Try VMRay Platform
Malicious
Classifications

-

Threat Names

-

Dynamic Analysis Report

Created on 2023-09-19T15:15:50+00:00

Launcher.exe

Windows Exe (x86-32)
...

Remarks (2/3)

(0x0200003A): A tasks were rescheduled ahead of time to reveal dormant functionality.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "7 minutes, 10 seconds" to "30 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\Launcher.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.09 MB
MD5 eb36015bbdf6d6e8352cfafd47b5afc3 Copy to Clipboard
SHA1 d4e854a5fe19ad0a9e02a86703635d60bc85f4eb Copy to Clipboard
SHA256 dcf557ac7dfe718b5967f2eee003cc3e59316be20f5b24660db87a3f28625b50 Copy to Clipboard
SSDeep 24576:j2G/nvxW3W5YqjFHroj0u1rjv4ATQBUhHFAQS:jbA37qjFHUj0ov4Ak08 Copy to Clipboard
ImpHash fcf1390e9ce472c7270447fc5c61a0c1 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x0041EC40
Size Of Code 0x00031200
Size Of Initialized Data 0x00015200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2020-12-01 19:00 (UTC+1)
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x000310EA 0x00031200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.71
.rdata 0x00433000 0x0000A612 0x0000A800 0x00031600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.22
.data 0x0043E000 0x00023728 0x00001000 0x0003BE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.71
.didat 0x00462000 0x00000188 0x00000200 0x0003CE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.3
.rsrc 0x00463000 0x00007208 0x00007400 0x0003D000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.67
.reloc 0x0046B000 0x00002268 0x00002400 0x00044400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.55
Imports (2)
»
KERNEL32.dll (141)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetLastError - 0x00433000 0x0003C890 0x0003AE90 0x00000202
SetLastError - 0x00433004 0x0003C894 0x0003AE94 0x00000473
FormatMessageW - 0x00433008 0x0003C898 0x0003AE98 0x0000015E
GetCurrentProcess - 0x0043300C 0x0003C89C 0x0003AE9C 0x000001C0
DeviceIoControl - 0x00433010 0x0003C8A0 0x0003AEA0 0x000000DD
SetFileTime - 0x00433014 0x0003C8A4 0x0003AEA4 0x0000046A
CloseHandle - 0x00433018 0x0003C8A8 0x0003AEA8 0x00000052
CreateDirectoryW - 0x0043301C 0x0003C8AC 0x0003AEAC 0x00000081
RemoveDirectoryW - 0x00433020 0x0003C8B0 0x0003AEB0 0x00000403
CreateFileW - 0x00433024 0x0003C8B4 0x0003AEB4 0x0000008F
DeleteFileW - 0x00433028 0x0003C8B8 0x0003AEB8 0x000000D6
CreateHardLinkW - 0x0043302C 0x0003C8BC 0x0003AEBC 0x00000093
GetShortPathNameW - 0x00433030 0x0003C8C0 0x0003AEC0 0x00000261
GetLongPathNameW - 0x00433034 0x0003C8C4 0x0003AEC4 0x0000020F
MoveFileW - 0x00433038 0x0003C8C8 0x0003AEC8 0x00000363
GetFileType - 0x0043303C 0x0003C8CC 0x0003AECC 0x000001F3
GetStdHandle - 0x00433040 0x0003C8D0 0x0003AED0 0x00000264
WriteFile - 0x00433044 0x0003C8D4 0x0003AED4 0x00000525
ReadFile - 0x00433048 0x0003C8D8 0x0003AED8 0x000003C0
FlushFileBuffers - 0x0043304C 0x0003C8DC 0x0003AEDC 0x00000157
SetEndOfFile - 0x00433050 0x0003C8E0 0x0003AEE0 0x00000453
SetFilePointer - 0x00433054 0x0003C8E4 0x0003AEE4 0x00000466
SetFileAttributesW - 0x00433058 0x0003C8E8 0x0003AEE8 0x00000461
GetFileAttributesW - 0x0043305C 0x0003C8EC 0x0003AEEC 0x000001EA
FindClose - 0x00433060 0x0003C8F0 0x0003AEF0 0x0000012E
FindFirstFileW - 0x00433064 0x0003C8F4 0x0003AEF4 0x00000139
FindNextFileW - 0x00433068 0x0003C8F8 0x0003AEF8 0x00000145
GetVersionExW - 0x0043306C 0x0003C8FC 0x0003AEFC 0x000002A4
GetCurrentDirectoryW - 0x00433070 0x0003C900 0x0003AF00 0x000001BF
GetFullPathNameW - 0x00433074 0x0003C904 0x0003AF04 0x000001FB
