Try VMRay Platform
Malicious
Classifications

Spyware Injector Downloader

Threat Names

Latrodectus Latrodectus.v18 Lumma C2/Generic-A +4

Remarks (2/3)

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

(0x02000050): This analysis has been updated with the latest reputation and static analysis results from the original analysis with the ID #18148535.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "18 minutes, 15 seconds" to "21 seconds" to reveal dormant functionality.

Remarks

(0x0200004A): 5 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 516 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\hYE6NCjf2U5trojt.exe Sample File Binary
Malicious
»
MIME Type application/vnd.microsoft.portable-executable
File Size 14.98 MB
MD5 802e41f42ecb9dd774bdf89a7586704b Copy to Clipboard
SHA1 225a3585959907d00b1ef2494deb5ed3bbf68127 Copy to Clipboard
SHA256 110f366343eeb3383a9c2fdfa3c7b4b5cec9919e6440943bbab214e558d9af01 Copy to Clipboard
SSDeep 98304:cAWfrrNnlqAPlXMUFoGB7R4uAtqauov9T7KgOlfu0IrrH3:4rdfNM4o+tH3ov9Cu0Irr Copy to Clipboard
ImpHash 1aae8bf580c846f39c71c05898e57e88 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x00477070
Size Of Code 0x00663E00
Size Of Initialized Data 0x000DA200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Version Information (8)
»
Comments This installation was built with Inno Setup.
CompanyName Blue Cat Audio
FileDescription Patchwork Setup
FileVersion
LegalCopyright
OriginalFileName
ProductName Patchwork
ProductVersion 2.68
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00663C38 0x00663E00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.06
.rdata 0x00A65000 0x00766C18 0x00766E00 0x00664200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.03
.data 0x011CC000 0x000FBE40 0x000D0C00 0x00DCB000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.8
.idata 0x012C8000 0x0000044C 0x00000600 0x00E9BC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.88
.reloc 0x012C9000 0x0005678C 0x00056800 0x00E9C200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.68
.symtab 0x01320000 0x00000004 0x00000200 0x00EF2A00 IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.02
.rsrc 0x01321000 0x0000949C 0x00009600 0x00EF2C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.85
Imports (1)
»
kernel32.dll (44)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile - 0x011CCA60 0x00EC8398 0x00E9BF98 0x00000000
WriteConsoleW - 0x011CCA64 0x00EC839C 0x00E9BF9C 0x00000000
WerSetFlags - 0x011CCA68 0x00EC83A0 0x00E9BFA0 0x00000000
WerGetFlags - 0x011CCA6C 0x00EC83A4 0x00E9BFA4 0x00000000
WaitForMultipleObjects - 0x011CCA70 0x00EC83A8 0x00E9BFA8 0x00000000
WaitForSingleObject - 0x011CCA74 0x00EC83AC 0x00E9BFAC 0x00000000
VirtualQuery - 0x011CCA78 0x00EC83B0 0x00E9BFB0 0x00000000
VirtualFree - 0x011CCA7C 0x00EC83B4 0x00E9BFB4 0x00000000
VirtualAlloc - 0x011CCA80 0x00EC83B8 0x00E9BFB8 0x00000000
TlsAlloc - 0x011CCA84 0x00EC83BC 0x00E9BFBC 0x00000000
SwitchToThread - 0x011CCA88 0x00EC83C0 0x00E9BFC0 0x00000000
SuspendThread - 0x011CCA8C 0x00EC83C4 0x00E9BFC4 0x00000000
SetWaitableTimer - 0x011CCA90 0x00EC83C8 0x00E9BFC8 0x00000000
SetUnhandledExceptionFilter - 0x011CCA94 0x00EC83CC 0x00E9BFCC 0x00000000
SetProcessPriorityBoost - 0x011CCA98 0x00EC83D0 0x00E9BFD0 0x00000000
SetEvent - 0x011CCA9C 0x00EC83D4 0x00E9BFD4 0x00000000
SetErrorMode - 0x011CCAA0 0x00EC83D8 0x00E9BFD8 0x00000000
