Malicious
Classifications
Ransomware
Threat Names
-
Dynamic Analysis Report
Created on 2022-06-21T10:14:01+00:00
cd41ed86dd2b59459c6e241c5ab3d210f8bd6f12129c1ff838c7d1557797bd40.exe
Windows Exe (x86-32)
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\RDhJ0CNFevzX\Desktop\cd41ed86dd2b59459c6e241c5ab3d210f8bd6f12129c1ff838c7d1557797bd40.exe | Sample File | Binary |
Malicious
|
...
|
»
PE Information
»
Image Base | 0x00400000 |
Entry Point | 0x00459966 |
Size Of Code | 0x00057A00 |
Size Of Initialized Data | 0x0002F200 |
File Type | IMAGE_FILE_EXECUTABLE_IMAGE |
Subsystem | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Machine Type | IMAGE_FILE_MACHINE_I386 |
Compile Timestamp | 2100-01-06 16:02 (UTC+1) |
Version Information (11)
»
Comments | gfgfgfgfgg |
CompanyName | fgg |
FileDescription | ggfgfgf |
FileVersion | 1.0.0.0 |
InternalName | c.exe |
LegalCopyright | gfgfggf |
LegalTrademarks | gg |
OriginalFilename | c.exe |
ProductName | gfgfggfgfh |
ProductVersion | 1.0.0.0 |
Assembly Version | 1.0.0.0 |
Sections (3)
»
Name | Virtual Address | Virtual Size | Raw Data Size | Raw Data Offset | Flags | Entropy |
---|---|---|---|---|---|---|
.text | 0x00402000 | 0x0005796C | 0x00057A00 | 0x00000200 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 4.66 |
.rsrc | 0x0045A000 | 0x0002EF54 | 0x0002F000 | 0x00057C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 4.45 |
.reloc | 0x0048A000 | 0x0000000C | 0x00000200 | 0x00086C00 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.1 |
Imports (1)
»
mscoree.dll (1)
»
API Name | Ordinal | IAT Address | Thunk RVA | Thunk Offset | Hint |
---|---|---|---|---|---|
_CorExeMain | - | 0x00402000 | 0x0005993C | 0x00057B3C | 0x00000000 |
Memory Dumps (4)
»
Name | Process ID | Start VA | End VA | Dump Reason | PE Rebuild | Bitness | Entry Point | YARA | Actions |
---|---|---|---|---|---|---|---|---|---|
cd41ed86dd2b59459c6e241c5ab3d210f8bd6f12129c1ff838c7d1557797bd40.exe | 1 | 0x00400000 | 0x0048BFFF | Relevant Image |
![]() |
64-bit | - |
![]() |
...
|
buffer | 1 | 0x1AE1E000 | 0x1AE1FFFF | First Network Behavior |
![]() |
64-bit | - |
![]() |
...
|
buffer | 1 | 0x00144000 | 0x0014FFFF | First Network Behavior |
![]() |
64-bit | - |
![]() |
...
|
cd41ed86dd2b59459c6e241c5ab3d210f8bd6f12129c1ff838c7d1557797bd40.exe | 1 | 0x00400000 | 0x0048BFFF | First Network Behavior |
![]() |
64-bit | - |
![]() |
...
|
C:\Users\RDhJ0CNFevzX\Desktop\_Zy5FeRbLQDxmapn0.png_encrypted | Dropped File | Empty |
Clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\Desktop\siU3UTC4Y37SCtPmMaq\oju4fqXzHXxAhQ.png_encrypted | Dropped File | Empty |
Clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\Desktop\V3a0MDclW2jjyqOGjLJ.jpg_encrypted | Dropped File | Empty |
Clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\Desktop\siU3UTC4Y37SCtPmMaq\1CuHEPj43yz.jpg_encrypted | Dropped File | Empty |
Clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\Desktop\yhplEpNT.pdf_encrypted | Dropped File | Empty |
Clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\Desktop\XGCCY.jpg_encrypted | Dropped File | Empty |
Clean
|
...
|
»
C:\Users\RDhJ0CNFevzX\Desktop\cW6ks2r_zJ4J9Z8xyYc.jpg_encrypted | Dropped File | Empty |
Clean
|
...
|
»
f67fc5c8e04c1ad5be0041f16e320e704988d685ebaeff7de2e89af129174c09 | Extracted File | Image |
Clean
|
...
|
»
760341bf512dc05a438eba3e2ff68e3c06cbc4a85c87b08027ce517f3efea96f | Extracted File | Image |
Clean
|
...
|
»