Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

XWorm

Dynamic Analysis Report

Created on 2025-01-11T10:13:29+00:00

magamed_protected.exe

Windows Exe (x86-64)
...

Remarks (1/1)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

Remarks

(0x0200005D): 116 additional dumps with the reason "Content Changed" and a total of 397 MB were skipped because the respective maximum limit was reached.

Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\magamed_protected.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.65 MB
MD5 fddc40c9bec94cf6017a81234331caf6 Copy to Clipboard
SHA1 7b20c96c1816baad408cb549d5b27600cbdafd47 Copy to Clipboard
SHA256 4fc91117bb4e871081db373afcce037e1c163f3397389076902964cb16d54bc2 Copy to Clipboard
SSDeep 49152:BEuq6vneCxqo8FkjZel4zfP2iESyTWB4JR80a:BFqQneWR8FkjElwfOOKJR80a Copy to Clipboard
ImpHash e8a30656287fe831c9782204ed10cd68 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x140000000
Entry Point 0x1400266B0
Size Of Code 0x00039A00
Size Of Initialized Data 0x00045200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2024-05-12 10:17 (UTC)
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x000398CE 0x00039A00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.47
.rdata 0x14003B000 0x0001118C 0x00011200 0x00039E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.22
.data 0x14004D000 0x0001EF5C 0x00001A00 0x0004B000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.18
.pdata 0x14006C000 0x00002AB4 0x00002C00 0x0004CA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.41
.didat 0x14006F000 0x00000308 0x00000400 0x0004F600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.79
_RDATA 0x140070000 0x0000015C 0x00000200 0x0004FA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.33
.rsrc 0x140071000 0x0002E98C 0x0002EA00 0x0004FC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.84
.reloc 0x1400A0000 0x00000938 0x00000A00 0x0007E600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.23
Imports (3)
»
KERNEL32.dll (134)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LocalFree - 0x14003B000 0x0004B268 0x0004A068 0x0000034A
GetLastError - 0x14003B008 0x0004B270 0x0004A070 0x00000208
SetLastError - 0x14003B010 0x0004B278 0x0004A078 0x00000480
FormatMessageW - 0x14003B018 0x0004B280 0x0004A080 0x00000164
GetFileType - 0x14003B020 0x0004B288 0x0004A088 0x000001FA
GetStdHandle - 0x14003B028 0x0004B290 0x0004A090 0x0000026B
WriteFile - 0x14003B030 0x0004B298 0x0004A098 0x00000534
ReadFile - 0x14003B038 0x0004B2A0 0x0004A0A0 0x000003C3
FlushFileBuffers - 0x14003B040 0x0004B2A8 0x0004A0A8 0x0000015D
SetEndOfFile - 0x14003B048 0x0004B2B0 0x0004A0B0 0x00000461
SetFilePointer - 0x14003B050 0x0004B2B8 0x0004A0B8 0x00000474
SetFileTime - 0x14003B058 0x0004B2C0 0x0004A0C0 0x00000478
CloseHandle - 0x14003B060 0x0004B2C8 0x0004A0C8 0x00000052
CreateFileW - 0x14003B068 0x0004B2D0 0x0004A0D0 0x0000008F
