1dd788c0...ee50 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Target: win10_64 | exe
Classification: Riskware, Keylogger, Trojan

1dd788c038b4d8d2d3302d7a33162322d0896c7d17888e2fa34204b66c9aee50 (SHA256)

gabkrj.jpg.exe

Windows Exe (x86-32)

Created at 2018-04-03 14:29:00

...

Files Information

Number of sample files submitted for analysis 1
Number of files created and extracted during analysis 11
Number of files modified and extracted during analysis 0
c:\users\ciihmnxmn6ps\desktop\gabkrj.jpg.exe, ...
Suspicious
»
File Properties
Names c:\users\ciihmnxmn6ps\desktop\gabkrj.jpg.exe (Sample File)
c:\users\ciihmnxmn6ps\appdata\roaming\vfggggg.exe (Created File)
c:\temp\tempgh.exe (Created File)
c:\users\ciihmnxmn6ps\appdata\roaming\temp\tempgh.exe (Created File)
Size 930.50 KB
Hash Values MD5: b4f28747a0a9317123f0ef109c580844
SHA1: 295fee553b1e703722cd1923697284bac3061190
SHA256: 1dd788c038b4d8d2d3302d7a33162322d0896c7d17888e2fa34204b66c9aee50
Actions
...
File Reputation Information
»
Information Value
Severity
Suspicious
Names Win32.Trojan.Generic dc
Families Generic dc
Classification Trojan
PE Information
»
Information Value
Image Base 0x400000
Entry Point 0x4f000a
Size Of Code 0x5ac00
Size Of Initialized Data 0x8da00
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-06-24 12:53:40
Compiler/Packer Unknown
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
(,R!" 0x402000 0x8a688 0x8a800 0x400 CNT_INITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE 8.0
.text 0x48e000 0x5a908 0x5aa00 0x8ac00 CNT_CODE, MEM_EXECUTE, MEM_READ 7.94
.rsrc 0x4ea000 0x2e98 0x3000 0xe5600 CNT_INITIALIZED_DATA, MEM_READ 2.96
.reloc 0x4ee000 0xc 0x200 0xe8600 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.08
- 0x4f0000 0x10 0x200 0xe8800 CNT_CODE, MEM_EXECUTE, MEM_READ 0.12
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset
_CorExeMain 0x0 0x4f0000 0x8eee8 0x8bae8
Icons (1)
»
c:\users\ciihmnxmn6ps\appdata\local\microsoft\clr_v2.0_32\usagelogs\gabkrj.jpg.exe.log
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\local\microsoft\clr_v2.0_32\usagelogs\gabkrj.jpg.exe.log (Created File)
Size 0.49 KB
Hash Values MD5: fd3d0e05e03d25299b53c2b79e305a50
SHA1: 60891af9062c582bdbc2cbde2644923ff6c5090b
SHA256: 1b46868960518b8db06677acaf4b666fc11f45062dad4f3b5e9bb6b7c3ec50a2
Actions
...
c:\windows\microsoft.net\framework\v2.0.50727\config\security.config.cch.new, ...
»
File Properties
Names c:\windows\microsoft.net\framework\v2.0.50727\config\security.config.cch.new (Created File)
c:\windows\microsoft.net\framework\v2.0.50727\config\security.config.cch (Created File)
c:\windows\microsoft.net\framework\v2.0.50727\config\enterprisesec.config.cch.new (Created File)
c:\windows\microsoft.net\framework\v2.0.50727\config\enterprisesec.config.cch (Created File)
Size 0.39 KB
Hash Values MD5: 4d7d35e73bf7a5ad3bbcd5615e4b63b6
SHA1: 75014d5e24ca9f9075754b0eff01d36875da50ef
SHA256: de5fc81223c5754407a4b833a07b27f1348b34f383c80961a2e17eb6dc105bcb
