0x4b7c0
|
0x33a
|
|
WriteConsoleW
|
0x0
|
0x40113c
|
0x4c3c4
|
0x4b7c4
|
0x48c
|
|
OutputDebugStringW
|
0x0
|
0x401140
|
0x4c3c8
|
0x4b7c8
|
0x33b
|
|
RtlUnwind
|
0x0
|
0x401144
|
0x4c3cc
|
0x4b7cc
|
0x392
|
|
LoadLibraryA
|
0x0
|
0x401148
|
0x4c3d0
|
0x4b7d0
|
0x2f1
|
|
MultiByteToWideChar
|
0x0
|
0x40114c
|
0x4c3d4
|
0x4b7d4
|
0x31a
|
|
LCMapStringA
|
0x0
|
0x401150
|
0x4c3d8
|
0x4b7d8
|
0x2e1
|
|
LCMapStringW
|
0x0
|
0x401154
|
0x4c3dc
|
0x4b7dc
|
0x2e3
|
|
GetStringTypeA
|
0x0
|
0x401158
|
0x4c3e0
|
0x4b7e0
|
0x23d
|
|
GetStringTypeW
|
0x0
|
0x40115c
|
0x4c3e4
|
0x4b7e4
|
0x240
|
|
GetLocaleInfoA
|
0x0
|
0x401160
|
0x4c3e8
|
0x4b7e8
|
0x1e8
|
|
SetFilePointer
|
0x0
|
0x401164
|
0x4c3ec
|
0x4b7ec
|
0x3df
|
|
GetConsoleCP
|
0x0
|
0x401168
|
0x4c3f0
|
0x4b7f0
|
0x183
|
|
GetConsoleMode
|
0x0
|
0x40116c
|
0x4c3f4
|
0x4b7f4
|
0x195
|
|
SetStdHandle
|
0x0
|
0x401170
|
0x4c3f8
|
0x4b7f8
|
0x3fc
|
|
GetConsoleOutputCP
|
0x0
|
0x401174
|
0x4c3fc
|
0x4b7fc
|
0x199
|
|
CreateFileA
|
0x0
|
0x401178
|
0x4c400
|
0x4b800
|
0x78
|
|
CloseHandle
|
0x0
|
0x40117c
|
0x4c404
|
0x4b804
|
0x43
|
|
FlushFileBuffers
|
0x0
|
0x401180
|
0x4c408
|
0x4b808
|
0x141
|
|
GetModuleHandleA
|
0x0
|
0x401184
|
0x4c40c
|
0x4b80c
|
0x1f6
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
GetCursor
|
0x0
|
0x40118c
|
0x4c414
|
0x4b814
|
0x116
|
|
Api name
|
EAT Address
|
Ordinal
|
|
@dfyldfg@0
|
0x443c7
|
0x1
|
|
Name
|
Process ID
|
Start VA
|
End VA
|
Dump Reason
|
PE Rebuild
|
Bitness
|
Entry Point
|
AV
|
YARA
|
Actions
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Relevant Image
|
|
32-bit
|
0x00430870
|
|
|
|
|
buffer
|
1
|
0x005E6348
|
0x00605156
|
First Execution
|
|
32-bit
|
0x005E6348
|
|
|
|
|
buffer
|
1
|
0x00590000
|
0x005C5FFF
|
First Execution
|
|
32-bit
|
0x00590000
|
|
|
|
|
buffer
|
1
|
0x00590000
|
0x005C5FFF
|
Content Changed
|
|
32-bit
|
0x0059089D
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x00430608
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x00401220
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0040C768
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0040D4A4
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x00408D18
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0042F098
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0042C814
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0040301C
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0040301C
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x004103AC
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x00421FD0
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x00406C28
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x00406D20
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0040F000
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0040EDB8
