Try VMRay Platform
Malicious
Classifications

Downloader Injector Trojan Banker

Threat Names

Mal/HTMLGen-A QBot

Dynamic Analysis Report

Created on 2023-04-12T20:15:22+00:00

Keep.gP0176.wsf

Windows Script File
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "11 hours, 49 minutes, 30 seconds" to "29 minutes, 10 seconds" to reveal dormant functionality.

Remarks

(0x0200001A): The maximum number of URL Reputation Analysis requests per analysis (150) was exceeded.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\Keep.gP0176.wsf Sample File Text
Malicious
...
»
Also Known As C:\Users\RDHJ0C~1\Desktop\Keep.gP0176.wsf (Accessed File)
MIME Type text/x-wsf
File Size 267.67 KB
MD5 15eba70cec948b7fb5a77372840a7d00 Copy to Clipboard
SHA1 d083555679f843f23869d6743b7e3e67886541a0 Copy to Clipboard
SHA256 2200463f3dec4645af3e3e7c690eab58f4312fe1595950cc9d94e821475f80a7 Copy to Clipboard
SSDeep 6144:5cdbP3WH/2iQ+Ymj7qzIQWttY8LgsufQtn2dDFmyHl6hrxU6DWcZ:i7iQMCMQ3l4U61 Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\anomoeomery.metalizedCredence Downloaded File Binary
Suspicious
...
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\\anomoeomery.metalizedCredence (Accessed File)
C:\Users\RDHJ0C~1\AppData\Local\Temp\anomoeomery.metalizedCredence (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 593.64 KB
MD5 9eee2ccf2124abd5c34a873862883235 Copy to Clipboard
SHA1 8f298abf4889a459ab071e156ebfb4c421e2bc09 Copy to Clipboard
SHA256 531d14077f678633e53883d4ba792b1a53ea6b435c254580b41752373152cea0 Copy to Clipboard
SSDeep 12288:Cv85s9+srBMDecTyWo+615C3qumKzm8Fr9VwF+zMxoCqDg:Cvt9VMDeSfo+68qoiUr8FXxoCqDg Copy to Clipboard
ImpHash e56f0be4cb5134c1e94a5029b950fa61 Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x100323B3
Size Of Code 0x0006AC00
Size Of Initialized Data 0x0000BC00
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-11-07 04:23 (UTC+1)
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription Visual Studio PkgDef Management Native DLL
FileVersion 15.0.27106.0 built by: D15REL
InternalName PkgdefMgmt.dll
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename PkgdefMgmt.dll
ProductName Microsoft® Visual Studio®
ProductVersion 15.0.27106.0
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x0006AA9D 0x0006AC00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.44
.data 0x1006C000 0x00002AF0 0x00001C00 0x0006B000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.39
.idata 0x1006F000 0x00001A60 0x00001C00 0x0006CC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.45
.tls 0x10071000 0x00000009 0x00000200 0x0006E800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.detourc 0x10072000 0x00001190 0x00001200 0x0006EA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.16