FoldStringW - 0x00433078 0x0003C908 0x0003AF08 0x0000015C
GetModuleFileNameW - 0x0043307C 0x0003C90C 0x0003AF0C 0x00000214
GetModuleHandleW - 0x00433080 0x0003C910 0x0003AF10 0x00000218
FindResourceW - 0x00433084 0x0003C914 0x0003AF14 0x0000014E
FreeLibrary - 0x00433088 0x0003C918 0x0003AF18 0x00000162
GetProcAddress - 0x0043308C 0x0003C91C 0x0003AF1C 0x00000245
GetCurrentProcessId - 0x00433090 0x0003C920 0x0003AF20 0x000001C1
ExitProcess - 0x00433094 0x0003C924 0x0003AF24 0x00000119
SetThreadExecutionState - 0x00433098 0x0003C928 0x0003AF28 0x00000493
Sleep - 0x0043309C 0x0003C92C 0x0003AF2C 0x000004B2
LoadLibraryW - 0x004330A0 0x0003C930 0x0003AF30 0x0000033F
GetSystemDirectoryW - 0x004330A4 0x0003C934 0x0003AF34 0x00000270
CompareStringW - 0x004330A8 0x0003C938 0x0003AF38 0x00000064
AllocConsole - 0x004330AC 0x0003C93C 0x0003AF3C 0x00000010
FreeConsole - 0x004330B0 0x0003C940 0x0003AF40 0x0000015F
AttachConsole - 0x004330B4 0x0003C944 0x0003AF44 0x00000017
WriteConsoleW - 0x004330B8 0x0003C948 0x0003AF48 0x00000524
GetProcessAffinityMask - 0x004330BC 0x0003C94C 0x0003AF4C 0x00000246
CreateThread - 0x004330C0 0x0003C950 0x0003AF50 0x000000B5
SetThreadPriority - 0x004330C4 0x0003C954 0x0003AF54 0x00000499
InitializeCriticalSection - 0x004330C8 0x0003C958 0x0003AF58 0x000002E2
EnterCriticalSection - 0x004330CC 0x0003C95C 0x0003AF5C 0x000000EE
LeaveCriticalSection - 0x004330D0 0x0003C960 0x0003AF60 0x00000339
DeleteCriticalSection - 0x004330D4 0x0003C964 0x0003AF64 0x000000D1
SetEvent - 0x004330D8 0x0003C968 0x0003AF68 0x00000459
ResetEvent - 0x004330DC 0x0003C96C 0x0003AF6C 0x0000040F
ReleaseSemaphore - 0x004330E0 0x0003C970 0x0003AF70 0x000003FE
WaitForSingleObject - 0x004330E4 0x0003C974 0x0003AF74 0x000004F9
CreateEventW - 0x004330E8 0x0003C978 0x0003AF78 0x00000085
CreateSemaphoreW - 0x004330EC 0x0003C97C 0x0003AF7C 0x000000AE
GetSystemTime - 0x004330F0 0x0003C980 0x0003AF80 0x00000277
SystemTimeToTzSpecificLocalTime - 0x004330F4 0x0003C984 0x0003AF84 0x000004BE
TzSpecificLocalTimeToSystemTime - 0x004330F8 0x0003C988 0x0003AF88 0x000004D0
SystemTimeToFileTime - 0x004330FC 0x0003C98C 0x0003AF8C 0x000004BD
FileTimeToLocalFileTime - 0x00433100 0x0003C990 0x0003AF90 0x00000124
LocalFileTimeToFileTime - 0x00433104 0x0003C994 0x0003AF94 0x00000346
FileTimeToSystemTime - 0x00433108 0x0003C998 0x0003AF98 0x00000125
GetCPInfo - 0x0043310C 0x0003C99C 0x0003AF9C 0x00000172
IsDBCSLeadByte - 0x00433110 0x0003C9A0 0x0003AFA0 0x000002FE
MultiByteToWideChar - 0x00433114 0x0003C9A4 0x0003AFA4 0x00000367
WideCharToMultiByte - 0x00433118 0x0003C9A8 0x0003AFA8 0x00000511
GlobalAlloc - 0x0043311C 0x0003C9AC 0x0003AFAC 0x000002B3
LockResource - 0x00433120 0x0003C9B0 0x0003AFB0 0x00000354
GlobalLock - 0x00433124 0x0003C9B4 0x0003AFB4 0x000002BE
GlobalUnlock - 0x00433128 0x0003C9B8 0x0003AFB8 0x000002C5
GlobalFree - 0x0043312C 0x0003C9BC 0x0003AFBC 0x000002BA
LoadResource - 0x00433130 0x0003C9C0 0x0003AFC0 0x00000341
SizeofResource - 0x00433134 0x0003C9C4 0x0003AFC4 0x000004B1
SetCurrentDirectoryW - 0x00433138 0x0003C9C8 0x0003AFC8 0x0000044D
GetExitCodeProcess - 0x0043313C 0x0003C9CC 0x0003AFCC 0x000001DF
GetLocalTime - 0x00433140 0x0003C9D0 0x0003AFD0 0x00000203
GetTickCount - 0x00433144 0x0003C9D4 0x0003AFD4 0x00000293
MapViewOfFile - 0x00433148 0x0003C9D8 0x0003AFD8 0x00000357
UnmapViewOfFile - 0x0043314C 0x0003C9DC 0x0003AFDC 0x000004D6
CreateFileMappingW - 0x00433150 0x0003C9E0 0x0003AFE0 0x0000008C
OpenFileMappingW - 0x00433154 0x0003C9E4 0x0003AFE4 0x00000379
GetCommandLineW - 0x00433158 0x0003C9E8 0x0003AFE8 0x00000187
SetEnvironmentVariableW - 0x0043315C 0x0003C9EC 0x0003AFEC 0x00000457
