Try VMRay Platform
Malicious
Classifications

Spyware Backdoor Injector

Threat Names

RedLine.E Mal/Generic-S

Dynamic Analysis Report

Created on 2024-06-27T02:00:07+00:00

project.exe

Windows Exe (x86-64)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "6 minutes, 47 seconds" to "30 seconds" to reveal dormant functionality.

Remarks

(0x0200004A): 45 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 512 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\OqXZRaykm\Desktop\project.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 81.03 MB
MD5 e9c6afa3e88ae62a18ef5ac3a6ac6108 Copy to Clipboard
SHA1 f7a14d8a3906808de1b7181e9c369439c95ae80b Copy to Clipboard
SHA256 be735fb6d9811ebc95011003c79b1df34a438e765f9a2065c1ef98930e72c698 Copy to Clipboard
SSDeep 786432:Z/i5jul6pr3WPPzFCmoFuTF0XUZpMgniP3l3gennj2:ZbASPrVpMgZUi Copy to Clipboard
ImpHash ea509d361799935a94335b88f534a970 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00474960
Size Of Code 0x01886E00
Size Of Initialized Data 0x001D5E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 1970-01-01 01:00 (UTC+1)
Sections (15)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x01886CA4 0x01886E00 0x00000600 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.09
.rdata 0x01C88000 0x01F32A38 0x01F32C00 0x01887400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.26
.data 0x03BBB000 0x0025DE60 0x001D5E00 0x037BA000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.85
.pdata 0x03E19000 0x000A9C50 0x000A9E00 0x0398FE00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.07
.xdata 0x03EC3000 0x000000A8 0x00000200 0x03A39C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 1.63
/4 0x03EC4000 0x00000129 0x00000200 0x03A39E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.08
/19 0x03EC5000 0x003553C1 0x00355400 0x03A3A000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 8.0
/32 0x0421B000 0x000DD404 0x000DD600 0x03D8F400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.93
/46 0x042F9000 0x00000030 0x00000200 0x03E6CA00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.86
/65 0x042FA000 0x0065163A 0x00651800 0x03E6CC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 8.0
/78 0x0494C000 0x00488930 0x00488A00 0x044BE400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 8.0
/90 0x04DD5000 0x000ECEFA 0x000ED000 0x04946E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 7.82
.idata 0x04EC2000 0x00000552 0x00000600 0x04A33E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.21
.reloc 0x04EC3000 0x00093736 0x00093800 0x04A34400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.47
.symtab 0x04F57000 0x0063F0E0 0x0063F200 0x04AC7C00 IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.45
Imports (1)
»
kernel32.dll (47)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WriteFile - 0x03BBEBA0 0x04AC23D2 0x04A341D2 0x00000000
WriteConsoleW - 0x03BBEBA8 0x04AC23DA 0x04A341DA 0x00000000
WerSetFlags - 0x03BBEBB0 0x04AC23E2 0x04A341E2 0x00000000
WerGetFlags - 0x03BBEBB8 0x04AC23EA 0x04A341EA 0x00000000
WaitForMultipleObjects - 0x03BBEBC0 0x04AC23F2 0x04A341F2 0x00000000
WaitForSingleObject - 0x03BBEBC8 0x04AC23FA 0x04A341FA 0x00000000
VirtualQuery - 0x03BBEBD0 0x04AC2402 0x04A34202 0x00000000
VirtualFree - 0x03BBEBD8 0x04AC240A 0x04A3420A 0x00000000
VirtualAlloc - 0x03BBEBE0 0x04AC2412 0x04A34212 0x00000000
TlsAlloc - 0x03BBEBE8 0x04AC241A 0x04A3421A 0x00000000
SwitchToThread - 0x03BBEBF0 0x04AC2422 0x04A34222 0x00000000
SuspendThread - 0x03BBEBF8 0x04AC242A 0x04A3422A 0x00000000
SetWaitableTimer - 0x03BBEC00 0x04AC2432 0x04A34232 0x00000000
SetUnhandledExceptionFilter - 0x03BBEC08 0x04AC243A 0x04A3423A 0x00000000
SetThreadPriority - 0x03BBEC10 0x04AC2442 0x04A34242 0x00000000
SetProcessPriorityBoost - 0x03BBEC18 0x04AC244A 0x04A3424A 0x00000000
