Try VMRay Platform
Malicious
Classifications

Downloader Injector

Threat Names

Mal/HTMLGen-A SysWhispers Pikabot

Dynamic Analysis Report

Created on 2024-03-16T08:07:56+00:00

BitDefender CI.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "51 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\BitDefender CI.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 1.91 MB
MD5 81b9a981b40d1644375cc038c4d1b569 Copy to Clipboard
SHA1 a7a4915c19bf275251c88017ad6e7d82dfe5dc08 Copy to Clipboard
SHA256 a7794d56213aa17da06c4104f97c3822f08f1c8e02b38ec0190e7812c2c76972 Copy to Clipboard
SSDeep 49152:ToUXWwvkaHNUQd8GhXFQLcF3xXY45AFSG1efwYTw49rmiDAX8t4S4p4uKrtI6w:TNmR6Vt Copy to Clipboard
ImpHash 354dabe5f488619b3472b5636bcad57f Copy to Clipboard
Static Analysis Parser Error parsing signature failed: cannot parse signature content info
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x0045BDA3
Size Of Code 0x000A0800
Size Of Initialized Data 0x00149000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-05-22 09:38 (UTC)
Version Information (8)
»
FileVersion 1.0.1.45
ProductVersion 1.0.1.45
CompanyName Bitdefender
FileDescription BitDefender CI
InternalName BitDefender CI
LegalCopyright ©1997-2017 Bitdefender
OriginalFilename BitDefender CI
ProductName Bitdefender
Sections (7)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x000A06C5 0x000A0800 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.61
.rdata 0x004A2000 0x000A1B08 0x000A1C00 0x000A0C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.49
.data 0x00544000 0x0002B514 0x00029E00 0x00142800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 5.99
.gfids 0x00570000 0x0000125C 0x00001400 0x0016C600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.87
.tls 0x00572000 0x00000009 0x00000200 0x0016DA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.02
.rsrc 0x00573000 0x00060800 0x00060800 0x0016DC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.98
.reloc 0x005D4000 0x0001B688 0x0001B800 0x001CE400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.22
Imports (8)
»
ADVAPI32.dll (21)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
FreeSid - 0x004A2000 0x001427DC 0x001413DC 0x00000133
SetSecurityDescriptorDacl - 0x004A2004 0x001427E0 0x001413E0 0x000002DF
InitializeSecurityDescriptor - 0x004A2008 0x001427E4 0x001413E4 0x0000018D
SetEntriesInAclW - 0x004A200C 0x001427E8 0x001413E8 0x000002CF
AllocateAndInitializeSid - 0x004A2010 0x001427EC 0x001413EC 0x00000020
RegOpenKeyExW - 0x004A2014 0x001427F0 0x001413F0 0x00000285
RegCloseKey - 0x004A2018 0x001427F4 0x001413F4 0x00000254
RegQueryInfoKeyW - 0x004A201C 0x001427F8 0x001413F8 0x0000028C
RegEnumKeyExW - 0x004A2020 0x001427FC 0x001413FC 0x00000273
RegEnumValueW - 0x004A2024 0x00142800 0x00141400 0x00000276
RegQueryValueExW - 0x004A2028 0x00142804 0x00141404 0x00000292
RegSetValueExW - 0x004A202C 0x00142808 0x00141408 0x000002A2
RegDeleteValueW - 0x004A2030 0x0014280C 0x0014140C 0x0000026C
CryptImportKey - 0x004A2034 0x00142810 0x00141410 0x000000DA
CryptDestroyKey - 0x004A2038 0x00142814 0x00141414 0x000000C7
