9081c2ef...429c | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Dropper
Threat Names:
Gen:Variant.MSILHeracles.10524
Gen:Variant.Razy.816873

8g4YJ5vYi5gsz9qg.exe

Windows Exe (x86-32)

Created at 2021-01-23T23:12:00

...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "2 hours, 15 seconds" to "20 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\8g4YJ5vYi5gsz9qg.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 186.50 KB
MD5 ea7fae9863cdd1b1a537122a38e343ff Copy to Clipboard
SHA1 37f147f37fa0547fc0eeccadf2e2bf9447332252 Copy to Clipboard
SHA256 9081c2ef5e93d62853d3786918edcec4da821ecd562d19ecd8b22c03e6b2429c Copy to Clipboard
SSDeep 3072:VcbLgMLLVLZcLBLfLCVYzLLLLJLLLLL9RyLLLLGBDLVLL5yVYPgE3HBPRPsooFc/:ybtlHNEHBpj2vtQ29YSy21Tqpq Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x42f3d6
Size Of Code 0x2d400
Size Of Initialized Data 0x1400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2039-08-13 06:22:46+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription SysWOW64
FileVersion 1.0.0.0
InternalName IZI.exe
LegalCopyright Copyright © 2020
LegalTrademarks -
OriginalFilename IZI.exe
ProductName SysWOW64
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x2d3dc 0x2d400 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.71
.rsrc 0x430000 0x1008 0x1200 0x2d600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.77
.reloc 0x432000 0xc 0x200 0x2e800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x2f3ab 0x2d5ab 0x0
Memory Dumps (19)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
8g4yj5vyi5gsz9qg.exe 1 0x00790000 0x007C3FFF Relevant Image True 64-bit - False False
...
buffer 1 0x7FFC6A02E000 0x7FFC6A02EFFF First Execution False 64-bit 0x7FFC6A02E040 False False
...
buffer 1 0x7FFC6A02E000 0x7FFC6A02EFFF Content Changed False 64-bit 0x7FFC6A02ED60 False False
...
buffer 1 0x7FFC6A182000 0x7FFC6A182FFF First Execution False 64-bit 0x7FFC6A182000 False False
...
buffer 1 0x7FFC6A183000 0x7FFC6A183FFF First Execution False 64-bit 0x7FFC6A183012 False False
...
buffer 1 0x7FFC6A131000 0x7FFC6A131FFF First Execution False 64-bit 0x7FFC6A131000 False False
...
buffer 1 0x7FFC6A184000 0x7FFC6A184FFF First Execution False 64-bit 0x7FFC6A184060 False False
...
buffer 1 0x7FFC6A185000 0x7FFC6A185FFF First Execution False 64-bit 0x7FFC6A185020 False False
...
buffer 1 0x7FFC6A186000 0x7FFC6A186FFF First Execution False 64-bit 0x7FFC6A186000 False False
...
buffer 1 0x7FFC6A187000 0x7FFC6A187FFF First Execution False 64-bit 0x7FFC6A187012 False False
...
buffer 1 0x1B342000 0x1B343FFF First Execution False 64-bit 0x1B343BBC False False
...
buffer 1 0x7FFC6A188000 0x7FFC6A188FFF First Execution False 64-bit 0x7FFC6A188060 False False
...
buffer 1 0x7FFC6A189000 0x7FFC6A189FFF First Execution False 64-bit 0x7FFC6A189020 False False
...
buffer 1 0x7FFC6A18A000 0x7FFC6A18AFFF First Execution False 64-bit 0x7FFC6A18A032 False False
...
buffer 1 0x7FFC6A18B000 0x7FFC6A18BFFF First Execution False 64-bit 0x7FFC6A18B000 False False
...
buffer 1 0x7FFC6A18C000 0x7FFC6A18CFFF First Execution False 64-bit 0x7FFC6A18C040 False False
...
buffer 1 0x1B344000 0x1B344FFF Marked Executable False 64-bit - False False
...
buffer 1 0x1FB90000 0x1FB96FFF Marked Executable False 64-bit - False False
...
8g4yj5vyi5gsz9qg.exe 1 0x00790000 0x007C3FFF Process Termination True 64-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.MSILHeracles.10524
Malicious
C:\Windows\System32\WormLocker2.0.exe Dropped File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 116.00 KB
MD5 02e08cb673ebe02e3d240ceedba4b658 Copy to Clipboard
SHA1 716850e82c6776e04b97db8c05b163c25414036d Copy to Clipboard
SHA256 511f86090808b6c929739df25b9d118cb3250c383b60590d07527cdfc450a335 Copy to Clipboard
SSDeep 3072:cooFcu7cIA5SvN7QGuI7/Bvwr+y8HuMXlV/qY:72vtQ29YSy21Tq Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x41d83e
Size Of Code 0x1ba00
Size Of Initialized Data 0x1400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2063-06-26 00:03:00+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription WormLocker2.0
FileVersion 1.0.0.0
InternalName WormLocker2.0.exe
LegalCopyright Copyright © 2020
LegalTrademarks -
OriginalFilename WormLocker2.0.exe
ProductName WormLocker2.0
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x1b84c 0x1ba00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.84
.rsrc 0x41e000 0x1040 0x1200 0x1bc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.8
.reloc 0x420000 0xc 0x200 0x1ce00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x1d813 0x1ba13 0x0
Memory Dumps (20)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
wormlocker2.0.exe 5 0x00B40000 0x00B61FFF Relevant Image True 64-bit - False False
...
buffer 5 0x7FFC6A02E000 0x7FFC6A02EFFF First Execution False 64-bit 0x7FFC6A02E040 False False
...
buffer 5 0x7FFC6A185000 0x7FFC6A185FFF First Execution False 64-bit 0x7FFC6A185040 False False
...
buffer 5 0x1B7D2000 0x1B7D3FFF First Execution False 64-bit 0x1B7D3CBC False False
...
wormlocker2.0.exe 5 0x00B40000 0x00B61FFF Final Dump True 64-bit - False False
...
buffer 5 0x1B7D4000 0x1B7D4FFF First Execution False 64-bit 0x1B7D407C False False
...
buffer 5 0x7FFC6A187000 0x7FFC6A187FFF First Execution False 64-bit 0x7FFC6A187012 False False
...
