Ursnif | a6886a3566a1

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\OqXZRaykm\Desktop\a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	177.50 KB
MD5	aa37b36ea7ba39b6c00ae1b01bada3f7
SHA1	90545746e5b23fcdf7db1fa5c30588df2f4c31bf
SHA256	a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7
SSDeep	3072:sKUXgTGIAmez+JQAxHun7YB5ahAWlS5UQjV:0gTfBfxAkBSAP5
ImpHash	0c16d61a145a6038e0c4acd3e1db8764

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x00402F11
Size Of Code	0x0000B200
Size Of Initialized Data	0x0009FA00
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2022-04-24 10:09 (UTC+2)

Version Information (6)

CompanyName	Furious
FileDescriptions	WorldWrappering
FilesVersion	4.1.61.53
InternalName	FavorCoursel.exe
LegalTrademarks1	Glab fantastic
ProductName	SpecialistTuning

Sections (4)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x0000B144	0x0000B200	0x00000400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.01
.data	0x0040D000	0x0009072C	0x00013200	0x0000B600	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.85
.wuke	0x0049E000	0x00000096	0x00000200	0x0001E800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rsrc	0x0049F000	0x0000DAF0	0x0000DC00	0x0001EA00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.47

Imports (2)

KERNEL32.dll (100)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PulseEvent	-	0x00401000	0x0000B838	0x0000AC38	0x0000039A
SetDefaultCommConfigA	-	0x00401004	0x0000B83C	0x0000AC3C	0x0000044E
FindFirstFileW	-	0x00401008	0x0000B840	0x0000AC40	0x00000139
EnumCalendarInfoA	-	0x0040100C	0x0000B844	0x0000AC44	0x000000EF
_llseek	-	0x00401010	0x0000B848	0x0000AC48	0x00000539
GetConsoleAliasA	-	0x00401014	0x0000B84C	0x0000AC4C	0x00000190
GetCurrentProcess	-	0x00401018	0x0000B850	0x0000AC50	0x000001C0
InterlockedCompareExchange	-	0x0040101C	0x0000B854	0x0000AC54	0x000002E9
SleepEx	-	0x00401020	0x0000B858	0x0000AC58	0x000004B5
GetWindowsDirectoryA	-	0x00401024	0x0000B85C	0x0000AC5C	0x000002AE
EnumTimeFormatsW	-	0x00401028	0x0000B860	0x0000AC60	0x00000112
WriteFileGather	-	0x0040102C	0x0000B864	0x0000AC64	0x00000527
EnumResourceTypesA	-	0x00401030	0x0000B868	0x0000AC68	0x00000103
ActivateActCtx	-	0x00401034	0x0000B86C	0x0000AC6C	0x00000002
GlobalAlloc	-	0x00401038	0x0000B870	0x0000AC70	0x000002B3
GetFirmwareEnvironmentVariableA	-	0x0040103C	0x0000B874	0x0000AC74	0x000001F6
LoadLibraryW	-	0x00401040	0x0000B878	0x0000AC78	0x0000033F
Sleep	-	0x00401044	0x0000B87C	0x0000AC7C	0x000004B2
ReadConsoleInputA	-	0x00401048	0x0000B880	0x0000AC80	0x000003B5
LeaveCriticalSection	-	0x0040104C	0x0000B884	0x0000AC84	0x00000339
GetFileAttributesW	-	0x00401050	0x0000B888	0x0000AC88	0x000001EA
WritePrivateProfileSectionW	-	0x00401054	0x0000B88C	0x0000AC8C	0x00000529
TerminateProcess	-	0x00401058	0x0000B890	0x0000AC90	0x000004C0
IsDBCSLeadByte	-	0x0040105C	0x0000B894	0x0000AC94	0x000002FE
lstrcmpW	-	0x00401060	0x0000B898	0x0000AC98	0x00000542
GlobalUnlock	-	0x00401064	0x0000B89C	0x0000AC9C	0x000002C5
RaiseException	-	0x00401068	0x0000B8A0	0x0000ACA0	0x000003B1
SetLastError	-	0x0040106C	0x0000B8A4	0x0000ACA4	0x00000473
GetProcAddress	-	0x00401070	0x0000B8A8	0x0000ACA8	0x00000245
GlobalGetAtomNameA	-	0x00401074	0x0000B8AC	0x0000ACAC	0x000002BB
OpenWaitableTimerA	-	0x00401078	0x0000B8B0	0x0000ACB0	0x00000387
AddAtomA	-	0x0040107C	0x0000B8B4	0x0000ACB4	0x00000003
FindFirstVolumeMountPointA	-	0x00401080	0x0000B8B8	0x0000ACB8	0x0000013D
GetModuleHandleA	-	0x00401084	0x0000B8BC	0x0000ACBC	0x00000215
FindNextFileW	-	0x00401088	0x0000B8C0	0x0000ACC0	0x00000145
GetShortPathNameW	-	0x0040108C	0x0000B8C4	0x0000ACC4	0x00000261
GetCPInfoExA	-	0x00401090	0x0000B8C8	0x0000ACC8	0x00000173
SetCalendarInfoA	-	0x00401094	0x0000B8CC	0x0000ACCC	0x0000041E
ReadConsoleInputW	-	0x00401098	0x0000B8D0	0x0000ACD0	0x000003B8