GetCurrentProcessId - 0x14003B070 0x0004B2D8 0x0004A0D8 0x000001C7
CreateDirectoryW - 0x14003B078 0x0004B2E0 0x0004A0E0 0x00000081
RemoveDirectoryW - 0x14003B080 0x0004B2E8 0x0004A0E8 0x00000406
SetFileAttributesW - 0x14003B088 0x0004B2F0 0x0004A0F0 0x0000046F
GetFileAttributesW - 0x14003B090 0x0004B2F8 0x0004A0F8 0x000001F1
DeleteFileW - 0x14003B098 0x0004B300 0x0004A100 0x000000D7
MoveFileW - 0x14003B0A0 0x0004B308 0x0004A108 0x00000365
FindClose - 0x14003B0A8 0x0004B310 0x0004A110 0x00000134
FindFirstFileW - 0x14003B0B0 0x0004B318 0x0004A118 0x0000013F
FindNextFileW - 0x14003B0B8 0x0004B320 0x0004A120 0x0000014B
GetVersionExW - 0x14003B0C0 0x0004B328 0x0004A128 0x000002AC
GetModuleFileNameW - 0x14003B0C8 0x0004B330 0x0004A130 0x0000021A
SetCurrentDirectoryW - 0x14003B0D0 0x0004B338 0x0004A138 0x0000045B
GetCurrentDirectoryW - 0x14003B0D8 0x0004B340 0x0004A140 0x000001C5
GetFullPathNameW - 0x14003B0E0 0x0004B348 0x0004A148 0x00000202
FoldStringW - 0x14003B0E8 0x0004B350 0x0004A150 0x00000162
GetModuleHandleW - 0x14003B0F0 0x0004B358 0x0004A158 0x0000021E
FindResourceW - 0x14003B0F8 0x0004B360 0x0004A160 0x00000154
FreeLibrary - 0x14003B100 0x0004B368 0x0004A168 0x00000168
GetProcAddress - 0x14003B108 0x0004B370 0x0004A170 0x0000024C
ExpandEnvironmentStringsW - 0x14003B110 0x0004B378 0x0004A178 0x00000123
ExitProcess - 0x14003B118 0x0004B380 0x0004A180 0x0000011F
SetThreadExecutionState - 0x14003B120 0x0004B388 0x0004A188 0x000004A0
Sleep - 0x14003B128 0x0004B390 0x0004A190 0x000004C0
LoadLibraryW - 0x14003B130 0x0004B398 0x0004A198 0x00000341
GetSystemDirectoryW - 0x14003B138 0x0004B3A0 0x0004A1A0 0x00000277
CompareStringW - 0x14003B140 0x0004B3A8 0x0004A1A8 0x00000064
AllocConsole - 0x14003B148 0x0004B3B0 0x0004A1B0 0x00000010
FreeConsole - 0x14003B150 0x0004B3B8 0x0004A1B8 0x00000165
AttachConsole - 0x14003B158 0x0004B3C0 0x0004A1C0 0x00000017
WriteConsoleW - 0x14003B160 0x0004B3C8 0x0004A1C8 0x00000533
SystemTimeToTzSpecificLocalTime - 0x14003B168 0x0004B3D0 0x0004A1D0 0x000004CC
TzSpecificLocalTimeToSystemTime - 0x14003B170 0x0004B3D8 0x0004A1D8 0x000004DE
SystemTimeToFileTime - 0x14003B178 0x0004B3E0 0x0004A1E0 0x000004CB
LocalFileTimeToFileTime - 0x14003B180 0x0004B3E8 0x0004A1E8 0x00000348
FileTimeToSystemTime - 0x14003B188 0x0004B3F0 0x0004A1F0 0x0000012B
GetCPInfo - 0x14003B190 0x0004B3F8 0x0004A1F8 0x00000178
IsDBCSLeadByte - 0x14003B198 0x0004B400 0x0004A200 0x00000300
MultiByteToWideChar - 0x14003B1A0 0x0004B408 0x0004A208 0x00000369
WideCharToMultiByte - 0x14003B1A8 0x0004B410 0x0004A210 0x00000520
GlobalAlloc - 0x14003B1B0 0x0004B418 0x0004A218 0x000002BB
LockResource - 0x14003B1B8 0x0004B420 0x0004A220 0x00000356
GlobalLock - 0x14003B1C0 0x0004B428 0x0004A228 0x000002C6
GlobalUnlock - 0x14003B1C8 0x0004B430 0x0004A230 0x000002CD
GlobalFree - 0x14003B1D0 0x0004B438 0x0004A238 0x000002C2
LoadResource - 0x14003B1D8 0x0004B440 0x0004A240 0x00000343