buffer 5 0x7FFC6A188000 0x7FFC6A188FFF First Execution False 64-bit 0x7FFC6A188060 False False
...
buffer 5 0x7FFC6A189000 0x7FFC6A189FFF First Execution False 64-bit 0x7FFC6A189020 False False
...
buffer 5 0x7FFC6A133000 0x7FFC6A133FFF First Execution False 64-bit 0x7FFC6A133040 False False
...
buffer 5 0x1B7D2000 0x1B7D3FFF Content Changed False 64-bit 0x1B7D3ADC False False
...
buffer 5 0x7FFC6A187000 0x7FFC6A187FFF Content Changed False 64-bit 0x7FFC6A187CE0 False False
...
buffer 5 0x7FFC6A185000 0x7FFC6A185FFF Content Changed False 64-bit 0x7FFC6A185740 False False
...
buffer 5 0x7FFC6A188000 0x7FFC6A188FFF Content Changed False 64-bit 0x7FFC6A188060 False False
...
buffer 5 0x7FFC6A02E000 0x7FFC6A02EFFF Content Changed False 64-bit 0x7FFC6A02E900 False False
...
buffer 5 0x1B7D4000 0x1B7D4FFF Content Changed False 64-bit 0x1B7D407C False False
...
buffer 5 0x1B7D5000 0x1B7D6FFF First Execution False 64-bit 0x1B7D540C False False
...
buffer 5 0x7FFC6A189000 0x7FFC6A189FFF Content Changed False 64-bit 0x7FFC6A1899C0 False False
...
buffer 5 0x1B7B0000 0x1B7B6FFF Marked Executable False 64-bit - False False
...
wormlocker2.0.exe 5 0x00B40000 0x00B61FFF Process Termination True 64-bit - False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Razy.816873
Malicious
C:\Windows\System32\LogonUItrue.exe Dropped File Binary
Whitelisted
...
»
Also Known As C:\Windows\System32\LogonUI.exe (Dropped File)
Mime Type application/vnd.microsoft.portable-executable
File Size 14.00 KB
MD5 b9ad6172ea17ee30ab0044ee532e586f Copy to Clipboard
SHA1 8e74f08554651b1b43687662b993f021534fa7c7 Copy to Clipboard
SHA256 8d6207ee0d1a0476fe26acdb725fdb2cea9b691afb6b578acd039da7aed9de4f Copy to Clipboard
SSDeep 192:gydP6pNoDh6HNrvFeHgdqhUgxDSHqydN9GvGEJhHl5WPUW:VeoItrGNhUgxNymGghHbWPUW Copy to Clipboard
ImpHash 3b4f57a2c3b89501f369bec68971b734 Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
PE Information
»
Image Base 0x140000000
Entry Point 0x140001960
Size Of Code 0x1200
Size Of Initialized Data 0x2800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.amd64
Compile Timestamp 2078-12-15 06:02:44+00:00
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription Windows Logon User Interface Host
FileVersion 10.0.15063.0 (WinBuild.160101.0800)
InternalName logonui.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename logonui.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.15063.0
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x1018 0x1200 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.8
.rdata 0x140003000 0xf6e 0x1000 0x1600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.25
.data 0x140004000 0x614 0x200 0x2600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.32
.pdata 0x140005000 0x204 0x400 0x2800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.21
.rsrc 0x140006000 0x920 0xa00 0x2c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.41
.reloc 0x140007000 0x28 0x200 0x3600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.56
Imports (10)
»
msvcrt.dll (17)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
?terminate@@YAXXZ 0x0 0x1400031f8 0x3af8 0x20f8 0x2f
_commode 0x0 0x140003200 0x3b00 0x2100 0xd2
_fmode 0x0 0x140003208 0x3b08 0x2108 0x127
_wcmdln 0x0 0x140003210 0x3b10 0x2110 0x382
__C_specific_handler 0x0 0x140003218 0x3b18 0x2118 0x57
__setusermatherr 0x0 0x140003220 0x3b20 0x2120 0x90
_cexit 0x0 0x140003228 0x3b28 0x2128 0xc1
_exit 0x0 0x140003230 0x3b30 0x2130 0x10e
exit 0x0 0x140003238 0x3b38 0x2138 0x432
__set_app_type 0x0 0x140003240 0x3b40 0x2140 0x8e
__wgetmainargs 0x0 0x140003248 0x3b48 0x2148 0x9d
_amsg_exit 0x0 0x140003250 0x3b50 0x2150 0xae
_XcptFilter 0x0 0x140003258 0x3b58 0x2158 0x55
wcsncmp 0x0 0x140003260 0x3b60 0x2160 0x50b
wcschr 0x0 0x140003268 0x3b68 0x2168 0x501
_initterm 0x0 0x140003270 0x3b70 0x2170 0x17d
wcstoul 0x0 0x140003278 0x3b78 0x2178 0x51b
api-ms-win-core-processthreads-l1-1-2.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetCurrentThreadId 0x0 0x140003168 0x3a68 0x2068 0x11
GetCurrentProcessId 0x0 0x140003170 0x3a70 0x2070 0xd
GetStartupInfoW 0x0 0x140003178 0x3a78 0x2078 0x20
TerminateProcess 0x0 0x140003180 0x3a80 0x2080 0x4d
SetPriorityClass 0x0 0x140003188 0x3a88 0x2088 0x39
GetCurrentProcess 0x0 0x140003190 0x3a90 0x2090 0xc
api-ms-win-core-com-l1-1-1.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance 0x0 0x140003108 0x3a08 0x2008 0x9
CoUninitialize 0x0 0x140003110 0x3a10 0x2010 0x44
CoInitializeEx 0x0 0x140003118 0x3a18 0x2018 0x28
api-ms-win-core-heap-l2-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LocalFree 0x0 0x140003140 0x3a40 0x2040 0x3
LocalAlloc 0x0 0x140003148 0x3a48 0x2048 0x2
api-ms-win-core-synch-l1-2-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x1400031d0 0x3ad0 0x20d0 0x2d
api-ms-win-core-errorhandling-l1-1-1.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UnhandledExceptionFilter 0x0 0x140003128 0x3a28 0x2028 0x11
SetUnhandledExceptionFilter 0x0 0x140003130 0x3a30 0x2030 0xf
