Try VMRay Platform
Malicious
Classifications

Injector Downloader

Threat Names

C2/Generic-A SmokeLoader

Dynamic Analysis Report

Created on 2023-12-18T00:26:09+00:00

0f5806e0887c0d85e43e46fa9aaecda2.exe

Windows Exe (x86-32)
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\0f5806e0887c0d85e43e46fa9aaecda2.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 2.27 MB
MD5 0f5806e0887c0d85e43e46fa9aaecda2 Copy to Clipboard
SHA1 c6ba6e91d40aa1507775077f9662ecb25c9f0943 Copy to Clipboard
SHA256 dcd883af6eb91aa30a58838db875b23a981a14636c7c9cc3bcaba600ff8e034e Copy to Clipboard
SSDeep 49152:fUvSnJLx54y5aPWqnkOsbcpkQ1NOwMdwrHQ2mujs3wwpe0ORhxttB+:USnJLx54yI34bc2wEKnmUwpHORhdB+ Copy to Clipboard
ImpHash 646167cce332c1c252cdcb1839e0cf48 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x00406A60
Size Of Code 0x00006400
Size Of Initialized Data 0x0023F400
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2022-05-24 22:49 (UTC)
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription Win32 Cabinet Self-Extractor
FileVersion 11.00.17763.1 (WinBuild.160101.0800)
InternalName Wextract
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename WEXTRACT.EXE .MUI
ProductName Internet Explorer
ProductVersion 11.00.17763.1
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00006314 0x00006400 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.31
.data 0x00408000 0x00001A48 0x00000200 0x00006800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.97
.idata 0x0040A000 0x00001052 0x00001200 0x00006A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.03
.rsrc 0x0040C000 0x0023E000 0x0023D600 0x00007C00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.99
.reloc 0x0064A000 0x00000888 0x00000A00 0x00245200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.22
Imports (8)
»
ADVAPI32.dll (14)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetTokenInformation - 0x0040A000 0x0000A340 0x00006D40 0x00000170
RegDeleteValueA - 0x0040A004 0x0000A344 0x00006D44 0x00000272
RegOpenKeyExA - 0x0040A008 0x0000A348 0x00006D48 0x0000028B
RegQueryInfoKeyA - 0x0040A00C 0x0000A34C 0x00006D4C 0x00000292
FreeSid - 0x0040A010 0x0000A350 0x00006D50 0x00000134
OpenProcessToken - 0x0040A014 0x0000A354 0x00006D54 0x00000215
RegSetValueExA - 0x0040A018 0x0000A358 0x00006D58 0x000002A8
RegCreateKeyExA - 0x0040A01C 0x0000A35C 0x00006D5C 0x00000263
LookupPrivilegeValueA - 0x0040A020 0x0000A360 0x00006D60 0x000001AE
AllocateAndInitializeSid - 0x0040A024 0x0000A364 0x00006D64 0x00000020
RegQueryValueExA - 0x0040A028 0x0000A368 0x00006D68 0x00000298
EqualSid - 0x0040A02C 0x0000A36C 0x00006D6C 0x0000011A
RegCloseKey - 0x0040A030 0x0000A370 0x00006D70 0x0000025B