SizeofResource - 0x14003B1E0 0x0004B448 0x0004A248 0x000004BF
GetTimeFormatW - 0x14003B1E8 0x0004B450 0x0004A250 0x0000029E
GetDateFormatW - 0x14003B1F0 0x0004B458 0x0004A258 0x000001CF
GetCurrentProcess - 0x14003B1F8 0x0004B460 0x0004A260 0x000001C6
GetExitCodeProcess - 0x14003B200 0x0004B468 0x0004A268 0x000001E6
WaitForSingleObject - 0x14003B208 0x0004B470 0x0004A270 0x00000508
GetLocalTime - 0x14003B210 0x0004B478 0x0004A278 0x00000209
GetTickCount - 0x14003B218 0x0004B480 0x0004A280 0x0000029A
MapViewOfFile - 0x14003B220 0x0004B488 0x0004A288 0x00000359
UnmapViewOfFile - 0x14003B228 0x0004B490 0x0004A290 0x000004E5
CreateFileMappingW - 0x14003B230 0x0004B498 0x0004A298 0x0000008C
OpenFileMappingW - 0x14003B238 0x0004B4A0 0x0004A2A0 0x0000037B
GetCommandLineW - 0x14003B240 0x0004B4A8 0x0004A2A8 0x0000018D
SetEnvironmentVariableW - 0x14003B248 0x0004B4B0 0x0004A2B0 0x00000465
GetTempPathW - 0x14003B250 0x0004B4B8 0x0004A2B8 0x0000028C
MoveFileExW - 0x14003B258 0x0004B4C0 0x0004A2C0 0x00000362
GetLocaleInfoW - 0x14003B260 0x0004B4C8 0x0004A2C8 0x0000020C
GetNumberFormatW - 0x14003B268 0x0004B4D0 0x0004A2D0 0x0000023A
SetFilePointerEx - 0x14003B270 0x0004B4D8 0x0004A2D8 0x00000475
GetConsoleMode - 0x14003B278 0x0004B4E0 0x0004A2E0 0x000001B2
GetConsoleCP - 0x14003B280 0x0004B4E8 0x0004A2E8 0x000001A0
HeapReAlloc - 0x14003B288 0x0004B4F0 0x0004A2F0 0x000002DA
HeapSize - 0x14003B290 0x0004B4F8 0x0004A2F8 0x000002DC
SetStdHandle - 0x14003B298 0x0004B500 0x0004A300 0x00000494
GetProcessHeap - 0x14003B2A0 0x0004B508 0x0004A308 0x00000251
FreeEnvironmentStringsW - 0x14003B2A8 0x0004B510 0x0004A310 0x00000167
GetEnvironmentStringsW - 0x14003B2B0 0x0004B518 0x0004A318 0x000001E1
GetCommandLineA - 0x14003B2B8 0x0004B520 0x0004A320 0x0000018C
RaiseException - 0x14003B2C0 0x0004B528 0x0004A328 0x000003B4
GetSystemInfo - 0x14003B2C8 0x0004B530 0x0004A330 0x0000027A
VirtualProtect - 0x14003B2D0 0x0004B538 0x0004A338 0x000004FE
VirtualQuery - 0x14003B2D8 0x0004B540 0x0004A340 0x00000500
LoadLibraryExA - 0x14003B2E0 0x0004B548 0x0004A348 0x0000033F
RtlCaptureContext - 0x14003B2E8 0x0004B550 0x0004A350 0x00000418
RtlLookupFunctionEntry - 0x14003B2F0 0x0004B558 0x0004A358 0x0000041F
RtlVirtualUnwind - 0x14003B2F8 0x0004B560 0x0004A360 0x00000426
UnhandledExceptionFilter - 0x14003B300 0x0004B568 0x0004A368 0x000004E2
SetUnhandledExceptionFilter - 0x14003B308 0x0004B570 0x0004A370 0x000004B3
TerminateProcess - 0x14003B310 0x0004B578 0x0004A378 0x000004CE
IsProcessorFeaturePresent - 0x14003B318 0x0004B580 0x0004A380 0x00000306
EnterCriticalSection - 0x14003B320 0x0004B588 0x0004A388 0x000000F2
LeaveCriticalSection - 0x14003B328 0x0004B590 0x0004A390 0x0000033B
InitializeCriticalSectionAndSpinCount - 0x14003B330 0x0004B598 0x0004A398 0x000002EB
DeleteCriticalSection - 0x14003B338 0x0004B5A0 0x0004A3A0 0x000000D2
SetEvent - 0x14003B340 0x0004B5A8 0x0004A3A8 0x00000467
