Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

RedLine RedLine.A Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-05-05T23:49:55+00:00

build.exe

Windows Exe (x86-64)
...

Remarks (2/2)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes" to "10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\build.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 351.00 KB
MD5 e00381635f0deee1380080b322aec301 Copy to Clipboard
SHA1 751c7ac25d1cbd1a789bea64f46bb226d9cd43e1 Copy to Clipboard
SHA256 18c790568c6e0e30d600135a33a9e41ff55e076600fec006772d95849abc4def Copy to Clipboard
SSDeep 6144:Vkup0yN90QEsvxUDJchSJrcu78hp1mQlZDJ0ML:Wy900WDJLJrtKp1mGRJ0g Copy to Clipboard
ImpHash 013c74198fc6e42dcf33737d6c40c012 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x140000000
Entry Point 0x1400080C0
Size Of Code 0x00008200
Size Of Initialized Data 0x0004F600
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2014-10-31 06:12 (UTC+1)
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription Archivo autoextractor de archivos CAB de Win32
FileVersion 11.00.9600.16384 (winblue_rtm.130821-1623)
InternalName Wextract
LegalCopyright © Microsoft Corporation. Todos los derechos reservados.
OriginalFilename WEXTRACT.EXE .MUI
ProductName Internet Explorer
ProductVersion 11.00.9600.16384
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x00008180 0x00008200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.27
.data 0x14000A000 0x00001E60 0x00000200 0x00008600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.03
.pdata 0x14000C000 0x00000408 0x00000600 0x00008800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.21
.idata 0x14000D000 0x000015DC 0x00001600 0x00008E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.44
.rsrc 0x14000F000 0x0004E000 0x0004D600 0x0000A400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.75
.reloc 0x14005D000 0x00000024 0x00000200 0x00057A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.4
Imports (8)
»
ADVAPI32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
OpenProcessToken - 0x14000D000 0x0000D5E8 0x000093E8 0x00000212
GetTokenInformation - 0x14000D008 0x0000D5F0 0x000093F0 0x0000016F
RegSetValueExA - 0x14000D010 0x0000D5F8 0x000093F8 0x000002A1
EqualSid - 0x14000D018 0x0000D600 0x00009400 0x00000118
RegQueryValueExA - 0x14000D020 0x0000D608 0x00009408 0x00000291
LookupPrivilegeValueA - 0x14000D028 0x0000D610 0x00009410 0x000001AC
RegCreateKeyExA - 0x14000D030 0x0000D618 0x00009418 0x0000025C
RegOpenKeyExA - 0x14000D038 0x0000D620 0x00009420 0x00000284
RegQueryInfoKeyA - 0x14000D040 0x0000D628 0x00009428 0x0000028B
RegDeleteValueA - 0x14000D048 0x0000D630 0x00009430 0x0000026B
AllocateAndInitializeSid - 0x14000D050 0x0000D638 0x00009438 0x00000020
FreeSid - 0x14000D058 0x0000D640 0x00009440 0x00000133
AdjustTokenPrivileges - 0x14000D060 0x0000D648 0x00009448 0x0000001F
RegCloseKey - 0x14000D068 0x0000D650 0x00009450 0x00000254
KERNEL32.dll (85)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetPrivateProfileIntA - 0x14000D0C0 0x0000D6A8 0x000094A8 0x0000029A
