Try VMRay Platform
Malicious
Classifications

Injector Backdoor

Threat Names

Remcos

Dynamic Analysis Report

Created on 2024-06-20T04:15:48+00:00

PtrToStringAutoTaskRunSynchronouslyPromise.exe

Windows Exe (x86-64)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "8 hours, 35 minutes, 2 seconds" to "20 seconds" to reveal dormant functionality.

Remarks

(0x0200004A): 2 dump(s) were skipped because they exceeded the maximum dump size of 16 MB. The largest one was 262144 MB.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\PtrToStringAutoTaskRunSynchronouslyPromise.exe Sample File Binary
Malicious
...
»
Also Known As C:\Users\RDhJ0CNFevzX\PtrToStringAutoTaskRunSynchronouslyPromise.exe (Dropped File, Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 2.07 MB
MD5 63ddc956e7cc98a92e1d4e14740b5788 Copy to Clipboard
SHA1 fb70815d8c36dedf5185e7a9de000dbcef0b072b Copy to Clipboard
SHA256 cffe61d5caaec713309315a0dcf0889a2cdb0632d0be87a6e7ce7bcce338e881 Copy to Clipboard
SSDeep 49152:O01xRoq0SqdSo1s9Z7N/pilLbWQ87oFfXUiUjL1QPG33BJ4Hr55z2VuT:4nd9U/4nnT Copy to Clipboard
ImpHash 06249f041b2cdab25d6c331a97469bef Copy to Clipboard
PE Information
»
Image Base 0x140000000
Entry Point 0x140060B80
Size Of Code 0x00117200
Size Of Initialized Data 0x000FB200
Size Of Uninitialized Data 0x0003F200
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2024-06-19 22:39 (UTC+2)
Version Information (8)
»
CompanyName PtrToStringAutoTaskRunSynchronouslyPromise
FileDescription PtrToStringAutoTaskRunSynchronouslyPromise
FileVersion 4.14.282.57
InternalName PtrToStringAutoTaskRunSynchronouslyPromise.dll
LegalCopyright
OriginalFilename PtrToStringAutoTaskRunSynchronouslyPromise.dll
ProductName PtrToStringAutoTaskRunSynchronouslyPromise
ProductVersion 4.14.282.57
Sections (8)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x000655E8 0x00065600 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.66
.managed 0x140067000 0x000B1BA8 0x000B1C00 0x00065A00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.45
hydrated 0x140119000 0x0003F0C8 0x00000000 0x00000000 IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.rdata 0x140159000 0x0006F78A 0x0006F800 0x00117600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.51
.data 0x1401C9000 0x0000D448 0x00001800 0x00186E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.94
.pdata 0x1401D7000 0x000107C4 0x00010800 0x00188600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.14
.rsrc 0x1401E8000 0x000793E4 0x00079400 0x00198E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 8.0
.reloc 0x140262000 0x00000574 0x00000600 0x00212200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.18
Imports (11)
»
ADVAPI32.dll (27)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
AdjustTokenPrivileges - 0x140159000 0x001C6E28 0x00185428 0x0000001F
CreateWellKnownSid - 0x140159008 0x001C6E30 0x00185430 0x00000093
DeregisterEventSource - 0x140159010 0x001C6E38 0x00185438 0x000000ED
DuplicateTokenEx - 0x140159018 0x001C6E40 0x00185440 0x000000F1
GetSecurityDescriptorLength - 0x140159020 0x001C6E48 0x00185448 0x0000014A