.detourd 0x10074000 0x0000000C 0x00000200 0x0006FC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.07
.rsrc 0x10075000 0x0001A890 0x0001B000 0x0006FE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.92
.reloc 0x10090000 0x00005860 0x00005A00 0x0008AE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.53
Imports (7)
»
ADVAPI32.dll (40)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegDeleteValueW - 0x1006F000 0x0006F494 0x0006D094 0x0000026C
RegOpenKeyExW - 0x1006F004 0x0006F498 0x0006D098 0x00000285
RegSetValueExW - 0x1006F008 0x0006F49C 0x0006D09C 0x000002A2
RegEnumKeyExW - 0x1006F00C 0x0006F4A0 0x0006D0A0 0x00000273
RegCreateKeyExW - 0x1006F010 0x0006F4A4 0x0006D0A4 0x0000025D
RegDeleteKeyW - 0x1006F014 0x0006F4A8 0x0006D0A8 0x00000268
RegQueryInfoKeyW - 0x1006F018 0x0006F4AC 0x0006D0AC 0x0000028C
RegCloseKey - 0x1006F01C 0x0006F4B0 0x0006D0B0 0x00000254
RegEnumValueA - 0x1006F020 0x0006F4B4 0x0006D0B4 0x00000275
RegEnumKeyExA - 0x1006F024 0x0006F4B8 0x0006D0B8 0x00000272
RegDeleteTreeA - 0x1006F028 0x0006F4BC 0x0006D0BC 0x00000269
RegDeleteKeyValueW - 0x1006F02C 0x0006F4C0 0x0006D0C0 0x00000267
RegDeleteKeyValueA - 0x1006F030 0x0006F4C4 0x0006D0C4 0x00000266
RegDeleteValueA - 0x1006F034 0x0006F4C8 0x0006D0C8 0x0000026B
RegDeleteKeyExW - 0x1006F038 0x0006F4CC 0x0006D0CC 0x00000263
RegDeleteKeyExA - 0x1006F03C 0x0006F4D0 0x0006D0D0 0x00000262
RegDeleteKeyA - 0x1006F040 0x0006F4D4 0x0006D0D4 0x00000261
RegQueryValueExA - 0x1006F044 0x0006F4D8 0x0006D0D8 0x00000291
RegOpenKeyExA - 0x1006F048 0x0006F4DC 0x0006D0DC 0x00000284
RegCreateKeyExA - 0x1006F04C 0x0006F4E0 0x0006D0E0 0x0000025C
RegLoadAppKeyW - 0x1006F050 0x0006F4E4 0x0006D0E4 0x0000027C
RegDeleteTreeW - 0x1006F054 0x0006F4E8 0x0006D0E8 0x0000026A
RegSaveKeyW - 0x1006F058 0x0006F4EC 0x0006D0EC 0x0000029C
RegGetKeySecurity - 0x1006F05C 0x0006F4F0 0x0006D0F0 0x00000278
AdjustTokenPrivileges - 0x1006F060 0x0006F4F4 0x0006D0F4 0x0000001F
LookupPrivilegeValueW - 0x1006F064 0x0006F4F8 0x0006D0F8 0x000001AD
FreeSid - 0x1006F068 0x0006F4FC 0x0006D0FC 0x00000133
CheckTokenMembership - 0x1006F06C 0x0006F500 0x0006D100 0x0000005F
AllocateAndInitializeSid - 0x1006F070 0x0006F504 0x0006D104 0x00000020
ConvertStringSecurityDescriptorToSecurityDescriptorW - 0x1006F074 0x0006F508 0x0006D108 0x00000081
ConvertSidToStringSidW - 0x1006F078 0x0006F50C 0x0006D10C 0x0000007B
IsValidSid - 0x1006F07C 0x0006F510 0x0006D110 0x0000019C
GetTokenInformation - 0x1006F080 0x0006F514 0x0006D114 0x0000016F
OpenProcessToken - 0x1006F084 0x0006F518 0x0006D118 0x00000212
RegEnumKeyW - 0x1006F088 0x0006F51C 0x0006D11C 0x00000274
RegQueryValueExW - 0x1006F08C 0x0006F520 0x0006D120 0x00000292
RegEnumValueW - 0x1006F090 0x0006F524 0x0006D124 0x00000276
