9f84be3a...3b1d | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Wiper
Threat Names:
Trojan.GenericKD.34686589
Gen:Heur.Ransom.Imps.1
Gen:Trojan.Heur.JP.9uX@aKF!nih
...

kfjgxo.exe

Windows Exe (x86-32)

Created at 2020-10-09T10:33:00

...

Remarks (2/2)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes" to "10 seconds" to reveal dormant functionality.

Remarks

(0x0200000C): The maximum memory dump size was exceeded. Some dumps may be missing in the report.

Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\kfjgxo.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 5.97 MB
MD5 127e7dce984cc0acea750746b485c101 Copy to Clipboard
SHA1 2e920f4583c38f811fdad739ebaf5064badec42d Copy to Clipboard
SHA256 9f84be3a53d5f2a03a9ec2e60093c70293e15fd91addeb3936fd1f8c3b013b1d Copy to Clipboard
SSDeep 98304:eMGA/GKxx3TknUXUGG5ghUA2dqGJSkIX0BLNYDodDygooqgcZmOf9XhzuALXwHKA:eMGA/FxVTp7MzA28GJRVlNGabiZv1Xhk Copy to Clipboard
ImpHash 1e61b8c3eab296b7a2ef87eb7b323f76 Copy to Clipboard
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
PE Information
»
Image Base 0x400000
Entry Point 0x9381ee
Size Of Code 0x4800
Size Of Initialized Data 0xf1600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-10-05 11:43:09+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x47b2 0x0 0x0 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.0
.rdata 0x406000 0x205c 0x0 0x0 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.0
.data 0x409000 0x18e0 0x0 0x0 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.vmp0 0x40b000 0x4057ac 0x0 0x0 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.0
.vmp1 0x811000 0x5f74e0 0x5f7600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.96
.rsrc 0xe09000 0x1b2 0x200 0x5f7a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.47
Imports (6)
»
KERNEL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FindResourceA 0x0 0x936000 0x923e0c 0x51320c 0x0
WTSAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WTSSendMessageW 0x0 0x936008 0x923e14 0x513214 0x0
KERNEL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VirtualQuery 0x0 0x936010 0x923e1c 0x51321c 0x0
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetUserObjectInformationW 0x0 0x936018 0x923e24 0x513224 0x0
KERNEL32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LocalAlloc 0x0 0x936020 0x923e2c 0x51322c 0x0
LocalFree 0x0 0x936024 0x923e30 0x513230 0x0
GetModuleFileNameW 0x0 0x936028 0x923e34 0x513234 0x0
GetProcessAffinityMask 0x0 0x93602c 0x923e38 0x513238 0x0
SetProcessAffinityMask 0x0 0x936030 0x923e3c 0x51323c 0x0
SetThreadAffinityMask 0x0 0x936034 0x923e40 0x513240 0x0
Sleep 0x0 0x936038 0x923e44 0x513244 0x0
ExitProcess 0x0 0x93603c 0x923e48 0x513248 0x0
FreeLibrary 0x0 0x936040 0x923e4c 0x51324c 0x0
LoadLibraryA 0x0 0x936044 0x923e50 0x513250 0x0
GetModuleHandleA 0x0 0x936048 0x923e54 0x513254 0x0
GetProcAddress 0x0 0x93604c 0x923e58 0x513258 0x0
USER32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcessWindowStation 0x0 0x936054 0x923e60 0x513260 0x0
GetUserObjectInformationW 0x0 0x936058 0x923e64 0x513264 0x0
Memory Dumps (109)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
buffer 1 0x003A0000 0x003A0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003A0000 0x003A0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003B0000 0x003B0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003B0000 0x003B0FFF First Execution False 32-bit 0x003B0015 False False
...
buffer 1 0x003C0000 0x003C0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003C0000 0x003C0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003D0000 0x003D0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003D0000 0x003D0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003E0000 0x003E0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003E0000 0x003E0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003F0000 0x003F0FFF Content Changed False 32-bit - False False
...
buffer 1 0x003F0000 0x003F0FFF Content Changed False 32-bit - False False
...
