330bf7ae...89d3

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\iexuao.exe

Sample File

Binary

Malicious

Mime Type	application/vnd.microsoft.portable-executable
File Size	137.01 KB
MD5	c0417aa3560733c887d9cc9b1980f6fc
SHA1	9b44fd695962a8b397cc816ab8c68d274064de26
SHA256	330bf7ae4ba72899b695255c48a68d1017cd127260f6ebac60b95789690889d3
SSDeep	3072:0McUUUUUUt4NsyUUUUUUUUUUUUUUUUUUVpgu8JeOi8/lEwYUUUUUUUUUULJArRsR:0McUUUUUUt4NsyUUUUUUUUUUUUUUUUUy
ImpHash	4a42195900697ad88f778889fd7f1acf

File Reputation Information

Severity	Blacklisted
Names	Mal/Generic-S

PE Information

Image Base	0x400000
Entry Point	0x402fb0
Size Of Code	0x18000
Size Of Initialized Data	0x7000
Size Of Uninitialized Data	0xffffffff
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2018-10-28 16:29:02+00:00

Version Information (12)

Comments	nProtect KeyCrypt Program Database DLL
CompanyName	INCA Internet Co., Ltd.
FileDescription	nProtect KeyCrypt Program Database DLL
FileVersion	2003, 10, 1, 1
InternalName	npkpdb.dll
LegalCopyright	Copyright (C) INCA Internet. 2000-2003
LegalTrademarks	-
OriginalFilename	npkpdb.dll
PrivateBuild	-
ProductName	nProtect KeyCrypt Program Database DLL
ProductVersion	4, 0, 0, 0
SpecialBuild	-

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x17d24	0x18000	0x1000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.48
.data	0x419000	0x40ec	0x5000	0x19000	IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_TYPE_NOLOAD, IMAGE_SCN_TYPE_GROUP, IMAGE_SCN_TYPE_NO_PAD, IMAGE_SCN_TYPE_COPY, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.89
.idata	0x41e000	0x5c4	0x1000	0x1e000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	2.55
.rsrc	0x41f000	0x718	0x1000	0x1f000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.32

Imports (3)

ADVAPI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImpersonateSelf	0x0	0x41e000	0x1e128	0x1e128	0x175

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
IsProcessDPIAware	0x0	0x41e0d0	0x1e1f8	0x1e1f8	0x1d3

KERNEL32.dll (49)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetBinaryTypeA	0x0	0x41e008	0x1e130	0x1e130	0x170
FlsFree	0x0	0x41e00c	0x1e134	0x1e134	0x153
GetNLSVersion	0x0	0x41e010	0x1e138	0x1e138	0x219
GetLastError	0x0	0x41e014	0x1e13c	0x1e13c	0x202
GetModuleFileNameW	0x0	0x41e018	0x1e140	0x1e140	0x214
UnhandledExceptionFilter	0x0	0x41e01c	0x1e144	0x1e144	0x4d3
LocalLock	0x0	0x41e020	0x1e148	0x1e148	0x34a
FindFirstFileW	0x0	0x41e024	0x1e14c	0x1e14c	0x139
DeleteFileW	0x0	0x41e028	0x1e150	0x1e150	0xd6
InterlockedCompareExchange	0x0	0x41e02c	0x1e154	0x1e154	0x2e9
LocalSize	0x0	0x41e030	0x1e158	0x1e158	0x34d
LocalAlloc	0x0	0x41e034	0x1e15c	0x1e15c	0x344
CreateFileMappingW	0x0	0x41e038	0x1e160	0x1e160	0x8c
LoadLibraryW	0x0	0x41e03c	0x1e164	0x1e164	0x33f
MultiByteToWideChar	0x0	0x41e040	0x1e168	0x1e168	0x367
GetCurrentProcess	0x0	0x41e044	0x1e16c	0x1e16c	0x1c0
SetLastError	0x0	0x41e048	0x1e170	0x1e170	0x473
UnmapViewOfFile	0x0	0x41e04c	0x1e174	0x1e174	0x4d6
lstrcmpW	0x0	0x41e050	0x1e178	0x1e178	0x542
LocalUnlock	0x0	0x41e054	0x1e17c	0x1e17c	0x34e
SetUnhandledExceptionFilter	0x0	0x41e058	0x1e180	0x1e180	0x4a5
GetVersionExW	0x0	0x41e05c	0x1e184	0x1e184	0x2a4
CloseHandle	0x0	0x41e060	0x1e188	0x1e188	0x52
LocalReAlloc	0x0	0x41e064	0x1e18c	0x1e18c	0x34b
FindClose	0x0	0x41e068	0x1e190	0x1e190	0x12e
GetTickCount	0x0	0x41e06c	0x1e194	0x1e194	0x293
InterlockedIncrement	0x0	0x41e070	0x1e198	0x1e198	0x2ef
GetStartupInfoA	0x0	0x41e074	0x1e19c	0x1e19c	0x262
CreateFileW	0x0	0x41e078	0x1e1a0	0x1e1a0	0x8f
MulDiv	0x0	0x41e07c	0x1e1a4	0x1e1a4	0x366
GetSystemTimeAsFileTime	0x0	0x41e080	0x1e1a8	0x1e1a8	0x279
QueryPerformanceCounter	0x0	0x41e084	0x1e1ac	0x1e1ac	0x3a7
WriteFile	0x0	0x41e088	0x1e1b0	0x1e1b0	0x525
FoldStringW	0x0	0x41e08c	0x1e1b4	0x1e1b4	0x15c
GetCurrentProcessId	0x0	0x41e090	0x1e1b8	0x1e1b8	0x1c1
SetEndOfFile	0x0	0x41e094	0x1e1bc	0x1e1bc	0x453
WideCharToMultiByte	0x0	0x41e098	0x1e1c0	0x1e1c0	0x511
GetCurrentThreadId	0x0	0x41e09c	0x1e1c4	0x1e1c4	0x1c5
LocalFree	0x0	0x41e0a0	0x1e1c8	0x1e1c8	0x348
IsWow64Process	0x0	0x41e0a4	0x1e1cc	0x1e1cc	0x30e
Wow64DisableWow64FsRedirection	0x0	0x41e0a8	0x1e1d0	0x1e1d0	0x513
Sleep	0x0	0x41e0ac	0x1e1d4	0x1e1d4	0x4b2
GetFullPathNameW	0x0	0x41e0b0	0x1e1d8	0x1e1d8	0x1fb
SleepEx	0x0	0x41e0b4	0x1e1dc	0x1e1dc	0x4b5
ApplicationRecoveryInProgress	0x0	0x41e0b8	0x1e1e0	0x1e1e0	0x14
GetModuleHandleA	0x0	0x41e0bc	0x1e1e4	0x1e1e4	0x215
GetModuleFileNameA	0x0	0x41e0c0	0x1e1e8	0x1e1e8	0x213
GlobalReAlloc	0x0	0x41e0c4	0x1e1ec	0x1e1ec	0x2c1
FlsSetValue	0x0	0x41e0c8	0x1e1f0	0x1e1f0	0x155

