87c3639e...284f | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -
Threat Names: -

TOUfuwC8NKj1u2xe.exe

Windows Exe (x86-32)

Created at 2020-06-27T13:07:00

...

Remarks (2/2)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\TOUfuwC8NKj1u2xe.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\TOUfuwC8NKj1u2xe.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 793.00 KB
MD5 463ec4206aa2907a0c17cf9804ac1f49 Copy to Clipboard
SHA1 dae9632d2ae206abfd0a54c5d77a073fd2f6fb3c Copy to Clipboard
SHA256 87c3639e83b5ea1d26b75215a974c5126185017bf9392601ceb41fc5aa58284f Copy to Clipboard
SSDeep 12288:uT4371F+qcslNuJ9ifOsQVg5bHXUAhhT79gnREJYcNd3:uTq1aqNuUQq5bHkAnT79gn2qcN Copy to Clipboard
ImpHash de3e7ca625eb49c0d33b0d11381fd2d5 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x401497
Size Of Code 0xe600
Size Of Initialized Data 0x1722e00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2019-11-30 04:43:59+00:00
Version Information (3)
»
Copright Copright (C) 2020, kac
InternalNaked anizepug.im
ProductVersions 2.27.48
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xe43b 0xe600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.77
.rdata 0x410000 0x7bc8a 0x7be00 0xea00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.99
.data 0x48c000 0x1667494 0x1a00 0x8a800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.7
.tls 0x1af4000 0x32009 0x32200 0x8c200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.vufo 0x1b27000 0x400 0x400 0xbe400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rsrc 0x1b28000 0x7bc0 0x7c00 0xbe800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.08
Imports (1)
»
KERNEL32.dll (89)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTickCount 0x0 0x410000 0x8b4ac 0x89eac 0x293
FindNextVolumeMountPointA 0x0 0x410004 0x8b4b0 0x89eb0 0x148
EnumTimeFormatsA 0x0 0x410008 0x8b4b4 0x89eb4 0x110
GetUserDefaultLangID 0x0 0x41000c 0x8b4b8 0x89eb8 0x29c
GetProcessTimes 0x0 0x410010 0x8b4bc 0x89ebc 0x252
ReadFile 0x0 0x410014 0x8b4c0 0x89ec0 0x3c0
IsBadStringPtrA 0x0 0x410018 0x8b4c4 0x89ec4 0x2f8
SetConsoleTitleA 0x0 0x41001c 0x8b4c8 0x89ec8 0x447
GlobalUnlock 0x0 0x410020 0x8b4cc 0x89ecc 0x2c5
GetTempPathW 0x0 0x410024 0x8b4d0 0x89ed0 0x285
LCMapStringA 0x0 0x410028 0x8b4d4 0x89ed4 0x32b
SetComputerNameW 0x0 0x41002c 0x8b4d8 0x89ed8 0x42a
GetTapeStatus 0x0 0x410030 0x8b4dc 0x89edc 0x281
BuildCommDCBW 0x0 0x410034 0x8b4e0 0x89ee0 0x3d
LoadLibraryA 0x0 0x410038 0x8b4e4 0x89ee4 0x33c
LocalAlloc 0x0 0x41003c 0x8b4e8 0x89ee8 0x344
