bbf9fb80bd5d

Remarks

Maximum Dump Size Exceeded (0x0200004A): 2 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 16 MB.

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\kEecfMwgj\Desktop\b3ee45857c5a2b568acb1ac5e8a8258b.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	9.89 MB
MD5	b3ee45857c5a2b568acb1ac5e8a8258b
SHA1	1453934e51e1c7abf02a8e6ef9e70bd4f3ebb146
SHA256	bbf9fb80bd5df24d31038bf7ce8741627da161be37dff3dbc0c69ce6cfc17a1e
SSDeep	196608:I+D5q1SGs2yRwtkpqShRBhR3hRbhRyhRWhRJ:DAkLRLRxRtRWRCRJ
ImpHash	f0070935b15a909b9dc00be7997e6112

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

PE Information

Image Base	0x00400000
Entry Point	0x00458B20
Size Of Code	0x0022C800
Size Of Initialized Data	0x00033600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_AMD64
Compile Timestamp	1970-01-01 00:00 (UTC)

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x0022C6C8	0x0022C800	0x00000600	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.92
.rdata	0x0062E000	0x00338F4A	0x00339000	0x0022CE00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.87
.data	0x00967000	0x00053DB8	0x00033600	0x00565E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.41
.idata	0x009BB000	0x00000392	0x00000400	0x00599400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.99
.symtab	0x009BC000	0x00000004	0x00000200	0x00599800	IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.02

Imports (1)

KERNEL32.DLL (31)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WriteFile	-	0x00967000	0x00567000	0x00565E00	0x00000000
WriteConsoleW	-	0x00967008	0x00567008	0x00565E08	0x00000000
WaitForSingleObject	-	0x00967010	0x00567010	0x00565E10	0x00000000
VirtualQuery	-	0x00967018	0x00567018	0x00565E18	0x00000000
VirtualFree	-	0x00967020	0x00567020	0x00565E20	0x00000000
VirtualAlloc	-	0x00967028	0x00567028	0x00565E28	0x00000000
SwitchToThread	-	0x00967030	0x00567030	0x00565E30	0x00000000
SetWaitableTimer	-	0x00967038	0x00567038	0x00565E38	0x00000000
SetUnhandledExceptionFilter	-	0x00967040	0x00567040	0x00565E40	0x00000000
SetProcessPriorityBoost	-	0x00967048	0x00567048	0x00565E48	0x00000000
SetEvent	-	0x00967050	0x00567050	0x00565E50	0x00000000
SetErrorMode	-	0x00967058	0x00567058	0x00565E58	0x00000000
SetConsoleCtrlHandler	-	0x00967060	0x00567060	0x00565E60	0x00000000
LoadLibraryA	-	0x00967068	0x00567068	0x00565E68	0x00000000
LoadLibraryW	-	0x00967070	0x00567070	0x00565E70	0x00000000
GetSystemInfo	-	0x00967078	0x00567078	0x00565E78	0x00000000
GetSystemDirectoryA	-	0x00967080	0x00567080	0x00565E80	0x00000000
GetStdHandle	-	0x00967088	0x00567088	0x00565E88	0x00000000
GetQueuedCompletionStatus	-	0x00967090	0x00567090	0x00565E90	0x00000000
GetProcessAffinityMask	-	0x00967098	0x00567098	0x00565E98	0x00000000
GetProcAddress	-	0x009670A0	0x005670A0	0x00565EA0	0x00000000
GetEnvironmentStringsW	-	0x009670A8	0x005670A8	0x00565EA8	0x00000000
GetConsoleMode	-	0x009670B0	0x005670B0	0x00565EB0	0x00000000
FreeEnvironmentStringsW	-	0x009670B8	0x005670B8	0x00565EB8	0x00000000
ExitProcess	-	0x009670C0	0x005670C0	0x00565EC0	0x00000000
DuplicateHandle	-	0x009670C8	0x005670C8	0x00565EC8	0x00000000
CreateThread	-	0x009670D0	0x005670D0	0x00565ED0	0x00000000
CreateIoCompletionPort	-	0x009670D8	0x005670D8	0x00565ED8	0x00000000
CreateEventA	-	0x009670E0	0x005670E0	0x00565EE0	0x00000000
CloseHandle	-	0x009670E8	0x005670E8	0x00565EE8	0x00000000
AddVectoredExceptionHandler	-	0x009670F0	0x005670F0	0x00565EF0	0x00000000