ExpandEnvironmentStringsW - 0x00433160 0x0003C9F0 0x0003AFF0 0x0000011D
GetTempPathW - 0x00433164 0x0003C9F4 0x0003AFF4 0x00000285
MoveFileExW - 0x00433168 0x0003C9F8 0x0003AFF8 0x00000360
GetLocaleInfoW - 0x0043316C 0x0003C9FC 0x0003AFFC 0x00000206
GetTimeFormatW - 0x00433170 0x0003CA00 0x0003B000 0x00000297
GetDateFormatW - 0x00433174 0x0003CA04 0x0003B004 0x000001C8
GetNumberFormatW - 0x00433178 0x0003CA08 0x0003B008 0x00000233
SetFilePointerEx - 0x0043317C 0x0003CA0C 0x0003B00C 0x00000467
GetConsoleMode - 0x00433180 0x0003CA10 0x0003B010 0x000001AC
GetConsoleCP - 0x00433184 0x0003CA14 0x0003B014 0x0000019A
HeapSize - 0x00433188 0x0003CA18 0x0003B018 0x000002D4
SetStdHandle - 0x0043318C 0x0003CA1C 0x0003B01C 0x00000487
GetProcessHeap - 0x00433190 0x0003CA20 0x0003B020 0x0000024A
RaiseException - 0x00433194 0x0003CA24 0x0003B024 0x000003B1
GetSystemInfo - 0x00433198 0x0003CA28 0x0003B028 0x00000273
VirtualProtect - 0x0043319C 0x0003CA2C 0x0003B02C 0x000004EF
VirtualQuery - 0x004331A0 0x0003CA30 0x0003B030 0x000004F1
LoadLibraryExA - 0x004331A4 0x0003CA34 0x0003B034 0x0000033D
IsProcessorFeaturePresent - 0x004331A8 0x0003CA38 0x0003B038 0x00000304
IsDebuggerPresent - 0x004331AC 0x0003CA3C 0x0003B03C 0x00000300
UnhandledExceptionFilter - 0x004331B0 0x0003CA40 0x0003B040 0x000004D3
SetUnhandledExceptionFilter - 0x004331B4 0x0003CA44 0x0003B044 0x000004A5
GetStartupInfoW - 0x004331B8 0x0003CA48 0x0003B048 0x00000263
QueryPerformanceCounter - 0x004331BC 0x0003CA4C 0x0003B04C 0x000003A7
GetCurrentThreadId - 0x004331C0 0x0003CA50 0x0003B050 0x000001C5
GetSystemTimeAsFileTime - 0x004331C4 0x0003CA54 0x0003B054 0x00000279
InitializeSListHead - 0x004331C8 0x0003CA58 0x0003B058 0x000002E7
TerminateProcess - 0x004331CC 0x0003CA5C 0x0003B05C 0x000004C0
RtlUnwind - 0x004331D0 0x0003CA60 0x0003B060 0x00000418
EncodePointer - 0x004331D4 0x0003CA64 0x0003B064 0x000000EA
InitializeCriticalSectionAndSpinCount - 0x004331D8 0x0003CA68 0x0003B068 0x000002E3
TlsAlloc - 0x004331DC 0x0003CA6C 0x0003B06C 0x000004C5
TlsGetValue - 0x004331E0 0x0003CA70 0x0003B070 0x000004C7
TlsSetValue - 0x004331E4 0x0003CA74 0x0003B074 0x000004C8
TlsFree - 0x004331E8 0x0003CA78 0x0003B078 0x000004C6
LoadLibraryExW - 0x004331EC 0x0003CA7C 0x0003B07C 0x0000033E
QueryPerformanceFrequency - 0x004331F0 0x0003CA80 0x0003B080 0x000003A8
GetModuleHandleExW - 0x004331F4 0x0003CA84 0x0003B084 0x00000217
GetModuleFileNameA - 0x004331F8 0x0003CA88 0x0003B088 0x00000213
GetACP - 0x004331FC 0x0003CA8C 0x0003B08C 0x00000168
HeapFree - 0x00433200 0x0003CA90 0x0003B090 0x000002CF
HeapAlloc - 0x00433204 0x0003CA94 0x0003B094 0x000002CB
HeapReAlloc - 0x00433208 0x0003CA98 0x0003B098 0x000002D2
GetStringTypeW - 0x0043320C 0x0003CA9C 0x0003B09C 0x00000269
LCMapStringW - 0x00433210 0x0003CAA0 0x0003B0A0 0x0000032D
FindFirstFileExA - 0x00433214 0x0003CAA4 0x0003B0A4 0x00000133
FindNextFileA - 0x00433218 0x0003CAA8 0x0003B0A8 0x00000143
IsValidCodePage - 0x0043321C 0x0003CAAC 0x0003B0AC 0x0000030A
GetOEMCP - 0x00433220 0x0003CAB0 0x0003B0B0 0x00000237
GetCommandLineA - 0x00433224 0x0003CAB4 0x0003B0B4 0x00000186
GetEnvironmentStringsW - 0x00433228 0x0003CAB8 0x0003B0B8 0x000001DA
FreeEnvironmentStringsW - 0x0043322C 0x0003CABC 0x0003B0BC 0x00000161
DecodePointer - 0x00433230 0x0003CAC0 0x0003B0C0 0x000000CA
gdiplus.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GdiplusShutdown - 0x00433238 0x0003CAC8 0x0003B0C8 0x00000274
GdiplusStartup - 0x0043323C 0x0003CACC 0x0003B0CC 0x00000275
GdipCreateHBITMAPFromBitmap - 0x00433240 0x0003CAD0 0x0003B0D0 0x0000005F