DeleteFileW	-	0x0040109C	0x0000B8D4	0x0000ACD4	0x000000D6
EnumCalendarInfoExA	-	0x004010A0	0x0000B8D8	0x0000ACD8	0x000000F0
LocalFree	-	0x004010A4	0x0000B8DC	0x0000ACDC	0x00000348
CopyFileExA	-	0x004010A8	0x0000B8E0	0x0000ACE0	0x00000071
GetLastError	-	0x004010AC	0x0000B8E4	0x0000ACE4	0x00000202
DeleteFileA	-	0x004010B0	0x0000B8E8	0x0000ACE8	0x000000D3
GetCommandLineA	-	0x004010B4	0x0000B8EC	0x0000ACEC	0x00000186
HeapSetInformation	-	0x004010B8	0x0000B8F0	0x0000ACF0	0x000002D3
GetStartupInfoW	-	0x004010BC	0x0000B8F4	0x0000ACF4	0x00000263
EnterCriticalSection	-	0x004010C0	0x0000B8F8	0x0000ACF8	0x000000EE
SetFilePointer	-	0x004010C4	0x0000B8FC	0x0000ACFC	0x00000466
SetHandleCount	-	0x004010C8	0x0000B900	0x0000AD00	0x0000046F
GetStdHandle	-	0x004010CC	0x0000B904	0x0000AD04	0x00000264
InitializeCriticalSectionAndSpinCount	-	0x004010D0	0x0000B908	0x0000AD08	0x000002E3
GetFileType	-	0x004010D4	0x0000B90C	0x0000AD0C	0x000001F3
DeleteCriticalSection	-	0x004010D8	0x0000B910	0x0000AD10	0x000000D1
UnhandledExceptionFilter	-	0x004010DC	0x0000B914	0x0000AD14	0x000004D3
SetUnhandledExceptionFilter	-	0x004010E0	0x0000B918	0x0000AD18	0x000004A5
IsDebuggerPresent	-	0x004010E4	0x0000B91C	0x0000AD1C	0x00000300
EncodePointer	-	0x004010E8	0x0000B920	0x0000AD20	0x000000EA
DecodePointer	-	0x004010EC	0x0000B924	0x0000AD24	0x000000CA
GetModuleHandleW	-	0x004010F0	0x0000B928	0x0000AD28	0x00000218
ExitProcess	-	0x004010F4	0x0000B92C	0x0000AD2C	0x00000119
WriteFile	-	0x004010F8	0x0000B930	0x0000AD30	0x00000525
GetModuleFileNameW	-	0x004010FC	0x0000B934	0x0000AD34	0x00000214
GetModuleFileNameA	-	0x00401100	0x0000B938	0x0000AD38	0x00000213
FreeEnvironmentStringsW	-	0x00401104	0x0000B93C	0x0000AD3C	0x00000161
WideCharToMultiByte	-	0x00401108	0x0000B940	0x0000AD40	0x00000511
GetEnvironmentStringsW	-	0x0040110C	0x0000B944	0x0000AD44	0x000001DA
TlsAlloc	-	0x00401110	0x0000B948	0x0000AD48	0x000004C5
TlsGetValue	-	0x00401114	0x0000B94C	0x0000AD4C	0x000004C7
TlsSetValue	-	0x00401118	0x0000B950	0x0000AD50	0x000004C8
TlsFree	-	0x0040111C	0x0000B954	0x0000AD54	0x000004C6
InterlockedIncrement	-	0x00401120	0x0000B958	0x0000AD58	0x000002EF
GetCurrentThreadId	-	0x00401124	0x0000B95C	0x0000AD5C	0x000001C5
InterlockedDecrement	-	0x00401128	0x0000B960	0x0000AD60	0x000002EB
HeapCreate	-	0x0040112C	0x0000B964	0x0000AD64	0x000002CD
QueryPerformanceCounter	-	0x00401130	0x0000B968	0x0000AD68	0x000003A7
GetTickCount	-	0x00401134	0x0000B96C	0x0000AD6C	0x00000293
GetCurrentProcessId	-	0x00401138	0x0000B970	0x0000AD70	0x000001C1
GetSystemTimeAsFileTime	-	0x0040113C	0x0000B974	0x0000AD74	0x00000279
HeapFree	-	0x00401140	0x0000B978	0x0000AD78	0x000002CF
SetStdHandle	-	0x00401144	0x0000B97C	0x0000AD7C	0x00000487
GetConsoleCP	-	0x00401148	0x0000B980	0x0000AD80	0x0000019A
GetConsoleMode	-	0x0040114C	0x0000B984	0x0000AD84	0x000001AC
FlushFileBuffers	-	0x00401150	0x0000B988	0x0000AD88	0x00000157
RtlUnwind	-	0x00401154	0x0000B98C	0x0000AD8C	0x00000418
GetCPInfo	-	0x00401158	0x0000B990	0x0000AD90	0x00000172
GetACP	-	0x0040115C	0x0000B994	0x0000AD94	0x00000168
GetOEMCP	-	0x00401160	0x0000B998	0x0000AD98	0x00000237
IsValidCodePage	-	0x00401164	0x0000B99C	0x0000AD9C	0x0000030A
HeapAlloc	-	0x00401168	0x0000B9A0	0x0000ADA0	0x000002CB
HeapReAlloc	-	0x0040116C	0x0000B9A4	0x0000ADA4	0x000002D2
WriteConsoleW	-	0x00401170	0x0000B9A8	0x0000ADA8	0x00000524
MultiByteToWideChar	-	0x00401174	0x0000B9AC	0x0000ADAC	0x00000367
IsProcessorFeaturePresent	-	0x00401178	0x0000B9B0	0x0000ADB0	0x00000304
LCMapStringW	-	0x0040117C	0x0000B9B4	0x0000ADB4	0x0000032D
GetStringTypeW	-	0x00401180	0x0000B9B8	0x0000ADB8	0x00000269
HeapSize	-	0x00401184	0x0000B9BC	0x0000ADBC	0x000002D4
CloseHandle	-	0x00401188	0x0000B9C0	0x0000ADC0	0x00000052
CreateFileW	-	0x0040118C	0x0000B9C4	0x0000ADC4	0x0000008F