ResetEvent - 0x14003B348 0x0004B5B0 0x0004A3B0 0x00000412
WaitForSingleObjectEx - 0x14003B350 0x0004B5B8 0x0004A3B8 0x00000509
CreateEventW - 0x14003B358 0x0004B5C0 0x0004A3C0 0x00000085
IsDebuggerPresent - 0x14003B360 0x0004B5C8 0x0004A3C8 0x00000302
GetStartupInfoW - 0x14003B368 0x0004B5D0 0x0004A3D0 0x0000026A
QueryPerformanceCounter - 0x14003B370 0x0004B5D8 0x0004A3D8 0x000003A9
GetCurrentThreadId - 0x14003B378 0x0004B5E0 0x0004A3E0 0x000001CB
GetSystemTimeAsFileTime - 0x14003B380 0x0004B5E8 0x0004A3E8 0x00000280
InitializeSListHead - 0x14003B388 0x0004B5F0 0x0004A3F0 0x000002EF
RtlPcToFileHeader - 0x14003B390 0x0004B5F8 0x0004A3F8 0x00000421
RtlUnwindEx - 0x14003B398 0x0004B600 0x0004A400 0x00000425
EncodePointer - 0x14003B3A0 0x0004B608 0x0004A408 0x000000EE
TlsAlloc - 0x14003B3A8 0x0004B610 0x0004A410 0x000004D3
TlsGetValue - 0x14003B3B0 0x0004B618 0x0004A418 0x000004D5
TlsSetValue - 0x14003B3B8 0x0004B620 0x0004A420 0x000004D6
TlsFree - 0x14003B3C0 0x0004B628 0x0004A428 0x000004D4
LoadLibraryExW - 0x14003B3C8 0x0004B630 0x0004A430 0x00000340
QueryPerformanceFrequency - 0x14003B3D0 0x0004B638 0x0004A438 0x000003AA
GetModuleHandleExW - 0x14003B3D8 0x0004B640 0x0004A440 0x0000021D
GetModuleFileNameA - 0x14003B3E0 0x0004B648 0x0004A448 0x00000219
GetACP - 0x14003B3E8 0x0004B650 0x0004A450 0x0000016E
HeapFree - 0x14003B3F0 0x0004B658 0x0004A458 0x000002D7
HeapAlloc - 0x14003B3F8 0x0004B660 0x0004A460 0x000002D3
GetStringTypeW - 0x14003B400 0x0004B668 0x0004A468 0x00000270
LCMapStringW - 0x14003B408 0x0004B670 0x0004A470 0x0000032F
FindFirstFileExA - 0x14003B410 0x0004B678 0x0004A478 0x00000139
FindNextFileA - 0x14003B418 0x0004B680 0x0004A480 0x00000149
IsValidCodePage - 0x14003B420 0x0004B688 0x0004A488 0x0000030C
GetOEMCP - 0x14003B428 0x0004B690 0x0004A490 0x0000023E
OLEAUT32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString 0x00000002 0x14003B438 0x0004B6A0 0x0004A4A0 -
SysFreeString 0x00000006 0x14003B440 0x0004B6A8 0x0004A4A8 -
VariantClear 0x00000009 0x14003B448 0x0004B6B0 0x0004A4B0 -
gdiplus.dll (8)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdipCloneImage - 0x14003B458 0x0004B6C0 0x0004A4C0 0x00000036
GdipAlloc - 0x14003B460 0x0004B6C8 0x0004A4C8 0x00000021
GdipDisposeImage - 0x14003B468 0x0004B6D0 0x0004A4D0 0x00000098
GdipCreateBitmapFromStream - 0x14003B470 0x0004B6D8 0x0004A4D8 0x00000051
GdipCreateHBITMAPFromBitmap - 0x14003B478 0x0004B6E0 0x0004A4E0 0x0000005F
GdiplusStartup - 0x14003B480 0x0004B6E8 0x0004A4E8 0x00000275
GdiplusShutdown - 0x14003B488 0x0004B6F0 0x0004A4F0 0x00000274
GdipFree - 0x14003B490 0x0004B6F8 0x0004A4F8 0x000000ED
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
magamed_protected.exe 1 0x7FF7635A0000 0x7FF763640FFF Relevant Image False 64-bit 0x7FF7635D9640 False
...
magamed_protected.exe 1 0x7FF7635A0000 0x7FF763640FFF Process Termination False 64-bit - False
...