SetEvent - 0x03BBEC20 0x04AC2452 0x04A34252 0x00000000
SetErrorMode - 0x03BBEC28 0x04AC245A 0x04A3425A 0x00000000
SetConsoleCtrlHandler - 0x03BBEC30 0x04AC2462 0x04A34262 0x00000000
ResumeThread - 0x03BBEC38 0x04AC246A 0x04A3426A 0x00000000
RaiseFailFastException - 0x03BBEC40 0x04AC2472 0x04A34272 0x00000000
PostQueuedCompletionStatus - 0x03BBEC48 0x04AC247A 0x04A3427A 0x00000000
LoadLibraryW - 0x03BBEC50 0x04AC2482 0x04A34282 0x00000000
LoadLibraryExW - 0x03BBEC58 0x04AC248A 0x04A3428A 0x00000000
SetThreadContext - 0x03BBEC60 0x04AC2492 0x04A34292 0x00000000
GetThreadContext - 0x03BBEC68 0x04AC249A 0x04A3429A 0x00000000
GetSystemInfo - 0x03BBEC70 0x04AC24A2 0x04A342A2 0x00000000
GetSystemDirectoryA - 0x03BBEC78 0x04AC24AA 0x04A342AA 0x00000000
GetStdHandle - 0x03BBEC80 0x04AC24B2 0x04A342B2 0x00000000
GetQueuedCompletionStatusEx - 0x03BBEC88 0x04AC24BA 0x04A342BA 0x00000000
GetProcessAffinityMask - 0x03BBEC90 0x04AC24C2 0x04A342C2 0x00000000
GetProcAddress - 0x03BBEC98 0x04AC24CA 0x04A342CA 0x00000000
GetErrorMode - 0x03BBECA0 0x04AC24D2 0x04A342D2 0x00000000
GetEnvironmentStringsW - 0x03BBECA8 0x04AC24DA 0x04A342DA 0x00000000
GetCurrentThreadId - 0x03BBECB0 0x04AC24E2 0x04A342E2 0x00000000
GetConsoleMode - 0x03BBECB8 0x04AC24EA 0x04A342EA 0x00000000
FreeEnvironmentStringsW - 0x03BBECC0 0x04AC24F2 0x04A342F2 0x00000000
ExitProcess - 0x03BBECC8 0x04AC24FA 0x04A342FA 0x00000000
DuplicateHandle - 0x03BBECD0 0x04AC2502 0x04A34302 0x00000000
CreateWaitableTimerExW - 0x03BBECD8 0x04AC250A 0x04A3430A 0x00000000
CreateWaitableTimerA - 0x03BBECE0 0x04AC2512 0x04A34312 0x00000000
CreateThread - 0x03BBECE8 0x04AC251A 0x04A3431A 0x00000000
CreateIoCompletionPort - 0x03BBECF0 0x04AC2522 0x04A34322 0x00000000
CreateFileA - 0x03BBECF8 0x04AC252A 0x04A3432A 0x00000000
CreateEventA - 0x03BBED00 0x04AC2532 0x04A34332 0x00000000
CloseHandle - 0x03BBED08 0x04AC253A 0x04A3433A 0x00000000
AddVectoredExceptionHandler - 0x03BBED10 0x04AC2542 0x04A34342 0x00000000
Digital Signature Information
»
Verification Status Failed
Certificate: Krisp Technologies, Inc
»
Issued by Krisp Technologies, Inc
Parent Certificate DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1
Country Name US
Valid From 2023-03-16 01:00 (UTC+1)
Valid Until 2025-02-26 00:59 (UTC+1)
Algorithm sha256_rsa
Serial Number 0C E3 0B B0 3E 42 1B 33 BC 87 CD A5 3E 84 27 95
Thumbprint C8 C6 2A C3 5E 4A 45 64 F9 BC F2 B1 58 AD 7D C9 B0 89 1F 84
Certificate: DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1
»
Issued by DigiCert Trusted G4 Code Signing RSA4096 SHA256 2021 CA1
Country Name US
Valid From 2021-07-28 02:00 (UTC+2)
Valid Until 2036-07-28 01:59 (UTC+2)
Algorithm sha256_rsa
Serial Number 0E 4D 67 F6 43 16 C9 2A 3B 7A 17 CC 46 97 6A 8F
Thumbprint 8F B2 8D D3 CF FA 5D 28 6E 7C 71 8A A9 07 CB 4F 9B 17 67 C2
Memory Dumps (39)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
buffer 1 0x4D8EE000 0x4D8EFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4D65F000 0x4D65FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4D39F000 0x4D39FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4D19F000 0x4D19FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4B5BF000 0x4B5BFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4B3BF000 0x4B3BFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4B1BD000 0x4B1BFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00D3F000 0x00D3FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x005FC000 0x005FFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00090000 0x000CFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x000D0000 0x000EFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x000F0000 0x000FFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x008D0000 0x009CFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x009D0000 0x009E1FFF First Network Behavior False 64-bit - False
...