CryptReleaseContext - 0x004A203C 0x00142818 0x00141418 0x000000DB
CryptAcquireContextW - 0x004A2040 0x0014281C 0x0014141C 0x000000C1
CryptGenKey - 0x004A2044 0x00142820 0x00141420 0x000000D0
CryptExportKey - 0x004A2048 0x00142824 0x00141424 0x000000CF
CryptEncrypt - 0x004A204C 0x00142828 0x00141428 0x000000CA
CryptDecrypt - 0x004A2050 0x0014282C 0x0014142C 0x000000C4
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoA - 0x004A2314 0x00142AF0 0x001416F0 0x00000000
VerQueryValueA - 0x004A2318 0x00142AF4 0x001416F4 0x0000000F
GetFileVersionInfoSizeA - 0x004A231C 0x00142AF8 0x001416F8 0x00000004
ole32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoCreateInstance - 0x004A2358 0x00142B34 0x00141734 0x0000001A
CoUninitialize - 0x004A235C 0x00142B38 0x00141738 0x0000007F
CoInitializeSecurity - 0x004A2360 0x00142B3C 0x0014173C 0x00000051
CoSetProxyBlanket - 0x004A2364 0x00142B40 0x00141740 0x00000076
CoInitializeEx - 0x004A2368 0x00142B44 0x00141744 0x00000050
OLEAUT32.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SysAllocString 0x00000002 0x004A2300 0x00142ADC 0x001416DC -
SysFreeString 0x00000006 0x004A2304 0x00142AE0 0x001416E0 -
VariantInit 0x00000008 0x004A2308 0x00142AE4 0x001416E4 -
VariantClear 0x00000009 0x004A230C 0x00142AE8 0x001416E8 -
IPHLPAPI.DLL (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
NotifyAddrChange - 0x004A2068 0x00142844 0x00141444 0x000000D4
CancelIPChangeNotify - 0x004A206C 0x00142848 0x00141448 0x00000003
GetAdaptersAddresses - 0x004A2070 0x0014284C 0x0014144C 0x0000003D
GetExtendedUdpTable - 0x004A2074 0x00142850 0x00141450 0x00000047
GetExtendedTcpTable - 0x004A2078 0x00142854 0x00141454 0x00000046
WS2_32.dll (12)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WSAStartup 0x00000073 0x004A2324 0x00142B00 0x00141700 -
WSACreateEvent - 0x004A2328 0x00142B04 0x00141704 0x00000024
WSACleanup 0x00000074 0x004A232C 0x00142B08 0x00141708 -
WSASocketW - 0x004A2330 0x00142B0C 0x0014170C 0x00000057
WSACloseEvent - 0x004A2334 0x00142B10 0x00141710 0x0000001F
htons 0x00000009 0x004A2338 0x00142B14 0x00141714 -
bind 0x00000002 0x004A233C 0x00142B18 0x00141718 -
WSARecv - 0x004A2340 0x00142B1C 0x0014171C 0x00000048
inet_ntop - 0x004A2344 0x00142B20 0x00141720 0x000000A6
ntohs 0x0000000F 0x004A2348 0x00142B24 0x00141724 -
WSAGetLastError 0x0000006F 0x004A234C 0x00142B28 0x00141728 -
closesocket 0x00000003 0x004A2350 0x00142B2C 0x0014172C -
CRYPT32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptImportPublicKeyInfo - 0x004A2058 0x00142834 0x00141434 0x000000A5
CryptDecodeObjectEx - 0x004A205C 0x00142838 0x00141438 0x00000084
CryptStringToBinaryA - 0x004A2060 0x0014283C 0x0014143C 0x000000E2
KERNEL32.dll (159)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetStdHandle - 0x004A2080 0x0014285C 0x0014145C 0x00000522
GetProcessHeap - 0x004A2084 0x00142860 0x00141460 0x000002A2
GetTimeZoneInformation - 0x004A2088 0x00142864 0x00141464 0x000002F9
FlushFileBuffers - 0x004A208C 0x00142868 0x00141468 0x00000192
GetConsoleMode - 0x004A2090 0x0014286C 0x0014146C 0x000001EE