GdipCreateBitmapFromStreamICM - 0x00433244 0x0003CAD4 0x0003B0D4 0x00000052
GdipCreateBitmapFromStream - 0x00433248 0x0003CAD8 0x0003B0D8 0x00000051
GdipDisposeImage - 0x0043324C 0x0003CADC 0x0003B0DC 0x00000098
GdipCloneImage - 0x00433250 0x0003CAE0 0x0003B0E0 0x00000036
GdipFree - 0x00433254 0x0003CAE4 0x0003B0E4 0x000000ED
GdipAlloc - 0x00433258 0x0003CAE8 0x0003B0E8 0x00000021
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
launcher.exe 1 0x00870000 0x008DDFFF Relevant Image False 32-bit 0x008A179C False
...
launcher.exe 1 0x00870000 0x008DDFFF Process Termination False 32-bit - False
...
C:\Boot\cs-CZ\csrss.exe Dropped File Binary
Malicious
...
»
Also Known As C:\Boot\fi-FI\smss.exe (Accessed File, Dropped File)
C:\Boot\fr-FR\lsm.exe (Accessed File, Dropped File)
C:\Boot\hu-HU\bitkinex.exe (Accessed File, Dropped File)
C:\Boot\zh-CN\omnipos.exe (Accessed File, Dropped File)
C:\MSOCache\All Users\{90160000-00E1-0409-1000-0000000FF1CE}-C\centralcreditcard.exe (Accessed File, Dropped File)
C:\Program Files (x86)\Internet Explorer\SIGNUP\die.exe (Accessed File, Dropped File)
C:\Program Files (x86)\Microsoft SQL Server\110\Shared\choice.exe (Accessed File, Dropped File)
C:\Program Files (x86)\Reference Assemblies\Microsoft\WmiPrvSE.exe (Accessed File, Dropped File)
C:\Program Files (x86)\Windows Sidebar\csrss.exe (Accessed File, Dropped File)
C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\yahoomessenger.exe (Accessed File, Dropped File)
C:\Program Files\Microsoft Analysis Services\AS OLEDB\countryyou.exe (Accessed File, Dropped File)
C:\Recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\services.exe (Accessed File, Dropped File)
C:\Users\All Users\Application Data\fpos.exe (Accessed File)
C:\Windows\Prefetch\ReadyBoot\winscp.exe (Accessed File, Dropped File)
C:\hyperWinhost\audiodg.exe (Accessed File, Dropped File)
C:\hyperWinhost\blockcontainerProvider.exe (Accessed File)
\\?\C:\hyperWinhost\blockcontainerProvider.exe (Accessed File)
blockcontainerProvider.exe (Accessed File)
c:\programdata\fpos.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 835.00 KB
MD5 876f3cb869ad053e1e6565cad169db25 Copy to Clipboard
SHA1 7aed3b3d12a293e092ca0e23c0d5557f0a4947ac Copy to Clipboard
SHA256 9719e71fdf824f70f0726596f1e0008776920c1f1e62adbb4be9de3c13da80bc Copy to Clipboard
SSDeep 12288:ajeLSLeuHrRuj0u1rP3qWh45a7j4A2AbAZPj9ADEsoSXaGCwO7gP:ajFHroj0u1rjv4ATQBUhHFAQ Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x004CF1EE
Size Of Code 0x000CD200
Size Of Initialized Data 0x00003600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-05-04 18:03 (UTC+2)
Version Information (4)
»
FileVersion 5.15.2.0
OriginalFilename libGLESv2.dll
ProductName libGLESv2
ProductVersion 5.15.2.0
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000CD1F4 0x000CD200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.15
.sdata 0x004D0000 0x00002FDF 0x00003000 0x000CD600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.24
.rsrc 0x004D4000 0x00000218 0x00000400 0x000D0600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.84
.reloc 0x004D6000 0x0000000C 0x00000200 0x000D0A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.09
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000CF1C8 0x000CD5C8 0x00000000
Memory Dumps (39)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
blockcontainerprovider.exe 4 0x013B0000 0x01487FFF Relevant Image False 64-bit - False
...
buffer 4 0x004A0000 0x004A1FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
blockcontainerprovider.exe 4 0x013B0000 0x01487FFF Final Dump False 64-bit - False
...