SetConsoleCtrlHandler - 0x011CCAA4 0x00EC83DC 0x00E9BFDC 0x00000000
ResumeThread - 0x011CCAA8 0x00EC83E0 0x00E9BFE0 0x00000000
RaiseFailFastException - 0x011CCAAC 0x00EC83E4 0x00E9BFE4 0x00000000
PostQueuedCompletionStatus - 0x011CCAB0 0x00EC83E8 0x00E9BFE8 0x00000000
LoadLibraryW - 0x011CCAB4 0x00EC83EC 0x00E9BFEC 0x00000000
LoadLibraryExW - 0x011CCAB8 0x00EC83F0 0x00E9BFF0 0x00000000
SetThreadContext - 0x011CCABC 0x00EC83F4 0x00E9BFF4 0x00000000
GetThreadContext - 0x011CCAC0 0x00EC83F8 0x00E9BFF8 0x00000000
GetSystemInfo - 0x011CCAC4 0x00EC83FC 0x00E9BFFC 0x00000000
GetSystemDirectoryA - 0x011CCAC8 0x00EC8400 0x00E9C000 0x00000000
GetStdHandle - 0x011CCACC 0x00EC8404 0x00E9C004 0x00000000
GetQueuedCompletionStatusEx - 0x011CCAD0 0x00EC8408 0x00E9C008 0x00000000
GetProcessAffinityMask - 0x011CCAD4 0x00EC840C 0x00E9C00C 0x00000000
GetProcAddress - 0x011CCAD8 0x00EC8410 0x00E9C010 0x00000000
GetErrorMode - 0x011CCADC 0x00EC8414 0x00E9C014 0x00000000
GetEnvironmentStringsW - 0x011CCAE0 0x00EC8418 0x00E9C018 0x00000000
GetCurrentThreadId - 0x011CCAE4 0x00EC841C 0x00E9C01C 0x00000000
GetConsoleMode - 0x011CCAE8 0x00EC8420 0x00E9C020 0x00000000
FreeEnvironmentStringsW - 0x011CCAEC 0x00EC8424 0x00E9C024 0x00000000
ExitProcess - 0x011CCAF0 0x00EC8428 0x00E9C028 0x00000000
DuplicateHandle - 0x011CCAF4 0x00EC842C 0x00E9C02C 0x00000000
CreateWaitableTimerExW - 0x011CCAF8 0x00EC8430 0x00E9C030 0x00000000
CreateThread - 0x011CCAFC 0x00EC8434 0x00E9C034 0x00000000
CreateIoCompletionPort - 0x011CCB00 0x00EC8438 0x00E9C038 0x00000000
CreateEventA - 0x011CCB04 0x00EC843C 0x00E9C03C 0x00000000
CloseHandle - 0x011CCB08 0x00EC8440 0x00E9C040 0x00000000
AddVectoredExceptionHandler - 0x011CCB0C 0x00EC8444 0x00E9C044 0x00000000
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
hye6ncjf2u5trojt.exe 1 0x004E0000 0x0140AFFF Relevant Image False 32-bit 0x0055713A False
buffer 1 0x02272000 0x022ABFFF Image In Buffer False 32-bit - False
buffer 1 0x023E4000 0x0242FFFF Image In Buffer False 32-bit - False
hye6ncjf2u5trojt.exe 1 0x004E0000 0x0140AFFF Process Termination False 32-bit - False
C:\Users\OQXZRA~1\AppData\Local\Temp\fqefafaz.dll Dropped File Binary
Malicious
»
Also Known As :wtfbbq (Accessed File, Dropped File)
C:\Users\OqXZRaykm\AppData\Roaming\Custom_update\Update_184d9eb9.dll (Accessed File)
\??\C:\Users\OqXZRaykm\AppData\Roaming\Custom_update\Update_184d9eb9.dll (Accessed File, Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 1.62 MB
MD5 a78a9d8d84a9313f8d70b354119a2034 Copy to Clipboard
SHA1 fab6586db9c26a0ca5c02500af77e8df41e0d941 Copy to Clipboard
SHA256 ec1a234c35609362906a0c5e7fb2a2670f3c8bf6d25b22fb9f0b47a049870195 Copy to Clipboard
SSDeep 24576:OZUojo622mgFSgT95BG1Dod9eIJb6/Y9rQcZ9pIkh4bdY59ed2ABHSm0F:OiW22vFR5s1HIVCY9kQ9SkmbyedjBp0F Copy to Clipboard
ImpHash db0bbbf94096c1ecc4288f7345efbc8d Copy to Clipboard
Static Analysis Parser Error parsing signature failed: cannot parse signature content info
PE Information
»
Image Base 0x61000000
Entry Point 0x610A2080
Size Of Code 0x00100A00
Size Of Initialized Data 0x0009F800
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2024-09-26 20:52 (UTC+2)
Version Information (8)
»
CompanyName NVIDIA Corporation
FileDescription NVIDIA User Experience Driver Component
FileVersion 8.17.15.6590
InternalName nvxdbat.dll
LegalCopyright (C) 2024 NVIDIA Corporation. All rights reserved.