WritePrivateProfileStringA 0x0 0x410040 0x8b4ec 0x89eec 0x52a
SetCommMask 0x0 0x410044 0x8b4f0 0x89ef0 0x424
GetProcessAffinityMask 0x0 0x410048 0x8b4f4 0x89ef4 0x246
VirtualProtect 0x0 0x41004c 0x8b4f8 0x89ef8 0x4ef
GetCurrentProcessId 0x0 0x410050 0x8b4fc 0x89efc 0x1c1
GlobalAddAtomW 0x0 0x410054 0x8b500 0x89f00 0x2b2
OpenFileMappingA 0x0 0x410058 0x8b504 0x89f04 0x378
LocalFree 0x0 0x41005c 0x8b508 0x89f08 0x348
DebugActiveProcessStop 0x0 0x410060 0x8b50c 0x89f0c 0xc6
lstrlenA 0x0 0x410064 0x8b510 0x89f10 0x54d
CreateTimerQueue 0x0 0x410068 0x8b514 0x89f14 0xbc
GetLastError 0x0 0x41006c 0x8b518 0x89f18 0x202
UnregisterWait 0x0 0x410070 0x8b51c 0x89f1c 0x4da
EncodePointer 0x0 0x410074 0x8b520 0x89f20 0xea
DecodePointer 0x0 0x410078 0x8b524 0x89f24 0xca
GetCommandLineW 0x0 0x41007c 0x8b528 0x89f28 0x187
HeapSetInformation 0x0 0x410080 0x8b52c 0x89f2c 0x2d3
GetStartupInfoW 0x0 0x410084 0x8b530 0x89f30 0x263
TerminateProcess 0x0 0x410088 0x8b534 0x89f34 0x4c0
GetCurrentProcess 0x0 0x41008c 0x8b538 0x89f38 0x1c0
UnhandledExceptionFilter 0x0 0x410090 0x8b53c 0x89f3c 0x4d3
SetUnhandledExceptionFilter 0x0 0x410094 0x8b540 0x89f40 0x4a5
IsDebuggerPresent 0x0 0x410098 0x8b544 0x89f44 0x300
IsProcessorFeaturePresent 0x0 0x41009c 0x8b548 0x89f48 0x304
EnterCriticalSection 0x0 0x4100a0 0x8b54c 0x89f4c 0xee
LeaveCriticalSection 0x0 0x4100a4 0x8b550 0x89f50 0x339
Sleep 0x0 0x4100a8 0x8b554 0x89f54 0x4b2
HeapSize 0x0 0x4100ac 0x8b558 0x89f58 0x2d4
GetProcAddress 0x0 0x4100b0 0x8b55c 0x89f5c 0x245
GetModuleHandleW 0x0 0x4100b4 0x8b560 0x89f60 0x218
ExitProcess 0x0 0x4100b8 0x8b564 0x89f64 0x119
WriteFile 0x0 0x4100bc 0x8b568 0x89f68 0x525
GetStdHandle 0x0 0x4100c0 0x8b56c 0x89f6c 0x264
GetModuleFileNameW 0x0 0x4100c4 0x8b570 0x89f70 0x214
FreeEnvironmentStringsW 0x0 0x4100c8 0x8b574 0x89f74 0x161
GetEnvironmentStringsW 0x0 0x4100cc 0x8b578 0x89f78 0x1da
SetHandleCount 0x0 0x4100d0 0x8b57c 0x89f7c 0x46f
InitializeCriticalSectionAndSpinCount 0x0 0x4100d4 0x8b580 0x89f80 0x2e3
GetFileType 0x0 0x4100d8 0x8b584 0x89f84 0x1f3
DeleteCriticalSection 0x0 0x4100dc 0x8b588 0x89f88 0xd1
TlsAlloc 0x0 0x4100e0 0x8b58c 0x89f8c 0x4c5
TlsGetValue 0x0 0x4100e4 0x8b590 0x89f90 0x4c7
TlsSetValue 0x0 0x4100e8 0x8b594 0x89f94 0x4c8
TlsFree 0x0 0x4100ec 0x8b598 0x89f98 0x4c6
InterlockedIncrement 0x0 0x4100f0 0x8b59c 0x89f9c 0x2ef
SetLastError 0x0 0x4100f4 0x8b5a0 0x89fa0 0x473
GetCurrentThreadId 0x0 0x4100f8 0x8b5a4 0x89fa4 0x1c5
InterlockedDecrement 0x0 0x4100fc 0x8b5a8 0x89fa8 0x2eb