buffer 1 0x009F0000 0x009FFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00A10000 0x00A21FFF First Network Behavior False 64-bit - False
...
buffer 1 0x00A40000 0x00B3FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00D40000 0x00D7FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00D80000 0x00DBFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00DC0000 0x00DFFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00E00000 0x00E0FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x00E10000 0x00E1FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x05FC0000 0x067BFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x087F0000 0x087F0FFF First Network Behavior False 64-bit - False
...
buffer 1 0x1A940000 0x1A940FFF First Network Behavior False 64-bit - False
...
buffer 1 0x3A940000 0x3A940FFF First Network Behavior False 64-bit - False
...
buffer 1 0x4A7C0000 0x4AFBFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4B5C0000 0x4B71FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4CEC0000 0x4CEFFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4CF00000 0x4CF3FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4CF40000 0x4CF7FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4CF80000 0x4CF91FFF First Network Behavior False 64-bit - False
...
buffer 1 0x4D3A0000 0x4D3DFFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4D3E0000 0x4D41FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4D420000 0x4D45FFFF First Network Behavior False 64-bit - False
...
buffer 1 0x4D660000 0x4D69FFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000000000 0xC0003FFFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000400000 0xC0007FFFFF First Network Behavior False 64-bit - False
...
buffer 1 0xC000800000 0xC000BFFFFF First Network Behavior False 64-bit - False
...
C:\ProgramData\driver1.exe Dropped File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 558.50 KB
MD5 77ba27391c1f7966622fae0ad3290517 Copy to Clipboard
SHA1 5020faccd995583eadf804ff0fc11afdf591d6c3 Copy to Clipboard
SHA256 29d3deeb4cd5a45eef40bae38033d9dd4a4898d2659ba16b93666e2bfe55ac35 Copy to Clipboard
SSDeep 12288:2nzuFzxJ3JCCuFmh3o1YhtaW18hx8ayU7SNivxGG/bsQirZO3tuGwY7CXxaO/JF5:2nzuFzxJ3Ro+p Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x00400000
Entry Point 0x0048CD1E
Size Of Code 0x0008AE00
Size Of Initialized Data 0x00000A00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-06-18 13:03 (UTC+2)
Version Information (11)
»
Comments Revolutionizing the tech landscape with cutting-edge solutions.
CompanyName AetherDynamics Corporation
FileDescription AetherDynamics
FileVersion 1.0.0.2
InternalName AetherDynamics7657074487.exe
LegalCopyright Copyright © 2026
LegalTrademarks AetherDynamics Trademark
OriginalFilename AetherDynamics7657074487.exe
ProductName Aether Advanced Suite
ProductVersion 1.0.0.2
Assembly Version 1.0.0.2
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x0008AD24 0x0008AE00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.08
.rsrc 0x0048E000 0x000006F0 0x00000800 0x0008B000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.77
.reloc 0x00490000 0x0000000C 0x00000200 0x0008B800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x0008CCEC 0x0008AEEC 0x00000000
Memory Dumps (4)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
driver1.exe 14 0x00010000 0x000A1FFF Relevant Image False 32-bit - False
...
kernel32.dll 14 0x75CE0000 0x75DCFFFF First Execution False 32-bit 0x75D00420 False
...
ntdll.dll 14 0x77D40000 0x77EE1FFF First Execution False 32-bit 0x77DB1220 False
...
driver1.exe 14 0x00010000 0x000A1FFF Process Termination False 32-bit - False
...
C:\ProgramData\driver1.rar Downloaded File RAR
N/A
Not Available because the password-protected file could not be opened.
...