OriginalFilename nvxdbat.dll
ProductName NVIDIA User Experience Driver Component
ProductVersion 8.17.15.6590
Sections (9)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.orpc 0x61001000 0x000000FF 0x00000200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 3.58
.text 0x61002000 0x0010064F 0x00100800 0x00000600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.38
.rdata 0x61103000 0x000656DC 0x00065800 0x00100E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.59
.data 0x61169000 0x00012BB4 0x0000B000 0x00166600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.37
.pdata 0x6117C000 0x0000BD84 0x0000BE00 0x00171600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.11
.didat 0x61188000 0x00000018 0x00000200 0x0017D400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.15
.tls 0x61189000 0x00000009 0x00000200 0x0017D600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x6118A000 0x0002044C 0x00020600 0x0017D800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.27
.reloc 0x611AB000 0x000026E4 0x00002800 0x0019DE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.44
Imports (7)
»
RPCRT4.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NdrDllUnregisterProxy - 0x611034B8 0x00167858 0x00165658 0x000000D8
NdrOleFree - 0x611034C0 0x00167860 0x00165660 0x00000118
CStdStubBuffer_QueryInterface - 0x611034C8 0x00167868 0x00165668 0x00000008
CStdStubBuffer_AddRef - 0x611034D0 0x00167870 0x00165670 0x00000000
CStdStubBuffer_Connect - 0x611034D8 0x00167878 0x00165678 0x00000001
CStdStubBuffer_Disconnect - 0x611034E0 0x00167880 0x00165680 0x00000005
CStdStubBuffer_Invoke - 0x611034E8 0x00167888 0x00165688 0x00000006
CStdStubBuffer_IsIIDSupported - 0x611034F0 0x00167890 0x00165690 0x00000007
CStdStubBuffer_CountRefs - 0x611034F8 0x00167898 0x00165698 0x00000002
CStdStubBuffer_DebugServerQueryInterface - 0x61103500 0x001678A0 0x001656A0 0x00000003
CStdStubBuffer_DebugServerRelease - 0x61103508 0x001678A8 0x001656A8 0x00000004
IUnknown_QueryInterface_Proxy - 0x61103510 0x001678B0 0x001656B0 0x00000010
IUnknown_AddRef_Proxy - 0x61103518 0x001678B8 0x001656B8 0x0000000F
IUnknown_Release_Proxy - 0x61103520 0x001678C0 0x001656C0 0x00000011
NdrCStdStubBuffer_Release - 0x61103528 0x001678C8 0x001656C8 0x000000A1
NdrDllGetClassObject - 0x61103530 0x001678D0 0x001656D0 0x000000D6
NdrDllCanUnloadNow - 0x61103538 0x001678D8 0x001656D8 0x000000D5
NdrDllRegisterProxy - 0x61103540 0x001678E0 0x001656E0 0x000000D7
NdrOleAllocate - 0x61103548 0x001678E8 0x001656E8 0x00000117
WTSAPI32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WTSFreeMemory - 0x61103568 0x00167908 0x00165708 0x00000017
WTSEnumerateSessionsW - 0x61103570 0x00167910 0x00165710 0x00000016
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
PathFindFileNameW - 0x61103558 0x001678F8 0x001656F8 0x0000004D
KERNEL32.dll (122)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeviceIoControl - 0x611030A0 0x00167440 0x00165240 0x00000121
SetFilePointerEx - 0x611030A8 0x00167448 0x00165248 0x00000531
RemoveDirectoryW - 0x611030B0 0x00167450 0x00165250 0x000004BD
FindNextFileW - 0x611030B8 0x00167458 0x00165258 0x00000192
FindClose - 0x611030C0 0x00167460 0x00165260 0x0000017B