GetFileAttributesA - 0x14000D0C8 0x0000D6B0 0x000094B0 0x00000237
IsDBCSLeadByte - 0x14000D0D0 0x0000D6B8 0x000094B8 0x00000368
GetSystemDirectoryA - 0x14000D0D8 0x0000D6C0 0x000094C0 0x000002D3
GlobalUnlock - 0x14000D0E0 0x0000D6C8 0x000094C8 0x00000332
GetShortPathNameA - 0x14000D0E8 0x0000D6D0 0x000094D0 0x000002C1
CreateDirectoryA - 0x14000D0F0 0x0000D6D8 0x000094D8 0x000000AD
FindFirstFileA - 0x14000D0F8 0x0000D6E0 0x000094E0 0x00000172
GetLastError - 0x14000D100 0x0000D6E8 0x000094E8 0x00000256
GetProcAddress - 0x14000D108 0x0000D6F0 0x000094F0 0x000002A4
RemoveDirectoryA - 0x14000D110 0x0000D6F8 0x000094F8 0x00000496
SetFileAttributesA - 0x14000D118 0x0000D700 0x00009500 0x00000503
GlobalFree - 0x14000D120 0x0000D708 0x00009508 0x00000327
FindClose - 0x14000D128 0x0000D710 0x00009510 0x0000016E
GetPrivateProfileStringA - 0x14000D130 0x0000D718 0x00009518 0x000002A0
LoadLibraryA - 0x14000D138 0x0000D720 0x00009520 0x000003A8
LocalAlloc - 0x14000D140 0x0000D728 0x00009528 0x000003B1
WritePrivateProfileStringA - 0x14000D148 0x0000D730 0x00009530 0x000005F6
GetModuleFileNameA - 0x14000D150 0x0000D738 0x00009538 0x00000268
FindNextFileA - 0x14000D158 0x0000D740 0x00009540 0x00000183
CompareStringA - 0x14000D160 0x0000D748 0x00009548 0x00000090
_lopen - 0x14000D168 0x0000D750 0x00009550 0x0000060B
CloseHandle - 0x14000D170 0x0000D758 0x00009558 0x0000007F
LocalFree - 0x14000D178 0x0000D760 0x00009560 0x000003B5
DeleteFileA - 0x14000D180 0x0000D768 0x00009568 0x00000108
ExitProcess - 0x14000D188 0x0000D770 0x00009570 0x00000157
DosDateTimeToFileTime - 0x14000D190 0x0000D778 0x00009578 0x0000011E
CreateFileA - 0x14000D198 0x0000D780 0x00009580 0x000000BA
FindResourceA - 0x14000D1A0 0x0000D788 0x00009588 0x0000018C
SetFilePointer - 0x14000D1A8 0x0000D790 0x00009590 0x0000050B
GlobalAlloc - 0x14000D1B0 0x0000D798 0x00009598 0x00000320
ExpandEnvironmentStringsA - 0x14000D1B8 0x0000D7A0 0x000095A0 0x0000015A
WaitForSingleObject - 0x14000D1C0 0x0000D7A8 0x000095A8 0x000005BB
SetEvent - 0x14000D1C8 0x0000D7B0 0x000095B0 0x000004FF
GetModuleHandleW - 0x14000D1D0 0x0000D7B8 0x000095B8 0x0000026D
FormatMessageA - 0x14000D1D8 0x0000D7C0 0x000095C0 0x0000019F
SetFileTime - 0x14000D1E0 0x0000D7C8 0x000095C8 0x0000050F
WriteFile - 0x14000D1E8 0x0000D7D0 0x000095D0 0x000005F1
GetDriveTypeA - 0x14000D1F0 0x0000D7D8 0x000095D8 0x00000225
GetVolumeInformationA - 0x14000D1F8 0x0000D7E0 0x000095E0 0x0000030F
TerminateThread - 0x14000D200 0x0000D7E8 0x000095E8 0x00000571
SizeofResource - 0x14000D208 0x0000D7F0 0x000095F0 0x00000560
CreateEventA - 0x14000D210 0x0000D7F8 0x000095F8 0x000000B3
GetExitCodeProcess - 0x14000D218 0x0000D800 0x00009600 0x00000233
CreateProcessA - 0x14000D220 0x0000D808 0x00009608 0x000000D7
ReadFile - 0x14000D228 0x0000D810 0x00009610 0x00000454
SetCurrentDirectoryA - 0x14000D230 0x0000D818 0x00009618 0x000004F1
_llseek - 0x14000D238 0x0000D820 0x00009620 0x00000609
ResetEvent - 0x14000D240 0x0000D828 0x00009628 0x000004A6
LockResource - 0x14000D248 0x0000D830 0x00009630 0x000003C0