buffer 1 0x00E10000 0x00E10FFF First Execution False 32-bit 0x00E1000F False False
...
buffer 1 0x00E10000 0x00E10FFF Marked Executable False 32-bit 0x00E1000F False False
...
buffer 1 0x02670000 0x02763FFF First Execution True 32-bit 0x026CB492 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D38E0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CAFC0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CE1B5 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D0319 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D7AAB True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D4BC1 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CCAB3 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D6C4A True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C6E44 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C86C8 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E492F False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C59E0 False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CFC8B False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DBF28 False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D5000 False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026ED4DE False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02689E07 False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02687C98 False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x0268B353 False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x0268A933 False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026735EB False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CD66C False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D9CAE False False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02676413 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026B1F80 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02696860 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x0267C934 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A39E0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x0267AC61 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A6670 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02688AA3 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02691060 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C1AD0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026AD1E0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026774F1 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E2DD3 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DA530 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E1853 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E3DFC True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C91A8 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DC757 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DFBA3 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DECF2 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DD005 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026AFF00 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026B4950 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x0269F000 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02688A2B True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02674FA5 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E2DD3 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E1853 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CE3A0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026AC7D0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D9CAE True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CA71B True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E47E6 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DA530 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A4990 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A5B60 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C79DA True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C5A70 