DeleteFileW - 0x611030C8 0x00167468 0x00165268 0x00000116
CreateDirectoryW - 0x611030D0 0x00167470 0x00165270 0x000000BA
FormatMessageA - 0x611030D8 0x00167478 0x00165278 0x000001AC
GetModuleHandleA - 0x611030E0 0x00167480 0x00165280 0x0000027B
DecodePointer - 0x611030E8 0x00167488 0x00165288 0x0000010A
RaiseException - 0x611030F0 0x00167490 0x00165290 0x00000466
GetLastError - 0x611030F8 0x00167498 0x00165298 0x00000267
InitializeCriticalSectionEx - 0x61103100 0x001674A0 0x001652A0 0x00000369
DeleteCriticalSection - 0x61103108 0x001674A8 0x001652A8 0x00000111
EncodePointer - 0x61103110 0x001674B0 0x001652B0 0x00000131
EnterCriticalSection - 0x61103118 0x001674B8 0x001652B8 0x00000135
LeaveCriticalSection - 0x61103120 0x001674C0 0x001652C0 0x000003C0
FreeLibrary - 0x61103128 0x001674C8 0x001652C8 0x000001B1
GetModuleFileNameW - 0x61103130 0x001674D0 0x001652D0 0x0000027A
GetModuleHandleW - 0x61103138 0x001674D8 0x001652D8 0x0000027E
GetProcAddress - 0x61103140 0x001674E0 0x001652E0 0x000002B5
LoadLibraryExW - 0x61103148 0x001674E8 0x001652E8 0x000003C6
LoadResource - 0x61103150 0x001674F0 0x001652F0 0x000003CA
SizeofResource - 0x61103158 0x001674F8 0x001652F8 0x0000058A
FindResourceW - 0x61103160 0x00167500 0x00165300 0x0000019C
lstrcmpiW - 0x61103168 0x00167508 0x00165308 0x00000646
MultiByteToWideChar - 0x61103170 0x00167510 0x00165310 0x000003F2
GetThreadLocale - 0x61103178 0x00167518 0x00165318 0x00000306
SetThreadLocale - 0x61103180 0x00167520 0x00165320 0x00000569
ExpandEnvironmentStringsW - 0x61103188 0x00167528 0x00165328 0x00000168
CreateFileW - 0x61103190 0x00167530 0x00165330 0x000000CB
GetFileSizeEx - 0x61103198 0x00167538 0x00165338 0x00000253
WriteFile - 0x611031A0 0x00167540 0x00165340 0x00000621
OutputDebugStringW - 0x611031A8 0x00167548 0x00165348 0x0000041C
CloseHandle - 0x611031B0 0x00167550 0x00165350 0x00000086
QueryPerformanceCounter - 0x611031B8 0x00167558 0x00165358 0x00000450
QueryPerformanceFrequency - 0x611031C0 0x00167560 0x00165360 0x00000451
HeapAlloc - 0x611031C8 0x00167568 0x00165368 0x0000034E
HeapReAlloc - 0x611031D0 0x00167570 0x00165370 0x00000355
RtlPcToFileHeader - 0x611031D8 0x00167578 0x00165378 0x000004DC
GetProcessHeap - 0x611031E0 0x00167580 0x00165380 0x000002BB
SetEvent - 0x611031E8 0x00167588 0x00165388 0x00000524
ReleaseSemaphore - 0x611031F0 0x00167590 0x00165390 0x000004B8
ReleaseMutex - 0x611031F8 0x00167598 0x00165398 0x000004B4
WaitForSingleObject - 0x61103200 0x001675A0 0x001653A0 0x000005E6
WaitForSingleObjectEx - 0x61103208 0x001675A8 0x001653A8 0x000005E7
CreateMutexW - 0x61103210 0x001675B0 0x001653B0 0x000000DA
CreateEventA - 0x61103218 0x001675B8 0x001653B8 0x000000BC
GetProcessTimes - 0x61103220 0x001675C0 0x001653C0 0x000002C5
GetCurrentProcess - 0x61103228 0x001675C8 0x001653C8 0x0000021D
GetCurrentProcessId - 0x61103230 0x001675D0 0x001653D0 0x0000021E
GetCurrentThreadId - 0x61103238 0x001675D8 0x001653D8 0x00000222
GetSystemTimeAsFileTime - 0x61103240 0x001675E0 0x001653E0 0x000002F0
WideCharToMultiByte - 0x61103248 0x001675E8 0x001653E8 0x0000060D
GetCurrentThread - 0x61103250 0x001675F0 0x001653F0 0x00000221
WTSGetActiveConsoleSessionId - 0x61103258 0x001675F8 0x001653F8 0x000005E0
