VMRay Analyzer Report
File Information
Sample files count1
Created files count6
Modified files count0
249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe
-
File Properties
Names249bebc650b7160cfeee41d08bc61dc220ecb740.malware.exe (Sample File)
Size1.99 MB (2084864 bytes)
Hash ValuesMD5: a66df34f40f1345861846918f4f8f56d
SHA1: 249bebc650b7160cfeee41d08bc61dc220ecb740
SHA256: 91de42dda9985493ed08b1e6b7f5c3931135189a5455a3afb9bac8cc8d7c0870
Actions
PE Information
+
File Properties
Image Base0x400000
Entry Point0x401000
Size Of Code0xa9000
Size Of Initialized Data0xccd8
Size Of Uninitialized Data0x0
Formatx86
TypeExecutable
SubsystemIMAGE_SUBSYSTEM_WINDOWS_GUI
Machine TypeIMAGE_FILE_MACHINE_I386
Compile Timestamp2016-08-20 02:57:57
Compiler/PackerUnknown
Sections (4)
+
NameVirtual AddressVirtual SizeRaw Data SizeRaw Data OffsetFlagsEntropy
.text0x4010000xa90000xa90000x600CNT_CODE, MEM_EXECUTE, MEM_READ7.1
.rdata0x4aa0000x20000x28000xa9600CNT_INITIALIZED_DATA, MEM_READ0.18
.data0x4ac0000x1500000x1500000xabe00CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE5.87
.rsrc0x5fc0000x12000x12000x1fbe00CNT_CODE, MEM_LOCKED, MEM_READ, MEM_WRITE5.82
Imports (3)
+
kernel32.dll (3)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
GetCurrentProcess0x00x4aa0000xaa0380xa9638
GetUserDefaultLangID0x00x4aa0040xaa03c0xa963c
VirtualAlloc0x00x4aa0080xaa0400xa9640
Icons (1)
+
Icon
c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww, ...
-
File Properties
Namesc:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww (Created File)
c:\programdata\vmymsigm\yoummieo (Created File)
Size0.00 KB (0 bytes)
Hash ValuesMD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe
-
File Properties
Namesc:\users\wi2yhmti onvscy7pe\ayooemee\xumiasww.exe (Created File)
Size2.00 MB (2100224 bytes)
Hash ValuesMD5: e8b81e4a627a9f9a772b6d42d9bb3a3c
SHA1: 08cdff2e0e82651cde54a58eca4747aadc940a53
SHA256: 0fbd214902a4b12b22dd57fc04449cf9642a220d2cc5c0cd274013131446c899
Actions
PE Information
+
File Properties
Image Base0x400000
Entry Point0x401000
Size Of Code0xa7000
Size Of Initialized Data0x45534
Size Of Uninitialized Data0x0
Formatx86
TypeExecutable
SubsystemIMAGE_SUBSYSTEM_WINDOWS_GUI
Machine TypeIMAGE_FILE_MACHINE_I386
Compile Timestamp2016-09-26 12:42:39
Compiler/PackerUnknown
Sections (3)
+
NameVirtual AddressVirtual SizeRaw Data SizeRaw Data OffsetFlagsEntropy
.text0x4010000xa70000xa70000x400CNT_CODE, MEM_EXECUTE, MEM_READ7.08
.rdata0x4a80000x20000x28000xa7400CNT_INITIALIZED_DATA, MEM_READ0.23
.data0x4aa0000x1570000x1570000xa9c00CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE5.77
Imports (3)
+
kernel32.dll (2)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
GetVersion0x00x4a80000xa80500xa7450
VirtualAlloc0x00x4a80040xa80540xa7454
user32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
GetOpenClipboardWindow0x00x4a800c0xa805c0xa745c
c:\programdata\vmymsigm\yoummieo.exe
-
File Properties
Namesc:\programdata\vmymsigm\yoummieo.exe (Created File)
Size1.95 MB (2042880 bytes)
Hash ValuesMD5: 25081af7955ff8b96260f64cc3c76bcb
SHA1: e02b4eab3fe752312aadd58de8a2e3558aebe12d