blockcontainerprovider.exe 4 0x013B0000 0x01487FFF Process Termination False 64-bit - False
...
audiodg.exe 74 0x00830000 0x00907FFF Relevant Image False 64-bit - False
...
buffer 74 0x00130000 0x00131FFF Reflectively Loaded .NET Assembly False 64-bit - False
...
buffer 74 0x1BBCE000 0x1BBCFFFF First Network Behavior False 64-bit - False
...
buffer 74 0x1B194000 0x1B19FFFF First Network Behavior False 64-bit - False
...
buffer 74 0x1A95D000 0x1A95FFFF First Network Behavior False 64-bit - False
...
buffer 74 0x00255000 0x0025FFFF First Network Behavior False 64-bit - False
...
audiodg.exe 74 0x00830000 0x00907FFF First Network Behavior False 64-bit - False
...
wmiprvse.exe 84 0x003F0000 0x004C7FFF Relevant Image False 64-bit - False
...
omnipos.exe 77 0x00D80000 0x00E57FFF Relevant Image False 64-bit - False
...
audiodg.exe 89 0x001F0000 0x002C7FFF Relevant Image False 64-bit - False
...
smss.exe 80 0x00280000 0x00357FFF Relevant Image False 64-bit - False
...
countryyou.exe 92 0x00C80000 0x00D57FFF Relevant Image False 64-bit - False
...
bitkinex.exe 87 0x00D60000 0x00E37FFF Relevant Image False 64-bit - False
...
winscp.exe 85 0x00AE0000 0x00BB7FFF Relevant Image False 64-bit - False
...
services.exe 82 0x01260000 0x01337FFF Relevant Image False 64-bit - False
...
choice.exe 81 0x01250000 0x01327FFF Relevant Image False 64-bit - False
...
die.exe 86 0x00F00000 0x00FD7FFF Relevant Image False 64-bit - False
...
csrss.exe 83 0x00150000 0x00227FFF Relevant Image False 64-bit - False
...
yahoomessenger.exe 79 0x00340000 0x00417FFF Relevant Image False 64-bit - False
...
lsm.exe 91 0x01140000 0x01217FFF Relevant Image False 64-bit - False
...
centralcreditcard.exe 90 0x00C10000 0x00CE7FFF Relevant Image False 64-bit - False
...
services.exe 82 0x01260000 0x01337FFF Final Dump False 64-bit - False
...
lsm.exe 91 0x01140000 0x01217FFF Final Dump False 64-bit - False
...
wmiprvse.exe 84 0x003F0000 0x004C7FFF Final Dump False 64-bit - False
...
audiodg.exe 89 0x001F0000 0x002C7FFF Final Dump False 64-bit - False
...
bitkinex.exe 87 0x00D60000 0x00E37FFF Final Dump False 64-bit - False
...
winscp.exe 85 0x00AE0000 0x00BB7FFF Final Dump False 64-bit - False
...
choice.exe 81 0x01250000 0x01327FFF Final Dump False 64-bit - False
...
die.exe 86 0x00F00000 0x00FD7FFF Final Dump False 64-bit - False
...
csrss.exe 83 0x00150000 0x00227FFF Final Dump False 64-bit - False
...
omnipos.exe 77 0x00D80000 0x00E57FFF Final Dump False 64-bit - False
...
smss.exe 80 0x00280000 0x00357FFF Final Dump False 64-bit - False
...
countryyou.exe 92 0x00C80000 0x00D57FFF Final Dump False 64-bit - False
...
yahoomessenger.exe 79 0x00340000 0x00417FFF Final Dump False 64-bit - False
...
centralcreditcard.exe 90 0x00C10000 0x00CE7FFF Final Dump False 64-bit - False
...