api-ms-win-core-libraryloader-l1-2-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleW 0x0 0x140003158 0x3a58 0x2058 0x14
api-ms-win-core-profile-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
QueryPerformanceCounter 0x0 0x1400031a0 0x3aa0 0x20a0 0x0
api-ms-win-core-sysinfo-l1-2-1.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTickCount 0x0 0x1400031e0 0x3ae0 0x20e0 0x18
GetSystemTimeAsFileTime 0x0 0x1400031e8 0x3ae8 0x20e8 0x14
api-ms-win-core-rtlsupport-l1-2-0.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RtlLookupFunctionEntry 0x0 0x1400031b0 0x3ab0 0x20b0 0x9
RtlVirtualUnwind 0x0 0x1400031b8 0x3ab8 0x20b8 0xf
RtlCaptureContext 0x0 0x1400031c0 0x3ac0 0x20c0 0x2
C:\Users\FD1HVy\Desktop\-Q1btNNAQT.jpg Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 52.05 KB
MD5 38079cc7cfe8d373d38a213615bdb4cb Copy to Clipboard
SHA1 360859946c44355d916a2b99dce3242ab05a3239 Copy to Clipboard
SHA256 f00a168f0d938f6df19ce28944bf344fbec7bbcd184bdb186ca05a8e8c494aef Copy to Clipboard
SSDeep 1536:3sgWKIyyJjDC7NFPmC52uMMCdDIxrW26LvW:wKIyj8C52Fvixr0LvW Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\-R9qX18qt uvQrw.png Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 71.86 KB
MD5 f88f136fc75dbdf7ee5f360fa2f8d104 Copy to Clipboard
SHA1 9e31239766d3fa4c0d8f0510a3578aafeacb1567 Copy to Clipboard
SHA256 9cd44c018361acf0b352cd37a458347fc48865aed66b0f89f0946b4784475c68 Copy to Clipboard
SSDeep 1536:/n4EtXiCPKUoYj/tiEdx1BNQpJudvTIDqXzpVfByvvlRCFPo:/n4OSCPxj1iEdMW7IWXzpnuCG Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\5jiGLsAS51cw.pdf Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 51.23 KB
MD5 e4524d7838ce06f247100b749abcd956 Copy to Clipboard
SHA1 51cb5bc55163a9b151a4829b307838ef93db35ea Copy to Clipboard
SHA256 8edbb87e782ba225fe8d07115011c00c3cc0bc1395476870232156d0d85810db Copy to Clipboard
SSDeep 768:Vt0fb9YKycbXJe48OtKxW6gXP7+w9hRbgJbfrauVlgefzIJAda5l:I+Ge48OtKxW6gXPrhbGrauVz5dm Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\6D5GybDLA.xlsx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 42.14 KB
MD5 5c8e7ff1a1d76d3cc8faa62828042edd Copy to Clipboard
SHA1 7201c16f75b88762216b86cace5b820d4ebfe0c6 Copy to Clipboard
SHA256 f4551d93b612035df4eca9b844d95a5267bd3af3fe86c8a0373002c140656143 Copy to Clipboard
SSDeep 768:LOT5IelFivCbuxTPzQ/TWx9ec3sRNvmwbiMW7NtqwpvmwT5yzfRCMfxz+jM7qYHH:6C84vCbeTPzQbWx9ec8jvoMWBtP1TMzl Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\783SVZBUM4K35WHm3eRE.wav Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 70.19 KB
MD5 51156ff67dcfe9f1713705a9da63a806 Copy to Clipboard
SHA1 a6fc210439a5262b79b5e2ceea3edcca487aaf89 Copy to Clipboard
SHA256 e600aa2dbe77c79d6ec8f103b8321894b38eb86ba0fa0514fc7f922d73617aac Copy to Clipboard
SSDeep 1536:0BO997hEAhYKQtqTETI+kl/ik2R33XydAa2yNj1WAW7I:jEAhY5teETIneydAbCEp7I Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\8g4YJ5vYi5gsz9qg.exe Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 186.52 KB
MD5 c4d95555d1eb09217556dc3e66f57f51 Copy to Clipboard
SHA1 c7694216b90a92762e2b58395f6576108dd8e529 Copy to Clipboard
SHA256 0ea2cb4c20286ba504268820297481e38dcc1efe318814e6be9531ceb1cbc219 Copy to Clipboard
SSDeep 3072:LpVRHT2fE8RndNHa7RamOEUvO7AT4xXF9Icu4T6vpw87jAfgLXsF76TOPz8yoCrD:vRHT2fFKFkO7ATE34vu8ZmB78yoCoS Copy to Clipboard
ImpHash -
Memory Dumps (19)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
8g4yj5vyi5gsz9qg.exe 1 0x00790000 0x007C3FFF Relevant Image True 64-bit - False False
...
buffer 1 0x7FFC6A02E000 0x7FFC6A02EFFF First Execution False 64-bit 0x7FFC6A02E040 False False
...
buffer 1 0x7FFC6A02E000 0x7FFC6A02EFFF Content Changed False 64-bit 0x7FFC6A02ED60 False False
...
buffer 1 0x7FFC6A182000 0x7FFC6A182FFF First Execution False 64-bit 0x7FFC6A182000 False False
...
buffer 1 0x7FFC6A183000 0x7FFC6A183FFF First Execution False 64-bit 0x7FFC6A183012 False False
...
buffer 1 0x7FFC6A131000 0x7FFC6A131FFF First Execution False 64-bit 0x7FFC6A131000 False False
...
buffer 1 0x7FFC6A184000 0x7FFC6A184FFF First Execution False 64-bit 0x7FFC6A184060 False False
...
buffer 1 0x7FFC6A185000 0x7FFC6A185FFF First Execution False 64-bit 0x7FFC6A185020 False False
...
buffer 1 0x7FFC6A186000 0x7FFC6A186FFF First Execution False 64-bit 0x7FFC6A186000 False False
...
buffer 1 0x7FFC6A187000 0x7FFC6A187FFF First Execution False 64-bit 0x7FFC6A187012 False False
...
buffer 1 0x1B342000 0x1B343FFF First Execution False 64-bit 0x1B343BBC False False
...
buffer 1 0x7FFC6A188000 0x7FFC6A188FFF First Execution False 64-bit 0x7FFC6A188060 False False
...
buffer 1 0x7FFC6A189000 0x7FFC6A189FFF First Execution False 64-bit 0x7FFC6A189020 False False
...
buffer 1 0x7FFC6A18A000 0x7FFC6A18AFFF First Execution False 64-bit 0x7FFC6A18A032 False False
...
buffer 1 0x7FFC6A18B000 0x7FFC6A18BFFF First Execution False 64-bit 0x7FFC6A18B000 False False
...
buffer 1 0x7FFC6A18C000 0x7FFC6A18CFFF First Execution False 64-bit 0x7FFC6A18C040 False False
...
buffer 1 0x1B344000 0x1B344FFF Marked Executable False 64-bit - False False
...
buffer 1 0x1FB90000 0x1FB96FFF Marked Executable False 64-bit - False False
...