HeapCreate 0x0 0x410100 0x8b5ac 0x89fac 0x2cd
QueryPerformanceCounter 0x0 0x410104 0x8b5b0 0x89fb0 0x3a7
GetSystemTimeAsFileTime 0x0 0x410108 0x8b5b4 0x89fb4 0x279
RaiseException 0x0 0x41010c 0x8b5b8 0x89fb8 0x3b1
HeapFree 0x0 0x410110 0x8b5bc 0x89fbc 0x2cf
RtlUnwind 0x0 0x410114 0x8b5c0 0x89fc0 0x418
GetCPInfo 0x0 0x410118 0x8b5c4 0x89fc4 0x172
GetACP 0x0 0x41011c 0x8b5c8 0x89fc8 0x168
GetOEMCP 0x0 0x410120 0x8b5cc 0x89fcc 0x237
IsValidCodePage 0x0 0x410124 0x8b5d0 0x89fd0 0x30a
MultiByteToWideChar 0x0 0x410128 0x8b5d4 0x89fd4 0x367
HeapAlloc 0x0 0x41012c 0x8b5d8 0x89fd8 0x2cb
HeapReAlloc 0x0 0x410130 0x8b5dc 0x89fdc 0x2d2
LoadLibraryW 0x0 0x410134 0x8b5e0 0x89fe0 0x33f
WideCharToMultiByte 0x0 0x410138 0x8b5e4 0x89fe4 0x511
GetConsoleCP 0x0 0x41013c 0x8b5e8 0x89fe8 0x19a
GetConsoleMode 0x0 0x410140 0x8b5ec 0x89fec 0x1ac
FlushFileBuffers 0x0 0x410144 0x8b5f0 0x89ff0 0x157
LCMapStringW 0x0 0x410148 0x8b5f4 0x89ff4 0x32d
GetStringTypeW 0x0 0x41014c 0x8b5f8 0x89ff8 0x269
CloseHandle 0x0 0x410150 0x8b5fc 0x89ffc 0x52
WriteConsoleW 0x0 0x410154 0x8b600 0x8a000 0x524
SetFilePointer 0x0 0x410158 0x8b604 0x8a004 0x466
SetStdHandle 0x0 0x41015c 0x8b608 0x8a008 0x487
CreateFileW 0x0 0x410160 0x8b60c 0x8a00c 0x8f
Icons (1)
»
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
buffer 1 0x01D1F4D8 0x01D9848A First Execution False 32-bit 0x01D1F4D8 False False
...
buffer 1 0x01B30000 0x01C49FFF First Execution False 32-bit 0x01B30000 False False
...
buffer 1 0x01B30000 0x01C49FFF Content Changed False 32-bit 0x01B304F6 False False
...
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\5p5nrgjn0js_halpmcxz@myip[1].txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 108 Bytes
MD5 6ddfed0d69b7db13b075b4ee04eed058 Copy to Clipboard
SHA1 b3ee3ead15515b84c671e6e91c02a45e1883d1a9 Copy to Clipboard
SHA256 f0f064da6258633faf4158f681349f3905411d54e613ee2e68944d1b8180d8a7 Copy to Clipboard
SSDeep 3:GmM/BEdVEcX/QmGuT25c1RSNxVVSEWyRHAdXv:XM/OucXYm05CRyVSEpJAdXv Copy to Clipboard
ImpHash -
c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\5p5nrgjn0js_halpmcxz@myip[2].txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 318 Bytes
MD5 6e683a57044541dc9f61d008d58baebb Copy to Clipboard
SHA1 65052634436cc674ad84eb18cdbd84ab7c2e3ba4 Copy to Clipboard
SHA256 6fa3a86354f9a6f229a5f572c4dfbc4c4a1c1ebd28c0c53feeeb2d35a6700e93 Copy to Clipboard
SSDeep 6:XM/OucXYm05CRyVSEpJAdXtUUByO2rdrcQS7EJCWioTyUd2cVZJwrJUyRVDW7HAN:KOuPufvXtUYForXpxidQ2eZIUe1Xv Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image