»
MIME Type application/x-rar-compressed
File Size 259.84 KB
MD5 464a84e13d25b3c32f3b1b504fdbcaef Copy to Clipboard
SHA1 07631da7a7f1d5cd9aa2f90627dd98f230fb110a Copy to Clipboard
SHA256 8103f74aedf1f42289b823a56ef991c61d33e35e2b28e2388961a31b2a87491f Copy to Clipboard
SSDeep 6144:VOfEM4JK+BWVtgT5pY2AsKAMFw7BCdfGGovIYOS//Hzss:VXM+BrT5pDFMmBCd/ovIYOSYs Copy to Clipboard
ImpHash -
Static Analysis Error No password was provided for this password-protected sample.
C:\Users\OqXZRaykm\AppData\Roaming\d3d9.dll Dropped File Binary
Clean
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 237.00 KB
MD5 720682e4accc6bd483d220b70ddcc64e Copy to Clipboard
SHA1 66ec106b99ec24b8ab49e068f83af6a3eff2a649 Copy to Clipboard
SHA256 9404863d23f85e6a1480bc2490a391042fa33287db5bbafd21cefccceed2d10c Copy to Clipboard
SSDeep 6144:0/uQlg2krwvKNPiScb64pr5KZunvk46Fj:muQ5WNPiSclp1KZunvk4K Copy to Clipboard
ImpHash e1197fe54e8372084a3ab5ca8ffe789f Copy to Clipboard
PE Information
»
Image Base 0x10000000
Entry Point 0x1000CA3E
Size Of Code 0x00017600
Size Of Initialized Data 0x00024400
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-06-18 13:03 (UTC+2)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x000174A3 0x00017600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.63
.rdata 0x10019000 0x00006416 0x00006600 0x00017A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.02
.data 0x10020000 0x0001C954 0x0001C000 0x0001E000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.02
.reloc 0x1003D000 0x000013D4 0x00001400 0x0003A000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.6
Imports (2)
»
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShowWindow - 0x10019148 0x0001EDFC 0x0001D7FC 0x000002B8
KERNEL32.dll (81)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RaiseException - 0x10019000 0x0001ECB4 0x0001D6B4 0x00000483
WriteConsoleW - 0x10019004 0x0001ECB8 0x0001D6B8 0x00000639
GetCurrentProcess - 0x10019008 0x0001ECBC 0x0001D6BC 0x0000022C
GetModuleHandleA - 0x1001900C 0x0001ECC0 0x0001D6C0 0x0000028C
K32GetModuleInformation - 0x10019010 0x0001ECC4 0x0001D6C4 0x000003C4
GetModuleFileNameA - 0x10019014 0x0001ECC8 0x0001D6C8 0x0000028A
CreateFileA - 0x10019018 0x0001ECCC 0x0001D6CC 0x000000D2
CreateFileMappingA - 0x1001901C 0x0001ECD0 0x0001D6D0 0x000000D3
CloseHandle - 0x10019020 0x0001ECD4 0x0001D6D4 0x00000094
MapViewOfFile - 0x10019024 0x0001ECD8 0x0001D6D8 0x000003FE
VirtualProtect - 0x10019028 0x0001ECDC 0x0001D6DC 0x000005F4
GetModuleHandleW - 0x1001902C 0x0001ECE0 0x0001D6E0 0x0000028F
GetProcAddress - 0x10019030 0x0001ECE4 0x0001D6E4 0x000002C6
GetConsoleWindow - 0x10019034 0x0001ECE8 0x0001D6E8 0x0000021B
CreateProcessW - 0x10019038 0x0001ECEC 0x0001D6EC 0x000000F6
VirtualAlloc - 0x1001903C 0x0001ECF0 0x0001D6F0 0x000005EE
GetThreadContext - 0x10019040 0x0001ECF4 0x0001D6F4 0x00000313
VirtualAllocEx - 0x10019044 0x0001ECF8 0x0001D6F8 0x000005EF
WriteProcessMemory - 0x10019048 0x0001ECFC 0x0001D6FC 0x00000643
ReadProcessMemory - 0x1001904C 0x0001ED00 0x0001D700 0x00000497