LocalFree - 0x61103260 0x00167600 0x00165400 0x000003D2
GetFileAttributesW - 0x61103268 0x00167608 0x00165408 0x0000024C
SetLastError - 0x61103270 0x00167610 0x00165410 0x0000053F
ResetEvent - 0x61103278 0x00167618 0x00165418 0x000004CA
TerminateProcess - 0x61103280 0x00167620 0x00165420 0x0000059A
GetLocaleInfoW - 0x61103288 0x00167628 0x00165428 0x0000026B
CreateSemaphoreA - 0x61103290 0x00167630 0x00165430 0x000000E9
WaitForMultipleObjectsEx - 0x61103298 0x00167638 0x00165438 0x000005E5
MoveFileExW - 0x611032A0 0x00167640 0x00165440 0x000003EB
HeapFree - 0x611032A8 0x00167648 0x00165448 0x00000352
AreFileApisANSI - 0x611032B0 0x00167650 0x00165450 0x00000023
RtlUnwindEx - 0x611032B8 0x00167658 0x00165458 0x000004E0
InterlockedPushEntrySList - 0x611032C0 0x00167660 0x00165460 0x00000372
WriteConsoleW - 0x611032C8 0x00167668 0x00165468 0x00000620
InterlockedFlushSList - 0x611032D0 0x00167670 0x00165470 0x00000370
VirtualAlloc - 0x611032D8 0x00167678 0x00165478 0x000005D5
ExitProcess - 0x611032E0 0x00167680 0x00165480 0x00000164
GetModuleHandleExW - 0x611032E8 0x00167688 0x00165488 0x0000027D
GetDateFormatW - 0x611032F0 0x00167690 0x00165490 0x00000228
GetTimeFormatW - 0x611032F8 0x00167698 0x00165498 0x00000313
IsValidLocale - 0x61103300 0x001676A0 0x001654A0 0x00000390
GetUserDefaultLCID - 0x61103308 0x001676A8 0x001654A8 0x0000031B
EnumSystemLocalesW - 0x61103310 0x001676B0 0x001654B0 0x00000159
GetStdHandle - 0x61103318 0x001676B8 0x001654B8 0x000002D9
GetFileType - 0x61103320 0x001676C0 0x001654C0 0x00000255
GetTimeZoneInformation - 0x61103328 0x001676C8 0x001654C8 0x00000315
FindFirstFileExW - 0x61103330 0x001676D0 0x001654D0 0x00000181
IsValidCodePage - 0x61103338 0x001676D8 0x001654D8 0x0000038E
GetACP - 0x61103340 0x001676E0 0x001654E0 0x000001B8
GetOEMCP - 0x61103348 0x001676E8 0x001654E8 0x0000029E
GetCommandLineA - 0x61103350 0x001676F0 0x001654F0 0x000001DC
GetCommandLineW - 0x61103358 0x001676F8 0x001654F8 0x000001DD
GetEnvironmentStringsW - 0x61103360 0x00167700 0x00165500 0x0000023E
FreeEnvironmentStringsW - 0x61103368 0x00167708 0x00165508 0x000001B0
SetEnvironmentVariableW - 0x61103370 0x00167710 0x00165510 0x00000522
FlushFileBuffers - 0x61103378 0x00167718 0x00165518 0x000001A5
GetConsoleCP - 0x61103380 0x00167720 0x00165520 0x000001F0
GetConsoleMode - 0x61103388 0x00167728 0x00165528 0x00000202
ReadFile - 0x61103390 0x00167730 0x00165530 0x00000477
SetStdHandle - 0x61103398 0x00167738 0x00165538 0x00000557
ReadConsoleW - 0x611033A0 0x00167740 0x00165540 0x00000474
HeapSize - 0x611033A8 0x00167748 0x00165548 0x00000357
OpenEventA - 0x611033B0 0x00167750 0x00165550 0x00000403
GetCPInfo - 0x611033B8 0x00167758 0x00165558 0x000001C7
LCMapStringW - 0x611033C0 0x00167760 0x00165560 0x000003B4
CompareStringW - 0x611033C8 0x00167768 0x00165568 0x0000009B
TlsFree - 0x611033D0 0x00167770 0x00165570 0x000005AD
TlsSetValue - 0x611033D8 0x00167778 0x00165578 0x000005AF
TlsGetValue - 0x611033E0 0x00167780 0x00165580 0x000005AE
TlsAlloc - 0x611033E8 0x00167788 0x00165588 0x000005AC
InitializeCriticalSectionAndSpinCount - 0x611033F0 0x00167790 0x00165590 0x00000368
GetStringTypeW - 0x611033F8 0x00167798 0x00165598 0x000002DE
