3460a486654f

Remarks

Maximum Dump Size Exceeded (0x0200004A): 5 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 39 MB.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\HSBC Payment Advice.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	799.50 KB
MD5	e133f241974100d83ac20081cb50b10a
SHA1	ab442c5b27a0d0bcf0a91d05dd46506b49248b9e
SHA256	3460a486654f0a647fb3528d462e35b7cb9e79be6779790cf5723e5cd0f9fde0
SSDeep	12288:OzjLf30WH0TuGEUlje2vHrLlKSXDiFMJqIBv3OUphTU2jCqys7DTjaogbaFWOyzi:ojj0y7UXPrLlKS7JDp+UpeMDPakkB
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

File Reputation Information

Verdict

Malicious

PE Information

Image Base	0x00400000
Entry Point	0x004B88C6
Size Of Code	0x000B6A00
Size Of Initialized Data	0x00011200
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2081-11-18 14:35 (UTC+1)

Version Information (11)

Comments	-
CompanyName	Microsoft
FileDescription	Windows App
FileVersion	1.0.0.0
InternalName	TBGj.exe
LegalCopyright	Copyright © 2023
LegalTrademarks	-
OriginalFilename	TBGj.exe
ProductName	Windows App
ProductVersion	1.0.0.0
Assembly Version	1.0.0.0

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00402000	0x000B68CC	0x000B6A00	0x00000200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.97
.rsrc	0x004BA000	0x00010E7C	0x00011000	0x000B6C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.92
.reloc	0x004CC000	0x0000000C	0x00000200	0x000C7C00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x00402000	0x000B8899	0x000B6A99	0x00000000

Memory Dumps (33)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
hsbc payment advice.exe	1	0x00CF0000	0x00DBDFFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x04930000	0x04941FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x07760000	0x077E7FFF	Reflectively Loaded .NET Assembly	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	First Execution	32-bit	0x00401480	... Actions Go to Process Download Dump
hsbc payment advice.exe	3	0x00640000	0x0070DFFF	Relevant Image	32-bit	-	... Actions Go to Process Download Dump
hsbc payment advice.exe	1	0x00CF0000	0x00DBDFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00402EA9	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00401AB8	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x0042F0D3	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00440C83	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00426F7F	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00438703	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x004369CF	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00402E10	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00401B05	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x0040AAD3	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00429053	... Actions Go to Process Download Dump
buffer	3	0x00BF0000	0x00EE9FFF	First Execution	32-bit	0x00C67000	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00413533	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x0040B1C3	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x004145C3	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x0040DE63	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x0040AC53	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x0042C2E3	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00429053	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00413833	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Content Changed	32-bit	0x00407083	... Actions Go to Process Download Dump
buffer	3	0x00400000	0x00445FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00510000	0x0060FFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00760000	0x007A2FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x00BF0000	0x00EE9FFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
hsbc payment advice.exe	3	0x00640000	0x0070DFFF	Process Termination	32-bit	-	... Actions Go to Process Download Dump
buffer	3	0x03870000	0x038B2FFF	Marked Executable	32-bit	-	... Actions Go to Process Download Dump

8fbcc27d6e89595e7a9f2af88d2503d0202c2e41d41edff1a03f218cea3e3145

Downloaded File

Text

MIME Type	text/plain
File Size	3.17 KB
MD5	d9889d409fc074dcc886c73a3bea684a
SHA1	837b6d68bc6a8d73bf649818d5588e4040f9c489
SHA256	8fbcc27d6e89595e7a9f2af88d2503d0202c2e41d41edff1a03f218cea3e3145
SSDeep	48:LetUhZThtChGQbZd5epl449VAl/qxy7W7ghugjxAI1jWSi4aEhSWKbRriaR5B1Gz:brChG4ZrCzamKWQ5xzSWwr1mz
ImpHash	-

c4b07931b3fc37bc80d56a367783e7fa7c04ced4befec7f57ed079c38c960400

Downloaded File

HTML

MIME Type	text/html
File Size	796 Bytes
MD5	265e51037981a14ed99a5fc8c5ec1b51
SHA1	d12ac588953298fdaf46dd5b4af8eb4cf6b06f0a
SHA256	c4b07931b3fc37bc80d56a367783e7fa7c04ced4befec7f57ed079c38c960400
SSDeep	24:hYYIzDImyJRA3ZsjNQCRtgoLY95Mu56+eDHHLFpk:rqLKj2CZLY5Mc6NDLg
ImpHash	-

999eedb07edc7dd877a06ba1853f53ea972956db42a1db8ca33fa1d25532c78b

Downloaded File

Text

MIME Type	text/plain
File Size	348 Bytes
MD5	cad05d3038f2f9550c2f3512b4662695
SHA1	fdb3b3e1fd84eaf08845cf17cf4d455908cc581a
SHA256	999eedb07edc7dd877a06ba1853f53ea972956db42a1db8ca33fa1d25532c78b
SSDeep	6:0d/9r1e5a5GgLp3T2BwWlB+zs8AOign/UKprh2E2km6P8imcmTjM+G/dhpewE+b1:0V6a5GgdTkxKzsrC+EDm60imN/AGwL1
ImpHash	-

7dc1703352d544fdb83d76b685679d0d2e0a1cd1d89126b396c80734ffe1afb7

Downloaded File

HTML

MIME Type	text/html
File Size	259 Bytes
MD5	e03680958a9175d0b556cf5f1e08ff8a
SHA1	b16c73072a3a85978108b81662aeb4a3f5497a71
SHA256	7dc1703352d544fdb83d76b685679d0d2e0a1cd1d89126b396c80734ffe1afb7
SSDeep	6:hax/XW3/p5mmYydyZRPb3Gt6990qfdduB9d:hax/XKHmzZRPb3a699JddG
ImpHash	-

05f05d831858b70ffe0c312ac721fb2a32da5d8548e96c39fd634dfd955b0da8

Downloaded File

Text

MIME Type	text/plain
File Size	212 Bytes
MD5	dfff2c34413d9285336fc095bb8f41b1
SHA1	a8b6eb0b1ded18782ee07e6025ac991622185611
SHA256	05f05d831858b70ffe0c312ac721fb2a32da5d8548e96c39fd634dfd955b0da8
SSDeep	3:0d1RrlK3e10iJRyPRqKu1N4yYnbVRfGZ4tCQ3gQlhB18pRMKgwNjj+R1OIc+yL94:0d1RQuxfyS1N4JVtGZgCJQRs1NRf+294
ImpHash	-

c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat

Modified File

Stream

MIME Type	application/octet-stream
File Size	128 Bytes
MD5	cc90851958032b8c8bbb7b24ec6271dd
SHA1	e027ad2ea4049374a3b01af2e3626b667dc816bc
SHA256	c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858
SSDeep	3:Fl:
ImpHash	-

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information