Try VMRay Platform
Malicious
Classifications

Keylogger Spyware Injector Backdoor

Threat Names

Remcos Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-06-04T03:10:42+00:00

PO_JD09220001_0107002400045.iso

Windows Exe (x86-32)
...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
File Name Category Type Verdict Actions
D:\PO_JD09220001_0107002400045^^^^^^^^^^^^^.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\AppData\Roaming\IbOrYrFUHs.exe (Accessed File)
Parent File C:\Users\RDhJ0CNFevzX\PO_JD09220001_0107002400045.iso
MIME Type application/vnd.microsoft.portable-executable
File Size 949.50 KB
MD5 fe9d0b02016a81cee8194ab4a9291d67 Copy to Clipboard
SHA1 c661ef9f12eff5ff7c8596b42ccdf4b45fb3969f Copy to Clipboard
SHA256 0fbf742ed3a45cd0afdd4a5cc75152f8d9757559dc514b2e46fa9cf997c45240 Copy to Clipboard
SSDeep 24576:mUKN5ivVmPHfMHCnvjz8dY5+4/vg2SGg47NA7:iN5iUPHfyCvjzzn/vgls Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x004EEB3E
Size Of Code 0x000ECC00
Size Of Initialized Data 0x00000800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-06-03 07:51 (UTC+2)
Version Information (11)
»
Comments -
CompanyName -
FileDescription Energy Runtime
FileVersion 1.0.0.0
InternalName ramP.exe
LegalCopyright Copyright © Microsoft Corporation. All rights reserved.
LegalTrademarks -
OriginalFilename ramP.exe
ProductName Energy Runtime
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000ECB44 0x000ECC00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.94
.rsrc 0x004F0000 0x00000600 0x00000600 0x000ECE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.17
.reloc 0x004F2000 0x0000000C 0x00000200 0x000ED400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000EEB11 0x000ECD11 0x00000000
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
buffer 1 0x049E0000 0x049EFFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x07AA0000 0x07AA8FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x07AB0000 0x07AB9FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 1 0x07AE0000 0x07B9AFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp6EB7.tmp Dropped File Text
Clean
...
»
MIME Type text/xml
File Size 1.56 KB
MD5 b7feea646938d4ec2e9fecfc77ea54c9 Copy to Clipboard
SHA1 ea80649331787f46a3b7aaa5ebcaf3c66a8f4c0f Copy to Clipboard
SHA256 0a2b38524daee3072aaec9e29fbc1cb221474ce30419909b98cfefddfb30786f Copy to Clipboard
SSDeep 24:2di4+S2qh9Y1Sy1mlUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNteLxvn:cge2UYrFdOFzOzN33ODOiDdKrsuTsv Copy to Clipboard
ImpHash -
C:\ProgramData\remcos\logs.dat Dropped File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 566 Bytes
MD5 eb3b8fc4c70e57e41551c9e8728d619c Copy to Clipboard
SHA1 f38dcc90795ab6ad366eab24691c8fee5f17136f Copy to Clipboard
SHA256 34ce7d5ab251f051f4a0fa5b20ae4a99832b2b68c7a007d5934f4fbfd273b45c Copy to Clipboard
SSDeep 12:w9hhDAWr51J+jGh7PMv/lWEJjQuw2h7YP5pYjgj89zbMOW9fy7:w9h91/Gv/GUm5pYjgw9Xzui Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image