GetSystemInfo - 0x14000D250 0x0000D838 0x00009638 0x000002D7
LoadLibraryExA - 0x14000D258 0x0000D840 0x00009640 0x000003A9
CreateMutexA - 0x14000D260 0x0000D848 0x00009648 0x000000CE
GetCurrentDirectoryA - 0x14000D268 0x0000D850 0x00009650 0x00000208
GetVersionExA - 0x14000D270 0x0000D858 0x00009658 0x0000030D
GetVersion - 0x14000D278 0x0000D860 0x00009660 0x0000030C
GetTempPathA - 0x14000D280 0x0000D868 0x00009668 0x000002E9
CreateThread - 0x14000D288 0x0000D870 0x00009670 0x000000E7
LocalFileTimeToFileTime - 0x14000D290 0x0000D878 0x00009678 0x000003B3
Sleep - 0x14000D298 0x0000D880 0x00009680 0x00000561
FreeResource - 0x14000D2A0 0x0000D888 0x00009688 0x000001A7
GetWindowsDirectoryA - 0x14000D2A8 0x0000D890 0x00009690 0x00000318
lstrcmpA - 0x14000D2B0 0x0000D898 0x00009698 0x00000612
_lclose - 0x14000D2B8 0x0000D8A0 0x000096A0 0x00000607
GlobalLock - 0x14000D2C0 0x0000D8A8 0x000096A8 0x0000032B
GetCurrentProcess - 0x14000D2C8 0x0000D8B0 0x000096B0 0x0000020F
LoadResource - 0x14000D2D0 0x0000D8B8 0x000096B8 0x000003AE
FreeLibrary - 0x14000D2D8 0x0000D8C0 0x000096C0 0x000001A4
GetStartupInfoW - 0x14000D2E0 0x0000D8C8 0x000096C8 0x000002C5
RtlCaptureContext - 0x14000D2E8 0x0000D8D0 0x000096D0 0x000004AE
RtlLookupFunctionEntry - 0x14000D2F0 0x0000D8D8 0x000096D8 0x000004B5
RtlVirtualUnwind - 0x14000D2F8 0x0000D8E0 0x000096E0 0x000004BC
UnhandledExceptionFilter - 0x14000D300 0x0000D8E8 0x000096E8 0x00000592
SetUnhandledExceptionFilter - 0x14000D308 0x0000D8F0 0x000096F0 0x00000552
TerminateProcess - 0x14000D310 0x0000D8F8 0x000096F8 0x00000570
OutputDebugStringA - 0x14000D318 0x0000D900 0x00009700 0x000003FC
QueryPerformanceCounter - 0x14000D320 0x0000D908 0x00009708 0x00000430
GetCurrentProcessId - 0x14000D328 0x0000D910 0x00009710 0x00000210
GetCurrentThreadId - 0x14000D330 0x0000D918 0x00009718 0x00000214
GetSystemTimeAsFileTime - 0x14000D338 0x0000D920 0x00009720 0x000002DD
GetTickCount - 0x14000D340 0x0000D928 0x00009728 0x000002F9
EnumResourceLanguagesA - 0x14000D348 0x0000D930 0x00009730 0x00000138
MulDiv - 0x14000D350 0x0000D938 0x00009738 0x000003D3
GetDiskFreeSpaceA - 0x14000D358 0x0000D940 0x00009740 0x0000021F
GetTempFileNameA - 0x14000D360 0x0000D948 0x00009748 0x000002E7
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDeviceCaps - 0x14000D0B0 0x0000D698 0x00009498 0x000001F7
USER32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetForegroundWindow - 0x14000D370 0x0000D958 0x00009758 0x000002DB
MsgWaitForMultipleObjects - 0x14000D378 0x0000D960 0x00009760 0x00000258
SendDlgItemMessageA - 0x14000D380 0x0000D968 0x00009768 0x000002B6
GetWindowLongPtrA - 0x14000D388 0x0000D970 0x00009770 0x000001C7
GetWindowRect - 0x14000D390 0x0000D978 0x00009778 0x000001CF
GetDC - 0x14000D398 0x0000D980 0x00009780 0x00000136
MessageBoxA - 0x14000D3A0 0x0000D988 0x00009788 0x0000024A
PeekMessageA - 0x14000D3A8 0x0000D990 0x00009790 0x0000026F
ReleaseDC - 0x14000D3B0 0x0000D998 0x00009798 0x000002A9
GetDlgItem - 0x14000D3B8 0x0000D9A0 0x000097A0 0x0000013E
SetWindowPos - 0x14000D3C0 0x0000D9A8 0x000097A8 0x00000317