8g4yj5vyi5gsz9qg.exe 1 0x00790000 0x007C3FFF Process Termination True 64-bit - False False
...
C:\Users\FD1HVy\Desktop\aAOxpPBgR6hc.wav Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.55 KB
MD5 73abaf1ac3abd588c2f639d7603f6be1 Copy to Clipboard
SHA1 2954a0f29417a75afb061e01c917048141ea79fe Copy to Clipboard
SHA256 e12238781a066c406781805e05c5865822c4d34c0b6d692acba91ef5dc5ad264 Copy to Clipboard
SSDeep 192:Ks03C+3HcaNt7qpmZG9deI2q1eVzDvkbgTkB2sqtNDFUeX6r+llr5:beF8y2pmZUh2qEl6gT02sqtNDuequ5 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\AZTWSqU.avi Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.53 KB
MD5 6636b280ce5673de61703f3025b8b0b9 Copy to Clipboard
SHA1 e04cb52b78d7cf69116d46fa95440b7f655e130f Copy to Clipboard
SHA256 9c88b52b684fa3b29c716456c31aab566522eaa7322bdbf0353f97ca830658ba Copy to Clipboard
SSDeep 96:87i3rd5wbG+zaiCOzEBuTQTXBJfqDOrl3gdYaR+6K0TxCc0svxuV:CibdWbGoNz/QLzfGUlKR9/9Ccxa Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\B2Px0LCOjxIu PPh7hDJ.mkv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 61.89 KB
MD5 f455a3ac1f7ac258d31b200f934528f3 Copy to Clipboard
SHA1 15bf6921d23e68f1d5c2fd74017a5a4cfe4077c3 Copy to Clipboard
SHA256 d521d4048df90ef6c52447fb97dead9038428d584631ba3ed4074fe42a362891 Copy to Clipboard
SSDeep 1536:Qvsjke1cavNGbAwtKFZVuxaq+HyiFj+8GovUPOYIeyL:Ash3NGrtKFZVye5Fj+8GoMDbG Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\bmu7titX2no.mp3 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 47.16 KB
MD5 9b44f1de3a6e674d0ef4f1afeec6112a Copy to Clipboard
SHA1 52776dc6bad764334b1e29fc0b4ea2e6ca8b2886 Copy to Clipboard
SHA256 d6ae7f39e3734581012c03145f07023ceed54b7cf0799605a370751e90bea32a Copy to Clipboard
SSDeep 768:rsQuc3MESHADpVjSi02oCXJgfq1p2zvPdDGOayDZRBQ4mlpyac7nq/rb4NtM+9Wl:wQoIppSi1oCXJgfqXCndDUyrBQNpyaMU Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\D6Yt.mp3 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 91.61 KB
MD5 d9e5bac420c737bd012d9695d7f22497 Copy to Clipboard
SHA1 982659b090503e640c77ced00f7a530ee2520ea5 Copy to Clipboard
SHA256 de9a779ed58c027f3783e5bae7f98e98cd64d001a1dec833c71d5305e2a184d2 Copy to Clipboard
SSDeep 1536:LuX3/Yq8Em2OXuWVFoUoLO1sDCEbyElw2Jc4nqNsrX3Lr1mFmESDgyhSG:6X3hO+WczGoCIlw2Jc43DL4F+DrhSG Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\D8fB.bmp Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 45.92 KB
MD5 68e085bd973035269f0c8ac7a1790b45 Copy to Clipboard
SHA1 2681b57a6d15b4a6c07ae37e268f3e5f650bfe03 Copy to Clipboard
SHA256 4a615851cf595ca11f3fde037aa8434c8a0bfdc7888dd4ce54bf3eb68f575468 Copy to Clipboard
SSDeep 768:eCguOWQVyzbEkxlHXA4rJOfTTwgnO+vEC0A1zIl3hvtMU8e1bAO7r5jMSlstj89V:efuOWQcJxRNiHO+2AdINRtMPe1Pv5Tlz Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\eMfraDDsfi.m4a Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 75.02 KB
MD5 8bbabe9e01c536bc2255c20de980183a Copy to Clipboard
SHA1 f5a75c2dc13c66e23df65be9a66dae064f597f39 Copy to Clipboard
SHA256 a5580910863736700e08eb7a0a1a9f941a7f0a75876f9ca39eb97c855f7ed307 Copy to Clipboard
SSDeep 1536:AgkVZXQyqIZW+rfRix6KgwEl40wTtcT5aMKGoc4qjYZLuLL:A9VZXQyqK5Rwrgq0YtiKGKqjY4L Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\F3pGdhW_LtYTRGqIv8.docx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 6.52 KB
MD5 d4d25611564756961cd5d2b8ac2b4763 Copy to Clipboard
SHA1 e5b45c8d4b1b83b974c69c7e956403c691a6fd8f Copy to Clipboard
SHA256 c5493397082cd103281f415e7ec12fef57440035319aef04cecd3a624a8e7289 Copy to Clipboard
SSDeep 96:ozn19MNOKco9GcCrH7e5j4MWK26QYXnRPVWc3t4XRnvQFp+5WnVGjOk0ssD:ob19MnXgJr8jiZ6QinRPYc94hoQfsD Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\fY9EtI1To8GFNfUe8L.mp3 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 18.20 KB
MD5 bdce582ed163258bcf2b3913315a6393 Copy to Clipboard
SHA1 b70869e3ca7c939659e7146f573b78f8037a1221 Copy to Clipboard
SHA256 0a96beb79e8f2dc95148cb67bb84aaf8e46f45d93b2f4636e69998d0d758d1fc Copy to Clipboard
SSDeep 384:1iETA7YYtDwcREUbshHrmoGnl5D8ErNgVGrEVwd+OkcbWV6E5CCtYs:MuA7YJc2kWMnjzfIVwYOkcxEcPs Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\G1arb1fmSpiHf-oAIpM5.mp4 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.50 KB
MD5 8de80563288eb9d948c4bb2b2d6bb371 Copy to Clipboard
SHA1 07520ee8f0d41cdc07d0eec855d4332f332a0d90 Copy to Clipboard
SHA256 832fda981c82feee96d578655541f29e9b6ee8c7e10590745907deee4ffde3ca Copy to Clipboard