GetTokenInformation - 0x140159028 0x001C6E50 0x00185450 0x0000015B
GetWindowsAccountDomainSid - 0x140159030 0x001C6E58 0x00185458 0x00000167
LookupPrivilegeValueW - 0x140159038 0x001C6E60 0x00185460 0x0000019A
OpenProcessToken - 0x140159040 0x001C6E68 0x00185468 0x0000020B
OpenThreadToken - 0x140159048 0x001C6E70 0x00185470 0x00000210
RegCloseKey - 0x140159050 0x001C6E78 0x00185478 0x00000251
RegCreateKeyExW - 0x140159058 0x001C6E80 0x00185480 0x0000025A
RegDeleteKeyExW - 0x140159060 0x001C6E88 0x00185488 0x00000260
RegDeleteTreeW - 0x140159068 0x001C6E90 0x00185490 0x00000267
RegDeleteValueW - 0x140159070 0x001C6E98 0x00185498 0x00000269
RegEnumKeyExW - 0x140159078 0x001C6EA0 0x001854A0 0x00000270
RegEnumValueW - 0x140159080 0x001C6EA8 0x001854A8 0x00000273
RegFlushKey - 0x140159088 0x001C6EB0 0x001854B0 0x00000274
RegOpenKeyExW - 0x140159090 0x001C6EB8 0x001854B8 0x00000282
RegQueryInfoKeyW - 0x140159098 0x001C6EC0 0x001854C0 0x00000289
RegQueryValueExW - 0x1401590A0 0x001C6EC8 0x001854C8 0x0000028F
RegSetValueExA - 0x1401590A8 0x001C6ED0 0x001854D0 0x0000029E
RegSetValueExW - 0x1401590B0 0x001C6ED8 0x001854D8 0x0000029F
RegisterEventSourceW - 0x1401590B8 0x001C6EE0 0x001854E0 0x000002A4
ReportEventW - 0x1401590C0 0x001C6EE8 0x001854E8 0x000002B6
RevertToSelf - 0x1401590C8 0x001C6EF0 0x001854F0 0x000002B7
SetThreadToken - 0x1401590D0 0x001C6EF8 0x001854F8 0x000002E9
bcrypt.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
BCryptCloseAlgorithmProvider - 0x1401596C0 0x001C74E8 0x00185AE8 0x00000002
BCryptDecrypt - 0x1401596C8 0x001C74F0 0x00185AF0 0x00000008
BCryptDestroyKey - 0x1401596D0 0x001C74F8 0x00185AF8 0x0000000E
BCryptGenRandom - 0x1401596D8 0x001C7500 0x00185B00 0x0000001D
BCryptGenerateSymmetricKey - 0x1401596E0 0x001C7508 0x00185B08 0x0000001F
BCryptOpenAlgorithmProvider - 0x1401596E8 0x001C7510 0x00185B10 0x00000027
KERNEL32.dll (145)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
TlsFree - 0x1401590E0 0x001C6F08 0x00185508 0x000005D7
TlsSetValue - 0x1401590E8 0x001C6F10 0x00185510 0x000005D9
TlsGetValue - 0x1401590F0 0x001C6F18 0x00185518 0x000005D8
TlsAlloc - 0x1401590F8 0x001C6F20 0x00185520 0x000005D6
InitializeCriticalSectionAndSpinCount - 0x140159100 0x001C6F28 0x00185528 0x00000386
EncodePointer - 0x140159108 0x001C6F30 0x00185530 0x00000145
RaiseException - 0x140159110 0x001C6F38 0x00185538 0x00000487
AllocConsole - 0x140159118 0x001C6F40 0x00185540 0x00000016
CancelThreadpoolIo - 0x140159120 0x001C6F48 0x00185548 0x00000082
CloseHandle - 0x140159128 0x001C6F50 0x00185550 0x00000094
CloseThreadpoolIo - 0x140159130 0x001C6F58 0x00185558 0x0000009E
CopyFileExW - 0x140159138 0x001C6F60 0x00185560 0x000000B9
CreateDirectoryW - 0x140159140 0x001C6F68 0x00185568 0x000000C9
CreateEventExW - 0x140159148 0x001C6F70 0x00185570 0x000000CD
CreateFileW - 0x140159150 0x001C6F78 0x00185578 0x000000DA
CreateProcessA - 0x140159158 0x001C6F80 0x00185580 0x000000F1
CreateSymbolicLinkW - 0x140159160 0x001C6F88 0x00185588 0x00000101
CreateThreadpoolIo - 0x140159168 0x001C6F90 0x00185590 0x00000106