ShowWindow - 0x14000D3C8 0x0000D9B0 0x000097B0 0x00000328
SetWindowLongPtrA - 0x14000D3D0 0x0000D9B8 0x000097B8 0x00000313
DispatchMessageA - 0x14000D3D8 0x0000D9C0 0x000097C0 0x000000B4
SetWindowTextA - 0x14000D3E0 0x0000D9C8 0x000097C8 0x0000031B
EnableWindow - 0x14000D3E8 0x0000D9D0 0x000097D0 0x000000E4
CallWindowProcA - 0x14000D3F0 0x0000D9D8 0x000097D8 0x0000001D
DialogBoxIndirectParamA - 0x14000D3F8 0x0000D9E0 0x000097E0 0x000000AE
GetDlgItemTextA - 0x14000D400 0x0000D9E8 0x000097E8 0x00000140
LoadStringA - 0x14000D408 0x0000D9F0 0x000097F0 0x00000233
MessageBeep - 0x14000D410 0x0000D9F8 0x000097F8 0x00000249
CharUpperA - 0x14000D418 0x0000DA00 0x00009800 0x00000039
CharNextA - 0x14000D420 0x0000DA08 0x00009808 0x0000002F
ExitWindowsEx - 0x14000D428 0x0000DA10 0x00009810 0x00000104
CharPrevA - 0x14000D430 0x0000DA18 0x00009818 0x00000032
EndDialog - 0x14000D438 0x0000DA20 0x00009820 0x000000E7
GetDesktopWindow - 0x14000D440 0x0000DA28 0x00009828 0x00000139
SetDlgItemTextA - 0x14000D448 0x0000DA30 0x00009830 0x000002D7
SendMessageA - 0x14000D450 0x0000DA38 0x00009838 0x000002BB
GetSystemMetrics - 0x14000D458 0x0000DA40 0x00009840 0x000001AC
msvcrt.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
?terminate@@YAXXZ - 0x14000D488 0x0000DA70 0x00009870 0x00000030
_fmode - 0x14000D490 0x0000DA78 0x00009878 0x00000128
_acmdln - 0x14000D498 0x0000DA80 0x00009880 0x000000A3
__C_specific_handler - 0x14000D4A0 0x0000DA88 0x00009888 0x00000058
_initterm - 0x14000D4A8 0x0000DA90 0x00009890 0x0000017E
__setusermatherr - 0x14000D4B0 0x0000DA98 0x00009898 0x00000091
_ismbblead - 0x14000D4B8 0x0000DAA0 0x000098A0 0x0000019A
_cexit - 0x14000D4C0 0x0000DAA8 0x000098A8 0x000000C2
memset - 0x14000D4C8 0x0000DAB0 0x000098B0 0x00000497
memcpy - 0x14000D4D0 0x0000DAB8 0x000098B8 0x00000493
_exit - 0x14000D4D8 0x0000DAC0 0x000098C0 0x0000010F
exit - 0x14000D4E0 0x0000DAC8 0x000098C8 0x00000433
__set_app_type - 0x14000D4E8 0x0000DAD0 0x000098D0 0x0000008F
__getmainargs - 0x14000D4F0 0x0000DAD8 0x000098D8 0x00000080
_amsg_exit - 0x14000D4F8 0x0000DAE0 0x000098E0 0x000000AF
_XcptFilter - 0x14000D500 0x0000DAE8 0x000098E8 0x00000056
_errno - 0x14000D508 0x0000DAF0 0x000098F0 0x00000106
_vsnprintf - 0x14000D510 0x0000DAF8 0x000098F8 0x00000364
_commode - 0x14000D518 0x0000DB00 0x00009900 0x000000D3
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000011 0x14000D078 0x0000D660 0x00009460 -
Cabinet.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000016 0x14000D088 0x0000D670 0x00009470 -
None 0x00000017 0x14000D090 0x0000D678 0x00009478 -
None 0x00000015 0x14000D098 0x0000D680 0x00009480 -
None 0x00000014 0x14000D0A0 0x0000D688 0x00009488 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoA - 0x14000D468 0x0000DA50 0x00009850 0x00000000
GetFileVersionInfoSizeA - 0x14000D470 0x0000DA58 0x00009858 0x00000004
VerQueryValueA - 0x14000D478 0x0000DA60 0x00009860 0x0000000F
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
build.exe 1 0x7FF6E5320000 0x7FF6E537DFFF Relevant Image False 64-bit 0x7FF6E5327F90 False
...
