Try VMRay Platform
Malicious
Classifications

-

Threat Names

-

Dynamic Analysis Report

Created on 2024-07-10T08:52:15+00:00

Tax_List1.accde

Microsoft Access Database
...

Remarks (2/3)

(0x02000051): The maximum number of 1000 connections has been exceeded. Further connections were not analyzed.

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "4 hours, 15 minutes, 45 seconds" to "3 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\Tax_List1.accde Sample File Access Database
Malicious
...
»
MIME Type application/msaccess
File Size 556.00 KB
MD5 44ba348e73305929239883508fa0380a Copy to Clipboard
SHA1 7ab2d08ef52d443acdbd2bc0c754145c83f7b587 Copy to Clipboard
SHA256 615727e8ed031ca82ae1799893d7b42831f3ed86a1dbc5b4f654d2b5646808b5 Copy to Clipboard
SSDeep 6144:zj0w+8aYesEEE7XWVbV36HLpvroraiHh1gdVav:1 Copy to Clipboard
ImpHash -
C:\Wintows\KbUpdate.exe Dropped File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 40.94 KB
MD5 12fd9100e372806c878c33f109ceed7c Copy to Clipboard
SHA1 437d242477bd53e156280a33fd81118f09a6d4dd Copy to Clipboard
SHA256 54d3f21009acde870817cd42597447786f7c728183fa16966bdeebb1bc3c87e5 Copy to Clipboard
SSDeep 768:Oy8XL+hQQ88KeFhFzdHW3fgwvcw8sggyBee9z0Bc:Oy2k8mz43xGgyBeazmc Copy to Clipboard
ImpHash 1998dec811e24c791887ac17ff8db2f0 Copy to Clipboard
PE Information
»
Image Base 0x140000000
Entry Point 0x140003D00
Size Of Code 0x00004200
Size Of Initialized Data 0x00003C00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2024-06-03 09:32 (UTC)
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x0000403D 0x00004200 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.22
.rdata 0x140006000 0x000027B6 0x00002800 0x00004600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.07
.data 0x140009000 0x000008D0 0x00000400 0x00006E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.21
.pdata 0x14000A000 0x0000045C 0x00000600 0x00007200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.22
.rsrc 0x14000B000 0x000001E0 0x00000200 0x00007800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.7
.reloc 0x14000C000 0x000000A0 0x00000200 0x00007A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 2.16
Imports (10)
»
KERNEL32.dll (22)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleFileNameA - 0x140006000 0x00007D18 0x00006318 0x00000290
CreateMutexA - 0x140006008 0x00007D20 0x00006320 0x000000E7
WaitForSingleObject - 0x140006010 0x00007D28 0x00006328 0x00000610
Sleep - 0x140006018 0x00007D30 0x00006330 0x000005B4
GetLastError - 0x140006020 0x00007D38 0x00006338 0x0000027D
CloseHandle - 0x140006028 0x00007D40 0x00006340 0x00000094
FreeConsole - 0x140006030 0x00007D48 0x00006348 0x000001C2
GetModuleHandleW - 0x140006038 0x00007D50 0x00006350 0x00000295
RtlLookupFunctionEntry - 0x140006040 0x00007D58 0x00006358 0x000004FD
RtlVirtualUnwind - 0x140006048 0x00007D60 0x00006360 0x00000504
UnhandledExceptionFilter - 0x140006050 0x00007D68 0x00006368 0x000005E6
SetUnhandledExceptionFilter - 0x140006058 0x00007D70 0x00006370 0x000005A4
GetCurrentProcess - 0x140006060 0x00007D78 0x00006378 0x00000232
TerminateProcess - 0x140006068 0x00007D80 0x00006380 0x000005C4
IsProcessorFeaturePresent - 0x140006070 0x00007D88 0x00006388 0x000003A8
QueryPerformanceCounter - 0x140006078 0x00007D90 0x00006390 0x00000470
GetCurrentProcessId - 0x140006080 0x00007D98 0x00006398 0x00000233
GetCurrentThreadId - 0x140006088 0x00007DA0 0x000063A0 0x00000237
GetSystemTimeAsFileTime - 0x140006090 0x00007DA8 0x000063A8 0x0000030A
InitializeSListHead - 0x140006098 0x00007DB0 0x000063B0 0x0000038A
IsDebuggerPresent - 0x1400060A0 0x00007DB8 0x000063B8 0x000003A0
RtlCaptureContext - 0x1400060A8 0x00007DC0 0x000063C0 0x000004F5
MSVCP140.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
??Bid@locale@std@@QEAA_KXZ - 0x1400060B8 0x00007DD0 0x000063D0 0x00000131
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z - 0x1400060C0 0x00007DD8 0x000063D8 0x00000242
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z - 0x1400060C8 0x00007DE0 0x000063E0 0x0000020F
?_Xlength_error@std@@YAXPEBD@Z - 0x1400060D0 0x00007DE8 0x000063E8 0x0000028E
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A - 0x1400060D8 0x00007DF0 0x000063F0 0x000003CB
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z - 0x1400060E0 0x00007DF8 0x000063F8 0x000000B1
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ - 0x1400060E8 0x00007E00 0x00006400 0x00000090
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z - 0x1400060F0 0x00007E08 0x00006408 0x00000041
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z - 0x1400060F8 0x00007E10 0x00006410 0x000003FE