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x00414208
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x0042D315
|
|
|
|
|
svchost.exe
|
21
|
0x00400000
|
0x0053FFFF
|
Relevant Image
|
|
32-bit
|
0x00430870
|
|
|
|
|
buffer
|
21
|
0x00819020
|
0x00837E2E
|
First Execution
|
|
32-bit
|
0x00819020
|
|
|
|
|
buffer
|
21
|
0x00540000
|
0x00575FFF
|
First Execution
|
|
32-bit
|
0x00540000
|
|
|
|
|
buffer
|
1
|
0x00590000
|
0x005C5FFF
|
Content Changed
|
|
32-bit
|
0x00590920
|
|
|
|
|
aksip.exe
|
1
|
0x00400000
|
0x0053FFFF
|
Process Termination
|
|
32-bit
|
-
|
|
|
|
|
svchost.exe
|
21
|
0x00400000
|
0x0053FFFF
|
Content Changed
|
|
32-bit
|
0x00430608
|
|
|
|
|
Threat Name
|
Severity
|
|
Gen:Trojan.Heur2.LPTvuW@by3DVfoab
|
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
1 Bytes
|
|
MD5
|
93b885adfe0da089cdf634904fd59f71
|
|
SHA1
|
5ba93c9db0cff93f52b521d7420e43f6eda2784f
|
|
SHA256
|
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
|
|
SSDeep
|
3::
|
|
ImpHash
|
-
|
|
Mime Type
|
application/octet-stream
|
|
File Size
|
128 Bytes
|
|
MD5
|
b2edfecf673c97f187aa4078fd601dd7
|
|
SHA1
|
90e3bdb163b3fa729be5b3667e2002dd578868a7
|
|
SHA256
|
00692dcbb4fbbaef5ffa8150ca1ca499d147203f19795155811a6bcf1216e154
|
|
SSDeep
|
3:Plt/B:P
|
|
ImpHash
|
-
|
|
Mime Type
|
text/html
|
|
File Size
|
18.52 KB
|
|
MD5
|
67e82b87cf6531330da1d230041e50ff
|
|
SHA1
|
b784a0c1dc4d926fbb12efa672b497ff7e9a3b68
|
|
SHA256
|
26393d973837e067bccb40c34ae309d90c6b449921afcc4a106b48369bc2200c
|
|
SSDeep
|
384:fCHxsIRfGJ6nVTJ6nVjJ6nVeJ6nVHJ6nV6J6nVQJ6nVlJ6nVSJ6nVEXiJO2rarlI:fCRGsbh
|
|
ImpHash
|
-
|
|
Parser Error Remark
|
Static engine was unable to completely parse the analyzed file
|
|
URL
|
First Seen
|
Categories
|
Threat Names
|
Reputation Status
|
WHOIS Data
|
Actions
|
|
https://geodatatool.com/fr/
|
-
|
-
|
-
|
|
|
|
|
https://geodatatool.com/de/
|
-
|
-
|
-
|
|
|
|
|
https://twitter.com/share
|
-
|
-
|
-
|
|
|
|
|
https://geodatatool.com/ja/
|
-
|
-
|
-
|
|
|
|
|
https://geodatatool.com/zh/
|
-
|
-
|
-
|
|
|
|
|
https://geodatatool.com/pt/
|
-
|
-
|
-
|
|
|
|
|
https://www.wiroos.com
|
-
|
-
|
-
|
|
|
|
|
https://geodatatool.com/es/
|
-
|
-
|
-
|
|
|
|
|
https://maps.google.com/maps/api/js?sensor=true
|
-
|
-
|
-
|
|
|
|
|
https://geodatatool.com/ru/
|
-
|
-
|
-
|
|
|
|
|
https://geodatatool.com/it/
|
-
|
-
|
-
|
|
|
|
|
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
|
-
|
-
|
-
|
|
|
|
|
https://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.geoiptool.com%2F&send=false&layout=button_count&width=150&show_faces=false&action=like&colorscheme=light&font&height=21&appId=223059641082996
|
-
|
-
|
-
|
|
|
|
|
https://maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js
|
-
|
-
|
-
|
|
|
|
|
https://geodatatool.com/en/
|
-
|
-
|
-
|
|
|
|
|
https://code.jquery.com/jquery-2.1.1.min.js
|
-
|
-
|
-
|
|
|
|
