VMRay Analyzer Report
Sample Information
ID#392
MD5 Hash Valuea86ac0ad1f8928e8d4e1b728448f54f9
SHA1 Hash Value207a8b797fed46abbb72fe2555687887f36094bf
SHA256 Hash Value44f7c42de05d715b39475e131b62da51bdea470741a09e10ff72da57af38230e
Filename55b17467da6d12ecf71e82eb96870bd314f248675da1bfad1b1e437b45453452
File Size1.63 MB (1713664 bytes)
File TypePE32 (gui)
Analyzer and Virtual Machine Information
Analyzer Version1.8.0
Analyzer Build Date2015-10-30 09:57 (UTC+2)
Artifacts Database Version1.09
VM Namewin7_64_sp1
VM DescriptionWindows 7 (SP1, 64-bit)
VM Architecturex86 64-bit
VM OSWindows 7
VM Kernel Version6.1.7601.18717 (f79084b4-f72c-4d50-8f0f-4924b2ae188f)
Analysis Information
Creation Time2015-10-30 10:35 (UTC+1)
Analysis Duration Time00:03:02
Execution SuccessfulTrue
PrescriptFalse
Command Line ParametersFalse
Number of Processes41
Termination ReasonMaximum binlog size reached
DownloadArchive Function Logfile Generic Logfile PCAP Result XML
RemarksKernel code was executed
Screenshots
Screenshot Screenshot Screenshot Screenshot
Monitored Processes
Process Graph


IDPIDMonitor ReasonImage NameCommand LineOrigin ID
#10xb0cAnalysis Target55b17467da6d12ecf71e82eb96870bd314f248675da1bfad1b1e437b45453452.exe"C:\Users\User\Desktop\55b17467da6d12ecf71e82eb96870bd314f248675da1bfad1b1e437b45453452.exe"
#20x4Created DaemonSystem#1
#30xe8Child Processsmss.exe\SystemRoot\System32\smss.exe#2
#40x130Child Processcsrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16#3
#50x160Child Processwininit.exewininit.exe#3
#60x16cChild Processcsrss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16#3
#70x188Child Processwinlogon.exewinlogon.exe#3
#80x1c0Child Processservices.exeC:\Windows\system32\services.exe#5
#90x1d0Child Processlsass.exeC:\Windows\system32\lsass.exe#5
#100x1d8Child Processlsm.exeC:\Windows\system32\lsm.exe#5
#110x234Child Processsvchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch#8
#120x274Child Processsvchost.exeC:\Windows\system32\svchost.exe -k RPCSS#8
#130x2acChild Processsvchost.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted#8
#140x30cChild Processsvchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted#8
#150x344Child Processsvchost.exeC:\Windows\system32\svchost.exe -k LocalService#8
#160x35cChild Processsvchost.exeC:\Windows\system32\svchost.exe -k netsvcs#8
#170x39cChild Processsvchost.exeC:\Windows\system32\svchost.exe -k GPSvcGroup#8
#180x108Child Processsvchost.exeC:\Windows\system32\svchost.exe -k NetworkService#8
#190x3fcChild Processspoolsv.exeC:\Windows\System32\spoolsv.exe#8
#200x410Child Processsvchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetwork#8
#210x468Child Processtaskhost.exe"taskhost.exe"#8
#220x4b8Child Processdwm.exe"C:\Windows\system32\Dwm.exe"#14
#230x4dcChild Processexplorer.exeC:\Windows\Explorer.EXE#7
#240x4f4Child Processtaskeng.exetaskeng.exe {A99ED261-3025-4BA6-9259-C370241D052C} S-1-5-18:NT AUTHORITY\System:Service:#16
#250x69cChild Processsvchost.exeC:\Windows\System32\svchost.exe -k secsvcs#8
#260x754Child Processtaskeng.exetaskeng.exe {A102D200-38FE-4EBE-8603-33AE94893701} S-1-5-21-3335109830-3850919073-1580866493-1000:User-PC\User:Interactive:Highest[1]#16
#270x7f0Child Processsearchindexer.exeC:\Windows\system32\SearchIndexer.exe \Embedding#8
#280x590Child Processsearchprotocolhost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3335109830-3850919073-1580866493-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3335109830-3850919073-1580866493-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla\4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"#27
#290x584Child Processsearchfilterhost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512 #27
#300x8f4Child Processtaskhost.exetaskhost.exe $(Arg0)#8
#310x850Child Processmscorsvw.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe#8
#320x880Child Processsvchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation#8
#330x7ecChild Processmscorsvw.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe#8
#340x8acChild Processgoogleupdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" \svc#8
#350x4ccChild Processpxinsi64.exe"C:\Windows\$NtUninstallQ923283$\pxinsi64.exe"#1
#360xf8Child Processsppsvc.exeC:\Windows\system32\sppsvc.exe#8
#370x3e8Child Processgoogleupdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" \c#34
#380x9c0Child Processgoogleupdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" \cr#37
#390x99cChild Processgooglecrashhandler.exe"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe"#37
#400x998Child Processgooglecrashhandler64.exe"C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe"#37
#410x988Child Processgoogleupdate.exe"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" \ua \installsource core#37
Created or Modified Files
+
Process IDFilenameFile SizeHash Values
#1c:\windows\$ntuninstallq923283$\usbehub.sys 66.69 KB (68288 bytes)MD5: eaea9ccb40c82af8f3867cd0f4dd5e9d
SHA1: 7c1b25518dee1e30b5a6eaa1ea8e4a3780c24d0c
SHA256: cf3a7d4285d65bf8688215407bce1b51d7c6b22497f09021f0fce31cbeb78986
#1c:\windows\$ntuninstallq923283$\fdisk.sys 592.50 KB (606720 bytes)MD5: 921ad714e7fb01aaa8e9b960544e0d36
SHA1: 9e327408fedb128b5717cf0f0093756132624951
SHA256: c55fa19ac18710c56045e39724f3b6a83a916508ae23a14bb2a108e71eac64a0
#1c:\windows\$ntuninstallq923283$\pxinsi64.exe 8.00 KB (8192 bytes)MD5: f156ff2a1694f479a079f6777f0c5af0
SHA1: 1f55bdf960d70c0571e171c2c75701998552dc43
SHA256: 38b10be0618576f4a2285362b7576975f997980f1120e9d6470654f48503c179
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy".


Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image