build.exe 1 0x7FF6E5320000 0x7FF6E537DFFF Final Dump False 64-bit 0x7FF6E5324A34 False
...
build.exe 1 0x7FF6E5320000 0x7FF6E537DFFF Process Termination False 64-bit - False
...
C:\Users\OQXZRA~1\AppData\Local\Temp\IXP000.TMP\build.bat Dropped File Batch
Clean
...
»
Also Known As C:\Users\OqXZRaykm\AppData\Local\Temp\IXP000.TMP\build.bat (Accessed File)
build.bat (Accessed File)
Parent File c60d2f3e60aa0a9cd8caaef16c6648e4250fd448f8f6b74cd63f977aa92c28a5
MIME Type application/x-bat
File Size 276.52 KB
MD5 717c25dae776217fbc92897c79fb72b2 Copy to Clipboard
SHA1 c3d1bbe2b559c0c18423b80bee499f0d23b3b477 Copy to Clipboard
SHA256 8c3def6d2728ca908b96df1ee12de65b03ca1e4975bbc65813154b846058b949 Copy to Clipboard
SSDeep 6144:Fn3cuasDdXPY1rkiAee9iqgPK3/YGlxA0PnCsSAH6opojScGu:FsLYXPErWepqgizvnCVo6opm4u Copy to Clipboard
ImpHash -
C:\Users\OqXZRaykm\AppData\Local\Temp\tmp1709.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 87.65 KB
MD5 cd0a016db0e97b0f2f1ddbe28400daf0 Copy to Clipboard
SHA1 db87eb00c0b0d807fee1c6083448cc2e169a809a Copy to Clipboard
SHA256 00556d82a375ba8e4345c9ae4827be19661a40daa925e0960d54fe1ffe8c7322 Copy to Clipboard
SSDeep 1536:lC9KlTvG6egsWYOMe13Y2tRAVwBsfz4dSm2g1g9UlJKB4eVgti1hM:dlxBsWtM+rAwBcSg9UlJEg4k Copy to Clipboard
ImpHash -
C:\Users\OqXZRaykm\AppData\Local\Temp\tmp1749.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 32.17 KB
MD5 8d0c985fe6dbad1dde5cc7b14817a1d9 Copy to Clipboard
SHA1 40a467707a53a1fde7b02b0ac7c395e113cb4d77 Copy to Clipboard
SHA256 df9f8ddd62d003641493b8bba82475c03365d93b756e53f76879daef369863d9 Copy to Clipboard
SSDeep 768:g/+xeoWWQlkJpbH5NdLUyteBwZ0TfsURhvPYnxNNiS5GUoDkKpNqu:EcdQmJVH5NdwD6ajRhvPgxIUvKfqu Copy to Clipboard
ImpHash -
C:\Users\OqXZRaykm\AppData\Local\Temp\tmp177B.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 31.95 KB
MD5 9ee45c9be2cb2d3ac5ce832a7902df37 Copy to Clipboard
SHA1 8bc1e1c83e676a016b4b41cc60fb257f6157dc32 Copy to Clipboard
SHA256 486b3408c8ae5cdf568354597f1b6b07923aa27809496b0b5ab7a2b7c42d6858 Copy to Clipboard
SSDeep 768:TkfCjLdU8nkquLB8FNLy01duQF08BqyNgzIL3xGWc0XDPcT5XIP3evlrJpWSQ:T06hU8kquLBcJvusVqyyULHXDUT5X8gQ Copy to Clipboard
ImpHash -
C:\Users\OqXZRaykm\AppData\Local\Temp\tmp1748.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 25.39 KB
MD5 2a20913b59e888ac078e8da2fbde4fcf Copy to Clipboard
SHA1 dcd7162700546ddff5f834f253d105f254e23514 Copy to Clipboard
SHA256 4c50b8d3e8a9f5e75016aadf282a7840cba3424e2a124cab85fa52ee545b0a09 Copy to Clipboard