AdjustTokenPrivileges - 0x0040A034 0x0000A374 0x00006D74 0x0000001F
KERNEL32.dll (81)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_lopen - 0x0040A060 0x0000A3A0 0x00006DA0 0x00000628
_llseek - 0x0040A064 0x0000A3A4 0x00006DA4 0x00000627
CompareStringA - 0x0040A068 0x0000A3A8 0x00006DA8 0x00000098
GetLastError - 0x0040A06C 0x0000A3AC 0x00006DAC 0x00000261
GetFileAttributesA - 0x0040A070 0x0000A3B0 0x00006DB0 0x00000240
GetSystemDirectoryA - 0x0040A074 0x0000A3B4 0x00006DB4 0x000002DF
LoadLibraryA - 0x0040A078 0x0000A3B8 0x00006DB8 0x000003C1
DeleteFileA - 0x0040A07C 0x0000A3BC 0x00006DBC 0x00000112
GlobalAlloc - 0x0040A080 0x0000A3C0 0x00006DC0 0x0000032D
GlobalFree - 0x0040A084 0x0000A3C4 0x00006DC4 0x00000334
CloseHandle - 0x0040A088 0x0000A3C8 0x00006DC8 0x00000086
WritePrivateProfileStringA - 0x0040A08C 0x0000A3CC 0x00006DCC 0x00000617
IsDBCSLeadByte - 0x0040A090 0x0000A3D0 0x00006DD0 0x0000037D
GetWindowsDirectoryA - 0x0040A094 0x0000A3D4 0x00006DD4 0x00000325
SetFileAttributesA - 0x0040A098 0x0000A3D8 0x00006DD8 0x0000051A
GetProcAddress - 0x0040A09C 0x0000A3DC 0x00006DDC 0x000002AE
GlobalLock - 0x0040A0A0 0x0000A3E0 0x00006DE0 0x00000338
LocalFree - 0x0040A0A4 0x0000A3E4 0x00006DE4 0x000003CF
RemoveDirectoryA - 0x0040A0A8 0x0000A3E8 0x00006DE8 0x000004B6
FreeLibrary - 0x0040A0AC 0x0000A3EC 0x00006DEC 0x000001AB
_lclose - 0x0040A0B0 0x0000A3F0 0x00006DF0 0x00000625
CreateDirectoryA - 0x0040A0B4 0x0000A3F4 0x00006DF4 0x000000B5
GetPrivateProfileIntA - 0x0040A0B8 0x0000A3F8 0x00006DF8 0x000002A4
GetPrivateProfileStringA - 0x0040A0BC 0x0000A3FC 0x00006DFC 0x000002AA
GlobalUnlock - 0x0040A0C0 0x0000A400 0x00006E00 0x0000033F
ReadFile - 0x0040A0C4 0x0000A404 0x00006E04 0x00000473
SizeofResource - 0x0040A0C8 0x0000A408 0x00006E08 0x0000057C
WriteFile - 0x0040A0CC 0x0000A40C 0x00006E0C 0x00000612
GetDriveTypeA - 0x0040A0D0 0x0000A410 0x00006E10 0x0000022E
lstrcmpA - 0x0040A0D4 0x0000A414 0x00006E14 0x0000062F
SetFileTime - 0x0040A0D8 0x0000A418 0x00006E18 0x00000526
SetFilePointer - 0x0040A0DC 0x0000A41C 0x00006E1C 0x00000522
FindResourceA - 0x0040A0E0 0x0000A420 0x00006E20 0x00000193
CreateMutexA - 0x0040A0E4 0x0000A424 0x00006E24 0x000000D7
GetVolumeInformationA - 0x0040A0E8 0x0000A428 0x00006E28 0x0000031C
ExpandEnvironmentStringsA - 0x0040A0EC 0x0000A42C 0x00006E2C 0x00000161
GetCurrentDirectoryA - 0x0040A0F0 0x0000A430 0x00006E30 0x00000210
FreeResource - 0x0040A0F4 0x0000A434 0x00006E34 0x000001AF
GetVersion - 0x0040A0F8 0x0000A438 0x00006E38 0x00000319
SetCurrentDirectoryA - 0x0040A0FC 0x0000A43C 0x00006E3C 0x00000508
GetTempPathA - 0x0040A100 0x0000A440 0x00006E40 0x000002F5
LocalFileTimeToFileTime - 0x0040A104 0x0000A444 0x00006E44 0x000003CC