EnumSystemLocalesW - 0x004A2094 0x00142870 0x00141470 0x00000147
GetUserDefaultLCID - 0x004A2098 0x00142874 0x00141474 0x000002FC
IsValidLocale - 0x004A209C 0x00142878 0x00141478 0x00000374
GetTimeFormatW - 0x004A20A0 0x0014287C 0x0014147C 0x000002F7
IsValidCodePage - 0x004A20A4 0x00142880 0x00141480 0x00000372
GetOEMCP - 0x004A20A8 0x00142884 0x00141484 0x00000286
FreeEnvironmentStringsW - 0x004A20AC 0x00142888 0x00141488 0x0000019D
GetEnvironmentStringsW - 0x004A20B0 0x0014288C 0x0014148C 0x00000227
GetConsoleCP - 0x004A20B4 0x00142890 0x00141490 0x000001DC
GetDateFormatW - 0x004A20B8 0x00142894 0x00141494 0x00000213
GetFileType - 0x004A20BC 0x00142898 0x00141498 0x0000023E
GetACP - 0x004A20C0 0x0014289C 0x0014149C 0x000001A4
ExitProcess - 0x004A20C4 0x001428A0 0x001414A0 0x00000151
WriteFile - 0x004A20C8 0x001428A4 0x001414A4 0x000005E1
GetStdHandle - 0x004A20CC 0x001428A8 0x001414A8 0x000002C0
HeapFree - 0x004A20D0 0x001428AC 0x001414AC 0x00000333
GetModuleHandleExW - 0x004A20D4 0x001428B0 0x001414B0 0x00000266
ExitThread - 0x004A20D8 0x001428B4 0x001414B4 0x00000152
HeapReAlloc - 0x004A20DC 0x001428B8 0x001414B8 0x00000336
HeapAlloc - 0x004A20E0 0x001428BC 0x001414BC 0x0000032F
WriteConsoleW - 0x004A20E4 0x001428C0 0x001414C0 0x000005E0
ReadConsoleW - 0x004A20E8 0x001428C4 0x001414C4 0x0000044E
HeapSize - 0x004A20EC 0x001428C8 0x001414C8 0x00000338
MultiByteToWideChar - 0x004A20F0 0x001428CC 0x001414CC 0x000003D1
FormatMessageW - 0x004A20F4 0x001428D0 0x001414D0 0x0000019A
GetLastError - 0x004A20F8 0x001428D4 0x001414D4 0x00000250
WideCharToMultiByte - 0x004A20FC 0x001428D8 0x001414D8 0x000005CD
LoadLibraryW - 0x004A2100 0x001428DC 0x001414DC 0x000003A8
GetProcAddress - 0x004A2104 0x001428E0 0x001414E0 0x0000029D
FreeLibrary - 0x004A2108 0x001428E4 0x001414E4 0x0000019E
GetModuleFileNameA - 0x004A210C 0x001428E8 0x001414E8 0x00000262
GetLocalTime - 0x004A2110 0x001428EC 0x001414EC 0x00000251
GetTickCount - 0x004A2114 0x001428F0 0x001414F0 0x000002F2
CloseHandle - 0x004A2118 0x001428F4 0x001414F4 0x0000007F
UnmapViewOfFile - 0x004A211C 0x001428F8 0x001414F8 0x00000585
MapViewOfFile - 0x004A2120 0x001428FC 0x001414FC 0x000003C0
LocalFree - 0x004A2124 0x00142900 0x00141500 0x000003B2
CreateFileMappingA - 0x004A2128 0x00142904 0x00141504 0x000000BB
LocalAlloc - 0x004A212C 0x00142908 0x00141508 0x000003AE
SetFileAttributesA - 0x004A2130 0x0014290C 0x0014150C 0x000004F4
CreateDirectoryA - 0x004A2134 0x00142910 0x00141510 0x000000AD
GetCurrentProcessId - 0x004A2138 0x00142914 0x00141514 0x0000020A
FileTimeToSystemTime - 0x004A213C 0x00142918 0x00141518 0x0000015D
GetCurrentProcess - 0x004A2140 0x0014291C 0x0014151C 0x00000209
GetProcessTimes - 0x004A2144 0x00142920 0x00141520 0x000002AC
ExpandEnvironmentStringsA - 0x004A2148 0x00142924 0x00141524 0x00000154
OutputDebugStringA - 0x004A214C 0x00142928 0x00141528 0x000003F9
GetCurrentThreadId - 0x004A2150 0x0014292C 0x0014152C 0x0000020E
DeviceIoControl - 0x004A2154 0x00142930 0x00141530 0x00000112
CreateFileW - 0x004A2158 0x00142934 0x00141534 0x000000C2
OutputDebugStringW - 0x004A215C 0x00142938 0x00141538 0x000003FA