C:\Program Files (x86)\Reference Assemblies\Microsoft\24dbde2999530e Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 970 Bytes
MD5 6a60b567593dbacd7a1b1df5f4dce75c Copy to Clipboard
SHA1 c929a9b5d571fe186cbadb2e4e848c3fad2f1b9d Copy to Clipboard
SHA256 86ee98daa20f1c2cc9cce5e0e6958c3d5da71b6b5debbf7ce5f1a819db15d6f6 Copy to Clipboard
SSDeep 24:U/XsTZBqvmA81PLVwQ9qNJURDCFRsrek1Ro9p3z4:U/XcZ1hwQWJdRoAzz4 Copy to Clipboard
ImpHash -
C:\Windows\Prefetch\ReadyBoot\eb2d70d940159d Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 921 Bytes
MD5 beb8d07ff6acab154166868089750aa4 Copy to Clipboard
SHA1 33ca0d65c55c54d38576c78dfbdfbfc6d8a4b798 Copy to Clipboard
SHA256 80fae6bb7010e98d169326875f35efef4d0b139ef37c5f47f5ffafe1b72a3450 Copy to Clipboard
SSDeep 24:y0h0dULrLfysVCGcgawl+LAsRbDUhQKMVqbcpq6aRoSes/Sy:5rLrLYGcgawl+LACbDoHFsaRNh/Sy Copy to Clipboard
ImpHash -
C:\Recovery\d327d5c2-7147-11eb-9862-d731c5aaa7a9\c5b4cb5e9653cc Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 822 Bytes
MD5 6e2f7a1d3a83e3c9ac08c963936493f3 Copy to Clipboard
SHA1 5466f7d6c98f9bee61244b4c32a8de534b543cd7 Copy to Clipboard
SHA256 b93025acab98c4971a70ed64a39f519629de8d59ba10ea1b9a3ce16947adb360 Copy to Clipboard
SSDeep 12:36BEUzXdAgP1VIr1LVd2tlhCiOUea4PtqZupDNPHpq3QS9/JRBIgAdKTlUxe+Jdd:35UhIbqTOpP0ZupC3//JRBwo2xRd Copy to Clipboard
ImpHash -
C:\Boot\zh-CN\9a9ef8f6a80f81 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 780 Bytes
MD5 9df97ee01d599afe06208e8e71c01dc3 Copy to Clipboard
SHA1 d5aeda99c2b26305211bd2c153700b3b1595c974 Copy to Clipboard
SHA256 70b0905850aa817c7369b805d7fadcdb8b53b27b43cd1e479078971885644346 Copy to Clipboard
SSDeep 24:xmkja+BVrh65X9rGp6he6Q6J8UyK3m7qp+oMMeiu4FVPhxKNf9:xmkjrBVt65Qp6l8Uh0qwow2tnKp9 Copy to Clipboard
ImpHash -
C:\Boot\fi-FI\69ddcba757bf72 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 770 Bytes
MD5 0d849bee3b6bd567a800d9871b4f2c61 Copy to Clipboard
SHA1 4ef7956b27ddfc13c733dadf6ccbd23101b3feee Copy to Clipboard
SHA256 50d75d7ec5518a35e2262515379dfbce637650a589726e8eaef27e75bad67e38 Copy to Clipboard
SSDeep 12:yODPpz2bNncWIy1HBLnWI/IEzE+LC2eS5nBVt08k6hTtIXyqExCLzET:lyNcNoDWCD5+2eSlF08vhTmXyqh/c Copy to Clipboard
ImpHash -
c:\programdata\2cfdd657e33eed Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 713 Bytes
MD5 8cd5295464e80a6d67f27de67737861e Copy to Clipboard
SHA1 0aa39ef825eac21470817c704315c3bb83c700e9 Copy to Clipboard
SHA256 9fc6ddc9ee07d54694370993951bd19875f687a9440197d19f50d4da0f3213cf Copy to Clipboard
SSDeep 12:Oybb0QKpQjj2nCjoaJGHdD7Epf5WV0B74SrPpReU6SGtvAX+3bgFKMfglUp22TWb:zQ3Qjj1joaQ93EvWVkMYRInfIO3chIld Copy to Clipboard
ImpHash -
C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\en-US\8503bace434a30 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 645 Bytes
MD5 be55809cdb9c81b2acde4d5b9e33e572 Copy to Clipboard
SHA1 d9d40f9edf436cdb736c5d9eae8fd1467a4166e4 Copy to Clipboard
SHA256 d4e964d7f8511b8ae35822a59c271e97eafcdedb09025efb805bb4fb3defd812 Copy to Clipboard
SSDeep 12:r8fKU1qAv3Jr48nAU5RIHMcS5xcJiHpdQY7IBKiVPG777N/L4URnWn:rOKU1vVA4RIsRvPpaOBi18UURnWn Copy to Clipboard
ImpHash -
C:\Boot\cs-CZ\886983d96e3d3e Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 617 Bytes
MD5 185701e214807264ea51aff726fce0fe Copy to Clipboard
SHA1 2be6f883ff5551328cc801939729dc22c34cbcae Copy to Clipboard
SHA256 10629c095d4f9d67f8f09f0a66fff89499a6388bb76d947d581346aa35d9571c Copy to Clipboard