SSDeep 96:92MbkTimH/PHBrR0wlWpSBvlC4394BAURTWR0pEHn0+ouUlEOPfC:8Mbkzf5PUU94lwR0pEHn5oBCOPfC Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\i45PsiITjh_SeDKe.docx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 88.64 KB
MD5 91c70e1a72aa5ab80f55c2131472a4ed Copy to Clipboard
SHA1 b9113b446d133f2bde7954a8e26e47395ee19279 Copy to Clipboard
SHA256 6bf6639e9c981aa490e1bc9c775c933ea3b833c279bfc174232fbd111fbdc1f7 Copy to Clipboard
SSDeep 1536:ElHs7Ent2ydVn/3ZYMEG1SOa5B7yZ7v6+s0prL9FMnzyqJmKpf+arBj6HTH:Kcg2ydR3Z/9SFT7H0x8mEfLrBgD Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\iFXrA2.mkv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 31.95 KB
MD5 b668c872f55a420072532347b15f40c1 Copy to Clipboard
SHA1 a1b5f94ff9c97d2c234e36ec08159b84b5fce1df Copy to Clipboard
SHA256 f1316394881f5b452b7b9dbca0b45259987062a9e541ceb5589b1dfb97dbaccc Copy to Clipboard
SSDeep 768:qBdlMBenCdaCn1C7QQWNqXvDb2LPib8XJNLMDUsBsXr9t:qDkeCdj1C8Ak3Xsif Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\iGcyw6tHGnuYa.avi Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 4.61 KB
MD5 a8c7d1bae9464f418fb15eb906180d87 Copy to Clipboard
SHA1 0c9ba9ee6eb03455d66e84a63d228506231db456 Copy to Clipboard
SHA256 733b02484464467eb0d8da4cb77f1f9e862fbcc51d04f90d0b7c301d3cea6da0 Copy to Clipboard
SSDeep 96:85u3WGl7dV5S1saAHr/Ibgdv/0R6PsMq6bOhD32SPn0vZ8mSf3LFg:Auj7dnIsPyEMSOhDNn2ZFSfbFg Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\j1vV.flv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 66.59 KB
MD5 42d5387318b2ae0eae1d2559fcc87d0b Copy to Clipboard
SHA1 1f91b4285c7272d50a2655a03c0ed218435b55d4 Copy to Clipboard
SHA256 8dad75dcbebb4e2f7833eb47113dd19cc099cd850d6428269c6cbc50150ecfb4 Copy to Clipboard
SSDeep 768:+lXA8xROiKhM2nWlfEwad0FHQmzTJKT0Ml+pC1GEGBpWkw3W5PCrVxtHf+/LSRdA:aQcRrz2nWlHFwmIoMwpok83RxtND1Giq Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\kjJi.bmp Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 95.89 KB
MD5 13bae18e280774a0e814cf0432be559b Copy to Clipboard
SHA1 d72f373ee6cd854123ddd16dab4d584319c57930 Copy to Clipboard
SHA256 e55ebb3d15cc21b8a8bac0b284f0fed3183e3905d271445aac10ca73d549d9df Copy to Clipboard
SSDeep 1536:NdtXsWBfuBHxfhOBgadr/IxC3Eq5lQlN9/yhdRS0D633b63w4yr2HAR80XAQquKN:9XsUfuBHMt5/t/IKdNEbGw4yrR8xLcJW Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\LHbaE3zUi_VGyfB5.avi Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.48 KB
MD5 9c12b078f9b5b11c53bd78edfe0d928e Copy to Clipboard
SHA1 70fe4997234ecfdbc5d0c194c76cbdd96007f79e Copy to Clipboard
SHA256 1fce24800403f33b2f1605cdf059efa658f4db091acae570cee1da47c09c08f0 Copy to Clipboard
SSDeep 96:8C6X5vWNM5asUUEp8Yn2d5CjP7vcD++aKQxHIgo4hTKgm80fZKTOqL4nxwx21+4X:zi5vMEamEay3ecKQHIgo4hTKWCELcF1/ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\n8tA1vtRF.pptx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 45.91 KB
MD5 ca76a7a82d3d9573a517a1146fb7d583 Copy to Clipboard
SHA1 0e17c4972aed824f3b48c928d6b547026456b61e Copy to Clipboard
SHA256 c7542374471d0e450da4081fd873ef9719f095e37363a8b68e4330c559f18352 Copy to Clipboard
SSDeep 768:BYMEvllh7We9xMCHf29gzY4TwytuTijLowTdf3NIEu9xLPunkJtliGoyA6GoV2x2:gv85/9gUctN/bdfa7T8vyAHk2g Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\n_CE2UyUTD8hhgp1UNk.avi Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 7.30 KB
MD5 c09c947c6eb58a66ad2a491c82d8cd18 Copy to Clipboard
SHA1 2ce043dfea84ecdaed7887b2794310a7ffa9dd14 Copy to Clipboard
SHA256 3cfdf45544c83435096bb1c45194048c65122006d8ee9bccb935dced7ad38dca Copy to Clipboard
SSDeep 192:11FOrn/YcGUfxKLBb3YKxEigg+RKEGmkuHWmsB1:1nin/1xK53Ypigg+RUiWmsT Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\oywBt0_fLo2nM lPSO.avi Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 38.08 KB
MD5 305e16c4771b5b9931b22587e0c57a24 Copy to Clipboard
SHA1 516c7da153712351c817ee68f12e2e1b23154322 Copy to Clipboard
SHA256 feafd0dd38ff3f4f4e5b77e4fc3c7df88ad98d6b5814887ddc670fce6508148e Copy to Clipboard
SSDeep 768:f6YXtnxV4RipQJgoQ1RSlrmW1yHqeatIJLFNjjZlVqwjohUDpNnxUU:SYtIRipQJg7RQrlyHqBtaLTFlVqwUhUT Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Pk87oz1B8x0DUr0T_S.bmp Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 71.05 KB
MD5 d505fd1e9b8308043e144e49dc6bc708 Copy to Clipboard
SHA1 d002f9da36f20474688694d9bf44d4d4de1e890d Copy to Clipboard
SHA256 1adfbf29590fb3b18bb0249caa2c8cb14c86933db53725a792aa8ed06920d800 Copy to Clipboard