Memory Dumps (43)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
b3ee45857c5a2b568acb1ac5e8a8258b.exe	1	0x00400000	0x009BCFFF	Relevant Image	64-bit	0x0043FB50	... Actions Go to Process Download Dump
buffer	1	0x033BE000	0x033BFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x031BE000	0x031BFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02FBE000	0x02FBFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x02DBE000	0x02DBFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x0022D000	0x0022FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x002D0000	0x0030FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00310000	0x0031FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00320000	0x0032FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00340000	0x00361FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00370000	0x0037FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00AC0000	0x00AFFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00B00000	0x00B21FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00B30000	0x00B6FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x00B70000	0x00B91FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x023C0000	0x02BBFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03690000	0x037EFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x037F0000	0x037FFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03800000	0x03821FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03830000	0x03851FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03860000	0x03881FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03890000	0x038B1FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x038C0000	0x038E1FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x038F0000	0x03911FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0x03920000	0x0395FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000032000	0xC000033FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000054000	0xC000055FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000060000	0xC000061FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000094000	0xC000095FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC0000A8000	0xC0000A9FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC0000AA000	0xC0000ABFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC0000CE000	0xC0000CFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC0002F4000	0xC0002FBFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC0002FC000	0xC000303FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000304000	0xC000305FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000306000	0xC000307FFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000308000	0xC00030FFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000800000	0xC000BFFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC000C00000	0xC0013FFFFF	First Network Behavior	64-bit	-	... Actions Go to Process Download Dump
b3ee45857c5a2b568acb1ac5e8a8258b.exe	1	0x00400000	0x009BCFFF	First Network Behavior	64-bit	0x0061B460	... Actions Go to Process Download Dump
buffer	1	0xC0000EC000	0xC00018DFFF	Image In Buffer	64-bit	-	... Actions Go to Process Download Dump
buffer	1	0xC0002BE000	0xC0002C1FFF	Image In Buffer	64-bit	-	... Actions Go to Process Download Dump
b3ee45857c5a2b568acb1ac5e8a8258b.exe	1	0x00400000	0x009BCFFF	Final Dump	64-bit	0x00458B8E	... Actions Go to Process Download Dump

C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB

Dropped File

Binary

Also Known As	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.exe (Accessed File, Dropped File) C:\Program Files\Common Files\H_ dMKF_k2UK_O34oNt.png (Random File, VM File, Accessed File) C:\Program Files\Common Files\H_ dMKF_k2UK_O34oNt.png.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\DW\DBGHELP.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE (Accessed File) C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Accessed File) C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\1033\EEINTL.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT (Accessed File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.CNT.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE (Accessed File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP (Accessed File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.HLP.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF (Accessed File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\MTEXTRA.TTF.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest (Accessed File) C:\Program Files\Common Files\Microsoft Shared\EQUATION\eqnedt32.exe.manifest.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\EURO\MSOEURO.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\GIFIMP32.FLT.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\JPEGIM32.FLT.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.EPS.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.GIF.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.JPG.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.PNG.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\MS.WPG.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PICTIM32.FLT.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\PNG32.FLT.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT (Accessed File) C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\WPGIMP32.FLT.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Help\Hx.HxC (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Help\Hx.HxC.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Help\Hx.HxT (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Help\Hx.HxT.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Help\HxRuntime.HxS (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Help\HxRuntime.HxS.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Help\Keywords.HxK (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Help\Keywords.HxK.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Help\NamedUrls.HxK (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Help\NamedUrls.HxK.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Help\itircl55.dll (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Help\itircl55.dll.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll (Accessed File) C:\Program Files\Common Files\Microsoft Shared\Help\msitss55.dll.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\MSClientDataMgr\MSCDM.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ACEINTL.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ACEINTL.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ACEODBCI.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ACEODBCI.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ACEWSTR.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ADO210.CHM (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ADO210.CHM.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ALRTINTL.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\ALRTINTL.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\MSOINTL.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\MSOINTL.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\MSSOAPR3.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\MSSOAPR3.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\OARPMANR.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\OARPMANR.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\OSFINTL.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\OSFINTL.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\README.HTM (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\README.HTM.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\msointl30.dll (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\msointl30.dll.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\osmdp32.msi (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\osmdp32.msi.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\osmdp64.msi (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\osmdp64.msi.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\osmia32.msi (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\osmia32.msi.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\osmia64.msi (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\osmia64.msi.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\xlsrvintl.dll (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\1033\xlsrvintl.dll.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACECORE.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACECORE.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEDAO.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEDAO.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEERR.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEERR.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEES.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEES.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEEXCH.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEEXCH.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEEXCL.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEEXCL.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEODBC.DLL (Accessed File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEODBC.DLL.exe (Accessed File, Dropped File) C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEODEXL.DLL (Accessed File) c:\Windows\System32\VRknSZx.exe (Accessed File, Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	10.00 MB
MD5	28b570de008ba82855b4b4a37c4ce90e
SHA1	1c7c2827a0173aaa2d126843f198b9628dc8028e
SHA256	90d01f9a39cc880abaef2544d617b63e0e962c39496a4c7c3a43b0a5dd2572bd
SSDeep	196608:I+D5q1SGs2yRwtkpqShRBhR3hRbhRyhRWhRO:DAkLRLRxRtRWRCRO
ImpHash	f0070935b15a909b9dc00be7997e6112