DeleteCriticalSection - 0x140159170 0x001C6F98 0x00185598 0x00000123
DeleteFileW - 0x140159178 0x001C6FA0 0x001855A0 0x00000128
DeleteVolumeMountPointW - 0x140159180 0x001C6FA8 0x001855A8 0x00000131
DeviceIoControl - 0x140159188 0x001C6FB0 0x001855B0 0x00000133
DuplicateHandle - 0x140159190 0x001C6FB8 0x001855B8 0x00000141
EnterCriticalSection - 0x140159198 0x001C6FC0 0x001855C0 0x00000149
ExitProcess - 0x1401591A0 0x001C6FC8 0x001855C8 0x00000178
ExpandEnvironmentStringsW - 0x1401591A8 0x001C6FD0 0x001855D0 0x0000017C
FileTimeToSystemTime - 0x1401591B0 0x001C6FD8 0x001855D8 0x00000184
FindClose - 0x1401591B8 0x001C6FE0 0x001855E0 0x0000018F
FindFirstFileExW - 0x1401591C0 0x001C6FE8 0x001855E8 0x00000195
FindNextFileW - 0x1401591C8 0x001C6FF0 0x001855F0 0x000001A6
FormatMessageW - 0x1401591D0 0x001C6FF8 0x001855F8 0x000001C1
FreeConsole - 0x1401591D8 0x001C7000 0x00185600 0x000001C2
FreeLibrary - 0x1401591E0 0x001C7008 0x00185608 0x000001C5
GetCPInfo - 0x1401591E8 0x001C7010 0x00185610 0x000001DB
GetConsoleOutputCP - 0x1401591F0 0x001C7018 0x00185618 0x0000021A
GetConsoleWindow - 0x1401591F8 0x001C7020 0x00185620 0x00000221
GetCurrentProcess - 0x140159200 0x001C7028 0x00185628 0x00000232
GetCurrentProcessId - 0x140159208 0x001C7030 0x00185630 0x00000233
GetCurrentProcessorNumberEx - 0x140159210 0x001C7038 0x00185638 0x00000235
GetCurrentThread - 0x140159218 0x001C7040 0x00185640 0x00000236
GetDynamicTimeZoneInformation - 0x140159220 0x001C7048 0x00185648 0x0000024E
GetEnvironmentVariableW - 0x140159228 0x001C7050 0x00185650 0x00000255
GetFileAttributesExW - 0x140159230 0x001C7058 0x00185658 0x0000025E
GetFileInformationByHandle - 0x140159238 0x001C7060 0x00185660 0x00000263
GetFileInformationByHandleEx - 0x140159240 0x001C7068 0x00185668 0x00000264
GetFileType - 0x140159248 0x001C7070 0x00185670 0x0000026A
GetFinalPathNameByHandleW - 0x140159250 0x001C7078 0x00185678 0x0000026C
GetFullPathNameW - 0x140159258 0x001C7080 0x00185680 0x00000275
GetLastError - 0x140159260 0x001C7088 0x00185688 0x0000027D
GetLogicalDrives - 0x140159268 0x001C7090 0x00185690 0x00000284
GetLongPathNameW - 0x140159270 0x001C7098 0x00185698 0x0000028A
GetModuleFileNameW - 0x140159278 0x001C70A0 0x001856A0 0x00000291
GetModuleHandleA - 0x140159280 0x001C70A8 0x001856A8 0x00000292
GetOverlappedResult - 0x140159288 0x001C70B0 0x001856B0 0x000002B7
GetProcAddress - 0x140159290 0x001C70B8 0x001856B8 0x000002CD
GetStdHandle - 0x140159298 0x001C70C0 0x001856C0 0x000002F3
GetSystemTime - 0x1401592A0 0x001C70C8 0x001856C8 0x00000308
GetThreadPriority - 0x1401592A8 0x001C70D0 0x001856D0 0x00000325
GetTickCount64 - 0x1401592B0 0x001C70D8 0x001856D8 0x0000032D
GetTimeZoneInformation - 0x1401592B8 0x001C70E0 0x001856E0 0x00000333
GetVolumeInformationW - 0x1401592C0 0x001C70E8 0x001856E8 0x00000345
InitializeConditionVariable - 0x1401592C8 0x001C70F0 0x001856F0 0x00000382
InitializeCriticalSection - 0x1401592D0 0x001C70F8 0x001856F8 0x00000385
IsDebuggerPresent - 0x1401592D8 0x001C7100 0x00185700 0x000003A0
LeaveCriticalSection - 0x1401592E0 0x001C7108 0x00185708 0x000003E0