RevertToSelf - 0x1006F094 0x0006F528 0x0006D128 0x000002B8
ImpersonateLoggedOnUser - 0x1006F098 0x0006F52C 0x0006D12C 0x00000189
RegQueryInfoKeyA - 0x1006F09C 0x0006F530 0x0006D130 0x0000028B
KERNEL32.dll (162)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA - 0x1006F0A4 0x0006F538 0x0006D138 0x00000264
FreeLibraryAndExitThread - 0x1006F0A8 0x0006F53C 0x0006D13C 0x0000019F
GetThreadTimes - 0x1006F0AC 0x0006F540 0x0006D140 0x000002F0
UnregisterWait - 0x1006F0B0 0x0006F544 0x0006D144 0x00000589
RegisterWaitForSingleObject - 0x1006F0B4 0x0006F548 0x0006D148 0x00000484
SetThreadAffinityMask - 0x1006F0B8 0x0006F54C 0x0006D14C 0x00000529
GetProcessAffinityMask - 0x1006F0BC 0x0006F550 0x0006D150 0x0000029E
GetNumaHighestNodeNumber - 0x1006F0C0 0x0006F554 0x0006D154 0x00000278
DeleteTimerQueueTimer - 0x1006F0C4 0x0006F558 0x0006D158 0x0000010F
ChangeTimerQueueTimer - 0x1006F0C8 0x0006F55C 0x0006D15C 0x00000071
CreateTimerQueueTimer - 0x1006F0CC 0x0006F560 0x0006D160 0x000000F0
GetLogicalProcessorInformation - 0x1006F0D0 0x0006F564 0x0006D164 0x00000258
GetThreadPriority - 0x1006F0D4 0x0006F568 0x0006D168 0x000002ED
SetThreadPriority - 0x1006F0D8 0x0006F56C 0x0006D16C 0x00000533
SwitchToThread - 0x1006F0DC 0x0006F570 0x0006D170 0x0000055A
SignalObjectAndWait - 0x1006F0E0 0x0006F574 0x0006D174 0x0000054E
SetEvent - 0x1006F0E4 0x0006F578 0x0006D178 0x000004EF
FindAtomW - 0x1006F0E8 0x0006F57C 0x0006D17C 0x00000167
VirtualQuery - 0x1006F0EC 0x0006F580 0x0006D180 0x000005A1
VirtualProtect - 0x1006F0F0 0x0006F584 0x0006D184 0x0000059F
VirtualFree - 0x1006F0F4 0x0006F588 0x0006D188 0x0000059C
VirtualAlloc - 0x1006F0F8 0x0006F58C 0x0006D18C 0x00000599
DuplicateHandle - 0x1006F0FC 0x0006F590 0x0006D190 0x0000011F
SetThreadContext - 0x1006F100 0x0006F594 0x0006D194 0x0000052A
GetThreadContext - 0x1006F104 0x0006F598 0x0006D198 0x000002E4
ResumeThread - 0x1006F108 0x0006F59C 0x0006D19C 0x000004A7
SuspendThread - 0x1006F10C 0x0006F5A0 0x0006D1A0 0x00000558
CreateEventW - 0x1006F110 0x0006F5A4 0x0006D1A4 0x000000B6
TryEnterCriticalSection - 0x1006F114 0x0006F5A8 0x0006D1A8 0x0000057A
GetDriveTypeW - 0x1006F118 0x0006F5AC 0x0006D1AC 0x0000021F
HeapLock - 0x1006F11C 0x0006F5B0 0x0006D1B0 0x00000334
GetVersionExW - 0x1006F120 0x0006F5B4 0x0006D1B4 0x00000305
HeapUnlock - 0x1006F124 0x0006F5B8 0x0006D1B8 0x0000033A
Thread32Next - 0x1006F128 0x0006F5BC 0x0006D1BC 0x00000570
OpenThread - 0x1006F12C 0x0006F5C0 0x0006D1C0 0x000003F5
Thread32First - 0x1006F130 0x0006F5C4 0x0006D1C4 0x0000056F
CreateToolhelp32Snapshot - 0x1006F134 0x0006F5C8 0x0006D1C8 0x000000F1
InitializeCriticalSection - 0x1006F138 0x0006F5CC 0x0006D1CC 0x00000347
CompareStringA - 0x1006F13C 0x0006F5D0 0x0006D1D0 0x00000090
Sleep - 0x1006F140 0x0006F5D4 0x0006D1D4 0x00000550