SetThreadContext - 0x10019050 0x0001ED04 0x0001D704 0x0000057A
ResumeThread - 0x10019054 0x0001ED08 0x0001D708 0x000004EF
UnhandledExceptionFilter - 0x10019058 0x0001ED0C 0x0001D70C 0x000005D5
SetUnhandledExceptionFilter - 0x1001905C 0x0001ED10 0x0001D710 0x00000594
TerminateProcess - 0x10019060 0x0001ED14 0x0001D714 0x000005B4
IsProcessorFeaturePresent - 0x10019064 0x0001ED18 0x0001D718 0x000003A5
QueryPerformanceCounter - 0x10019068 0x0001ED1C 0x0001D71C 0x0000046D
GetCurrentProcessId - 0x1001906C 0x0001ED20 0x0001D720 0x0000022D
GetCurrentThreadId - 0x10019070 0x0001ED24 0x0001D724 0x00000231
GetSystemTimeAsFileTime - 0x10019074 0x0001ED28 0x0001D728 0x00000303
InitializeSListHead - 0x10019078 0x0001ED2C 0x0001D72C 0x00000381
IsDebuggerPresent - 0x1001907C 0x0001ED30 0x0001D730 0x0000039D
GetStartupInfoW - 0x10019080 0x0001ED34 0x0001D734 0x000002EA
CreateFileW - 0x10019084 0x0001ED38 0x0001D738 0x000000DA
InterlockedFlushSList - 0x10019088 0x0001ED3C 0x0001D73C 0x0000038A
RtlUnwind - 0x1001908C 0x0001ED40 0x0001D740 0x000004F5
GetLastError - 0x10019090 0x0001ED44 0x0001D744 0x00000277
SetLastError - 0x10019094 0x0001ED48 0x0001D748 0x00000555
EnterCriticalSection - 0x10019098 0x0001ED4C 0x0001D74C 0x00000145
LeaveCriticalSection - 0x1001909C 0x0001ED50 0x0001D750 0x000003DD
DeleteCriticalSection - 0x100190A0 0x0001ED54 0x0001D754 0x00000122
InitializeCriticalSectionAndSpinCount - 0x100190A4 0x0001ED58 0x0001D758 0x0000037D
TlsAlloc - 0x100190A8 0x0001ED5C 0x0001D75C 0x000005C6
TlsGetValue - 0x100190AC 0x0001ED60 0x0001D760 0x000005C8
TlsSetValue - 0x100190B0 0x0001ED64 0x0001D764 0x000005C9
TlsFree - 0x100190B4 0x0001ED68 0x0001D768 0x000005C7
FreeLibrary - 0x100190B8 0x0001ED6C 0x0001D76C 0x000001BF
LoadLibraryExW - 0x100190BC 0x0001ED70 0x0001D770 0x000003E3
EncodePointer - 0x100190C0 0x0001ED74 0x0001D774 0x00000141
DecodePointer - 0x100190C4 0x0001ED78 0x0001D778 0x0000011B
ExitProcess - 0x100190C8 0x0001ED7C 0x0001D77C 0x00000172
GetModuleHandleExW - 0x100190CC 0x0001ED80 0x0001D780 0x0000028E
GetModuleFileNameW - 0x100190D0 0x0001ED84 0x0001D784 0x0000028B
HeapAlloc - 0x100190D4 0x0001ED88 0x0001D788 0x00000363
HeapFree - 0x100190D8 0x0001ED8C 0x0001D78C 0x00000367
FindClose - 0x100190DC 0x0001ED90 0x0001D790 0x00000189
FindFirstFileExW - 0x100190E0 0x0001ED94 0x0001D794 0x0000018F
FindNextFileW - 0x100190E4 0x0001ED98 0x0001D798 0x000001A0
IsValidCodePage - 0x100190E8 0x0001ED9C 0x0001D79C 0x000003AB
GetACP - 0x100190EC 0x0001EDA0 0x0001D7A0 0x000001C6
GetOEMCP - 0x100190F0 0x0001EDA4 0x0001D7A4 0x000002AF
GetCPInfo - 0x100190F4 0x0001EDA8 0x0001D7A8 0x000001D5
GetCommandLineA - 0x100190F8 0x0001EDAC 0x0001D7AC 0x000001EA
GetCommandLineW - 0x100190FC 0x0001EDB0 0x0001D7B0 0x000001EB
MultiByteToWideChar - 0x10019100 0x0001EDB4 0x0001D7B4 0x0000040F
WideCharToMultiByte - 0x10019104 0x0001EDB8 0x0001D7B8 0x00000626
GetEnvironmentStringsW - 0x10019108 0x0001EDBC 0x0001D7BC 0x0000024C
FreeEnvironmentStringsW - 0x1001910C 0x0001EDC0 0x0001D7C0 0x000001BE
LCMapStringW - 0x10019110 0x0001EDC4 0x0001D7C4 0x000003D1
