VMRay Analyzer Report
File Information
Sample files count1
Created files count4
Modified files count0
1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe, ...
-
File Properties
Names1129c5049ff7842161800d20141de5848888ea44_(B-Ware)_vt.malware.exe (Sample File)
c:\windows\syswow64\install\svhost.exe (Created File)
c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe (Created File)
Size1.47 MB (1544704 bytes)
Hash ValuesMD5: 64699a728e510f29d578edaf3d3cd163
SHA1: 1129c5049ff7842161800d20141de5848888ea44
SHA256: 6449a8fbc725572f4f151017fc13dcf913b45fef7392e32f71df103efdb8c97f
Actions
PE Information
+
File Properties
Image Base0x400000
Entry Point0x40bbf4
Size Of Code0x98000
Size Of Initialized Data0x34000
Size Of Uninitialized Data0xae000
Formatx86
TypeExecutable
SubsystemIMAGE_SUBSYSTEM_WINDOWS_GUI
Machine TypeIMAGE_FILE_MACHINE_I386
Compile Timestamp1992-06-20 00:22:17
Compiler/PackerUnknown
Sections (3)
+
NameVirtual AddressVirtual SizeRaw Data SizeRaw Data OffsetFlagsEntropy
UPX00x4010000xae0000xae0000x400CNT_UNINITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE5.27
UPX10x4af0000x980000x976000xae400CNT_INITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE7.42
.rsrc0x5470000x340000x338000x145a00CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE6.99
Imports (113)
+
KERNEL32.DLL (47)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
lstrlenA0x00x4101ec0x101ec0xf5ec
lstrcmpiA0x00x4101f00x101f00xf5f0
WriteProcessMemory0x00x4101f40x101f40xf5f4
WriteFile0x00x4101f80x101f80xf5f8
WaitForSingleObject0x00x4101fc0x101fc0xf5fc
VirtualProtectEx0x00x4102000x102000xf600
VirtualProtect0x00x4102040x102040xf604
VirtualFreeEx0x00x4102080x102080xf608
VirtualFree0x00x41020c0x1020c0xf60c
VirtualAllocEx0x00x4102100x102100xf610
VirtualAlloc0x00x4102140x102140xf614
Sleep0x00x4102180x102180xf618
SizeofResource0x00x41021c0x1021c0xf61c
SetFilePointer0x00x4102200x102200xf620
SetFileAttributesA0x00x4102240x102240xf624
ReadProcessMemory0x00x4102280x102280xf628
ReadFile0x00x41022c0x1022c0xf62c
OpenProcess0x00x4102300x102300xf630
LockResource0x00x4102340x102340xf634
LoadResource0x00x4102380x102380xf638
LoadLibraryA0x00x41023c0x1023c0xf63c
GlobalFree0x00x4102400x102400xf640
GetVersionExA0x00x4102440x102440xf644
GetTickCount0x00x4102480x102480xf648
GetProcAddress0x00x41024c0x1024c0xf64c
GetPrivateProfileStringA0x00x4102500x102500xf650
GetPrivateProfileIntA0x00x4102540x102540xf654
GetModuleHandleA0x00x4102580x102580xf658
GetLastError0x00x41025c0x1025c0xf65c
GetFileSize0x00x4102600x102600xf660
GetFileAttributesA0x00x4102640x102640xf664
GetExitCodeThread0x00x4102680x102680xf668
GetCurrentProcess0x00x41026c0x1026c0xf66c
FreeResource0x00x4102700x102700xf670
FreeLibrary0x00x4102740x102740xf674
FindResourceA0x00x4102780x102780xf678
FindFirstFileA0x00x41027c0x1027c0xf67c
FindClose0x00x4102800x102800xf680
ExitProcess0x00x4102840x102840xf684
DeleteFileA0x00x4102880x102880xf688
CreateRemoteThread0x00x41028c0x1028c0xf68c
CreateProcessA0x00x4102900x102900xf690
CreateMutexA0x00x4102940x102940xf694
CreateFileA0x00x4102980x102980xf698
CreateDirectoryA0x00x41029c0x1029c0xf69c
CopyFileA0x00x4102a00x102a00xf6a0
CloseHandle0x00x4102a40x102a40xf6a4
KERNEL32.DLL (18)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
GetCurrentThreadId0x00x4101540x101540xf554
WideCharToMultiByte0x00x4101580x101580xf558
MultiByteToWideChar0x00x41015c0x1015c0xf55c
ExitProcess0x00x4101600x101600xf560
UnhandledExceptionFilter0x00x4101640x101640xf564
RtlUnwind0x00x4101680x101680xf568
RaiseException0x00x41016c0x1016c0xf56c
GetCommandLineA0x00x4101700x101700xf570
TlsSetValue0x00x4101740x101740xf574
TlsGetValue0x00x4101780x101780xf578
LocalAlloc0x00x41017c0x1017c0xf57c
GetModuleHandleA0x00x4101800x101800xf580
GetModuleFileNameA0x00x4101840x101840xf584
FreeLibrary0x00x4101880x101880xf588
HeapFree0x00x41018c0x1018c0xf58c
HeapReAlloc0x00x4101900x101900xf590
HeapAlloc0x00x4101940x101940xf594
GetProcessHeap0x00x4101980x101980xf598