LoadLibraryExW - 0x1401592E8 0x001C7110 0x00185710 0x000003E6
LocalAlloc - 0x1401592F0 0x001C7118 0x00185718 0x000003ED
LocalFree - 0x1401592F8 0x001C7120 0x00185720 0x000003F2
MoveFileExW - 0x140159300 0x001C7128 0x00185728 0x0000040B
MultiByteToWideChar - 0x140159308 0x001C7130 0x00185730 0x00000412
QueryPerformanceCounter - 0x140159310 0x001C7138 0x00185738 0x00000470
QueryPerformanceFrequency - 0x140159318 0x001C7140 0x00185740 0x00000471
RaiseFailFastException - 0x140159320 0x001C7148 0x00185748 0x00000488
ReadFile - 0x140159328 0x001C7150 0x00185750 0x00000498
RemoveDirectoryW - 0x140159330 0x001C7158 0x00185758 0x000004DF
ReplaceFileW - 0x140159338 0x001C7160 0x00185760 0x000004E8
ResetEvent - 0x140159340 0x001C7168 0x00185768 0x000004EC
ResumeThread - 0x140159348 0x001C7170 0x00185770 0x000004F3
SetEvent - 0x140159350 0x001C7178 0x00185778 0x00000548
SetFileAttributesW - 0x140159358 0x001C7180 0x00185780 0x0000054F
SetFileInformationByHandle - 0x140159360 0x001C7188 0x00185788 0x00000552
SetLastError - 0x140159368 0x001C7190 0x00185790 0x00000564
SetThreadErrorMode - 0x140159370 0x001C7198 0x00185798 0x0000058B
SetThreadPriority - 0x140159378 0x001C71A0 0x001857A0 0x00000593
Sleep - 0x140159380 0x001C71A8 0x001857A8 0x000005B4
SleepConditionVariableCS - 0x140159388 0x001C71B0 0x001857B0 0x000005B5
StartThreadpoolIo - 0x140159390 0x001C71B8 0x001857B8 0x000005BA
SystemTimeToFileTime - 0x140159398 0x001C71C0 0x001857C0 0x000005C0
TzSpecificLocalTimeToSystemTime - 0x1401593A0 0x001C71C8 0x001857C8 0x000005E1
VirtualAlloc - 0x1401593A8 0x001C71D0 0x001857D0 0x000005FF
VirtualFree - 0x1401593B0 0x001C71D8 0x001857D8 0x00000602
WaitForMultipleObjectsEx - 0x1401593B8 0x001C71E0 0x001857E0 0x0000060F
WakeConditionVariable - 0x1401593C0 0x001C71E8 0x001857E8 0x00000619
WideCharToMultiByte - 0x1401593C8 0x001C71F0 0x001857F0 0x00000637
WriteFile - 0x1401593D0 0x001C71F8 0x001857F8 0x0000064B
FlushProcessWriteBuffers - 0x1401593D8 0x001C7200 0x00185800 0x000001BB
WaitForSingleObjectEx - 0x1401593E0 0x001C7208 0x00185808 0x00000611
RtlVirtualUnwind - 0x1401593E8 0x001C7210 0x00185810 0x00000504
RtlCaptureContext - 0x1401593F0 0x001C7218 0x00185818 0x000004F5
RtlRestoreContext - 0x1401593F8 0x001C7220 0x00185820 0x00000501
VerSetConditionMask - 0x140159400 0x001C7228 0x00185828 0x000005FA
AddVectoredExceptionHandler - 0x140159408 0x001C7230 0x00185830 0x00000014
FlsAlloc - 0x140159410 0x001C7238 0x00185838 0x000001B4
FlsGetValue - 0x140159418 0x001C7240 0x00185840 0x000001B6
FlsSetValue - 0x140159420 0x001C7248 0x00185848 0x000001B7
CreateEventW - 0x140159428 0x001C7250 0x00185850 0x000000CE
SwitchToThread - 0x140159430 0x001C7258 0x00185858 0x000005BF
CreateThread - 0x140159438 0x001C7260 0x00185860 0x00000103
GetCurrentThreadId - 0x140159440 0x001C7268 0x00185868 0x00000237
SuspendThread - 0x140159448 0x001C7270 0x00185870 0x000005BD
GetThreadContext - 0x140159450 0x001C7278 0x00185878 0x0000031A
SetThreadContext - 0x140159458 0x001C7280 0x00185880 0x00000589
QueryInformationJobObject - 0x140159460 0x001C7288 0x00185888 0x0000046C
