Try VMRay Platform
Malicious
Classifications

Ransomware

Threat Names

CryptoLocker Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-11-21T04:53:41+00:00

FPDukzLNdgpSduPk.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\FPDukzLNdgpSduPk.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 30.02 KB
MD5 f5345f046c99ca7062d35ab39358c268 Copy to Clipboard
SHA1 8ed11a108985fe72d2eb0e492221c213c2155aaf Copy to Clipboard
SHA256 826f35691c5887449898c5d47e667a1fb6f9d1a8fb7cd5829c31b4845707e404 Copy to Clipboard
SSDeep 384:v0VkMq01bJ3wtEwPS8HLEh+Jagz+3be+26Rsn1rCcOQtOOtEvwDpjqIGRS/Vb9h7:vQz7yVEhs9+js1SQtOOtEvwDpjz9+an Copy to Clipboard
ImpHash 5c55d83b58dbc1f7154223c32a893074 Copy to Clipboard
Static Analysis Parser Error malformed string file info
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00500000
Entry Point 0x00501000
Size Of Code 0x00002E00
Size Of Initialized Data 0x00003E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2013-10-02 14:54 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00501000 0x00002CCF 0x00002E00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.04
.rdata 0x00504000 0x000004C6 0x00000600 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.25
.data 0x00505000 0x0000061B 0x00000400 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.76
.rsrc 0x00506000 0x00002AC8 0x00002C00 0x00003C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.98
.reloc 0x00509000 0x0000021E 0x00000400 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 3.44
Imports (3)
»
user32.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShowWindow - 0x00504040 0x00004260 0x00003460 0x00000248
PostQuitMessage - 0x00504044 0x00004264 0x00003464 0x000001D5
GetMessageA - 0x00504048 0x00004268 0x00003468 0x00000122
EndPaint - 0x0050404C 0x0000426C 0x0000346C 0x000000B6
DispatchMessageA - 0x00504050 0x00004270 0x00003470 0x00000093
BeginPaint - 0x00504054 0x00004274 0x00003474 0x0000000B
TranslateMessage - 0x00504058 0x00004278 0x00003478 0x0000025E
MoveWindow - 0x0050405C 0x0000427C 0x0000347C 0x000001BE
CreateWindowExA - 0x00504060 0x00004280 0x00003480 0x00000056
RegisterClassExA - 0x00504064 0x00004284 0x00003484 0x000001E1
DefWindowProcA - 0x00504068 0x00004288 0x00003488 0x00000083
MessageBoxA - 0x0050406C 0x0000428C 0x0000348C 0x000001B1
SendMessageA - 0x00504070 0x00004290 0x00003490 0x000001FD
DestroyWindow - 0x00504074 0x00004294 0x00003494 0x0000008D
LoadCursorA - 0x00504078 0x00004298 0x00003498 0x00000194
LoadIconA - 0x0050407C 0x0000429C 0x0000349C 0x00000198
UpdateWindow - 0x00504080 0x000042A0 0x000034A0 0x0000026A
GetWindowRect - 0x00504084 0x000042A4 0x000034A4 0x00000157
kernel32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLastError - 0x00504008 0x00004228 0x00003428 0x00000128
lstrcpyA - 0x0050400C 0x0000422C 0x0000342C 0x00000315
GetModuleHandleA - 0x00504010 0x00004230 0x00003430 0x00000134
GetCommandLineA - 0x00504014 0x00004234 0x00003434 0x000000E6
FindFirstFileA - 0x00504018 0x00004238 0x00003438 0x000000B1
FormatMessageA - 0x0050401C 0x0000423C 0x0000343C 0x000000CC
FindClose - 0x00504020 0x00004240 0x00003440 0x000000AD
FindNextFileA - 0x00504024 0x00004244 0x00003444 0x000000BA
DeleteFileA - 0x00504028 0x00004248 0x00003448 0x00000069
CloseHandle - 0x0050402C 0x0000424C 0x0000344C 0x00000023
GetCPInfo - 0x00504030 0x00004250 0x00003450 0x000000DB
GetACP - 0x00504034 0x00004254 0x00003454 0x000000D6
CreateFileA - 0x00504038 0x00004258 0x00003458 0x0000003D
gdi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x00504000 0x00004220 0x00003420 0x0000002F
Memory Dumps (8)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
fpdukzlndgpsdupk.exe 1 0x00500000 0x00509FFF Relevant Image False 32-bit 0x00503376 False
...