GetProcessHeap - 0x10019114 0x0001EDC8 0x0001D7C8 0x000002CD
GetStdHandle - 0x10019118 0x0001EDCC 0x0001D7CC 0x000002EC
GetFileType - 0x1001911C 0x0001EDD0 0x0001D7D0 0x00000263
GetStringTypeW - 0x10019120 0x0001EDD4 0x0001D7D4 0x000002F1
HeapSize - 0x10019124 0x0001EDD8 0x0001D7D8 0x0000036C
HeapReAlloc - 0x10019128 0x0001EDDC 0x0001D7DC 0x0000036A
SetStdHandle - 0x1001912C 0x0001EDE0 0x0001D7E0 0x00000570
FlushFileBuffers - 0x10019130 0x0001EDE4 0x0001D7E4 0x000001B3
WriteFile - 0x10019134 0x0001EDE8 0x0001D7E8 0x0000063A
GetConsoleOutputCP - 0x10019138 0x0001EDEC 0x0001D7EC 0x00000214
GetConsoleMode - 0x1001913C 0x0001EDF0 0x0001D7F0 0x00000210
SetFilePointerEx - 0x10019140 0x0001EDF4 0x0001D7F4 0x00000545
Exports (1)
»
API Name EAT Address Ordinal
HonorInc 0x00002F30 0x00000001
5d8dc7f92612ccf5258259d82b8d4cf24d1a995094b370bfbcafefac6974aed6 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 11.99 KB
MD5 3e44f0b5c9bd6c17a565b04ca2940488 Copy to Clipboard
SHA1 c54c3dcf531b36e71b0b2ba0ab9c8e41e77b271a Copy to Clipboard
SHA256 5d8dc7f92612ccf5258259d82b8d4cf24d1a995094b370bfbcafefac6974aed6 Copy to Clipboard
SSDeep 192:HovRYVi2pRYVi2uSridFSqugxu6Rnigni6U3qV0OKPGTRYVi2m1a4A:HSRZ2pRZ2uSwtVHPOqVbeuRZ2aA Copy to Clipboard
ImpHash -
Extracted URLs (12)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://telegram.org
Show WHOIS
Not Available
-
...
http://telegram.org/img/favicon.ico
Show WHOIS
Not Available
-
...
http://telegram.org/img/favicon-32x32.png
Show WHOIS
Not Available
-
...
http://telegram.org/dl?tme=a1fa6b9791b4d00d4e_10461190331160479626
Show WHOIS
Not Available
-
...
http://telegram.org/img/apple-touch-icon.png
Show WHOIS
Not Available
-
...
https://web.telegram.org
Show WHOIS
Not Available
-
...
http://telegram.org/img/favicon-16x16.png
Show WHOIS
Not Available
-
...
http://telegram.org/css/bootstrap.min.css?3
Show WHOIS
Not Available
-
...
http://telegram.org/css/telegram.css?237
Show WHOIS
Not Available
-
...
http://telegram.org/css/font-roboto.css?1
Show WHOIS
Not Available
-
...
http://telegram.org/js/tgwallpaper.min.js?3
Show WHOIS
Not Available
-
...
http://telegram.org/img/website_icon.svg?4
Show WHOIS
Not Available
-
...
bfbd892f4552464fa7cbaeae034196312571874fcbd50cdcefc174db260d22ba Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 1.18 KB
MD5 817d7776080cab0c7d84f745c89fc7e5 Copy to Clipboard
SHA1 da96543a4faf85494eb945fb5b12f82d0540d7eb Copy to Clipboard
SHA256 bfbd892f4552464fa7cbaeae034196312571874fcbd50cdcefc174db260d22ba Copy to Clipboard
SSDeep 12:h0Wy7jS5/EVKwyJvEdfHKa5wy0o35vy0PGDy0PHtSQmy0PlIE40x40xO/tvb:h0WCG5/1tJclRv0oM0Pr0PB0PlIVb Copy to Clipboard
ImpHash -
01b714a8ebda459f61a15f57b52c380626762af13b1c552954bdee3e441fcec0 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 19 Bytes
MD5 cff7c4a1693da7944261425f8131cfb4 Copy to Clipboard
SHA1 e2a0463e68290522480b42011b43418a343b267d Copy to Clipboard
SHA256 01b714a8ebda459f61a15f57b52c380626762af13b1c552954bdee3e441fcec0 Copy to Clipboard
SSDeep 3:YIzLQ7vn:YI/Q7vn Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image