GetModuleHandleW - 0x140159468 0x001C7290 0x00185890 0x00000295
GetModuleHandleExW - 0x140159470 0x001C7298 0x00185898 0x00000294
GetProcessAffinityMask - 0x140159478 0x001C72A0 0x001858A0 0x000002CE
VerifyVersionInfoW - 0x140159480 0x001C72A8 0x001858A8 0x000005FE
InitializeContext - 0x140159488 0x001C72B0 0x001858B0 0x00000383
GetEnabledXStateFeatures - 0x140159490 0x001C72B8 0x001858B8 0x0000024F
SetXStateFeaturesMask - 0x140159498 0x001C72C0 0x001858C0 0x000005AF
VirtualQuery - 0x1401594A0 0x001C72C8 0x001858C8 0x00000607
GetSystemTimeAsFileTime - 0x1401594A8 0x001C72D0 0x001858D0 0x0000030A
InitializeCriticalSectionEx - 0x1401594B0 0x001C72D8 0x001858D8 0x00000387
DebugBreak - 0x1401594B8 0x001C72E0 0x001858E0 0x00000119
WaitForSingleObject - 0x1401594C0 0x001C72E8 0x001858E8 0x00000610
SleepEx - 0x1401594C8 0x001C72F0 0x001858F0 0x000005B7
GlobalMemoryStatusEx - 0x1401594D0 0x001C72F8 0x001858F8 0x00000361
GetSystemInfo - 0x1401594D8 0x001C7300 0x00185900 0x00000304
GetLogicalProcessorInformation - 0x1401594E0 0x001C7308 0x00185908 0x00000285
GetLogicalProcessorInformationEx - 0x1401594E8 0x001C7310 0x00185910 0x00000286
GetLargePageMinimum - 0x1401594F0 0x001C7318 0x00185918 0x0000027B
VirtualUnlock - 0x1401594F8 0x001C7320 0x00185920 0x00000609
VirtualAllocExNuma - 0x140159500 0x001C7328 0x00185928 0x00000601
IsProcessInJob - 0x140159508 0x001C7330 0x00185930 0x000003A7
GetNumaHighestNodeNumber - 0x140159510 0x001C7338 0x00185938 0x000002A7
GetProcessGroupAffinity - 0x140159518 0x001C7340 0x00185940 0x000002D2
K32GetProcessMemoryInfo - 0x140159520 0x001C7348 0x00185948 0x000003CB
RtlPcToFileHeader - 0x140159528 0x001C7350 0x00185950 0x000004FF
RtlUnwindEx - 0x140159530 0x001C7358 0x00185958 0x00000503
InitializeSListHead - 0x140159538 0x001C7360 0x00185960 0x0000038A
IsProcessorFeaturePresent - 0x140159540 0x001C7368 0x00185968 0x000003A8
TerminateProcess - 0x140159548 0x001C7370 0x00185970 0x000005C4
SetUnhandledExceptionFilter - 0x140159550 0x001C7378 0x00185978 0x000005A4
UnhandledExceptionFilter - 0x140159558 0x001C7380 0x00185980 0x000005E6
RtlLookupFunctionEntry - 0x140159560 0x001C7388 0x00185988 0x000004FD
ole32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CoInitializeEx - 0x1401596F8 0x001C7520 0x00185B20 0x00000061
CoUninitialize - 0x140159700 0x001C7528 0x00185B28 0x00000091
CoCreateGuid - 0x140159708 0x001C7530 0x00185B30 0x0000002A
CoTaskMemAlloc - 0x140159710 0x001C7538 0x00185B38 0x0000008B
CoGetApartmentType - 0x140159718 0x001C7540 0x00185B40 0x0000003F
CoTaskMemFree - 0x140159720 0x001C7548 0x00185B48 0x0000008C
CoWaitForMultipleHandles - 0x140159728 0x001C7550 0x00185B50 0x00000098
api-ms-win-crt-math-l1-1-0.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ceil - 0x1401595C0 0x001C73E8 0x001859E8 0x0000007C
modf - 0x1401595C8 0x001C73F0 0x001859F0 0x000000ED
__setusermatherr - 0x1401595D0 0x001C73F8 0x001859F8 0x00000009
api-ms-win-crt-heap-l1-1-0.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_set_new_mode - 0x140159580 0x001C73A8 0x001859A8 0x00000016
free - 0x140159588 0x001C73B0 0x001859B0 0x00000018