SSDeep 12:HpLEhehTwEv3z4vMyU/i9B/Ez/AJhJHSs5a9fe99ir:FA7Ev3F/i91c/GHVgqM Copy to Clipboard
ImpHash -
C:\MSOCache\All Users\{90160000-00E1-0409-1000-0000000FF1CE}-C\da6ea209acf49b Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 486 Bytes
MD5 513582053f26a9057e6e5f0743961455 Copy to Clipboard
SHA1 bd4a61f97442ce918669676f7505a0d255c01fe2 Copy to Clipboard
SHA256 903a8879a83a395959c70c6e479e23d1f0676205d7206b13b303cfd60f243a03 Copy to Clipboard
SSDeep 6:LIR3XrDvs2o4erPBXsryBSzjdccHK4bM5KtOd9O7b5oB6gWGVVy9mE9JqqmzKc6c:A3vvs2onpsGBSzJ1tO67qA6VO9bqE8r Copy to Clipboard
ImpHash -
C:\Program Files\Microsoft Analysis Services\AS OLEDB\5499215061a39c Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 382 Bytes
MD5 96a97624f4468050bf75374c8b789951 Copy to Clipboard
SHA1 600ed3d678afaf6f1ca7b607558d20e862978beb Copy to Clipboard
SHA256 ed814e97019b2c14d75d2f0342c854675b853ea0ad1a37dee252988f79045087 Copy to Clipboard
SSDeep 6:QvR3LguQLQhJ/DTpuCj2qPrCM/zZJzTHwQmeqPHkPLIqAgQzDUvNEHCN77WJPlQs:AbgzQLDTXj2qPrCq9THwQmTqAgQHPHCK Copy to Clipboard
ImpHash -
C:\Boot\hu-HU\ed873301ef1303 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 379 Bytes
MD5 b3d6ad4e273fb253a31e8f1601607ddc Copy to Clipboard
SHA1 2d8fcf28b9f35718ce9c03739e3f723a1e63c865 Copy to Clipboard
SHA256 a0e33895fd20ff7df95b20dd76a47d669a02d19b51edbaed63d9be4446bb6370 Copy to Clipboard
SSDeep 6:JFoBozaJoL3vOyw9jHcdzcOk9zWtlJdCY5wBauAy00Pc/rY4lU6reZWpRGsvBQRs:jjzYO3lwNcNcsJdCY5wud2c/rfmOmi Copy to Clipboard
ImpHash -
C:\hyperWinhost\42af1c969fbb7b Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 341 Bytes
MD5 2ce090e353c051e4e9827b9b8d8b98c0 Copy to Clipboard
SHA1 653eb576afa6402cc08762a60a8fc9872b843236 Copy to Clipboard
SHA256 568a3ec1ab66205782a767df880f9140a4b2ed64df6cd50a5a145089fd2149e1 Copy to Clipboard
SSDeep 6:Q6LDMWX1CAL2Xp2ywKolwiW5O2I5tGrCzBKmjSncLhxuk5m4lCujmZLhblrFOxnz:nwWFzL22ywxlXeOb5th8qSYAD4Muj+XO Copy to Clipboard
ImpHash -
C:\Boot\fr-FR\101b941d020240 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 268 Bytes
MD5 38dd82fbb60598dfa23532e39492e134 Copy to Clipboard
SHA1 8271a64089ed8b8cd0f91218dd955b2e346c4fb4 Copy to Clipboard
SHA256 62058bc4e57712eab9c307b302d25657ef80f2dcfd48753ffc9dd01e721a87fe Copy to Clipboard
SSDeep 6:HwJaUBoMcywmQguKffZE/D3tWcYGbmlpJjGLqKJotpTgqn:QcAo1im/DAcjKlpm8tpTV Copy to Clipboard
ImpHash -
\\?\C:\hyperWinhost\pd7Yx3rYmMqL9vJy.vbe Dropped File Stream
Clean
...
»
Also Known As C:\hyperWinhost\pd7Yx3rYmMqL9vJy.vbe (Accessed File)
pd7Yx3rYmMqL9vJy.vbe (Accessed File)
MIME Type application/octet-stream
File Size 201 Bytes
MD5 a25268c598d272dbcdcfe11945bbd21a Copy to Clipboard
SHA1 c2b128eaa16832dd64b5eb6fda982f819313dfbc Copy to Clipboard
SHA256 ea7118430d5852f0b0466c915b08db3d5edd2f5331376fceddbb7139930109a0 Copy to Clipboard
SSDeep 6:GJ2wqK+NkLzWbHZEG8nZNDd3RL1wQJRMvOwjGC:GJ7MCzWL6G4d3XBJGWwl Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\dtIah84Nm9.bat Dropped File Text
Clean
...
»
Also Known As C:\Users\kEecfMwgj\AppData\Local\Temp\\dtIah84Nm9.bat (Accessed File)
MIME Type text/x-msdos-batch
File Size 196 Bytes
MD5 ee1148ec2117eedef844fb4d69bff5fc Copy to Clipboard
SHA1 22752671688d36f649da4de1ce87fc58ffacb212 Copy to Clipboard
SHA256 a799cb6197b006a42af1bf2d61118ee20f548ce32741655e8f3c61426a6878f2 Copy to Clipboard
SSDeep 6:hITg3Nou11r+DEIqT1vKOZG1UaEi23f1s:OTg9YDEdT5S Copy to Clipboard
ImpHash -
\\?\C:\hyperWinhost\DvmT9BsJAfBh.bat Dropped File Text
Clean
...