CreateFileA - 0x0040A108 0x0000A448 0x00006E48 0x000000C3
SetEvent - 0x0040A10C 0x0000A44C 0x00006E4C 0x00000516
TerminateThread - 0x0040A110 0x0000A450 0x00006E50 0x0000058D
GetVersionExA - 0x0040A114 0x0000A454 0x00006E54 0x0000031A
LockResource - 0x0040A118 0x0000A458 0x00006E58 0x000003DB
GetSystemInfo - 0x0040A11C 0x0000A45C 0x00006E5C 0x000002E3
CreateThread - 0x0040A120 0x0000A460 0x00006E60 0x000000F3
ResetEvent - 0x0040A124 0x0000A464 0x00006E64 0x000004C6
LoadResource - 0x0040A128 0x0000A468 0x00006E68 0x000003C7
ExitProcess - 0x0040A12C 0x0000A46C 0x00006E6C 0x0000015E
GetModuleHandleW - 0x0040A130 0x0000A470 0x00006E70 0x00000278
CreateProcessA - 0x0040A134 0x0000A474 0x00006E74 0x000000E0
FormatMessageA - 0x0040A138 0x0000A478 0x00006E78 0x000001A6
GetTempFileNameA - 0x0040A13C 0x0000A47C 0x00006E7C 0x000002F3
DosDateTimeToFileTime - 0x0040A140 0x0000A480 0x00006E80 0x00000126
CreateEventA - 0x0040A144 0x0000A484 0x00006E84 0x000000BC
GetExitCodeProcess - 0x0040A148 0x0000A488 0x00006E88 0x0000023C
FindNextFileA - 0x0040A14C 0x0000A48C 0x00006E8C 0x0000018A
LocalAlloc - 0x0040A150 0x0000A490 0x00006E90 0x000003CA
GetShortPathNameA - 0x0040A154 0x0000A494 0x00006E94 0x000002CC
MulDiv - 0x0040A158 0x0000A498 0x00006E98 0x000003EE
GetDiskFreeSpaceA - 0x0040A15C 0x0000A49C 0x00006E9C 0x00000226
EnumResourceLanguagesA - 0x0040A160 0x0000A4A0 0x00006EA0 0x0000013F
GetTickCount - 0x0040A164 0x0000A4A4 0x00006EA4 0x00000307
GetSystemTimeAsFileTime - 0x0040A168 0x0000A4A8 0x00006EA8 0x000002E9
GetCurrentThreadId - 0x0040A16C 0x0000A4AC 0x00006EAC 0x0000021C
GetCurrentProcessId - 0x0040A170 0x0000A4B0 0x00006EB0 0x00000218
QueryPerformanceCounter - 0x0040A174 0x0000A4B4 0x00006EB4 0x0000044D
TerminateProcess - 0x0040A178 0x0000A4B8 0x00006EB8 0x0000058C
SetUnhandledExceptionFilter - 0x0040A17C 0x0000A4BC 0x00006EBC 0x0000056D
UnhandledExceptionFilter - 0x0040A180 0x0000A4C0 0x00006EC0 0x000005AD
GetStartupInfoW - 0x0040A184 0x0000A4C4 0x00006EC4 0x000002D0
Sleep - 0x0040A188 0x0000A4C8 0x00006EC8 0x0000057D
FindClose - 0x0040A18C 0x0000A4CC 0x00006ECC 0x00000175
GetCurrentProcess - 0x0040A190 0x0000A4D0 0x00006ED0 0x00000217
FindFirstFileA - 0x0040A194 0x0000A4D4 0x00006ED4 0x00000179
WaitForSingleObject - 0x0040A198 0x0000A4D8 0x00006ED8 0x000005D7
GetModuleFileNameA - 0x0040A19C 0x0000A4DC 0x00006EDC 0x00000273
LoadLibraryExA - 0x0040A1A0 0x0000A4E0 0x00006EE0 0x000003C2
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetDeviceCaps - 0x0040A058 0x0000A398 0x00006D98 0x00000275
USER32.dll (30)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetWindowLongA - 0x0040A1A8 0x0000A4E8 0x00006EE8 0x00000373
GetDlgItemTextA - 0x0040A1AC 0x0000A4EC 0x00006EEC 0x0000014B