PE Information

Image Base	0x00400000
Entry Point	0x00458B20
Size Of Code	0x0022C800
Size Of Initialized Data	0x00033600
File Type	IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_AMD64
Compile Timestamp	1970-01-01 00:00 (UTC)

Sections (5)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x00401000	0x0022C6C8	0x0022C800	0x00000600	IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.92
.rdata	0x0062E000	0x00338F4A	0x00339000	0x0022CE00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.87
.data	0x00967000	0x00053DB8	0x00033600	0x00565E00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	5.41
.idata	0x009BB000	0x00000392	0x00000400	0x00599400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.99
.symtab	0x009BC000	0x00000004	0x00000200	0x00599800	IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.02

Imports (1)

KERNEL32.DLL (31)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WriteFile	-	0x00967000	0x00567000	0x00565E00	0x00000000
WriteConsoleW	-	0x00967008	0x00567008	0x00565E08	0x00000000
WaitForSingleObject	-	0x00967010	0x00567010	0x00565E10	0x00000000
VirtualQuery	-	0x00967018	0x00567018	0x00565E18	0x00000000
VirtualFree	-	0x00967020	0x00567020	0x00565E20	0x00000000
VirtualAlloc	-	0x00967028	0x00567028	0x00565E28	0x00000000
SwitchToThread	-	0x00967030	0x00567030	0x00565E30	0x00000000
SetWaitableTimer	-	0x00967038	0x00567038	0x00565E38	0x00000000
SetUnhandledExceptionFilter	-	0x00967040	0x00567040	0x00565E40	0x00000000
SetProcessPriorityBoost	-	0x00967048	0x00567048	0x00565E48	0x00000000
SetEvent	-	0x00967050	0x00567050	0x00565E50	0x00000000
SetErrorMode	-	0x00967058	0x00567058	0x00565E58	0x00000000
SetConsoleCtrlHandler	-	0x00967060	0x00567060	0x00565E60	0x00000000
LoadLibraryA	-	0x00967068	0x00567068	0x00565E68	0x00000000
LoadLibraryW	-	0x00967070	0x00567070	0x00565E70	0x00000000
GetSystemInfo	-	0x00967078	0x00567078	0x00565E78	0x00000000
GetSystemDirectoryA	-	0x00967080	0x00567080	0x00565E80	0x00000000
GetStdHandle	-	0x00967088	0x00567088	0x00565E88	0x00000000
GetQueuedCompletionStatus	-	0x00967090	0x00567090	0x00565E90	0x00000000
GetProcessAffinityMask	-	0x00967098	0x00567098	0x00565E98	0x00000000
GetProcAddress	-	0x009670A0	0x005670A0	0x00565EA0	0x00000000
GetEnvironmentStringsW	-	0x009670A8	0x005670A8	0x00565EA8	0x00000000
GetConsoleMode	-	0x009670B0	0x005670B0	0x00565EB0	0x00000000
FreeEnvironmentStringsW	-	0x009670B8	0x005670B8	0x00565EB8	0x00000000
ExitProcess	-	0x009670C0	0x005670C0	0x00565EC0	0x00000000
DuplicateHandle	-	0x009670C8	0x005670C8	0x00565EC8	0x00000000
CreateThread	-	0x009670D0	0x005670D0	0x00565ED0	0x00000000
CreateIoCompletionPort	-	0x009670D8	0x005670D8	0x00565ED8	0x00000000
CreateEventA	-	0x009670E0	0x005670E0	0x00565EE0	0x00000000
CloseHandle	-	0x009670E8	0x005670E8	0x00565EE8	0x00000000
AddVectoredExceptionHandler	-	0x009670F0	0x005670F0	0x00565EF0	0x00000000

C:\Program Files\Common Files\Microsoft Shared\OFFICE16\ACEODEXL.DLL.exe

Dropped File

Empty

MIME Type	application/x-empty
File Size	0 Bytes (not extracted)
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

Remarks (2/2)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information