GetStartupInfoW - 0x61103400 0x001677A0 0x001655A0 0x000002D7
IsDebuggerPresent - 0x61103408 0x001677A8 0x001655A8 0x00000382
InitializeSListHead - 0x61103410 0x001677B0 0x001655B0 0x0000036C
IsProcessorFeaturePresent - 0x61103418 0x001677B8 0x001655B8 0x00000389
SetUnhandledExceptionFilter - 0x61103420 0x001677C0 0x001655C0 0x0000057B
UnhandledExceptionFilter - 0x61103428 0x001677C8 0x001655C8 0x000005BC
RtlVirtualUnwind - 0x61103430 0x001677D0 0x001655D0 0x000004E1
RtlLookupFunctionEntry - 0x61103438 0x001677D8 0x001655D8 0x000004DA
RtlCaptureContext - 0x61103440 0x001677E0 0x001655E0 0x000004D3
CreateEventW - 0x61103448 0x001677E8 0x001655E8 0x000000BF
LoadLibraryExA - 0x61103450 0x001677F0 0x001655F0 0x000003C5
VirtualQuery - 0x61103458 0x001677F8 0x001655F8 0x000005DD
VirtualProtect - 0x61103460 0x00167800 0x00165600 0x000005DB
GetSystemInfo - 0x61103468 0x00167808 0x00165608 0x000002EA
ADVAPI32.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTraceLoggerHandle - 0x61103000 0x001673A0 0x001651A0 0x00000173
RegEnumValueW - 0x61103008 0x001673A8 0x001651A8 0x0000027D
RegQueryValueExW - 0x61103010 0x001673B0 0x001651B0 0x00000299
GetTokenInformation - 0x61103018 0x001673B8 0x001651B8 0x00000170
OpenThreadToken - 0x61103020 0x001673C0 0x001651C0 0x0000021A
OpenProcessToken - 0x61103028 0x001673C8 0x001651C8 0x00000215
TraceMessage - 0x61103030 0x001673D0 0x001651D0 0x00000328
RegSetValueExW - 0x61103038 0x001673D8 0x001651D8 0x000002A9
RegQueryInfoKeyW - 0x61103040 0x001673E0 0x001651E0 0x00000293
RegOpenKeyExW - 0x61103048 0x001673E8 0x001651E8 0x0000028C
RegEnumKeyExW - 0x61103050 0x001673F0 0x001651F0 0x0000027A
RegDeleteValueW - 0x61103058 0x001673F8 0x001651F8 0x00000273
RegDeleteKeyW - 0x61103060 0x00167400 0x00165200 0x0000026F
RegCreateKeyExW - 0x61103068 0x00167408 0x00165208 0x00000264
RegCloseKey - 0x61103070 0x00167410 0x00165210 0x0000025B
GetTraceEnableFlags - 0x61103078 0x00167418 0x00165218 0x00000171
GetTraceEnableLevel - 0x61103080 0x00167420 0x00165220 0x00000172
UnregisterTraceGuids - 0x61103088 0x00167428 0x00165228 0x00000335
RegisterTraceGuidsW - 0x61103090 0x00167430 0x00165230 0x000002B5
ole32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoTaskMemFree - 0x61103580 0x00167920 0x00165720 0x0000008C
CoGetStdMarshalEx - 0x61103588 0x00167928 0x00165728 0x00000059
CoTaskMemRealloc - 0x61103590 0x00167930 0x00165730 0x0000008D
CoCreateInstanceEx - 0x61103598 0x00167938 0x00165738 0x0000002C
CoTaskMemAlloc - 0x611035A0 0x00167940 0x00165740 0x0000008B
StringFromGUID2 - 0x611035A8 0x00167948 0x00165748 0x0000020C
CoCreateInstance - 0x611035B0 0x00167950 0x00165750 0x0000002B
OLEAUT32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString 0x00000002 0x61103478 0x00167818 0x00165618 -
SysStringLen 0x00000007 0x61103480 0x00167820 0x00165620 -
VarUI4FromStr 0x00000115 0x61103488 0x00167828 0x00165628 -
LoadTypeLib 0x000000A1 0x61103490 0x00167830 0x00165630 -
RegisterTypeLib 0x000000A3 0x61103498 0x00167838 0x00165638 -
UnRegisterTypeLib 0x000000BA 0x611034A0 0x00167840 0x00165640 -
SysFreeString 0x00000006 0x611034A8 0x00167848 0x00165648 -
Exports (5)
»
API Name EAT Address Ordinal
DllCanUnloadNow 0x00082F10 0x00000001
Nonnect 0x00082F60 0x00000002