FlushViewOfFile - 0x1006F144 0x0006F5D8 0x0006D1D8 0x00000195
LoadLibraryW - 0x1006F148 0x0006F5DC 0x0006D1DC 0x000003A8
VerifyVersionInfoW - 0x1006F14C 0x0006F5E0 0x0006D1E0 0x00000598
VerSetConditionMask - 0x1006F150 0x0006F5E4 0x0006D1E4 0x00000594
GetPrivateProfileStringW - 0x1006F154 0x0006F5E8 0x0006D1E8 0x0000029A
CreateDirectoryW - 0x1006F158 0x0006F5EC 0x0006D1EC 0x000000B2
GetVersionExA - 0x1006F15C 0x0006F5F0 0x0006D1F0 0x00000304
InterlockedPopEntrySList - 0x1006F160 0x0006F5F4 0x0006D1F4 0x00000356
QueryDepthSList - 0x1006F164 0x0006F5F8 0x0006D1F8 0x00000424
UnregisterWaitEx - 0x1006F168 0x0006F5FC 0x0006D1FC 0x0000058A
CreateTimerQueue - 0x1006F16C 0x0006F600 0x0006D200 0x000000EF
LoadLibraryExW - 0x1006F170 0x0006F604 0x0006D204 0x000003A7
lstrcmpiW - 0x1006F174 0x0006F608 0x0006D208 0x00000600
FreeLibrary - 0x1006F178 0x0006F60C 0x0006D20C 0x0000019E
GetModuleHandleW - 0x1006F17C 0x0006F610 0x0006D210 0x00000267
GetProcessHeap - 0x1006F180 0x0006F614 0x0006D214 0x000002A2
DeleteCriticalSection - 0x1006F184 0x0006F618 0x0006D218 0x00000105
GetProcAddress - 0x1006F188 0x0006F61C 0x0006D21C 0x0000029D
HeapDestroy - 0x1006F18C 0x0006F620 0x0006D220 0x00000332
DecodePointer - 0x1006F190 0x0006F624 0x0006D224 0x000000FE
HeapAlloc - 0x1006F194 0x0006F628 0x0006D228 0x0000032F
FindResourceW - 0x1006F198 0x0006F62C 0x0006D22C 0x00000189
LoadResource - 0x1006F19C 0x0006F630 0x0006D230 0x000003AB
FindResourceExW - 0x1006F1A0 0x0006F634 0x0006D234 0x00000188
RaiseException - 0x1006F1A4 0x0006F638 0x0006D238 0x0000043F
HeapReAlloc - 0x1006F1A8 0x0006F63C 0x0006D23C 0x00000336
LockResource - 0x1006F1AC 0x0006F640 0x0006D240 0x000003BD
GetLastError - 0x1006F1B0 0x0006F644 0x0006D244 0x00000250
MultiByteToWideChar - 0x1006F1B4 0x0006F648 0x0006D248 0x000003D1
HeapSize - 0x1006F1B8 0x0006F64C 0x0006D24C 0x00000338
InitializeCriticalSectionEx - 0x1006F1BC 0x0006F650 0x0006D250 0x00000349
GetEnvironmentVariableW - 0x1006F1C0 0x0006F654 0x0006D254 0x00000229
LeaveCriticalSection - 0x1006F1C4 0x0006F658 0x0006D258 0x000003A2
GetModuleFileNameW - 0x1006F1C8 0x0006F65C 0x0006D25C 0x00000263
EnterCriticalSection - 0x1006F1CC 0x0006F660 0x0006D260 0x00000125
HeapFree - 0x1006F1D0 0x0006F664 0x0006D264 0x00000333
SizeofResource - 0x1006F1D4 0x0006F668 0x0006D268 0x0000054F
FlushInstructionCache - 0x1006F1D8 0x0006F66C 0x0006D26C 0x00000193
UnhandledExceptionFilter - 0x1006F1DC 0x0006F670 0x0006D270 0x00000580
SetUnhandledExceptionFilter - 0x1006F1E0 0x0006F674 0x0006D274 0x00000541
GetCurrentProcess - 0x1006F1E4 0x0006F678 0x0006D278 0x00000209
TerminateProcess - 0x1006F1E8 0x0006F67C 0x0006D27C 0x0000055F
IsProcessorFeaturePresent - 0x1006F1EC 0x0006F680 0x0006D280 0x0000036D