_callnewh - 0x140159590 0x001C73B8 0x001859B8 0x00000008
calloc - 0x140159598 0x001C73C0 0x001859C0 0x00000017
malloc - 0x1401595A0 0x001C73C8 0x001859C8 0x00000019
api-ms-win-crt-string-l1-1-0.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
strcmp - 0x140159698 0x001C74C0 0x00185AC0 0x00000086
_stricmp - 0x1401596A0 0x001C74C8 0x00185AC8 0x0000002A
wcsncmp - 0x1401596A8 0x001C74D0 0x00185AD0 0x000000A6
strcpy_s - 0x1401596B0 0x001C74D8 0x00185AD8 0x00000089
api-ms-win-crt-convert-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
strtoull - 0x140159570 0x001C7398 0x00185998 0x00000065
api-ms-win-crt-runtime-l1-1-0.dll (19)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_crt_atexit - 0x1401595E0 0x001C7408 0x00185A08 0x0000001E
_register_onexit_function - 0x1401595E8 0x001C7410 0x00185A10 0x0000003C
_initialize_onexit_table - 0x1401595F0 0x001C7418 0x00185A18 0x00000034
abort - 0x1401595F8 0x001C7420 0x00185A20 0x00000054
terminate - 0x140159600 0x001C7428 0x00185A28 0x00000067
_register_thread_local_exe_atexit_callback - 0x140159608 0x001C7430 0x00185A30 0x0000003D
_c_exit - 0x140159610 0x001C7438 0x00185A38 0x00000015
_seh_filter_exe - 0x140159618 0x001C7440 0x00185A40 0x00000040
_set_app_type - 0x140159620 0x001C7448 0x00185A48 0x00000042
_configure_wide_argv - 0x140159628 0x001C7450 0x00185A50 0x00000019
_initialize_wide_environment - 0x140159630 0x001C7458 0x00185A58 0x00000035
_get_initial_wide_environment - 0x140159638 0x001C7460 0x00185A60 0x00000029
__p___wargv - 0x140159640 0x001C7468 0x00185A68 0x00000006
_initterm_e - 0x140159648 0x001C7470 0x00185A70 0x00000037
exit - 0x140159650 0x001C7478 0x00185A78 0x00000055
_exit - 0x140159658 0x001C7480 0x00185A80 0x00000023
_cexit - 0x140159660 0x001C7488 0x00185A88 0x00000016
__p___argc - 0x140159668 0x001C7490 0x00185A90 0x00000004
_initterm - 0x140159670 0x001C7498 0x00185A98 0x00000036
api-ms-win-crt-stdio-l1-1-0.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_set_fmode - 0x140159680 0x001C74A8 0x00185AA8 0x00000054
__p__commode - 0x140159688 0x001C74B0 0x00185AB0 0x00000001
api-ms-win-crt-locale-l1-1-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_configthreadlocale - 0x1401595B0 0x001C73D8 0x001859D8 0x00000008
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
ptrtostringautotaskrunsynchronouslypromise.exe 1 0x7FF630B50000 0x7FF630DB2FFF Relevant Image False 64-bit 0x7FF630B5B930 False
...
buffer 1 0x1D72BC00000 0x1D72BC00FFF Image In Buffer False 64-bit - False
...
ptrtostringautotaskrunsynchronouslypromise.exe 1 0x7FF630B50000 0x7FF630DB2FFF Process Termination False 64-bit - False
...
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\k6iijexr\json[1].json Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 974 Bytes
MD5 7dc730f953af177d9163ba2250d0b800 Copy to Clipboard
SHA1 87c847bbdc445c2771909f4ff74e29230518376a Copy to Clipboard
SHA256 73e95074f6f7359781b08812214110c16d78693a0f1b52321b30720554ec1321 Copy to Clipboard
SSDeep 24:q2ydRNuKyGX85DAK3KWPEg6m7S2VwlIf0:/yPN0GX85faKZhe2Ns Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image