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LoadMenuA	-	0x00401194	0x0000B9CC	0x0000ADCC	0x000001F4

Memory Dumps (30)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7.exe	1	0x00400000	0x004ACFFF	Relevant Image	32-bit	0x00403840	... Actions Go to Process Download Dump
buffer	1	0x00608B70	0x0061A9B7	First Execution	32-bit	0x0060D00B	... Actions Go to Process Download Dump
buffer	1	0x004B0000	0x004BAFFF	First Execution	32-bit	0x004B0000	... Actions Go to Process Download Dump
a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7.exe	1	0x00400000	0x004ACFFF	Content Changed	32-bit	0x00401DE1	... Actions Go to Process Download Dump
a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7.exe	1	0x00400000	0x004ACFFF	Content Changed	32-bit	0x00401A73	... Actions Go to Process Download Dump
a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7.exe	1	0x00400000	0x004ACFFF	Content Changed	32-bit	0x00402000	... Actions Go to Process Download Dump
buffer	1	0x001E0000	0x001ECFFF	First Execution	32-bit	0x001E1056	... Actions Go to Process Download Dump
buffer	1	0x001E0000	0x001ECFFF	Content Changed	32-bit	0x001E5006	... Actions Go to Process Download Dump
buffer	1	0x001E0000	0x001ECFFF	Content Changed	32-bit	0x001E213E	... Actions Go to Process Download Dump
buffer	1	0x001E0000	0x001ECFFF	Content Changed	32-bit	0x001E4520	... Actions Go to Process Download Dump
buffer	1	0x001E0000	0x001ECFFF	Content Changed	32-bit	0x001E661C	... Actions Go to Process Download Dump
buffer	1	0x001E0000	0x001ECFFF	Content Changed	32-bit	0x001E1340	... Actions Go to Process Download Dump
buffer	1	0x008BC000	0x008BFFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0019C000	0x0019FFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x004B0000	0x004BAFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00608B70	0x0061A9B7	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02220FE8	0x02221067	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02222120	0x0222291F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x027EB4B8	0x027F62B8	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0285AEC8	0x0285AF89	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02E685B8	0x02E695B7	First Network Behavior	32-bit	-	... Actions Go to Process Go to YARA Match Download Dump
buffer	1	0x02E696C8	0x02E697D8	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02E697E8	0x02E69932	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02E69940	0x02E69A7F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02E69E28	0x02E6A402	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02E6A410	0x02E6AC0F	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02E6AC18	0x02E6B417	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02E6B420	0x02E6B576	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02E6B6E0	0x02E6B966	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump
a6886a3566a1a98072d67f1aca4a04b5667f97f4df21b2f54d6108293d7c02b7.exe	1	0x00400000	0x004ACFFF	First Network Behavior	32-bit	-	... Actions Go to Process Download Dump

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information