C:\Users\OQXZRA~1\AppData\Local\Temp\magamed_protected.exe Dropped File Binary
Malicious
...
»
Also Known As \??\c:\users\oqxzraykm\appdata\local\temp\magamed_protected.exe (Accessed File)
magamed_protected.exe (Dropped File, Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 1.23 MB
MD5 7f1fa0268cc3cb7e8d01a41bda21c1b7 Copy to Clipboard
SHA1 b233ac4e05e10c2323694630c78f83bc88347ec6 Copy to Clipboard
SHA256 c5345c545dc3c8b126ab394b6213d8e5ea0764275b3bf5f530de7b7e8a89e4d4 Copy to Clipboard
SSDeep 24576:ZCnyEVxquTQh61L0Kuv4nfqpbyyLXrkOV+N7FO8gD+2Sk:XEVxqxhUL0v4fGbyyLGNw8gdSk Copy to Clipboard
ImpHash 2e5467cba76f44a088d39f78c5e807b6 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x004087CE
Size Of Code 0x00013200
Size Of Initialized Data 0x00020000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2025-01-11 06:45 (UTC)
Version Information (7)
»
FileDescription
FileVersion 1.0.0.0
InternalName magamed.exe
LegalCopyright
OriginalFilename magamed.exe
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
0x00402000 0x00014000 0x0000CC00 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.99
0x00416000 0x00020000 0x00000000 0x0000D000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
0x00436000 0x00002000 0x00000200 0x0000D000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.28
.rsrc 0x00438000 0x00020000 0x0001FE00 0x0000D200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.17
0x00458000 0x00280000 0x0002BA00 0x0002D000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 8.0
fuckyou 0x006D8000 0x000E4000 0x000E3000 0x00058A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.99
Imports (8)
»
kernel32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA - 0x006D80D4 0x002D80D4 0x00058AD4 0x00000000
GetProcAddress - 0x006D80D8 0x002D80D8 0x00058AD8 0x00000000
ExitProcess - 0x006D80DC 0x002D80DC 0x00058ADC 0x00000000
LoadLibraryA - 0x006D80E0 0x002D80E0 0x00058AE0 0x00000000
user32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
MessageBoxA - 0x006D80E8 0x002D80E8 0x00058AE8 0x00000000
advapi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegCloseKey - 0x006D80F0 0x002D80F0 0x00058AF0 0x00000000
oleaut32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysFreeString - 0x006D80F8 0x002D80F8 0x00058AF8 0x00000000
gdi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontA - 0x006D8100 0x002D8100 0x00058B00 0x00000000
shell32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteA - 0x006D8108 0x002D8108 0x00058B08 0x00000000
version.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoA - 0x006D8110 0x002D8110 0x00058B10 0x00000000
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x006D8118 0x002D8118 0x00058B18 0x00000000
Memory Dumps (29)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
magamed_protected.exe 4 0x00EA0000 0x0125BFFF First Execution False 32-bit 0x00EA87CE False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x0105B56C False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x0105A4F8 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x0105B95D False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x0105D844 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x0100A280 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00EFC354 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F06D9C False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F07C74 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F4C148 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F4BD50 False
...
buffer 4 0x00510000 0x00510FFF Content Changed False 32-bit - False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F4E2F8 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F4FF40 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F540C4 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F51A20 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F7DA50 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F7A228 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F7DB58 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00EFF794 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F80B44 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00F1F000 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00FA5138 False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Content Changed False 32-bit 0x00FA93C4 False
...
buffer 4 0x00D34000 0x00D47FFF First Execution False 32-bit 0x00D44670 False
...
buffer 4 0x02670000 0x027C7FFF First Execution False 32-bit 0x02710034 False
...
buffer 4 0x00670000 0x00670FFF Marked Executable False 32-bit - False
...
buffer 4 0x00BE0000 0x00CDFFFF Marked Executable False 32-bit - False
...
magamed_protected.exe 4 0x00EA0000 0x0125BFFF Process Termination False 32-bit - False
...
c:\users\oqxzraykm\appdata\local\temp\__tmp_rar_sfx_access_check_30795515 Dropped File Empty
Clean
...