SHA256: c7c619989c3733e37fa0b40b0e606cd0f6b3711378cbffd4908c4364fbf1e18c
Actions
PE Information
+
File Properties
Image Base0x400000
Entry Point0x401000
Size Of Code0xa7000
Size Of Initialized Data0x63d40
Size Of Uninitialized Data0x0
Formatx86
TypeExecutable
SubsystemIMAGE_SUBSYSTEM_WINDOWS_GUI
Machine TypeIMAGE_FILE_MACHINE_I386
Compile Timestamp2016-09-26 12:42:51
Compiler/PackerUnknown
Sections (3)
+
NameVirtual AddressVirtual SizeRaw Data SizeRaw Data OffsetFlagsEntropy
.text0x4010000xa70000xa70000x400CNT_CODE, MEM_EXECUTE, MEM_READ7.11
.rdata0x4a80000x20000x28000xa7400CNT_INITIALIZED_DATA, MEM_READ0.22
.data0x4aa0000x1490000x1490000xa9c00CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE5.85
Imports (3)
+
kernel32.dll (2)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
GetSystemDefaultLangID0x00x4a80000xa80500xa7450
VirtualAlloc0x00x4a80040xa80540xa7454
user32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
GetClipboardOwner0x00x4a800c0xa805c0xa745c
c:\programdata\baieaacu\xuaecwog.exe
-
File Properties
Namesc:\programdata\baieaacu\xuaecwog.exe (Created File)
Size1.98 MB (2079744 bytes)
Hash ValuesMD5: 958a7f26c423db4ed7c1caafc0dda8e9
SHA1: 0af04b61a579c82fe3a4b06a62fc4d3cd0e2c571
SHA256: b9796040e89f3877c538a338d75bab2beeec94a720571f3d5df08e019cff3380
Actions
PE Information
+
File Properties
Image Base0x400000
Entry Point0x401000
Size Of Code0xa7000
Size Of Initialized Data0xd504
Size Of Uninitialized Data0x0
Formatx86
TypeExecutable
SubsystemIMAGE_SUBSYSTEM_WINDOWS_GUI
Machine TypeIMAGE_FILE_MACHINE_I386
Compile Timestamp2016-09-26 12:43:07
Compiler/PackerUnknown
Sections (3)
+
NameVirtual AddressVirtual SizeRaw Data SizeRaw Data OffsetFlagsEntropy
.text0x4010000xa70000xa70000x400CNT_CODE, MEM_EXECUTE, MEM_READ7.09
.rdata0x4a80000x20000x28000xa7400CNT_INITIALIZED_DATA, MEM_READ0.2
.data0x4aa0000x1520000x1520000xa9c00CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE5.8
Imports (3)
+
kernel32.dll (1)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
VirtualAlloc0x00x4a80000xa80500xa7450
user32.dll (2)
+
API NameOrdinalIAT AddressThunk RVAThunk Offset
GetMessageTime0x00x4a80080xa80580xa7458
GetMenuCheckMarkDimensions0x00x4a800c0xa805c0xa745c
c:\users\wi2yhm~1\appdata\local\temp\dwaaskwo.bat
-
File Properties
Namesc:\users\wi2yhm~1\appdata\local\temp\dwaaskwo.bat (Created File)
Size0.00 KB (4 bytes)
Hash ValuesMD5: f6f0aa95187fb1682cfbee02e3348d4f
SHA1: 46c7c7331f30edf31b3308f077cb583ec37a68be
SHA256: b9c68ec4d2854ae3bc968140b7c9ceefb21f5dd73365d16590741bce796ec459
Actions
c:\users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware
-
File Properties
Namesc:\users\wi2yhmti onvscy7pe\desktop\249bebc650b7160cfeee41d08bc61dc220ecb740.malware (Created File)
Size6.80 KB (6968 bytes)
Hash ValuesMD5: 672a1f1de82c3076688c129d2c89d0e2
SHA1: 02e8f06ad6888c9fb28059f5eac065b7bbfdd365
SHA256: 1d8a8607dd5b6aa413649cd3dc7187497e6a7fcb616e56c980fcfb682ee8c363
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 
































Screenshot



Expand-Icon


Exit-Icon






icon_left




icon_left








image