SSDeep 1536:3njnEUQYtuHTz75ha921gdlV9gvZJ4DPyGVw/ik6QfEHAJpP0qNM:XTERY85hlUlHgBJww6lQfEmk Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\SvNPBM-.gif Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 36.31 KB
MD5 9e2cc8d9e4edd1566c9a4c33aa15127c Copy to Clipboard
SHA1 8aca3d3774ddf51c4b00f1a261d801da6691c3c0 Copy to Clipboard
SHA256 53c725dcf14bbbc01584d2cb7d0d3334237509d5eb1f765a8916dd7a433df9aa Copy to Clipboard
SSDeep 768:Ml1IRZDy+bTDJqLPfq4g8GKDL4HMGr2AnaELgbH1BxUaAsUnRyVWZZMCVpF1:21cACfMLnI8GA4s1An3LO1T73Unwf0pb Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\uFzk8u5NnfgLNoYtCu.flv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 91.73 KB
MD5 0add347776723717e7946801edf3e4b6 Copy to Clipboard
SHA1 c9bfb28f42f45b1e765fcc7a5c4b1560fb2b98ed Copy to Clipboard
SHA256 9e57ad4b0c0615c93fefdd494724dfcbfd8ec0ce3dca9ee8da0c9552569bfdf5 Copy to Clipboard
SSDeep 1536:+uTm9EugcCb93CMp2wgbJMiVNPXuFzq63lXlxQaDdD5kPWjB3Xz6iwPCO4XkTx:HTmRl4Pfgbx3WFO6JlxQa5D57j9X+iq3 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\VJvL6tO0ETnQke-rP9e.odt Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 64.83 KB
MD5 27e51c33d605f581fc421abee3936694 Copy to Clipboard
SHA1 b764cde56068bfbf57350b20d796d3bc68a29fbf Copy to Clipboard
SHA256 cb08677ccf4886e2424c747e0c2498b45fa65aa9d32bae745baddb7d4c88212d Copy to Clipboard
SSDeep 1536:R8IAD8pCkuZ9qf47UiFrpCnJIQRp766isPN:MaCkw9qf47UirCnWMe6isPN Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\VsezaQBBYQ18K1I.avi Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 34.56 KB
MD5 927911d641d2db406121680e78016412 Copy to Clipboard
SHA1 0c3ff23b1f455fc647ff0e77540c30c87eadcd3e Copy to Clipboard
SHA256 892876b52867eba4912675761558b2821abeb08767192477abdd9090d2d8307b Copy to Clipboard
SSDeep 768:4I2ahZDZ5LBFH/l39/o/0GZwC1uVDKxjQj1ohl1sC46smseuH5PJ6y6:48ZtdHHgwC1gKxjQjihlTf9sLZJN6 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\vTwtJ4Yn9Z2M.gif Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 36.11 KB
MD5 26635bd305c921508ce0b811c759dd6b Copy to Clipboard
SHA1 2de9daca0e3788fa9563f909fba9f8ca2d71938e Copy to Clipboard
SHA256 0e614d1917d1e677f0908acbca7b2842385c6283da096e1dc08d3ed67b57302c Copy to Clipboard
SSDeep 768:GrZQSJuj11oDOd1nU28nK2ZppoX5SkIZ2NhMF5seb6X3A87kRbr:GrZQuujboDOdxdgpposzZAhMF5sq6Xr2 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\W0nPkuSy3WYXP1R2S.mp4 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 53.88 KB
MD5 5f702680cd68cfd116e853bd5d4c71ab Copy to Clipboard
SHA1 177f6b4b4cb3378775c83172f7a33631bb3fb5d5 Copy to Clipboard
SHA256 e3e442f78ebfe5b2756774bc6e2f12d46bb33e46c94ef62619ca03f422cc6c87 Copy to Clipboard
SSDeep 1536:mLrR8WmWHKFnebDFRI5pOTvlh/d9BFp9oj6z:JD8apOTdh1tPz Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\wb1N5W.mp4 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 92.38 KB
MD5 cc7c6875e406027db4cb8db398d60815 Copy to Clipboard
SHA1 10f9bc6088eef466cebc7525e346e1320aa56bab Copy to Clipboard
SHA256 97c02e2951506182e0a135e74608354fdbab61db5968463c81d31f0c9cdae861 Copy to Clipboard
SSDeep 1536:Y40hpdPNy2CvoiFb7nPTOjPMzGh6xwzkkm2eMqkSlWzd5nQyMmbvS+xJgRHRQvlD:khp/yRAiFHrOIzGhneMq/lWpnbvCmNn Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\X EakLD0TYMH1T.gif Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 55.81 KB
MD5 d3dbc407311a6542b19e66a93ad748ff Copy to Clipboard
SHA1 e95dc3235abf94375b378eb319ca735e1022abf9 Copy to Clipboard
SHA256 a238627e079be31aebeead1ce1d556cd6660a386fa09a63e61a964556798b0e7 Copy to Clipboard
SSDeep 1536:mWGNOfiHze4GXSAN4YihIjIver04ppWIZwavCXwPH:mWyOqDGCAm3+KeBSMQGH Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\yA5RhtAAB12zR.mp3 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 81.20 KB
MD5 f9749ffc1a0fecab89f4e3a32d2f08ff Copy to Clipboard
SHA1 479265e9a8b96576490e5a53f9f5a8a23bf5ff02 Copy to Clipboard
SHA256 5f901e61fa2cff6a590ec186e7864f88c97ef02532fd7b8fb48f5a99b828ee61 Copy to Clipboard
SSDeep 1536:B27iNYY9WCWCib+S+nvlrwWCbNOOw9oO3MKPfYhESybMVABkdx:tr9kCSA9EWMN1g1OIkdx Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\YJ1hhGAE6yj-Y.bmp Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 32.11 KB
MD5 4147b89088f2522c055c5ace38a0f42c Copy to Clipboard
SHA1 de3a9e5673777e32de1b3452bda04d3d60da0301 Copy to Clipboard
SHA256 586b91e1b3dcc216c131ebe440eddea0001795127c6facd15527db548fa66bab Copy to Clipboard