QueryPerformanceCounter - 0x1006F1F0 0x0006F684 0x0006D284 0x0000042D
GetCurrentProcessId - 0x1006F1F4 0x0006F688 0x0006D288 0x0000020A
GetCurrentThreadId - 0x1006F1F8 0x0006F68C 0x0006D28C 0x0000020E
GetSystemTimeAsFileTime - 0x1006F1FC 0x0006F690 0x0006D290 0x000002D6
InitializeSListHead - 0x1006F200 0x0006F694 0x0006D294 0x0000034B
IsDebuggerPresent - 0x1006F204 0x0006F698 0x0006D298 0x00000367
GetStartupInfoW - 0x1006F208 0x0006F69C 0x0006D29C 0x000002BE
InterlockedPushEntrySList - 0x1006F20C 0x0006F6A0 0x0006D2A0 0x00000357
InterlockedFlushSList - 0x1006F210 0x0006F6A4 0x0006D2A4 0x00000354
RtlUnwind - 0x1006F214 0x0006F6A8 0x0006D2A8 0x000004AC
SetLastError - 0x1006F218 0x0006F6AC 0x0006D2AC 0x0000050A
InitializeCriticalSectionAndSpinCount - 0x1006F21C 0x0006F6B0 0x0006D2B0 0x00000348
TlsAlloc - 0x1006F220 0x0006F6B4 0x0006D2B4 0x00000571
TlsGetValue - 0x1006F224 0x0006F6B8 0x0006D2B8 0x00000573
TlsSetValue - 0x1006F228 0x0006F6BC 0x0006D2BC 0x00000574
TlsFree - 0x1006F22C 0x0006F6C0 0x0006D2C0 0x00000572
EncodePointer - 0x1006F230 0x0006F6C4 0x0006D2C4 0x00000121
ExitProcess - 0x1006F234 0x0006F6C8 0x0006D2C8 0x00000151
GetModuleHandleExW - 0x1006F238 0x0006F6CC 0x0006D2CC 0x00000266
GetModuleFileNameA - 0x1006F23C 0x0006F6D0 0x0006D2D0 0x00000262
WideCharToMultiByte - 0x1006F240 0x0006F6D4 0x0006D2D4 0x000005CB
GetCurrentThread - 0x1006F244 0x0006F6D8 0x0006D2D8 0x0000020D
CompareStringW - 0x1006F248 0x0006F6DC 0x0006D2DC 0x00000093
LCMapStringW - 0x1006F24C 0x0006F6E0 0x0006D2E0 0x00000396
FindClose - 0x1006F250 0x0006F6E4 0x0006D2E4 0x00000168
FindFirstFileExA - 0x1006F254 0x0006F6E8 0x0006D2E8 0x0000016D
FindFirstFileExW - 0x1006F258 0x0006F6EC 0x0006D2EC 0x0000016E
FindNextFileA - 0x1006F25C 0x0006F6F0 0x0006D2F0 0x0000017D
FindNextFileW - 0x1006F260 0x0006F6F4 0x0006D2F4 0x0000017F
IsValidCodePage - 0x1006F264 0x0006F6F8 0x0006D2F8 0x00000372
GetACP - 0x1006F268 0x0006F6FC 0x0006D2FC 0x000001A4
GetOEMCP - 0x1006F26C 0x0006F700 0x0006D300 0x00000286
GetCPInfo - 0x1006F270 0x0006F704 0x0006D304 0x000001B3
GetCommandLineA - 0x1006F274 0x0006F708 0x0006D308 0x000001C8
GetCommandLineW - 0x1006F278 0x0006F70C 0x0006D30C 0x000001C9
GetEnvironmentStringsW - 0x1006F27C 0x0006F710 0x0006D310 0x00000227
FreeEnvironmentStringsW - 0x1006F280 0x0006F714 0x0006D314 0x0000019D
SetEnvironmentVariableW - 0x1006F284 0x0006F718 0x0006D318 0x000004ED
GetStdHandle - 0x1006F288 0x0006F71C 0x0006D31C 0x000002C0
GetFileType - 0x1006F28C 0x0006F720 0x0006D320 0x0000023E
GetStringTypeW - 0x1006F290 0x0006F724 0x0006D324 0x000002C5
SetStdHandle - 0x1006F294 0x0006F728 0x0006D328 0x00000520
WriteFile - 0x1006F298 0x0006F72C 0x0006D32C 0x000005DF
FlushFileBuffers - 0x1006F29C 0x0006F730 0x0006D330 0x00000192
GetConsoleCP - 0x1006F2A0 0x0006F734 0x0006D334 0x000001DC