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E7412 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026AA6A0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x0267B88F True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026AC7D0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D6F83 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A3EA0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CCA6E True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02684A58 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DA530 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A7650 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A5B60 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E4429 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E7412 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CE3A0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026BD790 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CB49C True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026D63A6 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C85A6 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x0268B114 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026B8FB0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02671096 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E2DD3 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CCA6E True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026C91C7 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026774F1 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026AC7D0 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x02683922 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x0268E680 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026CA71B True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026DA530 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A4990 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026A5B60 True False
...
buffer 1 0x02670000 0x02763FFF Content Changed True 32-bit 0x026E7412 True False
...
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKD.34686589
Malicious
C:\users\5p5nrgjn0js halpmcxz\documents\ftx4sxhibrx9ib1.docx.woodrat Dropped File Text
Whitelisted
...
»
Mime Type text/plain
File Size 402 Bytes
MD5 ecf88f261853fe08d58e2e903220da14 Copy to Clipboard
SHA1 f72807a9e081906654ae196605e681d5938a2e6c Copy to Clipboard
SHA256 cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844 Copy to Clipboard
SSDeep 12:QZsiL5wmHOlDmo0qmUclLwr2FlDmo0IWF9klrgl2FlDmo0qjKAev:QCGwv4o0hlLwiF4o0UUsF4o01AM Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
pub.dll Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 216 Bytes
MD5 2cd35c420bf38b8b5c2ee49b2cda3872 Copy to Clipboard
SHA1 5bafbda1bae502f4ff30095b6e028844fab2624f Copy to Clipboard
SHA256 c74d54d794204fca803c4b45c03c1e7d81f065ef191e213c6446743fceaee5ea Copy to Clipboard
SSDeep 6:JeQmnAxir8KeHhITGM3YMtkDx28lNh9tDbEdTH:8QmTr8bBISiYMtkw0P9OTH Copy to Clipboard
ImpHash -
C:\programdata\package cache\{e512788e-c50b-3858-a4b9-73ad5f3f9e93}v14.10.25017\packages\vcruntimeadditional_amd64\cab1.cab.woodrat Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 5.61 MB
MD5 dfd088c2330fc0b849f588e7d44546f3 Copy to Clipboard
SHA1 1a5432c12e1cb6031dc69f1d29102e342e01945c Copy to Clipboard
SHA256 9b883e87c9a032978eda9e54d2a30cb70d353b3990a6dad0f03120d94f612be5 Copy to Clipboard
SSDeep 98304:jh+KH6gpIMjAGSivAWb7ykDN63poACCKQtDzxOH8zkC694dODfxTh4IPQQZ:XasIyAGSiJbFKpoACuzx4RCK/fxThLP/ Copy to Clipboard
ImpHash -
C:\config.msi\LOCKED_README.txt Dropped File Text
Unknown
...
»
Also Known As C:\config.msi\LOCKED_README.txt (Dropped File)
C:\users\5p5nrgjn0js halpmcxz\music\locked_readme.txt (Dropped File)
C:\users\5p5nrgjn0js halpmcxz\music\LOCKED_README.txt (Dropped File)
C:\programdata\LOCKED_README.txt (Dropped File)
C:\msocache\LOCKED_README.txt (Dropped File)
C:\users\5p5nrgjn0js halpmcxz\documents\LOCKED_README.txt (Dropped File)
Mime Type text/plain
File Size 4.66 KB