DialogBoxIndirectParamA - 0x0040A1B0 0x0000A4F0 0x00006EF0 0x000000B5
ShowWindow - 0x0040A1B4 0x0000A4F4 0x00006EF4 0x00000387
MsgWaitForMultipleObjects - 0x0040A1B8 0x0000A4F8 0x00006EF8 0x00000297
SetWindowPos - 0x0040A1BC 0x0000A4FC 0x00006EFC 0x00000376
GetDC - 0x0040A1C0 0x0000A500 0x00006F00 0x0000013F
GetWindowRect - 0x0040A1C4 0x0000A504 0x00006F04 0x000001E6
DispatchMessageA - 0x0040A1C8 0x0000A508 0x00006F08 0x000000BB
GetDesktopWindow - 0x0040A1CC 0x0000A50C 0x00006F0C 0x00000142
CharUpperA - 0x0040A1D0 0x0000A510 0x00006F10 0x0000003B
SetDlgItemTextA - 0x0040A1D4 0x0000A514 0x00006F14 0x00000332
ExitWindowsEx - 0x0040A1D8 0x0000A518 0x00006F18 0x0000010E
MessageBeep - 0x0040A1DC 0x0000A51C 0x00006F1C 0x00000288
EndDialog - 0x0040A1E0 0x0000A520 0x00006F20 0x000000F1
CharPrevA - 0x0040A1E4 0x0000A524 0x00006F24 0x00000034
LoadStringA - 0x0040A1E8 0x0000A528 0x00006F28 0x0000025B
CharNextA - 0x0040A1EC 0x0000A52C 0x00006F2C 0x00000031
EnableWindow - 0x0040A1F0 0x0000A530 0x00006F30 0x000000EE
ReleaseDC - 0x0040A1F4 0x0000A534 0x00006F34 0x000002FE
SetForegroundWindow - 0x0040A1F8 0x0000A538 0x00006F38 0x00000337
PeekMessageA - 0x0040A1FC 0x0000A53C 0x00006F3C 0x000002AE
GetDlgItem - 0x0040A200 0x0000A540 0x00006F40 0x00000149
SendMessageA - 0x0040A204 0x0000A544 0x00006F44 0x00000314
SendDlgItemMessageA - 0x0040A208 0x0000A548 0x00006F48 0x0000030F
MessageBoxA - 0x0040A20C 0x0000A54C 0x00006F4C 0x00000289
SetWindowTextA - 0x0040A210 0x0000A550 0x00006F50 0x0000037A
GetWindowLongA - 0x0040A214 0x0000A554 0x00006F54 0x000001DE
CallWindowProcA - 0x0040A218 0x0000A558 0x00006F58 0x0000001F
GetSystemMetrics - 0x0040A21C 0x0000A55C 0x00006F5C 0x000001BF
msvcrt.dll (20)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_controlfp - 0x0040A234 0x0000A574 0x00006F74 0x00000137
?terminate@@YAXXZ - 0x0040A238 0x0000A578 0x00006F78 0x00000035
_acmdln - 0x0040A23C 0x0000A57C 0x00006F7C 0x000000F7
_initterm - 0x0040A240 0x0000A580 0x00006F80 0x000001E8
__setusermatherr - 0x0040A244 0x0000A584 0x00006F84 0x000000E4
_except_handler4_common - 0x0040A248 0x0000A588 0x00006F88 0x0000016A
memcpy - 0x0040A24C 0x0000A58C 0x00006F8C 0x00000509
_ismbblead - 0x0040A250 0x0000A590 0x00006F90 0x00000207
__p__fmode - 0x0040A254 0x0000A594 0x00006F94 0x000000CE
_cexit - 0x0040A258 0x0000A598 0x00006F98 0x00000124
_exit - 0x0040A25C 0x0000A59C 0x00006F9C 0x00000173
exit - 0x0040A260 0x0000A5A0 0x00006FA0 0x000004AE
__set_app_type - 0x0040A264 0x0000A5A4 0x00006FA4 0x000000E2
__getmainargs - 0x0040A268 0x0000A5A8 0x00006FA8 0x000000A1
_amsg_exit - 0x0040A26C 0x0000A5AC 0x00006FAC 0x00000111
__p__commode - 0x0040A270 0x0000A5B0 0x00006FB0 0x000000C9
_XcptFilter - 0x0040A274 0x0000A5B4 0x00006FB4 0x0000006F