Object 0x00082FB0 0x00000003
Nonnect 0x00083020 0x00000004
Nonnect 0x00083050 0x00000005
e1e4e2489126e3bb595f9d15068a3ff61901616d7a12c3469f7bde7558eaf9a9 Downloaded File HTML
Clean
»
MIME Type text/html
File Size 33.95 KB
MD5 0c87abe9fa41f505613656c1be851b76 Copy to Clipboard
SHA1 547bfbbf328023c8abe5ffab91f62735b5de1b6c Copy to Clipboard
SHA256 e1e4e2489126e3bb595f9d15068a3ff61901616d7a12c3469f7bde7558eaf9a9 Copy to Clipboard
SSDeep 768:H5lpqEg8QE2fJoAa1+rG8vAA9TBv++nIjBtPF5zfhkPXo8A5LTBv++nIjBtPF5x3:Zl8Eg8QE2fJoAa1+rG29TBv++nIjBtPG Copy to Clipboard
ImpHash -
Static Analysis Parser Error HTML parser encountered errors
Extracted URLs (67)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Malicious
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Malicious
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Malicious
Show WHOIS
Not Available
Show WHOIS
Not Available
Show WHOIS
Not Available
9048459b0a91c3739d3520d80993706ba86daace91f2807c6457be0220622129 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 15.48 KB
MD5 32544b7fa8a4e7da5760368e678c8e1b Copy to Clipboard
SHA1 8fbbdc6fcc683b7bed5a9b2f8f4cbece0195d532 Copy to Clipboard
SHA256 9048459b0a91c3739d3520d80993706ba86daace91f2807c6457be0220622129 Copy to Clipboard
SSDeep 384:DsM7gQQOU1S43Z4bOvWpq3bdNbvyOyfyIlT7u43JV:DsM7YxSMGVqrdAzyyvj3H Copy to Clipboard
ImpHash -
f8f40109aeef97d3779e618b392451a6b9c746c3c57025d11adfc876694b6440 Downloaded File Stream
Clean
»
MIME Type application/octet-stream
File Size 10.66 KB
MD5 b26b98746b82e60364c00cb303f002e5 Copy to Clipboard
SHA1 a6d918b7090e0c3666da0234ab98a52dac46b6a1 Copy to Clipboard
SHA256 f8f40109aeef97d3779e618b392451a6b9c746c3c57025d11adfc876694b6440 Copy to Clipboard
SSDeep 192:G6I0qFHZI0AJqw6dXCQ7Re0dB9qGpR3VhsUIB5klna7NTzMR1SfebtCzD:PI0qRZI0Akw8p1zJpRlx/nUwofECX Copy to Clipboard
ImpHash -
a957231e7faa0d04c5ebed2e956b74ef212e1fbc7c4b3eb2551f399138eaf95d Downloaded File Stream
Clean
»
MIME Type application/octet-stream
File Size 1.71 KB
MD5 5c09d13f29db265a1d686b593cdf1d4e Copy to Clipboard
SHA1 7c57e6b4ffc0b24289d4c82653ff26c11d56dc7a Copy to Clipboard
SHA256 a957231e7faa0d04c5ebed2e956b74ef212e1fbc7c4b3eb2551f399138eaf95d Copy to Clipboard
SSDeep 24:OUOhd8b5cizHMx9dvC2//HnY8XRfPI8AW+Z3dObkjX:dJsBvJ34g9AvZ3k2X Copy to Clipboard
ImpHash -
eaa80821df6cffbd2c3f2089b6cab2944a4701c9fc9548cb619c7be0db428384 Downloaded File Stream
Clean
»
MIME Type application/octet-stream
File Size 1.25 KB
MD5 bdbf6051295cb8a400b77897571b787b Copy to Clipboard
SHA1 11f861f99973c20eba7bbab3300128b661b80ce2 Copy to Clipboard
SHA256 eaa80821df6cffbd2c3f2089b6cab2944a4701c9fc9548cb619c7be0db428384 Copy to Clipboard
SSDeep 12:uVgki4UsdTVgkimTVgkimP3TVgkiPtmfVgkiseQXkPCWg298kcwiVY9AOUQe8oI3:OUOhdkfrcwgCrXeMsNQrjDZnU84E Copy to Clipboard
ImpHash -
3dac190d16f910d16b9832a6bd8c0cf228db98757dab24e1853c68da03145521 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 176 Bytes
MD5 f29f061bfd53006de484067f2246d3fd Copy to Clipboard
SHA1 f2b09934da8e6f000a623a143ee2f9cf7adbad9d Copy to Clipboard
SHA256 3dac190d16f910d16b9832a6bd8c0cf228db98757dab24e1853c68da03145521 Copy to Clipboard
SSDeep 3:9KxHwQKlrriLx+FrctNcvgHQGby/OP9g/TsvQa0utyidlDz3lm/k2X0qK3yiUXON:98w1hri0Frcekd5Ya9yi/DbrqKC9O00 Copy to Clipboard