GetConsoleMode - 0x1006F2A4 0x0006F738 0x0006D338 0x000001EE
SetFilePointerEx - 0x1006F2A8 0x0006F73C 0x0006D33C 0x000004FC
OutputDebugStringW - 0x1006F2AC 0x0006F740 0x0006D340 0x000003FA
CloseHandle - 0x1006F2B0 0x0006F744 0x0006D344 0x0000007F
WaitForSingleObjectEx - 0x1006F2B4 0x0006F748 0x0006D348 0x000005AA
CreateThread - 0x1006F2B8 0x0006F74C 0x0006D34C 0x000000E8
WriteConsoleW - 0x1006F2BC 0x0006F750 0x0006D350 0x000005DE
CreateFileW - 0x1006F2C0 0x0006F754 0x0006D354 0x000000C2
FileTimeToSystemTime - 0x1006F2C4 0x0006F758 0x0006D358 0x0000015D
GetFileAttributesExW - 0x1006F2C8 0x0006F75C 0x0006D35C 0x00000232
CompareFileTime - 0x1006F2CC 0x0006F760 0x0006D360 0x0000008F
GetTickCount - 0x1006F2D0 0x0006F764 0x0006D364 0x000002F2
ExpandEnvironmentStringsW - 0x1006F2D4 0x0006F768 0x0006D368 0x00000155
GetFullPathNameW - 0x1006F2D8 0x0006F76C 0x0006D36C 0x00000249
GetLongPathNameW - 0x1006F2DC 0x0006F770 0x0006D370 0x0000025D
FindFirstFileW - 0x1006F2E0 0x0006F774 0x0006D374 0x00000173
GetTempPathW - 0x1006F2E4 0x0006F778 0x0006D378 0x000002E3
GetTempFileNameW - 0x1006F2E8 0x0006F77C 0x0006D37C 0x000002E1
CopyFileW - 0x1006F2EC 0x0006F780 0x0006D380 0x000000A5
DeleteFileW - 0x1006F2F0 0x0006F784 0x0006D384 0x0000010A
LocalFree - 0x1006F2F4 0x0006F788 0x0006D388 0x000003B2
CreateSemaphoreW - 0x1006F2F8 0x0006F78C 0x0006D38C 0x000000E1
WaitForSingleObject - 0x1006F2FC 0x0006F790 0x0006D390 0x000005A9
ReleaseSemaphore - 0x1006F300 0x0006F794 0x0006D394 0x0000048F
lstrlenW - 0x1006F304 0x0006F798 0x0006D398 0x00000609
CreateMutexW - 0x1006F308 0x0006F79C 0x0006D39C 0x000000D1
ReleaseMutex - 0x1006F30C 0x0006F7A0 0x0006D3A0 0x0000048B
GetFileSize - 0x1006F310 0x0006F7A4 0x0006D3A4 0x0000023B
ReadFile - 0x1006F314 0x0006F7A8 0x0006D3A8 0x0000044F
CreateFileMappingW - 0x1006F318 0x0006F7AC 0x0006D3AC 0x000000BF
MapViewOfFile - 0x1006F31C 0x0006F7B0 0x0006D3B0 0x000003C0
UnmapViewOfFile - 0x1006F320 0x0006F7B4 0x0006D3B4 0x00000583
GetCurrentDirectoryW - 0x1006F324 0x0006F7B8 0x0006D3B8 0x00000203
CreateFileA - 0x1006F328 0x0006F7BC 0x0006D3BC 0x000000BA
ole32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StringFromCLSID - 0x1006F3C8 0x0006F85C 0x0006D45C 0x000001B9
CoCreateGuid - 0x1006F3CC 0x0006F860 0x0006D460 0x00000019
CLSIDFromString - 0x1006F3D0 0x0006F864 0x0006D464 0x0000000C
CoInitialize - 0x1006F3D4 0x0006F868 0x0006D468 0x0000004F
CoTaskMemRealloc - 0x1006F3D8 0x0006F86C 0x0006D46C 0x0000007C
CoTaskMemFree - 0x1006F3DC 0x0006F870 0x0006D470 0x0000007B
CoCreateInstance - 0x1006F3E0 0x0006F874 0x0006D474 0x0000001A
CoTaskMemAlloc - 0x1006F3E4 0x0006F878 0x0006D478 0x0000007A
CoUninitialize - 0x1006F3E8 0x0006F87C 0x0006D47C 0x0000007F
OLEAUT32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