memcpy_s - 0x0040A278 0x0000A5B8 0x00006FB8 0x0000050A
_vsnprintf - 0x0040A27C 0x0000A5BC 0x00006FBC 0x000003E6
memset - 0x0040A280 0x0000A5C0 0x00006FC0 0x0000050D
COMCTL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000011 0x0040A03C 0x0000A37C 0x00006D7C -
Cabinet.dll (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
None 0x00000016 0x0040A044 0x0000A384 0x00006D84 -
None 0x00000017 0x0040A048 0x0000A388 0x00006D88 -
None 0x00000015 0x0040A04C 0x0000A38C 0x00006D8C -
None 0x00000014 0x0040A050 0x0000A390 0x00006D90 -
VERSION.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetFileVersionInfoA - 0x0040A224 0x0000A564 0x00006F64 0x00000000
VerQueryValueA - 0x0040A228 0x0000A568 0x00006F68 0x0000000F
GetFileVersionInfoSizeA - 0x0040A22C 0x0000A56C 0x00006F6C 0x00000004
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
0f5806e0887c0d85e43e46fa9aaecda2.exe 1 0x001F0000 0x0043AFFF Relevant Image False 32-bit 0x001F2BFB False
...
0f5806e0887c0d85e43e46fa9aaecda2.exe 1 0x001F0000 0x0043AFFF Process Termination False 32-bit - False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\IXP000.TMP\5IH0Dp8.exe Dropped File Binary
Malicious
...
»
Also Known As 5IH0Dp8.exe (Archive File, Miscellaneous File)
Parent File e4650d5c5529391f0648eb3e4c4db6342d6eff957ef49dcb1e17f6e3d3f42cde
MIME Type application/vnd.microsoft.portable-executable
File Size 36.61 KB
MD5 b333502d7915bbd0911087435549fd31 Copy to Clipboard
SHA1 b450eb89d7ea250547333228e6820a52f22babb2 Copy to Clipboard
SHA256 df09728a6383db0b8bb9f28a04ccd0c358e3f525c1d340c94d481fe8c97b4adb Copy to Clipboard
SSDeep 768:3E45SLnQpEhOB/hAGflc5xOXhr7gvexzv36:3E4EqEhOPNfqStgvexzv3 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x004031A2
Size Of Code 0x00009000
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-12-14 15:00 (UTC)
Sections (1)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00008FFE 0x00009000 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 7.07
Memory Dumps (6)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
5ih0dp8.exe 3 0x00400000 0x00409FFF First Execution False 32-bit 0x004031A2 False
...
5ih0dp8.exe 3 0x00400000 0x00409FFF Content Changed False 32-bit 0x004015C1 False
...
5ih0dp8.exe 3 0x00400000 0x00409FFF Content Changed False 32-bit 0x00402F08 False
...
buffer 3 0x001E0000 0x001E5FFF Process Termination False 32-bit - False
...
5ih0dp8.exe 3 0x00400000 0x00409FFF Process Termination False 32-bit - False
...
buffer 3 0x00510000 0x00525FFF Image In Buffer False 32-bit - False
...
e4650d5c5529391f0648eb3e4c4db6342d6eff957ef49dcb1e17f6e3d3f42cde Extracted File CAB
Malicious
Raised based on a child artifact.