?_Incref@facet@locale@std@@UEAAXXZ - 0x140006100 0x00007E18 0x00006418 0x000001F2
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ - 0x140006108 0x00007E20 0x00006420 0x0000019E
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z - 0x140006110 0x00007E28 0x00006428 0x00000192
VCRUNTIME140_1.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__CxxFrameHandler4 - 0x140006178 0x00007E90 0x00006490 0x00000000
VCRUNTIME140.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__current_exception - 0x140006120 0x00007E38 0x00006438 0x0000001B
_CxxThrowException - 0x140006128 0x00007E40 0x00006440 0x00000001
__C_specific_handler - 0x140006130 0x00007E48 0x00006448 0x00000008
__current_exception_context - 0x140006138 0x00007E50 0x00006450 0x0000001C
__std_terminate - 0x140006140 0x00007E58 0x00006458 0x00000023
__std_exception_copy - 0x140006148 0x00007E60 0x00006460 0x00000021
__std_exception_destroy - 0x140006150 0x00007E68 0x00006468 0x00000022
memcpy - 0x140006158 0x00007E70 0x00006470 0x0000003C
memmove - 0x140006160 0x00007E78 0x00006478 0x0000003D
memset - 0x140006168 0x00007E80 0x00006480 0x0000003E
api-ms-win-crt-runtime-l1-1-0.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_initialize_onexit_table - 0x1400061D0 0x00007EE8 0x000064E8 0x00000034
_register_onexit_function - 0x1400061D8 0x00007EF0 0x000064F0 0x0000003C
_cexit - 0x1400061E0 0x00007EF8 0x000064F8 0x00000016
__p___argv - 0x1400061E8 0x00007F00 0x00006500 0x00000005
terminate - 0x1400061F0 0x00007F08 0x00006508 0x00000067
__p___argc - 0x1400061F8 0x00007F10 0x00006510 0x00000004
_c_exit - 0x140006200 0x00007F18 0x00006518 0x00000015
_initterm - 0x140006208 0x00007F20 0x00006520 0x00000036
exit - 0x140006210 0x00007F28 0x00006528 0x00000055
_crt_atexit - 0x140006218 0x00007F30 0x00006530 0x0000001E
_get_initial_narrow_environment - 0x140006220 0x00007F38 0x00006538 0x00000028
_initialize_narrow_environment - 0x140006228 0x00007F40 0x00006540 0x00000033
_configure_narrow_argv - 0x140006230 0x00007F48 0x00006548 0x00000018
_register_thread_local_exe_atexit_callback - 0x140006238 0x00007F50 0x00006550 0x0000003D
_set_app_type - 0x140006240 0x00007F58 0x00006558 0x00000042
_seh_filter_exe - 0x140006248 0x00007F60 0x00006560 0x00000040
_exit - 0x140006250 0x00007F68 0x00006568 0x00000023
_initterm_e - 0x140006258 0x00007F70 0x00006570 0x00000037
_invalid_parameter_noinfo_noreturn - 0x140006260 0x00007F78 0x00006578 0x00000039
api-ms-win-crt-heap-l1-1-0.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
malloc - 0x140006188 0x00007EA0 0x000064A0 0x00000019
_callnewh - 0x140006190 0x00007EA8 0x000064A8 0x00000008
free - 0x140006198 0x00007EB0 0x000064B0 0x00000018
_set_new_mode - 0x1400061A0 0x00007EB8 0x000064B8 0x00000016
api-ms-win-crt-string-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_wcslwr_s - 0x140006288 0x00007FA0 0x000065A0 0x00000050
wcscpy_s - 0x140006290 0x00007FA8 0x000065A8 0x000000A1
api-ms-win-crt-math-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__setusermatherr - 0x1400061C0 0x00007ED8 0x000064D8 0x00000009
api-ms-win-crt-stdio-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
__p__commode - 0x140006270 0x00007F88 0x00006588 0x00000001
_set_fmode - 0x140006278 0x00007F90 0x00006590 0x00000054
api-ms-win-crt-locale-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_configthreadlocale - 0x1400061B0 0x00007EC8 0x000064C8 0x00000008
Digital Signature Information
»
Verification Status Failed
Certificate: Microsoft Corporation
»
Issued by Microsoft Corporation
Parent Certificate Microsoft Code Signing PCA 2011
Country Name US
Valid From 2023-11-16 19:08 (UTC)
Valid Until 2024-11-14 19:08 (UTC)
Algorithm sha256_rsa
Serial Number 33 00 00 03 AE 2D 35 51 C8 53 8F 55 1D 00 00 00 00 03 AE
Thumbprint F9 A7 CF 9F BE 13 BA C7 67 F4 78 10 61 33 2D A6 E8 B4 E0 EE
Certificate: Microsoft Code Signing PCA 2011
»
Issued by Microsoft Code Signing PCA 2011
Country Name US
Valid From 2011-07-08 20:59 (UTC)
Valid Until 2026-07-08 21:09 (UTC)
Algorithm sha256_rsa
Serial Number 61 0E 90 D2 00 00 00 00 00 03
Thumbprint F2 52 E7 94 FE 43 8E 35 AC E6 E5 37 62 C0 A2 34 A2 C5 21 35
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
kbupdate.exe 2 0x7FF65D780000 0x7FF65D78CFFF Relevant Image False 64-bit 0x7FF65D782760 False
...
buffer 2 0xA5317AC000 0xA5317AFFFF First Network Behavior False 64-bit - False
...
kbupdate.exe 2 0x7FF65D780000 0x7FF65D78CFFF First Network Behavior False 64-bit 0x7FF65D782526 False
...
kbupdate.exe 2 0x7FF65D780000 0x7FF65D78CFFF Final Dump False 64-bit - False
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image