VarUI4FromStr 0x00000115 0x1006F330 0x0006F7C4 0x0006D3C4 -
SafeArrayCreate 0x0000000F 0x1006F334 0x0006F7C8 0x0006D3C8 -
SafeArrayLock 0x00000015 0x1006F338 0x0006F7CC 0x0006D3CC -
SysAllocString 0x00000002 0x1006F33C 0x0006F7D0 0x0006D3D0 -
SysFreeString 0x00000006 0x1006F340 0x0006F7D4 0x0006D3D4 -
SafeArrayGetLBound 0x00000014 0x1006F344 0x0006F7D8 0x0006D3D8 -
SafeArrayUnlock 0x00000016 0x1006F348 0x0006F7DC 0x0006D3DC -
SafeArrayGetUBound 0x00000013 0x1006F34C 0x0006F7E0 0x0006D3E0 -
VariantClear 0x00000009 0x1006F350 0x0006F7E4 0x0006D3E4 -
SysAllocStringLen 0x00000004 0x1006F354 0x0006F7E8 0x0006D3E8 -
SHELL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SHCreateDirectoryExW - 0x1006F35C 0x0006F7F0 0x0006D3F0 0x00000096
SHGetFolderPathW - 0x1006F360 0x0006F7F4 0x0006D3F4 0x000000D2
SHLWAPI.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathIsRootW - 0x1006F368 0x0006F7FC 0x0006D3FC 0x0000006B
StrToInt64ExW - 0x1006F36C 0x0006F800 0x0006D400 0x00000154
StrToIntExW - 0x1006F370 0x0006F804 0x0006D404 0x00000157
PathRemoveExtensionW - 0x1006F374 0x0006F808 0x0006D408 0x0000008D
PathFindFileNameW - 0x1006F378 0x0006F80C 0x0006D40C 0x0000004D
PathIsRelativeW - 0x1006F37C 0x0006F810 0x0006D410 0x00000069
SHCreateStreamOnFileEx - 0x1006F380 0x0006F814 0x0006D414 0x000000AE
PathAddBackslashW - 0x1006F384 0x0006F818 0x0006D418 0x00000033
PathIsFileSpecW - 0x1006F388 0x0006F81C 0x0006D41C 0x00000061
SHDeleteKeyW - 0x1006F38C 0x0006F820 0x0006D420 0x000000B8
PathMatchSpecW - 0x1006F390 0x0006F824 0x0006D424 0x0000007F
PathRemoveBackslashW - 0x1006F394 0x0006F828 0x0006D428 0x00000089
PathRemoveBlanksW - 0x1006F398 0x0006F82C 0x0006D42C 0x0000008B
PathFindExtensionW - 0x1006F39C 0x0006F830 0x0006D430 0x0000004B
PathAppendW - 0x1006F3A0 0x0006F834 0x0006D434 0x00000037
PathCombineW - 0x1006F3A4 0x0006F838 0x0006D438 0x0000003D
PathIsDirectoryW - 0x1006F3A8 0x0006F83C 0x0006D43C 0x0000005F
PathRemoveFileSpecW - 0x1006F3AC 0x0006F840 0x0006D440 0x0000008F
PathRenameExtensionW - 0x1006F3B0 0x0006F844 0x0006D444 0x00000091
PathStripPathW - 0x1006F3B4 0x0006F848 0x0006D448 0x00000099
PathFileExistsW - 0x1006F3B8 0x0006F84C 0x0006D44C 0x00000049
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CharNextW - 0x1006F3C0 0x0006F854 0x0006D454 0x00000031
Exports (26)
»
API Name EAT Address Ordinal
IreatePkgDefManagerForApplication 0x0001823E 0x00000001
IreatePkgDefManagerForApplicationWithAlternateUser 0x000181E8 0x00000002
IreatePkgDefManagerForApplicationWithAlternateUserAndRegRoot 0x0001818C 0x00000003
IreatePkgDefManagerForIsolatedApp 0x00017E41 0x00000004
IreatePkgDefManagerForIsolatedAppWithAlternateUser 0x00017E1C 0x00000005
IestroyPkgDefManager 0x0001825D 0x00000006