buffer 1 0x00610000 0x00615FFF First Execution False 32-bit 0x00610009 False
...
buffer 1 0x00630000 0x00635FFF Marked Executable False 32-bit - False
...
buffer 1 0x00630000 0x00635FFF Marked Executable False 32-bit - False
...
buffer 1 0x00630000 0x00635FFF Marked Executable False 32-bit - False
...
buffer 1 0x00630000 0x00635FFF Marked Executable False 32-bit - False
...
buffer 1 0x00630000 0x00635FFF First Execution False 32-bit 0x00631020 False
...
fpdukzlndgpsdupk.exe 1 0x00500000 0x00509FFF Process Termination False 32-bit - False
...
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
CryptoLocker_rule2 CryptoLocker ransomware Ransomware
5/5
...
CryptoLocker_set1 CryptoLocker ransomware Ransomware
5/5
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\misid.exe Dropped File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 30.12 KB
MD5 7c76b36c4c93debc38d816080240daae Copy to Clipboard
SHA1 e7cab254119a75f35907b3cf64b22d47ff1d86d1 Copy to Clipboard
SHA256 241e777073ae4ee7f8a48e019faa1dbfb72c125bfdbdd319a97c417ae0c92ba1 Copy to Clipboard
SSDeep 384:v0VkMq01bJ3wtEwPS8HLEh+Jagz+3be+26Rsn1rCcOQtOOtEvwDpjqIGRS/Vb9ha:vQz7yVEhs9+js1SQtOOtEvwDpjz9+au Copy to Clipboard
ImpHash 5c55d83b58dbc1f7154223c32a893074 Copy to Clipboard
Static Analysis Parser Error malformed string file info
PE Information
»
Image Base 0x00500000
Entry Point 0x00501000
Size Of Code 0x00002E00
Size Of Initialized Data 0x00003E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2013-10-02 14:54 (UTC+2)
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00501000 0x00002CCF 0x00002E00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.04
.rdata 0x00504000 0x000004C6 0x00000600 0x00003200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.25
.data 0x00505000 0x0000061B 0x00000400 0x00003800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.76
.rsrc 0x00506000 0x00002AC8 0x00002C00 0x00003C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.98
.reloc 0x00509000 0x0000021E 0x00000400 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 3.44
Imports (3)
»
user32.dll (18)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShowWindow - 0x00504040 0x00004260 0x00003460 0x00000248
PostQuitMessage - 0x00504044 0x00004264 0x00003464 0x000001D5
GetMessageA - 0x00504048 0x00004268 0x00003468 0x00000122
EndPaint - 0x0050404C 0x0000426C 0x0000346C 0x000000B6
DispatchMessageA - 0x00504050 0x00004270 0x00003470 0x00000093
BeginPaint - 0x00504054 0x00004274 0x00003474 0x0000000B
TranslateMessage - 0x00504058 0x00004278 0x00003478 0x0000025E
MoveWindow - 0x0050405C 0x0000427C 0x0000347C 0x000001BE
CreateWindowExA - 0x00504060 0x00004280 0x00003480 0x00000056
RegisterClassExA - 0x00504064 0x00004284 0x00003484 0x000001E1
DefWindowProcA - 0x00504068 0x00004288 0x00003488 0x00000083
MessageBoxA - 0x0050406C 0x0000428C 0x0000348C 0x000001B1
SendMessageA - 0x00504070 0x00004290 0x00003490 0x000001FD
DestroyWindow - 0x00504074 0x00004294 0x00003494 0x0000008D
LoadCursorA - 0x00504078 0x00004298 0x00003498 0x00000194
LoadIconA - 0x0050407C 0x0000429C 0x0000349C 0x00000198