Digital Signatures (3)

Certificate: TAXIS QLD PTY LTD

Issued by	TAXIS QLD PTY LTD
Parent Certificate	Sectigo RSA Code Signing CA
Country Name	AU
Valid From	2019-08-27 00:00:00+00:00
Valid Until	2020-08-26 23:59:59+00:00
Algorithm	sha256_rsa
Serial Number	4B BB 77 EE 93 FA 06 89 15 E5 BC EC 20 6A BB ED
Thumbprint	0A C6 23 46 71 2D 4A BA F2 7C 49 89 51 FF B6 A8 FC F6 6D A0

Certificate: Sectigo RSA Code Signing CA

Issued by	Sectigo RSA Code Signing CA
Parent Certificate	USERTrust RSA Certification Authority
Country Name	GB
Valid From	2018-11-02 00:00:00+00:00
Valid Until	2030-12-31 23:59:59+00:00
Algorithm	sha384_rsa
Serial Number	1D A2 48 30 6F 9B 26 18 D0 82 E0 96 7D 33 D3 6A
Thumbprint	94 C9 5D A1 E8 50 BD 85 20 9A 4A 2A F3 E1 FB 16 04 F9 BB 66

Certificate: USERTrust RSA Certification Authority

Issued by	USERTrust RSA Certification Authority
Country Name	US
Valid From	2000-05-30 10:48:38+00:00
Valid Until	2020-05-30 10:48:38+00:00
Algorithm	sha384_rsa
Serial Number	13 EA 28 70 5B F4 EC ED 0C 36 63 09 80 61 43 36
Thumbprint	EA B0 40 68 9A 0D 80 5B 5D 6F D6 54 FC 16 8C FF 00 B7 8B E3

Memory Dumps (5)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
iexuao.exe	1	0x00400000	0x0041FFFF	Relevant Image	32-bit	0x00404166	... Memory Dump Actions Go to Process Go to AV Match Download Dump
buffer	1	0x00220000	0x00225FFF	First Execution	32-bit	0x00221A7E	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00240000	0x0024FFFF	First Execution	32-bit	0x002478DA	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x00210000	0x0021DFFF	Image In Buffer	32-bit	-	... Memory Dump Actions Go to Process Download Dump
iexuao.exe	1	0x00400000	0x0041FFFF	Final Dump	32-bit	-	... Memory Dump Actions Go to Process Go to AV Match Download Dump

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After