»
Also Known As C:\hyperWinhost\DvmT9BsJAfBh.bat (Accessed File)
DvmT9BsJAfBh.bat (Accessed File)
MIME Type text/plain
File Size 156 Bytes
MD5 40d11a3ccf4b38affc8b833a98857ec9 Copy to Clipboard
SHA1 2e5a73ea39627df0c4b477ace53578a6bb51e9be Copy to Clipboard
SHA256 176df18ce97c84629b19742e28d830cfe0a0d9b02381d48bbe90368a911a3137 Copy to Clipboard
SSDeep 3:I56AXj9MJREM0Xulb40FQNBZwXD9so3KRfyM1K7eB/k+7W34hebJNAKyMhF7FKD:IlT9wiMVUXTStuH1jhRiI36BY Copy to Clipboard
ImpHash -
C:\Program Files (x86)\Internet Explorer\SIGNUP\be01a3c1c9db39 Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 153 Bytes
MD5 a6720d4b9f53a499e1af636f45bfc26f Copy to Clipboard
SHA1 35be0d605f1e5785102d305ddc266258b08f1281 Copy to Clipboard
SHA256 c61066c09e5affa4579533b4b0f26b7e1bda8974059f8870a86b8168780fafe6 Copy to Clipboard
SSDeep 3:EUfHzxN40siForJdT4dqSsIysSJAHM+2Znl1kyUZ:EU/EbiFQdTzSpylEM+euyUZ Copy to Clipboard
ImpHash -
C:\Program Files (x86)\Microsoft SQL Server\110\Shared\5eac4b4eaa5fda Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 117 Bytes
MD5 1c43e4c2050e2646b7d5ea708397f086 Copy to Clipboard
SHA1 336b7b4e705b150c3666c6695f0de1b60189388a Copy to Clipboard
SHA256 b724a899f6927b32803b3b464bc5b5a8c5856c01bbce3c5001f56e0bc66e3342 Copy to Clipboard
SSDeep 3:fhd3OyRbk4TfxSSIScP8fmIzyWoGQKMf:ZdHFrfxZE6m1gfMf Copy to Clipboard
ImpHash -
C:\Program Files (x86)\Windows Sidebar\886983d96e3d3e Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 49 Bytes
MD5 b7198d56c41ef4cc32c165c2e56adfc3 Copy to Clipboard
SHA1 854107af6b4913d3e98b8f34fbcf481e722d63d2 Copy to Clipboard
SHA256 9d23bf153c57e18eb9e800c29c0018cea34987aef56786d04e0ca2f454ef81b1 Copy to Clipboard
SSDeep 3:H0JJRjQsQ5jXJUTn:UJLQsiZs Copy to Clipboard
ImpHash -
C:\Users\kEecfMwgj\AppData\Local\Temp\WVAKVH0D9g Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 25 Bytes
MD5 bd6bcec5bcf2bafe84ff33ee0ee70bbf Copy to Clipboard
SHA1 4c319cf48694c38c3e7cb702d5f2b6847f8e3e9f Copy to Clipboard
SHA256 50e9a7e9b297f878e6a9b983b0c33295e888c0fce5fdf1edcd278952a84754ea Copy to Clipboard
SSDeep 3:k3P7j/UA:kH/Z Copy to Clipboard
ImpHash -
c:\hyperwinhost\__tmp_rar_sfx_access_check_24510315 Dropped File Empty
Clean
...
  • Actions
»
Also Known As __tmp_rar_sfx_access_check_24510315 (Accessed File, Dropped File)
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
b68885bf1adb8a2d3ced4002e3bdae6458dea468ece72f8dccd90e199f9d4833 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 2.07 KB
MD5 25e316aa15bd62ae896a48cd1968c3dc Copy to Clipboard
SHA1 ef6a2af33fc406178abb71412ef235a79b93f3e2 Copy to Clipboard
SHA256 b68885bf1adb8a2d3ced4002e3bdae6458dea468ece72f8dccd90e199f9d4833 Copy to Clipboard
SSDeep 48:jlUQjhimSuicVvcMUJ549Ct7ixJ/BaUS6:6QjhfSDYch49w7ixtB7x Copy to Clipboard
ImpHash -
27d3a1a2da49dc535cc10806abaae9dfa49e4f5f44a40540ead50e065b99ca68 Extracted File Image
Clean
...
»
Parent File C:\Users\kEecfMwgj\Desktop\Launcher.exe
MIME Type image/png
File Size 5.41 KB
MD5 e6ccfb6d9ffd4e1a907a47761c64bd79 Copy to Clipboard
SHA1 d6a2994dedae3527a878140aa60dcaa087b90445 Copy to Clipboard
SHA256 27d3a1a2da49dc535cc10806abaae9dfa49e4f5f44a40540ead50e065b99ca68 Copy to Clipboard
SSDeep 96:ioA0HldODFNSZCbgEZohRodU3vMg2vLWT3m5RQgVH0SmAMPzzZ2OC9vd/GrW4jD/:FlkDFNSWggWf3ILWTeMPzzZc9vd/yWe Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
a91f4373ceebadfc70b3bd0758848918f928c3c76562e3d9d531574796fd9e9c Extracted File Image
Clean
Known to be clean.
...
»
Parent File C:\Users\kEecfMwgj\Desktop\Launcher.exe
MIME Type image/png
File Size 2.81 KB
MD5 63486a769bbe3f49d5848b9c69734a25 Copy to Clipboard
SHA1 e48bd36c2f23c238206bdddf3ebb6d6862905710 Copy to Clipboard
SHA256 a91f4373ceebadfc70b3bd0758848918f928c3c76562e3d9d531574796fd9e9c Copy to Clipboard
SSDeep 48:Tppthbcpv0j+3MIG68XIZm2iVAMd+1pzX7JGkVdxU6UPyoarDZICZXBIYB8bn0eP:7bev0j+3r0JCM8zb7JGkhU68yoanZHZc Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image