Actions
...
c:\users\ciihmnxmn6ps\appdata\roaming\imminent\logs\04-04-2018
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\roaming\imminent\logs\04-04-2018 (Created File)
Size 0.00 KB
Hash Values MD5: 33be604f8044d5984e8e3e3b694d710a
SHA1: 512c5f801e9fbd73aeefd8e7eaa5ad86bfe2df09
SHA256: 3f785f1cc535b0987139623200c7910b2b28f92dfe3309e8e071c091d0ce7313
Actions
...
c:\users\ciihmnxmn6ps\appdata\roaming\imminent\path.dat
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\roaming\imminent\path.dat (Created File)
Size 0.05 KB
Hash Values MD5: dec2ea43741c17cdc573e1b22def8a03
SHA1: 5503298bf3e0482687610416190c400d100d73de
SHA256: 9e901ac2a4eda4d90bb3b81407d28bff737d92d0fb16e685940021e6a4cd2fd0
Actions
...
c:\users\ciihmnxmn6ps\appdata\roaming\imminent\monitoring\network.dat
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\roaming\imminent\monitoring\network.dat (Created File)
Size 0.03 KB
Hash Values MD5: 7e6fcf7a603fc7483139540b7aae5c4d
SHA1: a89d3174f2757e2effafc3333d6e6fbeccfeb7e5
SHA256: 8975b8f79e75bf1e0518e5eee7089a74db3a412899916e42513ddea655d56c09
Actions
...
c:\users\ciihmnxmn6ps\appdata\roaming\imminent\monitoring\system.dat
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\roaming\imminent\monitoring\system.dat (Created File)
Size 0.02 KB
Hash Values MD5: 4bbe01de8b5c05457fe0e2d00b92a4f5
SHA1: 57fadd9d52fafafac33e12cfac0a940ebda920ac
SHA256: a1093478b098fcf27c8f1a43c3a33128120bc4d878a7516e7a081138f2907bef
Actions
...
c:\users\ciihmnxmn6ps\appdata\roaming\imminent\logs\04-04-2018
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\roaming\imminent\logs\04-04-2018 (Created File)
Size 0.13 KB
Hash Values MD5: 284ee57c2994704edb0ec56ecea439b7
SHA1: 0ba7e259935e64bb2a2ea49336c8d7a6778bb2c3
SHA256: 6309cc26e2acd3de2cc53b94dc07634b2c43f4ece3d7133334b5f920416931c2
Actions
...
c:\users\ciihmnxmn6ps\appdata\roaming\imminent\logs\04-04-2018
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\roaming\imminent\logs\04-04-2018 (Created File)
Size 0.22 KB
Hash Values MD5: 783eba03e3a9eabf6a07770e4ac34a31
SHA1: a04dc6586ef6222f35c52a2d5d58ebbc3ed17c4a
SHA256: 135a5990df4c51cfc8f57ead26fc118968b92b539cd5d49a63cdec332fe01e6e
Actions
...
c:\users\ciihmnxmn6ps\appdata\roaming\imminent\geo.dat
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\roaming\imminent\geo.dat (Created File)
Size 0.03 KB
Hash Values MD5: 578cfdf82faec2371534ddb644d01e8f
SHA1: 87f61df7bb172cff6ea6ab62015b529cbfd17351
SHA256: 5962c24909ba9bc4c23fe69431b361a81e56cf1771186d9d8705f912b73b88fe
Actions
...
c:\users\ciihmnxmn6ps\appdata\roaming\imminent\logs\04-04-2018
»
File Properties
Names c:\users\ciihmnxmn6ps\appdata\roaming\imminent\logs\04-04-2018 (Created File)
Size 0.32 KB
Hash Values MD5: 261661546b48e7e98ad0d46c890fbea2
SHA1: 18ce301664e9ecb8a17cf3d095fdfa89a7bc6fee
SHA256: 553087e058189f40e333e820016c7c03bb11efcfbb832f879a4ca9241b8302a0
Actions
...
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image