UpdateWindow - 0x00504080 0x000042A0 0x000034A0 0x0000026A
GetWindowRect - 0x00504084 0x000042A4 0x000034A4 0x00000157
kernel32.dll (13)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLastError - 0x00504008 0x00004228 0x00003428 0x00000128
lstrcpyA - 0x0050400C 0x0000422C 0x0000342C 0x00000315
GetModuleHandleA - 0x00504010 0x00004230 0x00003430 0x00000134
GetCommandLineA - 0x00504014 0x00004234 0x00003434 0x000000E6
FindFirstFileA - 0x00504018 0x00004238 0x00003438 0x000000B1
FormatMessageA - 0x0050401C 0x0000423C 0x0000343C 0x000000CC
FindClose - 0x00504020 0x00004240 0x00003440 0x000000AD
FindNextFileA - 0x00504024 0x00004244 0x00003444 0x000000BA
DeleteFileA - 0x00504028 0x00004248 0x00003448 0x00000069
CloseHandle - 0x0050402C 0x0000424C 0x0000344C 0x00000023
GetCPInfo - 0x00504030 0x00004250 0x00003450 0x000000DB
GetACP - 0x00504034 0x00004254 0x00003454 0x000000D6
CreateFileA - 0x00504038 0x00004258 0x00003458 0x0000003D
gdi32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CreateFontIndirectA - 0x00504000 0x00004220 0x00003420 0x0000002F
Memory Dumps (15)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
misid.exe 2 0x00500000 0x00509FFF Relevant Image False 32-bit 0x00502DEA False
...
buffer 2 0x00690000 0x00695FFF First Execution False 32-bit 0x00690009 False
...
buffer 2 0x006C0000 0x006C5FFF Marked Executable False 32-bit - False
...
buffer 2 0x006C0000 0x006C5FFF Marked Executable False 32-bit - False
...
buffer 2 0x006C0000 0x006C5FFF Marked Executable False 32-bit - False
...
buffer 2 0x006C0000 0x006C5FFF Marked Executable False 32-bit - False
...
buffer 2 0x006C0000 0x006C5FFF First Execution False 32-bit 0x006C1020 False
...
buffer 2 0x0019A000 0x0019FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x001F0000 0x001F5FFF First Network Behavior False 32-bit - False
...
buffer 2 0x00690000 0x00695FFF First Network Behavior False 32-bit - False
...
buffer 2 0x006C0000 0x006C5FFF First Network Behavior False 32-bit 0x006C12B8 False
...
buffer 2 0x02010000 0x0214FFFF First Network Behavior False 32-bit - False
...
misid.exe 2 0x00500000 0x00509FFF First Network Behavior False 32-bit - False
...
counters.dat 2 0x006D0000 0x006D0FFF First Network Behavior False 32-bit - False
...
misid.exe 2 0x00500000 0x00509FFF Process Termination False 32-bit - False
...
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
CryptoLocker_rule2 CryptoLocker ransomware Ransomware
5/5
...
CryptoLocker_set1 CryptoLocker ransomware Ransomware
5/5
...
c:\users\rdhj0cnfevzx\appdata\local\temp\misids.exe Downloaded File HTML
Clean
Known to be clean.
...
»
Also Known As misids.exe (Accessed File, Downloaded File)
MIME Type text/html
File Size 315 Bytes
MD5 a34ac19f4afae63adc5d2f7bc970c07f Copy to Clipboard
SHA1 a82190fc530c265aa40a045c21770d967f4767b8 Copy to Clipboard
SHA256 d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3 Copy to Clipboard
SSDeep 6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoFEHcLgabzjsKtgsg93wzRbKqD:J0+oxBeRmR9etdzRxGezZfCzjsKtgizR Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image