MD5 9e6509fea30419cb2dac38f6ddf49ceb Copy to Clipboard
SHA1 c8faaa12fda4f541d59fd3a64dabd911bf1ccd7a Copy to Clipboard
SHA256 acda9197b4c67f39e6caa8cb61dfc9346a4b44c1ef92d07b6c1e16c937efea76 Copy to Clipboard
SSDeep 96:NLHioTEY81RX2gKeSTNEovrlPN10zpe19GD:BCoTEl1kNvrlPSe19GD Copy to Clipboard
ImpHash -
C:\users\5p5nrgjn0js halpmcxz\documents\1rsl9u.xlsx.woodrat Dropped File Video
Unknown
...
»
Mime Type video/x-msvideo
File Size 31.23 KB
MD5 498c61f95bc81677276604d64a7ad649 Copy to Clipboard
SHA1 8efb98cc9bfe27d1578e8d0862870302eb306796 Copy to Clipboard
SHA256 bd44aa56d1c513b9bace89b0c148d7b4cbc94f159b0c5d4ff5633fcdef785495 Copy to Clipboard
SSDeep 768:au6jmWo41MumWNsc7gHaJLTvygWMKvGRoc44wM:aNjmnjtsv7qaJabNLM Copy to Clipboard
ImpHash -
C:\users\5p5nrgjn0js halpmcxz\documents\2-ghz3e8x9ng.docx.woodrat Dropped File ZIP
Unknown
...
»
Mime Type application/zip
File Size 3.63 KB
MD5 7dd26d2fa52e27edcc2cc07beb6bf857 Copy to Clipboard
SHA1 a6b12fa75b1611afa00a82f7e03b5ff1ea3f309f Copy to Clipboard
SHA256 f63065862632422b5c8a0259f35f6807a63df59d7004dbd8c563938175b24c20 Copy to Clipboard
SSDeep 96:/yYXQchaiVVYjlU2MAUKTccRgeK0gmm46fhR10lDW:qYgliAZU2qKock/mV8R10w Copy to Clipboard
ImpHash -
C:\users\5p5nrgjn0js halpmcxz\documents\7ew7kda1xlecmji-np.pptx.woodrat Dropped File ZIP
Unknown
...
»
Mime Type application/zip
File Size 1.32 KB
MD5 4dd5af104f5f47fa3994f259a471bcbe Copy to Clipboard
SHA1 ced987c416c051f2739cb50f390e4866e4b2eddc Copy to Clipboard
SHA256 cd63c2987647aedb70462b7879048647e9b5affc7b11e0a004d5b800618d28c8 Copy to Clipboard
SSDeep 24:9ZqHbGv8pPg+YEJo7QmwOTdfUBo2Wup2NSUDs9WIQBYu1r9RMafeIEWAVuuKh8:9YhJTKxwOpUoctWIQCu1pRIIVAsf8 Copy to Clipboard
ImpHash -
C:\users\5p5nrgjn0js halpmcxz\documents\aeflwrk7e5o_uq-qos.pptx.woodrat Dropped File ZIP
Unknown
...
»
Mime Type application/zip
File Size 99.14 KB
MD5 723cdbacda0cc2dd8d6df58faa25fabc Copy to Clipboard
SHA1 74d556249ac4a4a2d91037cbf8c52f60326df416 Copy to Clipboard
SHA256 0786bd35f658be0dcf6a13859ece91e5bda2f7bd8cf87ad1b15c77fcb4e8523b Copy to Clipboard
SSDeep 3072:bGzbxXzX3bwZEOCIF5ro9KZiqTH51bQHcjLg+:bGVbgY++9KZiqTb6+ Copy to Clipboard
ImpHash -
C:\users\5p5nrgjn0js halpmcxz\documents\g9ndp0i9s 6om_.xlsx.woodrat Dropped File ZIP
Unknown
...
»
Mime Type application/zip
File Size 57.02 KB
MD5 1bb4e388949466f337184ed5344659f8 Copy to Clipboard
SHA1 b883d7f8e3ef601f0eacabdb2224fd326b4f977a Copy to Clipboard
SHA256 d3d26704bec211758f73a18cd7b22819a200b45f14b23e1f9d3c023060c61097 Copy to Clipboard
SSDeep 1536:Nu4ixRlEDvuQH/MkWMd9ifhDn/Kx3ICqio3zwX8r3MD7:cNAvuQfM/Md90/Kx4CK3M7 Copy to Clipboard
ImpHash -
C:\users\5p5nrgjn0js halpmcxz\documents\hmnjahve-o7.xlsx.woodrat Dropped File ZIP
Unknown
...
»
Mime Type application/zip
File Size 14.23 KB
MD5 cb35588c238595d239c74ebeed7c2676 Copy to Clipboard
SHA1 19673458b7af3eb69ff1ad9022fd9ccb69ef3685 Copy to Clipboard
SHA256 fb21b98fb485e11877b74dcff297aa2d859c8a3cba0065a2d2e9b3c8b4f4faa2 Copy to Clipboard
SSDeep 384:7TwY6AOm1DdKLupeHXIYy9dNeeGYyiwBNr:7T96AhPKKcHX5yHNZp8 Copy to Clipboard
ImpHash -
C:\users\5p5nrgjn0js halpmcxz\documents\iucew4gepvyl2ya.pptx.woodrat Dropped File ZIP
Unknown
...
»
Mime Type application/zip
File Size 77.81 KB
MD5 c8a5afec0bdc2182421ba8787c20e515 Copy to Clipboard
SHA1 1fa957447a3cc3e40c0054e666840c56c39c1a0a Copy to Clipboard
SHA256 553798e29693f796e9c77c9a3eacd06777ad43352cf51c51acc1fc9a2476c489 Copy to Clipboard
SSDeep 1536:BlCmfsY8JnB4x1VfH0bZicdnrVPabSNt1V19qjPu/IlW9+0kUP3M82+:2mfryaPfKVVybIhT2ug49zP3Mz+ Copy to Clipboard
ImpHash -
C:\users\5p5nrgjn0js halpmcxz\documents\ltfcdbxx40tyuco.docx.woodrat Dropped File ZIP
Unknown
...
»
Mime Type application/zip
File Size 88.74 KB
MD5 2a30a6a372de2e941c9d072535e745b4 Copy to Clipboard
SHA1 941d6854f3fa7c8057c3f4830901b8de9d16cbb0 Copy to Clipboard
SHA256 542eb075d898836543909c5cf853a6b7dcef1f21f5af7feceaa6e4fb03f8e67d Copy to Clipboard
SSDeep 1536:Cpm6tCKIvyL8nm4ewkcw3tDbBkIf3x1YlGKjmB8AeOYbdsmhgqCEPc85qOMXNaXb:CVYe19FBkA+/OYbdsmhgqCEPf4fc Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image