SSDeep 768:TwHtQg1nlRcgz7gOygBS4sxdmpf5C/E8ZdnjMLi+Hky53wT:4z1nlR/XHS4sLVZIis5gT Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\z2TwaHe fR3G.swf Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 79.34 KB
MD5 dacaee6a3976023c2bedfa3a21f0f841 Copy to Clipboard
SHA1 ffe504c44a3b790a4d1e3d2cda7ef71ea95da7e4 Copy to Clipboard
SHA256 da76ed51fb24a5560255b953d0cb07ab2e9fd28320122e0e715d01c8ab586886 Copy to Clipboard
SSDeep 1536:1CEReCzP3F6R2fuMHvJkkc2NJ7hJiQlh94Ef1zSm:1fReChAMBkkc2nKQmeD Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\ZJ7 uJ.flv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 2.28 KB
MD5 fb6fbe72821de8199863956df1e8df9d Copy to Clipboard
SHA1 bdea84a0c11d347b5dd523921009a7c682bdf6c4 Copy to Clipboard
SHA256 2802c3051fc2a659024b62e6b9a361efcef21eea319569284c7f99bbc8cb9fc6 Copy to Clipboard
SSDeep 48:MFQz4bU8yQYZvfcIYj2PAYrppmHy0bwyDVNJJc771ig6yQHOTihyB:Tz4bdyQsMIY6PAY9pm5H2tH6yQHmisB Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\-VozkKaIANbyfaf2PF.swf Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 42.11 KB
MD5 bb780633ccfeff5c6a3411a9f92b5846 Copy to Clipboard
SHA1 188fbff14a879fb16728af4515c7d7bdcb73d20a Copy to Clipboard
SHA256 5d867f9fe40b8d5b42a9d8611b05a6d6d786ebd099e076c1e226f587f74269d1 Copy to Clipboard
SSDeep 768:DD6jgEtiJ7hx7TQOUsZgrYUQjuF+OgKmgCsSZe+d:/1jhTWrYUQjE+OgKmRse1d Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\8KnL.m4a Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 21.33 KB
MD5 f03d917df1d09a5f51125d95958df000 Copy to Clipboard
SHA1 851ee6ba0db8b2c6d9460499c4afaea4a4a6c33d Copy to Clipboard
SHA256 ffa9c3d7242e6305059eba12d2954ca8d8eb30f953d4b69eae55b26dde29b563 Copy to Clipboard
SSDeep 384:E7QYZtiGWjqLzaOqmcEop/l5Qhn8Pre5bYH5RpsGxB4IlSUo92jt91rWOSCLbJ:4QYbiHwaOAEsM8TSbS5RplD4tUoox9GU Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\boCy7zpuGQHKnY7zpp.mkv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 1.86 KB
MD5 8fe8a90d568bb349da46785293b61206 Copy to Clipboard
SHA1 6eac93a076e842181fbbad0c49223ef3d3abd753 Copy to Clipboard
SHA256 81a9434e0a87b598e38936fd8e5935da37176c1020e1b151ffc4928567bee730 Copy to Clipboard
SSDeep 48:fV9nFxQ+SkB2nAiTstHTpqIGzKc259Qtbue4kvvxnPS8:fVhFxSaSAiTwHcIGz+8nBvJnPb Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\gl9EW8kB8hZkMWu.docx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 64.67 KB
MD5 861004f19b6d24a98d661e28c3110306 Copy to Clipboard
SHA1 e64349baf5b320ce8df5e6a45520dae28f0b5a6b Copy to Clipboard
SHA256 11a4ce73e8cb191a2db6f1f28b2216fc3afad0f86b3bbbd58c529cbea6c22b09 Copy to Clipboard
SSDeep 1536:BMhqQSEN+mtSlxbPiQw5strkK7WZCIssJHdjB0GJMJcK:B+q3E4mgrzTtrSZCbkHtWGKcK Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\Gs8x9.jpg Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 85.84 KB
MD5 454322669de27c5f519cbd16e5269512 Copy to Clipboard
SHA1 3d4c3de975097621370c75bee358822ddc2103cf Copy to Clipboard
SHA256 509466bfb875d975405ba281ead358e4451e22434bed28a971f3bdf019c2f0f8 Copy to Clipboard
SSDeep 1536:jLrw4tq9MrY2BacWWb1fkr8CR3B5xv8xOG86sx3Nsug/xgJMsF:jLrzq9MrVacWWhfkrnTqcGDONsTnA Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\NcdRYDpzm_y0yX.mkv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 9.50 KB
MD5 924ae7d3ce395f347ccf61e394545299 Copy to Clipboard
SHA1 aca00fd631d09dc52c2d9bce53f00e81275c15d4 Copy to Clipboard
SHA256 33e6e3f0c54cbb3322cb5d616a6740de77a7d367f7e4a17c27c28611fb1bc97a Copy to Clipboard
SSDeep 192:fv+FQ9lwTkjqpSUHm8UWGoOZ9vAk7C7tL1TwpHZfzXeyQ:X+wlw8qpJHm8UW6Z9v3IH8pNOyQ Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\NM5P64Qloz5o2Pc6maz.avi Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 17.11 KB
MD5 5a4f4f5bb937a53b7be9cdb98063e683 Copy to Clipboard
SHA1 5d2404b1b6c8e7940243dc0128dfc7914f334a2c Copy to Clipboard
SHA256 31e64afc91da1b4b2fb0db2c8c0ae15d84eac3e9b877d28f48d63955af7017da Copy to Clipboard
SSDeep 384:BBndZjCGtsR/i0fzUTOvgaSEclVe2pgPYsy8+kQ6yXmyBKCDvxDy:BhTxty/i0fQKv63eg9Z6yXmyfvxDy Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\PXeSuBVYnDKe9j.gif Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 44.22 KB
MD5 db7747930010d0573e9b5057028c7c2e Copy to Clipboard
SHA1 c50f85492dba04cfac4d566bb4d6de86fca5ff24 Copy to Clipboard
SHA256 5d4846315088f0a7650d5d1a5f91946335166f6c74d7c81a5d1dc97c92a8fec9 Copy to Clipboard