IetAppDataFolderFromManager 0x000182D7 0x00000007
IetApplicationExtensionsFolder 0x00017D5E 0x00000008
IetApplicationExtensionsFolderFromManager 0x000182EF 0x00000009
IetCommonExtensionsSearchPaths 0x00017D2D 0x0000000A
IetCommonExtensionsSearchPathsFromManager 0x000182C5 0x0000000B
IetConfigurationRegPath 0x00017CD8 0x0000000C
IetConfigurationRoot 0x00017C87 0x0000000D
IetConfigurationRootFromManager 0x00018297 0x0000000E
IetLocalSettingsFolder 0x00017CF5 0x0000000F
IetRegRootFromManager 0x0001827D 0x00000010
IetSettingsRegPath 0x00017CBB 0x00000011
IetUserExtensionsFolder 0x00017D96 0x00000012
IetUserExtensionsFolderFromManager 0x00018306 0x00000013
IetUserSettingsRoot 0x0001831D 0x00000014
IetUserSettingsRootFromManager 0x000182AE 0x00000015
IrCreatePkgDefManagerForApplication 0x0001820A 0x00000016
IrCreatePkgDefManagerForApplicationWithAlternateUser 0x000181B1 0x00000017
IrCreatePkgDefManagerForApplicationWithAlternateUserAndRegRoot 0x00017E68 0x00000018
IrCreatePkgDefManagerForIsolatedAppWithAlternateUser 0x00017DCE 0x00000019
Nikn 0x00017CA1 0x0000001A
c:\wkssvc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
390c8c939e9da3188c5c27fc9b5d879760fa85de40057d45bed63e4a02abd313 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 142.24 KB
MD5 338d5e28601a33b055175b5409a47063 Copy to Clipboard
SHA1 6563ffb4faf19c75eb67cdd9545f8c215b904db6 Copy to Clipboard
SHA256 390c8c939e9da3188c5c27fc9b5d879760fa85de40057d45bed63e4a02abd313 Copy to Clipboard
SSDeep 3072:uiRG3uYKoQYD0wr0RuP+48+3HQ2094sIGtisJ7jTdmPLRe9:uiRGrRe9 Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\vhwa2g21\t5[1] Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 96 Bytes
MD5 32e870d5e0d7588e18d45b8160b5a826 Copy to Clipboard
SHA1 82d30b3266eb444736e5412ddb2b5de072d56e12 Copy to Clipboard
SHA256 060b832aeea5b1aadee771bc6d42b427a1042192ffb275be384839faf93f2542 Copy to Clipboard
SSDeep 3:GHMWS33MEkRLTIqZlgmqGNVEDznhJrn:CXFLTIqZ6P1 Copy to Clipboard
ImpHash -
a89bde12327b2e66fef4efadea15dfcf2ecde71a7ff67ca5e1f8b637f32b23dc Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 74 Bytes
MD5 c2dd7af2d85c95b21ccf980e83d738c6 Copy to Clipboard
SHA1 9bc9926e3c49ca2fd4464f5a758fc902359b5cf9 Copy to Clipboard
SHA256 a89bde12327b2e66fef4efadea15dfcf2ecde71a7ff67ca5e1f8b637f32b23dc Copy to Clipboard
SSDeep 3:qHOWHh+mVyYZJNEsURLKYKddw:qHOmy0JZURLKYKw Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 19.23 KB
MD5 aff27651c726edbdd5b7ee9d5761e615 Copy to Clipboard
SHA1 1039f0dca19b52021c8e4500d6190fc3fb591994 Copy to Clipboard
SHA256 ec82d4ef6a405c11637bbc62e3236e69a775cc9f64e88acc03384b7ebae0203e Copy to Clipboard
SSDeep 384:yEMLxFZsiaiLzSiZxAkb/nJZu9lG2VhPlk0A/0NdIvsws9RJuO1C6PowxyeSZzso:rj+gs Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image