GetFileSize - 0x004A2160 0x0014293C 0x0014153C 0x0000023B
ReadFile - 0x004A2164 0x00142940 0x00141540 0x00000450
DeleteFileW - 0x004A2168 0x00142944 0x00141544 0x0000010A
GetModuleFileNameW - 0x004A216C 0x00142948 0x00141548 0x00000263
OpenProcess - 0x004A2170 0x0014294C 0x0014154C 0x000003EE
K32GetProcessImageFileNameW - 0x004A2174 0x00142950 0x00141550 0x0000038C
ExpandEnvironmentStringsW - 0x004A2178 0x00142954 0x00141554 0x00000155
FindFirstFileW - 0x004A217C 0x00142958 0x00141558 0x00000173
FindNextFileW - 0x004A2180 0x0014295C 0x0014155C 0x0000017F
FindClose - 0x004A2184 0x00142960 0x00141560 0x00000168
GetLocaleInfoW - 0x004A2188 0x00142964 0x00141564 0x00000254
GlobalMemoryStatusEx - 0x004A218C 0x00142968 0x00141568 0x00000324
CreateIoCompletionPort - 0x004A2190 0x0014296C 0x0014156C 0x000000C7
SetLastError - 0x004A2194 0x00142970 0x00141570 0x0000050B
GetQueuedCompletionStatus - 0x004A2198 0x00142974 0x00141574 0x000002B8
GetOverlappedResult - 0x004A219C 0x00142978 0x00141578 0x00000287
PostQueuedCompletionStatus - 0x004A21A0 0x0014297C 0x0014157C 0x00000404
QueryPerformanceCounter - 0x004A21A4 0x00142980 0x00141580 0x0000042D
QueryPerformanceFrequency - 0x004A21A8 0x00142984 0x00141584 0x0000042E
GetModuleHandleW - 0x004A21AC 0x00142988 0x00141588 0x00000267
FindResourceW - 0x004A21B0 0x0014298C 0x0014158C 0x00000189
LoadResource - 0x004A21B4 0x00142990 0x00141590 0x000003AB
SizeofResource - 0x004A21B8 0x00142994 0x00141594 0x00000551
LockResource - 0x004A21BC 0x00142998 0x00141598 0x000003BD
VerSetConditionMask - 0x004A21C0 0x0014299C 0x0014159C 0x00000596
VerifyVersionInfoW - 0x004A21C4 0x001429A0 0x001415A0 0x0000059A
OpenEventW - 0x004A21C8 0x001429A4 0x001415A4 0x000003E2
SetEvent - 0x004A21CC 0x001429A8 0x001415A8 0x000004F0
WaitForSingleObject - 0x004A21D0 0x001429AC 0x001415AC 0x000005AB
CreateEventW - 0x004A21D4 0x001429B0 0x001415B0 0x000000B6
CreateProcessW - 0x004A21D8 0x001429B4 0x001415B4 0x000000DB
CreateDirectoryW - 0x004A21DC 0x001429B8 0x001415B8 0x000000B2
FindFirstFileExW - 0x004A21E0 0x001429BC 0x001415BC 0x0000016E
GetFileAttributesExW - 0x004A21E4 0x001429C0 0x001415C0 0x00000232
SetEndOfFile - 0x004A21E8 0x001429C4 0x001415C4 0x000004EA
SetFilePointerEx - 0x004A21EC 0x001429C8 0x001415C8 0x000004FD
AreFileApisANSI - 0x004A21F0 0x001429CC 0x001415CC 0x0000001B
GetStringTypeW - 0x004A21F4 0x001429D0 0x001415D0 0x000002C5
DuplicateHandle - 0x004A21F8 0x001429D4 0x001415D4 0x0000011F
WaitForSingleObjectEx - 0x004A21FC 0x001429D8 0x001415D8 0x000005AC
Sleep - 0x004A2200 0x001429DC 0x001415DC 0x00000552
GetCurrentThread - 0x004A2204 0x001429E0 0x001415E0 0x0000020D
GetExitCodeThread - 0x004A2208 0x001429E4 0x001415E4 0x0000022D
EnterCriticalSection - 0x004A220C 0x001429E8 0x001415E8 0x00000125
LeaveCriticalSection - 0x004A2210 0x001429EC 0x001415EC 0x000003A2
TryEnterCriticalSection - 0x004A2214 0x001429F0 0x001415F0 0x0000057C
DeleteCriticalSection - 0x004A2218 0x001429F4 0x001415F4 0x00000105
InitializeCriticalSectionAndSpinCount - 0x004A221C 0x001429F8 0x001415F8 0x00000348