SSDeep 768:WYVb0jUbyB+z8SQCfYP8e4BXNfVTMG5lepjk5yrGGhn429opdNNM:WY10geYP/ZPTHTepjk5y6GO2SpDy Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\qHQvcOjYY.csv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 10.45 KB
MD5 ec7b984f611bd2b41ff7614cf42b116d Copy to Clipboard
SHA1 c2ade8974fe70b6ac969a264f39ef1af6284a22c Copy to Clipboard
SHA256 d5c7c7f880a79e1dd6725ef91cc5226dd0596f4f8e2a36659cd62a44e06d6c4c Copy to Clipboard
SSDeep 192:5esh6IcTU1cDavDUK6GRSu/+bYDYZxYhNUo6vG02FySYojJGqrDa7BnPHx:csh6IcTWcD4UtGRzGb0YZGhS2FZJGqr4 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\Re7VDVuURVwl9kR.bmp Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 77.11 KB
MD5 f5854621fce94ecf9b1fd2eeaf99fcb1 Copy to Clipboard
SHA1 ab1993220f3043350dfb22fe7bf691c8f1e55327 Copy to Clipboard
SHA256 4a31f92d52c03ad03628f0e9bc5674ce112e3a4f268967a92f78df598431e912 Copy to Clipboard
SSDeep 1536:SYTUkYfb+t15ycmbwM6IiWUB858e3PrCu1HIgkd095ojbkpz8e7l5s/:SC+iD5ycmUVzBp4CgfiV4BfxE Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\xc1cEbR_hV5v.pps Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 58.03 KB
MD5 ae8adb306879ef870b9180bdd508febc Copy to Clipboard
SHA1 5fab437daf33a20cb00b64cd4d47a3bdc840dc5c Copy to Clipboard
SHA256 2ad5fc6b9b2ad7b9f73f2e4d35e1882b53e44b049606d2fe1ed0df5efc833702 Copy to Clipboard
SSDeep 1536:8N2Xs5Y5EiXa8sg64Cd4pGkZfHGZwb7LKa2MHAMD:8s5nqq64ciDN4c7L0MD Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\Z Yv6OX_JjRd88R_\ytqlJrGd cBCL6XP7F.mp4 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 71.19 KB
MD5 5fa4aca6a77374ecd35ee81197bfaa9c Copy to Clipboard
SHA1 eee5050a7c873bf107addfcf388c0e308626d2e1 Copy to Clipboard
SHA256 1ebe8b91fbf470069164d8c883c1d46522481d743bc8beb83f9b6e1c6d516065 Copy to Clipboard
SSDeep 1536:+IYA6tnbv1MPjFN8VWlUZk1PBjc3mv0zgAsPVqgZa3ysdMf:+IN6Zw7EWL1PBjc0egHLZaxdM Copy to Clipboard
ImpHash -
C:\Windows\System32\LogonUIinf.exe Dropped File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 56.00 KB
MD5 31618202eb911f6606405d237e098ad0 Copy to Clipboard
SHA1 829365de595b00bd4ea5bf83a1f344f5288c100d Copy to Clipboard
SHA256 7944285565408818fae6f861d45d7a722f5ac630da98fb762826f061831e46f4 Copy to Clipboard
SSDeep 1536:oMLLVLZeFLBL1IunPLoBVYzLLLLkoLLLLL1XRyLLLLbKN34SLVLL5yVYP8tkRwTi:oMLLVLZcLBLfLCVYzLLLLJLLLLL9RyL0 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x40f492
Size Of Code 0xd600
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2071-02-21 01:51:10+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription wormlogon
FileVersion 1.0.0.0
InternalName wormlogon.exe
LegalCopyright Copyright © 2020
LegalTrademarks -
OriginalFilename wormlogon.exe
ProductName wormlogon
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0xd498 0xd600 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.77
.rsrc 0x410000 0x5ac 0x600 0xd800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.06
.reloc 0x412000 0xc 0x200 0xde00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.08
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0xf467 0xd667 0x0
C:\Windows\System32\ransom_voice.vbs Dropped File Text
Unknown
...
»
Mime Type text/x-vbscript
File Size 400 Bytes
MD5 cee423a78f8668971ba27924fde54bab Copy to Clipboard
SHA1 c3dd7cf4c2eb17c262e4df1ffd26c157b3e326ae Copy to Clipboard
SHA256 d638033b9ac84e23c67ccffd3b27cbb0f978dc9677821e0a72de7e032124cc7f Copy to Clipboard
SSDeep 12:lsmbA2KqOEylnlqdzFs8nkoPNK43ktdQbyKwCCzCKCKd:lxVKHHM7g4IQbZIzLCa Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Downloads\worm_tool.sys Dropped File Text
Unknown
...
»
Also Known As C:\Users\FD1HVy\Desktop\worm_tool.sys (Dropped File)
Mime Type text/plain
File Size 9 Bytes
MD5 5031e9989ae1ab3ba509b7d4220c0ddf Copy to Clipboard
SHA1 d92342976d720ff38cf5dcb329be41959ab1ba6c Copy to Clipboard
SHA256 954d1bb83d80bb6f6e746b28f0de3ec4c4ed980cfe67ed23a9159cd464ff339a Copy to Clipboard
SSDeep 3:uAYAB:uaB Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Downloads\worm_tool.sys Dropped File Stream
Unknown
...
»
Also Known As C:\Users\FD1HVy\Desktop\worm_tool.sys (Dropped File)
Mime Type application/octet-stream
File Size 16 Bytes
MD5 53e8b56510dca6c022b4517729383e74 Copy to Clipboard
SHA1 1422ecc5c63f254cf59c9ef52405b4baff914526 Copy to Clipboard
SHA256 ea051ad7418f04eb0b5deede0ec3a543a37afd387d966f4049c4ac414e031309 Copy to Clipboard
SSDeep 3:C4A550C6:C4A5qz Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image