SSDeep 768:Lq11QyPDxJFKScPrXqnfl/iukvK8txbK4UTEBMs:Lq0y7lZPd/ivJjeEBMs Copy to Clipboard
ImpHash -
C:\Users\OqXZRaykm\AppData\Local\Temp\tmp176A.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 18.58 KB
MD5 96ef14bb31ca72c64edfd49e5d4898c7 Copy to Clipboard
SHA1 ba19c5fdbbc0c06fbe81d7b2a7fe37b2db78f586 Copy to Clipboard
SHA256 7384c766dfc0fcfa59cb497d28a5025f9e6ff2022e84bc12e7a891e9e2c5cf1e Copy to Clipboard
SSDeep 384:SVbTEhbYNOFXnIy3cFHuEf4v17pU8pxwL3jKT758x0PeNHdSPllh435edi+:SVbTEhsNOFFDQ4vZptpxwjjA5BP8HdSd Copy to Clipboard
ImpHash -
C:\Users\OqXZRaykm\AppData\Local\Temp\tmp175A.tmp Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 2.86 KB
MD5 c176747975739e11c8297616a40aec02 Copy to Clipboard
SHA1 d16eec26ae7192caa3eada1bbf5ad2f380ccabd3 Copy to Clipboard
SHA256 c896951da07d859e2cfe1f0d3807f685342a9839db40646c1cd6979902f935bb Copy to Clipboard
SSDeep 48:998dakzTLCOsEJlguoeuZ2AlgRp18n6T6bRia+fx/K7bo37HAD0OerD4o48lu1hD:gZTLCO7guoeuZ2AlgpSbR1gubq7HqCD2 Copy to Clipboard
ImpHash -
C:\Users\OQXZRA~1\AppData\Local\Temp\IXP000.TMP\TMP4351$.TMP Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 4.63 KB
MD5 e5352cba98e11406528542044acbbe7e Copy to Clipboard
SHA1 b1eaaacc1325cc909535c2841e8d684aa2273891 Copy to Clipboard
SHA256 54dec80fc8344b4123d4fe9981b1338e947822e758b62eda47b8ec39a582fbfb Copy to Clipboard
SSDeep 48:k+9Sj+eM8gVZOYZMVYZUkVYZUnVYxYZb1VYZfVYZ4NVYZwVYZjVYZPVYZVVYZQuB:k8SZMfaKAwsGUmFIHg6Pf6/WYiiLc Copy to Clipboard
ImpHash -
600e3e7ed52532953e4336a572b04e6af10122b9e49762b319e3d7489b2b2fe8 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 340 Bytes
MD5 19559ca940115545bfd312d7149062c6 Copy to Clipboard
SHA1 945e68153ab1c04fa58ab6186cfd507a63e0a525 Copy to Clipboard
SHA256 600e3e7ed52532953e4336a572b04e6af10122b9e49762b319e3d7489b2b2fe8 Copy to Clipboard
SSDeep 6:YK71n8l62Yb+0JWuvyCli45INZxJPn8F2AX5CqMm6WwWW2fVHJEamhn:YKb2Yb+0JWu6ClHE8JMm6Wm79 Copy to Clipboard
ImpHash -
86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 212 Bytes
MD5 fc84bcc8146c9ff744b7b40b32d6e2ba Copy to Clipboard
SHA1 f47e4ac2333724ff55ce229f32aa60e54f4af6fe Copy to Clipboard
SHA256 86df651850a7cf084bff38e62aca1a54d165735533e3b182a0224e3a80f5c9c9 Copy to Clipboard
SSDeep 6:CYJL2NAUnW52Y/X7mKgr/O191i/O9ri/kwt8:CYF2N4n/r8r/OD1i/Os/kv Copy to Clipboard
ImpHash -
c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 144 Bytes
MD5 48f60f2233183cbf7feefff44bb2c9b0 Copy to Clipboard
SHA1 703d119e8daecff83e7cab5eb3beb8239e39a54f Copy to Clipboard