advapi32.dll (5)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
LsaFreeMemory0x00x4103140x103140xf714
LsaClose0x00x4103180x103180xf718
LsaRetrievePrivateData0x00x41031c0x1031c0xf71c
LsaOpenPolicy0x00x4103200x103200xf720
ConvertSidToStringSidA0x00x4103240x103240xf724
advapi32.dll (12)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
RegSetValueExA0x00x4101b80x101b80xf5b8
RegQueryValueExA0x00x4101bc0x101bc0xf5bc
RegOpenKeyExA0x00x4101c00x101c00xf5c0
RegEnumValueA0x00x4101c40x101c40xf5c4
RegDeleteKeyA0x00x4101c80x101c80xf5c8
RegCreateKeyExA0x00x4101cc0x101cc0xf5cc
RegCreateKeyA0x00x4101d00x101d00xf5d0
RegCloseKey0x00x4101d40x101d40xf5d4
OpenProcessToken0x00x4101d80x101d80xf5d8
LookupAccountNameA0x00x4101dc0x101dc0xf5dc
IsValidSid0x00x4101e00x101e00xf5e0
GetUserNameA0x00x4101e40x101e40xf5e4
advapi32.dll (6)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
CryptDestroyHash0x00x41033c0x1033c0xf73c
CryptHashData0x00x4103400x103400xf740
CryptCreateHash0x00x4103440x103440xf744
CryptGetHashParam0x00x4103480x103480xf748
CryptReleaseContext0x00x41034c0x1034c0xf74c
CryptAcquireContextA0x00x4103500x103500xf750
advapi32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
CredEnumerateA0x00x4103340x103340xf734
crypt32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
CryptUnprotectData0x00x41032c0x1032c0xf72c
ole32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
CoTaskMemFree0x00x4102e80x102e80xf6e8
ole32.dll (2)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
OleInitialize0x00x4102dc0x102dc0xf6dc
CoCreateInstance0x00x4102e00x102e00xf6e0
ole32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
StringFromCLSID0x00x4102f80x102f80xf6f8
oleaut32.dll (3)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
SysFreeString0x00x4101a80x101a80xf5a8
SysReAllocStringLen0x00x4101ac0x101ac0xf5ac
SysAllocStringLen0x00x4101b00x101b00xf5b0
pstorec.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
PStoreCreateInstance0x00x4102f00x102f00xf6f0
rasapi32.dll (2)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
RasGetEntryDialParamsA0x00x4103000x103000xf700
RasEnumEntriesA0x00x4103040x103040xf704
shell32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
SHGetSpecialFolderPathA0x00x41030c0x1030c0xf70c
user32.dll (11)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
wvsprintfA0x00x4102ac0x102ac0xf6ac
TranslateMessage0x00x4102b00x102b00xf6b0
ToAscii0x00x4102b40x102b40xf6b4
SetWindowsHookExA0x00x4102b80x102b80xf6b8
PeekMessageA0x00x4102bc0x102bc0xf6bc
GetWindowThreadProcessId0x00x4102c00x102c00xf6c0
GetKeyboardState0x00x4102c40x102c40xf6c4
FindWindowA0x00x4102c80x102c80xf6c8
DispatchMessageA0x00x4102cc0x102cc0xf6cc
CharLowerA0x00x4102d00x102d00xf6d0
CharUpperA0x00x4102d40x102d40xf6d4
user32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
CharNextA0x00x4101a00x101a00xf5a0
c:\windows\syswow64\install\svhost.exe, ...
-
File Properties
Namesc:\windows\syswow64\install\svhost.exe (Created File)
c:\users\wi2yhmti onvscy7pe\appdata\roaming\install\svhost.exe (Created File)
Size0.00 KB (0 bytes)
Hash ValuesMD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt
-
File Properties
Namesc:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt (Created File)
Size762.45 KB (780750 bytes)
Hash ValuesMD5: 9bb977482db6a5634db518794afcca36
SHA1: 2c4d14edf3d59ac1efa272ce05123fb8e0e6207a
SHA256: e3a2557d763f89af1ed314225273d1f379c0e4a9fda84da038bad5e5c872b183
Actions
c:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt
-
File Properties
Namesc:\users\wi2yhm~1\appdata\local\temp\xx--xx--xx.txt (Created File)
Size762.41 KB (780712 bytes)
Hash ValuesMD5: 4ab57e867ebea0f4911579273c8402fd
SHA1: ddf2644afd637821db15e42e4b30e32a80d80c88
SHA256: fb065dfc03f72decfef160676f388863c238e09c26e619768fecb7d1bb6a15fe
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 
































Screenshot



Expand-Icon


Exit-Icon






icon_left




icon_left








image