TlsAlloc - 0x004A2220 0x001429FC 0x001415FC 0x00000573
TlsGetValue - 0x004A2224 0x00142A00 0x00141600 0x00000575
TlsSetValue - 0x004A2228 0x00142A04 0x00141604 0x00000576
TlsFree - 0x004A222C 0x00142A08 0x00141608 0x00000574
GetSystemTimeAsFileTime - 0x004A2230 0x00142A0C 0x0014160C 0x000002D6
EncodePointer - 0x004A2234 0x00142A10 0x00141610 0x00000121
DecodePointer - 0x004A2238 0x00142A14 0x00141614 0x000000FE
GetCPInfo - 0x004A223C 0x00142A18 0x00141618 0x000001B3
CompareStringW - 0x004A2240 0x00142A1C 0x0014161C 0x00000093
LCMapStringW - 0x004A2244 0x00142A20 0x00141620 0x00000396
ResetEvent - 0x004A2248 0x00142A24 0x00141624 0x000004A2
UnhandledExceptionFilter - 0x004A224C 0x00142A28 0x00141628 0x00000582
SetUnhandledExceptionFilter - 0x004A2250 0x00142A2C 0x0014162C 0x00000543
TerminateProcess - 0x004A2254 0x00142A30 0x00141630 0x00000561
IsProcessorFeaturePresent - 0x004A2258 0x00142A34 0x00141634 0x0000036D
InitializeSListHead - 0x004A225C 0x00142A38 0x00141638 0x0000034B
IsDebuggerPresent - 0x004A2260 0x00142A3C 0x0014163C 0x00000367
GetStartupInfoW - 0x004A2264 0x00142A40 0x00141640 0x000002BE
ReleaseSemaphore - 0x004A2268 0x00142A44 0x00141644 0x00000490
InitializeCriticalSection - 0x004A226C 0x00142A48 0x00141648 0x00000347
CreateSemaphoreA - 0x004A2270 0x00142A4C 0x0014164C 0x000000DE
CreateEventA - 0x004A2274 0x00142A50 0x00141650 0x000000B3
CreateTimerQueue - 0x004A2278 0x00142A54 0x00141654 0x000000EF
SignalObjectAndWait - 0x004A227C 0x00142A58 0x00141658 0x00000550
SwitchToThread - 0x004A2280 0x00142A5C 0x0014165C 0x0000055C
CreateThread - 0x004A2284 0x00142A60 0x00141660 0x000000E8
SetThreadPriority - 0x004A2288 0x00142A64 0x00141664 0x00000535
GetThreadPriority - 0x004A228C 0x00142A68 0x00141668 0x000002ED
GetLogicalProcessorInformation - 0x004A2290 0x00142A6C 0x0014166C 0x00000258
CreateTimerQueueTimer - 0x004A2294 0x00142A70 0x00141670 0x000000F0
ChangeTimerQueueTimer - 0x004A2298 0x00142A74 0x00141674 0x00000071
DeleteTimerQueueTimer - 0x004A229C 0x00142A78 0x00141678 0x0000010F
GetNumaHighestNodeNumber - 0x004A22A0 0x00142A7C 0x0014167C 0x00000278
GetProcessAffinityMask - 0x004A22A4 0x00142A80 0x00141680 0x0000029E
SetThreadAffinityMask - 0x004A22A8 0x00142A84 0x00141684 0x0000052B
RegisterWaitForSingleObject - 0x004A22AC 0x00142A88 0x00141688 0x00000485
UnregisterWait - 0x004A22B0 0x00142A8C 0x0014168C 0x0000058B
GetThreadTimes - 0x004A22B4 0x00142A90 0x00141690 0x000002F0
FreeLibraryAndExitThread - 0x004A22B8 0x00142A94 0x00141694 0x0000019F
GetModuleHandleA - 0x004A22BC 0x00142A98 0x00141698 0x00000264
LoadLibraryExW - 0x004A22C0 0x00142A9C 0x0014169C 0x000003A7
GetVersionExW - 0x004A22C4 0x00142AA0 0x001416A0 0x00000305
VirtualAlloc - 0x004A22C8 0x00142AA4 0x001416A4 0x0000059B
VirtualFree - 0x004A22CC 0x00142AA8 0x001416A8 0x0000059E
VirtualProtect - 0x004A22D0 0x00142AAC 0x001416AC 0x000005A1
InterlockedPopEntrySList - 0x004A22D4 0x00142AB0 0x001416B0 0x00000356
InterlockedPushEntrySList - 0x004A22D8 0x00142AB4 0x001416B4 0x00000357
InterlockedFlushSList - 0x004A22DC 0x00142AB8 0x001416B8 0x00000354