ImpHash -
d54a672ddc539935f9d6d80d9ef729b4e3521ac17d6f22daebb67c93f4d2e24e Downloaded File Text
Clean
»
MIME Type text/plain
File Size 111 Bytes
MD5 3323e00ae93cba307954baeccaf804cd Copy to Clipboard
SHA1 2988f5e3e83ee731be3b80cf27c35381fb89f7c1 Copy to Clipboard
SHA256 d54a672ddc539935f9d6d80d9ef729b4e3521ac17d6f22daebb67c93f4d2e24e Copy to Clipboard
SSDeep 3:vRYR69RrJMb31LUTtoaUVe1lWkwpDNJNYHVK45TQVO:JYR8Rt43BUTXNEnY39 Copy to Clipboard
ImpHash -
1f65289781951e7015d65953ff3018339ae39a69d55af70f74c47592d8527303 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 76 Bytes
MD5 e5fd9680cc35279809dbc67a3c77ca06 Copy to Clipboard
SHA1 764b02945125bfb645c9cff42f095c1565a921f0 Copy to Clipboard
SHA256 1f65289781951e7015d65953ff3018339ae39a69d55af70f74c47592d8527303 Copy to Clipboard
SSDeep 3:vR/M6ECJMb31LUTtoaUVe1lWkwpn:Jk843BUTXNEp Copy to Clipboard
ImpHash -
f7db76cb23e29fadfdf2c998934c9f6be74779511694bf2ce605773b59c1dd89 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 16 Bytes
MD5 8ddc4e317b2186df8f0bde9b68247bee Copy to Clipboard
SHA1 8f8efe44c9905182f274796a926f0e0969a7bb98 Copy to Clipboard
SHA256 f7db76cb23e29fadfdf2c998934c9f6be74779511694bf2ce605773b59c1dd89 Copy to Clipboard
SSDeep 3:vn0Gn:vn0Gn Copy to Clipboard
ImpHash -
04339c5b1cd2339b03ffd50bc302c17f6c3ea7a39abbe96dd4ea5ad6d9796764 Downloaded File Text
Clean
»
MIME Type text/plain
File Size 8 Bytes
MD5 faf57b74d4f3a37d109433c62e0d0fbd Copy to Clipboard
SHA1 b844716b8f45b1069bb05a63c94df160aeb7bfba Copy to Clipboard
SHA256 04339c5b1cd2339b03ffd50bc302c17f6c3ea7a39abbe96dd4ea5ad6d9796764 Copy to Clipboard
SSDeep 3:vRFc:Je Copy to Clipboard
ImpHash -
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Downloaded File Text
Clean
Known to be clean.
»
MIME Type text/plain
File Size 2 Bytes
MD5 444bcb3a3fcf8389296c49467f27e1d6 Copy to Clipboard
SHA1 7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb Copy to Clipboard
SHA256 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df Copy to Clipboard
SSDeep 3:V:V Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
395f808bc1b6c6bebecc448d99fcdceb20a60f7e9d67d4072fc3a0b838388f44 Extracted File Image
Clean
»
Parent File 7ae55497bf149ae78ca23500ad82e00b367683671bb37ddce5041756bbcf0660
MIME Type image/png
File Size 56.20 KB
MD5 3794499a80764a19e5da2f82c4959e33 Copy to Clipboard
SHA1 21b5f25f42015b5d61808ba696b91cd09d6436fb Copy to Clipboard
SHA256 395f808bc1b6c6bebecc448d99fcdceb20a60f7e9d67d4072fc3a0b838388f44 Copy to Clipboard
SSDeep 1536:msaxn0jDJ7n0yRuMxadZFAntGCO6PxmBtn5IHehMJ:mVS570M9kdatGCO+xmBc+hMJ Copy to Clipboard
ImpHash -
d99779e3f2e3797c2196998f9f15366e7c443276336356a54ba51099b9b6862f Extracted File Image
Clean
»
Parent File C:\Users\OqXZRaykm\Desktop\hYE6NCjf2U5trojt.exe
MIME Type image/png
File Size 33.52 KB
MD5 d4a14130b4e6a90b6d53ce6e19de67c5 Copy to Clipboard
SHA1 56253fb15c78bb1b783ce076aaa2cd2177092fda Copy to Clipboard
SHA256 d99779e3f2e3797c2196998f9f15366e7c443276336356a54ba51099b9b6862f Copy to Clipboard
SSDeep 768:hCkfWLRkpxcpOShdLYKIPBst3NMlWYyDsGCq/VlO:ffWLRkp/KIP2tdMtGCqNlO Copy to Clipboard
ImpHash -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image