Try VMRay Platform
Malicious
Classifications

-

Threat Names

Trojan.MSIL.Basic.8.Gen

Dynamic Analysis Report

Created on 2021-08-18T02:56:00

savesHostPerfMonitorsvc.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\savesHostPerfMonitorsvc.exe Sample File Binary
malicious
...
»
Also Known As C:\Program Files (x86)\Internet Explorer\en-US\ccv_server.exe (Dropped File)
C:\Windows\System32\shimgvw\smss.exe (Dropped File)
C:\Program Files\WindowsPowerShell\Configuration\Schema\notepad.exe (Dropped File)
C:\Windows\System32\wbem\WgxInstalledGame\WMIADAP.exe (Dropped File)
C:\Program Files (x86)\Common Files\rathermemory\skype.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 1.19 MB
MD5 b0911330bf6db7b5d323cccda7457860 Copy to Clipboard
SHA1 03acc70296d280d679a55e5eb2c241032afbbf3d Copy to Clipboard
SHA256 427eaaff3e1ad963dcb643bbc7c81a6338b544816ef22924c7b5d62a5ae55f70 Copy to Clipboard
SSDeep 24576:nsnrhZLRDoKD8t5zTkycR7kkfCBh81ropum5ee+4:Uvh/+kduh8N6x4 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
malicious
AV Matches (1)
»
Threat Name Verdict
Trojan.MSIL.Basic.8.Gen
malicious
PE Information
»
Image Base 0x400000
Entry Point 0x52deee
Size Of Code 0x12c000
Size Of Initialized Data 0x5a00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-08-13 21:33:11+00:00
Version Information (8)
»
CompanyName -
FileDescription -
FileVersion 6.2.0 build-9673454
InternalName vixDiskMountServer
LegalCopyright Copyright © 1998-2018 VMware, Inc.
OriginalFilename vixDiskMountServer.EXE
ProductName VMware vCenter Converter Standalone
ProductVersion 6.2.0 build-9673454
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x12bef4 0x12c000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.43
.sdata 0x52e000 0x520f 0x5400 0x12c400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.67
.rsrc 0x534000 0x38c 0x400 0x131800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.06
.reloc 0x536000 0xc 0x200 0x131c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x402000 0x12dec8 0x12c2c8 0x0
Memory Dumps (1)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
saveshostperfmonitorsvc.exe 1 0x00B10000 0x00C47FFF Relevant Image False 64-bit - False False
...
c:\lsarpc Dropped File Unknown
clean
...
  • Actions
»
MIME Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
C:\Program Files (x86)\Common Files\rathermemory\e57f4916d0223d976da5db9bfa55c7a46ce0fc3e Dropped File Text
clean
...
»
MIME Type text/plain
File Size 726 Bytes
MD5 f8432526929f088e7b98fe256cf1eb7f Copy to Clipboard
SHA1 368337c0b8c255f7291b94e27f5af5798e4626c6 Copy to Clipboard
SHA256 5d8adbc9dcf29f96f986d8edfb6d47845f52502468b283db0999cfab6d458dae Copy to Clipboard
SSDeep 12:vRZQSoI1f/jzN2xmtIlM1wHkbxi3dvQQQO4Vu+yn4/IFQ/M0T00JkY:vAxmFAm6IwHO43lQQQOE/OF4M0TqY Copy to Clipboard
ImpHash -
C:\Program Files (x86)\Internet Explorer\en-US\812705b853f5ca7053025525603ffa3af08250de Dropped File Text
clean
...
»
MIME Type text/plain
File Size 338 Bytes
MD5 79466df6c72806193fd751d7e3a48427 Copy to Clipboard
SHA1 c511af8c247a61f1709d120240dea1d9e55869ff Copy to Clipboard
SHA256 a4e01c10182e1f6fe1b77da9742f36c438f85f00adbb4a8da563ba32456d412b Copy to Clipboard
SSDeep 6:NSEkIqPc6pC19SugqQ1VJSqNiatz6Xz1oMPpeF2H7h05qerNKnq:N3F9gugqQ1OotmDaMP2E7h05qerIq Copy to Clipboard
ImpHash -
C:\Windows\System32\shimgvw\69ddcba757bf72f7d36c464c71f42baab150b2b9 Dropped File Text
clean
...
»
MIME Type text/plain
File Size 188 Bytes
MD5 a982cb4cede09f12fc4cc6f57ee83dcf Copy to Clipboard
SHA1 54f4a28a27a2359f7cc42d36009ab55ff657a6a1 Copy to Clipboard
SHA256 6fe1ece394e03469296b12203072534520f447e8ab16aa7721653a1796891c05 Copy to Clipboard
SSDeep 3:pXh8RA1jplSSG733xAYKa3oVO82rjrz3T+xfUBuvZQcGZZCrDOxU/SyFS0t9TQWt:pSLz3WSI6rvbe9qlKrDeU/BFvteOn Copy to Clipboard
ImpHash -
C:\Program Files\WindowsPowerShell\Configuration\Schema\e9db699ef0888fe86d4c07da866b9dd0f16aef35 Dropped File Text
clean
...
»
MIME Type text/plain
File Size 517 Bytes
MD5 89718884ad7a76bdf16dafe891723033 Copy to Clipboard
SHA1 c1232d1f38c8c21106258b3269f82d084fa9fac2 Copy to Clipboard
SHA256 11e36084f47e9f7e0e835cf6a5f5ad8d27ce185903acd67a0abf1e7f05e76e66 Copy to Clipboard
SSDeep 12:oHN0UQYd1rYZk6VZPWinLmle0JvsJv0lXInBr:I4YnYZkexileisuleBr Copy to Clipboard
ImpHash -
C:\Windows\System32\wbem\WgxInstalledGame\75a57c1bdf437c0c81ad56e81f43c7323ed35745 Dropped File Text
clean
...
»
MIME Type text/plain
File Size 557 Bytes
MD5 d5c608e726e85c17d67b708d1b221d9c Copy to Clipboard
SHA1 0478ed8fc57de0034703ee61928a96c30b60ad4d Copy to Clipboard
SHA256 aa1b5bbb79d72ac4f01fdcc454c754495fe4561b564a1b88b7536797eb49b713 Copy to Clipboard
SSDeep 12:V3Gd+STS4BsS9Lyxs4T+wucch488UKxPl0J4VA4NcBnzE/vkGq6l:V3vS+45Es2+wuccvhKySj0zEXbl Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image