SHA256 c7effe833dabd5a007460d8fcd17f5b36284c933be0f9d40a8a65fb68d102dcd Copy to Clipboard
SSDeep 3:CObJLWHNANGzppWWodLe2e3oIJiqDmKADJqbZKWPKBq0Y88:CYJL2NAUnW5w2Oo4mKgE9KK4t8 Copy to Clipboard
ImpHash -
59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 137 Bytes
MD5 f6fbd3d72da9e92b7698097dbff33f36 Copy to Clipboard
SHA1 ee221cd7fc9792f7609b771c0dbe1a5aa51c6905 Copy to Clipboard
SHA256 59fb57baf1ed70984221ca94cd509b46a1242a99092ec0c05585c2b58c74ccf5 Copy to Clipboard
SSDeep 3:CObJLWHNANGzppWWodLYSYQLjRn0DDmKADJqbZKWPKBq0Y88:CYJL2NAUnW52Y/h4mKgE9KK4t8 Copy to Clipboard
ImpHash -
C:\Users\OqXZRaykm\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 53.92 KB
MD5 ee53312bf18ba07777ffec50b0a1f91a Copy to Clipboard
SHA1 2c6118f0a13958e0f11e77c018f01d3967acda5e Copy to Clipboard
SHA256 b9f738f6b70984d445786bece056f6380244018b6f02a99b2693f8407d5f09cb Copy to Clipboard
SSDeep 1536:TflJdph4iUx+Y/YwAvHqNhfrUp+EXUsSfa5p+jH0TyxYoxji3j39MVvj9Mrx4tAN:TflJdpqiU+Y/YwAvHqNhfrUp+EXUsSfo Copy to Clipboard
ImpHash -
c60d2f3e60aa0a9cd8caaef16c6648e4250fd448f8f6b74cd63f977aa92c28a5 Extracted File CAB
Clean
...
»
Parent File C:\Users\OqXZRaykm\Desktop\build.exe
MIME Type application/vnd.ms-cab-compressed
File Size 198.16 KB
MD5 9543fa251cbd7e3fef7f233ef223385f Copy to Clipboard
SHA1 2dda3a2a2df6166d708344d3fda3600b7a3a51b3 Copy to Clipboard
SHA256 c60d2f3e60aa0a9cd8caaef16c6648e4250fd448f8f6b74cd63f977aa92c28a5 Copy to Clipboard
SSDeep 3072:QfkgOtxUrfJcfoaSJrcu78k+fki5SMy+WQuWD+tkTwdHC5UGZQJAJyp9xlqcr:fvxUDJchSJrcu78hp1mQlZDJ0MM Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 1
Number of Folders 0
Size of Packed Archive Contents 276.52 KB
Size of Unpacked Archive Contents 276.52 KB
File Format cab
Contents (1)
»
File Name Packed Size Unpacked Size Compression Is Encrypted Modify Time Verdict Recursively Submitted Actions
build.bat 276.52 KB 276.52 KB LZX:21 False 2024-05-05 15:01 (UTC+2)
Clean
-
...
f169eed8248d8f9efd20dd716790f2b3bb0547687546811b4137be21b5c63b71 Extracted File Image
Clean
...
»
Parent File C:\Users\OqXZRaykm\Desktop\build.exe
MIME Type image/png
File Size 54.45 KB
MD5 d58effc60f9809303be37c9da12ec938 Copy to Clipboard
SHA1 5f5d1459f715b6d7ac0c9f5e6c86112d02c611a8 Copy to Clipboard
SHA256 f169eed8248d8f9efd20dd716790f2b3bb0547687546811b4137be21b5c63b71 Copy to Clipboard
SSDeep 1536:gcK4zqhNCcVqUFdjtzty9jeal9G6Mb1tBab:gcKAArDZz4N9Ghbkb Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image