  • Actions
»
Also Known As __tmp_rar_sfx_access_check_30795515 (Dropped File, Accessed File)
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
0607c3e673c884419dabe28df35738e649ad63efce71d42ac8d54dcc80665d1b Extracted File Image
Clean
...
»
Parent File 5fcd6ffce66d09c0b6f1391dc91b021308fa504420b66de1032f0879f23bdb7d
MIME Type image/png
File Size 28.39 KB
MD5 e54656af0db43e616832174b5b85d358 Copy to Clipboard
SHA1 954ca98ae184f42e6bf7ca3e05c132d4cc943efc Copy to Clipboard
SHA256 0607c3e673c884419dabe28df35738e649ad63efce71d42ac8d54dcc80665d1b Copy to Clipboard
SSDeep 768:vVTFUhtKgeTWxcTLJsQD+S8m23UZG3AgA7D:vVRUhw3TWxcZss+SP21wH7D Copy to Clipboard
ImpHash -
22cfb29519172865366c83cef03e222ca8c0787e0f003cc4fb43423eb9450e6e Extracted File Image
Clean
...
»
Parent File C:\Users\OqXZRaykm\Desktop\magamed_protected.exe
MIME Type image/png
File Size 8.61 KB
MD5 75a8bec1197864628bc7a7bd542f371b Copy to Clipboard
SHA1 1b3be732ac5b77da11e0cd69eb034e4c3c314b8b Copy to Clipboard
SHA256 22cfb29519172865366c83cef03e222ca8c0787e0f003cc4fb43423eb9450e6e Copy to Clipboard
SSDeep 192:YbHbgk9NWyu274xaaT1E5z7WYxR0BajRBphbUbk2nGbrr:yA2Z+EBWCR3bhb8vO Copy to Clipboard
ImpHash -
27d3a1a2da49dc535cc10806abaae9dfa49e4f5f44a40540ead50e065b99ca68 Extracted File Image
Clean
Known to be clean.
...
»
Parent File C:\Users\OqXZRaykm\Desktop\magamed_protected.exe
MIME Type image/png
File Size 5.41 KB
MD5 e6ccfb6d9ffd4e1a907a47761c64bd79 Copy to Clipboard
SHA1 d6a2994dedae3527a878140aa60dcaa087b90445 Copy to Clipboard
SHA256 27d3a1a2da49dc535cc10806abaae9dfa49e4f5f44a40540ead50e065b99ca68 Copy to Clipboard
SSDeep 96:ioA0HldODFNSZCbgEZohRodU3vMg2vLWT3m5RQgVH0SmAMPzzZ2OC9vd/GrW4jD/:FlkDFNSWggWf3ILWTeMPzzZc9vd/yWe Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
a91f4373ceebadfc70b3bd0758848918f928c3c76562e3d9d531574796fd9e9c Extracted File Image
Clean
...
»
Parent File C:\Users\OqXZRaykm\Desktop\magamed_protected.exe
MIME Type image/png
File Size 2.81 KB
MD5 63486a769bbe3f49d5848b9c69734a25 Copy to Clipboard
SHA1 e48bd36c2f23c238206bdddf3ebb6d6862905710 Copy to Clipboard
SHA256 a91f4373ceebadfc70b3bd0758848918f928c3c76562e3d9d531574796fd9e9c Copy to Clipboard
SSDeep 48:Tppthbcpv0j+3MIG68XIZm2iVAMd+1pzX7JGkVdxU6UPyoarDZICZXBIYB8bn0eP:7bev0j+3r0JCM8zb7JGkhU68yoanZHZc Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image