QueryDepthSList - 0x004A22E0 0x00142ABC 0x001416BC 0x00000424
UnregisterWaitEx - 0x004A22E4 0x00142AC0 0x001416C0 0x0000058C
RaiseException - 0x004A22E8 0x00142AC4 0x001416C4 0x00000440
RtlUnwind - 0x004A22EC 0x00142AC8 0x001416C8 0x000004AD
GetCommandLineA - 0x004A22F0 0x00142ACC 0x001416CC 0x000001C8
GetCommandLineW - 0x004A22F4 0x00142AD0 0x001416D0 0x000001C9
SetEnvironmentVariableA - 0x004A22F8 0x00142AD4 0x001416D4 0x000004ED
Memory Dumps (21)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
bitdefender ci.exe 1 0x00400000 0x005EFFFF Relevant Image False 32-bit 0x0045BDAE False
...
buffer 1 0x00940000 0x00971FFF First Execution False 32-bit 0x00953498 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x00950F5C False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x00945CA0 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x00951708 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x0094E3B0 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x00941079 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x0094F344 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x0094DEE0 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x009492F8 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x0094ADDC False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x00943458 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x00944000 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x00946900 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x009478C0 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x00948000 False
...
buffer 1 0x00940000 0x00971FFF Content Changed False 32-bit 0x0094108D False
...
buffer 1 0x0075AB18 0x0075D917 Dump Rule: PikabotConfig False 32-bit - False
...
buffer 1 0x006F0000 0x0071EFFF Image In Buffer False 32-bit - False
...
buffer 1 0x022E4020 0x023E401F Image In Buffer False 32-bit - False
...
bitdefender ci.exe 1 0x00400000 0x005EFFFF Process Termination False 32-bit - False
...
c896e7ab5e8c26b219170d2258270ef2b31ecd1d35857ebf68139ceead20d968 Extracted File Image
Clean
Known to be clean.
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\BitDefender CI.exe
MIME Type image/png
File Size 5.95 KB
MD5 bf9f5bcd78f35fc135e123647994fe41 Copy to Clipboard
SHA1 778fcf9e2d5e8a5147821fb800168a649e9de108 Copy to Clipboard
SHA256 c896e7ab5e8c26b219170d2258270ef2b31ecd1d35857ebf68139ceead20d968 Copy to Clipboard
SSDeep 96:QUlqvr4NioUAWhtU4KS2R2mLYCaGF8i3WusnSz1SWabNU11m8s7lEwMA1OHjxn:jq/oUAWht4DrcCaUvGdnSzV1SqqOH1n Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
9e486b62ae4a3162fe16da77f5a91768cb7c4108a1544d48ec15440eaecb5eed Extracted File Image
Clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\BitDefender CI.exe
MIME Type image/png
File Size 5.59 KB
MD5 7aa95a8bed67ee8d431025815f30cb4f Copy to Clipboard
SHA1 d05a893a8f12dd3b0dfb3e239832741b594bf4ca Copy to Clipboard
SHA256 9e486b62ae4a3162fe16da77f5a91768cb7c4108a1544d48ec15440eaecb5eed Copy to Clipboard
SSDeep 96://2OZwnMNoVyFFKrriDkxsBomp9FBsAX7zygeZf6Kk8So10tqzg2:n2uwn2VFMykxsBoAPzXT7lRo1Ekb Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image