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\0f5806e0887c0d85e43e46fa9aaecda2.exe
MIME Type application/vnd.ms-cab-compressed
File Size 2.13 MB
MD5 39ca538182a06dd430d3cde896ca8356 Copy to Clipboard
SHA1 e932e68d0aa7e04ffec37e66a067270760ece947 Copy to Clipboard
SHA256 e4650d5c5529391f0648eb3e4c4db6342d6eff957ef49dcb1e17f6e3d3f42cde Copy to Clipboard
SSDeep 49152:VvSnJLx54y5aPWqnkOsbcpkQ1NOwMdwrHQ2mujs3wwpe0ORhxttB+F:hSnJLx54yI34bc2wEKnmUwpHORhdB+F Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 2
Number of Folders 0
Size of Packed Archive Contents 3.24 MB
Size of Unpacked Archive Contents 3.24 MB
File Format cab
Contents (2)
»
File Name Packed Size Unpacked Size Compression Is Encrypted Modify Time Verdict Recursively Submitted Actions
5IH0Dp8.exe 36.61 KB 36.61 KB LZX:21 False 2023-12-15 09:17 (UTC)
Malicious
-
...
2dT5311.exe 3.21 MB 3.21 MB LZX:21 False 2023-12-15 09:17 (UTC)
Suspicious
-
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\IXP000.TMP\2dT5311.exe Dropped File Binary
Suspicious
...
»
Also Known As 2dT5311.exe (Archive File, Miscellaneous File)
Parent File e4650d5c5529391f0648eb3e4c4db6342d6eff957ef49dcb1e17f6e3d3f42cde
MIME Type application/vnd.microsoft.portable-executable
File Size 3.21 MB
MD5 89da591d5435a3963b0eb65835c32b30 Copy to Clipboard
SHA1 b3a868a2368104aabee2e5584ae8bc93d0cfa2f3 Copy to Clipboard
SHA256 e323b5052539a7aae8f60696811c3d6a80f6acc23071b3bbc032fa5f4616c3d3 Copy to Clipboard
SSDeep 49152:k0Xbib+3rsEz6807hQCkTTMo4/HtrmqWrLnbpQUbRLxXab:kubOL8eIThKlmfbppbRLYb Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00737B1A
Size Of Code 0x00335C00
Size Of Initialized Data 0x00000800
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-12-15 04:02 (UTC)
Version Information (11)
»
Comments -
CompanyName -
FileDescription opinions
FileVersion 1.0.0.0
InternalName opinionsW.exe
LegalCopyright Copyright © 2023
LegalTrademarks -
OriginalFilename opinionsW.exe
ProductName dete
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x00335B20 0x00335C00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.08
.rsrc 0x00738000 0x000005A4 0x00000600 0x00335E00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.05
.reloc 0x0073A000 0x0000000C 0x00000200 0x00336400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x00337AF0 0x00335CF0 0x00000000
Memory Dumps (6)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
2dt5311.exe 2 0x000D0000 0x0040BFFF Relevant Image False 32-bit - False
...
buffer 2 0x07A50000 0x07BFCFFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 2 0x0457E000 0x0457FFFF First Network Behavior False 32-bit - False
...
buffer 2 0x00519000 0x0051FFFF First Network Behavior False 32-bit - False
...
2dt5311.exe 2 0x000D0000 0x0040BFFF First Network Behavior False 32-bit - False
...
2dt5311.exe 2 0x000D0000 0x0040BFFF Process Termination False 32-bit - False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\IXP000.TMP\TMP4351$.TMP Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
f169eed8248d8f9efd20dd716790f2b3bb0547687546811b4137be21b5c63b71 Extracted File Image
Clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\0f5806e0887c0d85e43e46fa9aaecda2.exe
MIME Type image/png
File Size 54.45 KB
MD5 d58effc60f9809303be37c9da12ec938 Copy to Clipboard
SHA1 5f5d1459f715b6d7ac0c9f5e6c86112d02c611a8 Copy to Clipboard
SHA256 f169eed8248d8f9efd20dd716790f2b3bb0547687546811b4137be21b5c63b71 Copy to Clipboard
SSDeep 1536:gcK4zqhNCcVqUFdjtzty9jeal9G6Mb1tBab:gcKAArDZz4N9Ghbkb Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image