Try VMRay Platform
Malicious
Classifications

Banking Trojan

Threat Names

Ursnif

Dynamic Analysis Report

Created on 2023-01-23T22:00:11+00:00

e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll

Windows DLL (x86-32)
...

Remarks (2/2)

(0x02000009): DLL files normally need to be submitted with an appropriate loader. Analysis result may be incomplete if an appropriate loader was not submitted.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "36 minutes, 40 seconds" to "2 minutes, 10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll Sample File Binary
Malicious
...
»
Also Known As C:\Users\KEECFM~1\Desktop\e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35.dll (Accessed File)
MIME Type application/vnd.microsoft.portable-executable
File Size 592.00 KB
MD5 85fa54c2a97ad3a1f8bd64af62450511 Copy to Clipboard
SHA1 db92c0a81e8b27d222607e093ccc9d00485db119 Copy to Clipboard
SHA256 e609894b274a6c42e971e8082af8fd167ade4aef5d1a3816d5acea04839f0b35 Copy to Clipboard
SSDeep 12288:cysmuJC4fktsdyjJGL44Clz8JwsWydYo9NRl:cT7IoyjXTKdlnz Copy to Clipboard
ImpHash 78b4b07ec49eab1076c53a1a1cf86078 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x00401023
Size Of Code 0x00013000
Size Of Initialized Data 0x00082000
Size Of Uninitialized Data 0x00000200
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-01-22 14:08 (UTC+1)
Packer Microsoft Visual C++ V8.0 (Debug)
Version Information (9)
»
CompanyName BellSoft
FileDescription OpenJDK Platform binary
FileVersion 0.0.9080.0
Full Version 0.0.9_080-b01
InternalName uild_era_epmh
LegalCopyright Copyright © 2022
OriginalFilename uild_era_epmh.dll
ProductName UildSER Sepmhwut 8
ProductVersion 0.0.9080.0
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00401000 0x00012FF0 0x00013000 0x00001000 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.94
.rdata 0x00414000 0x000764F7 0x00077000 0x00014000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 7.24
.data 0x0048B000 0x00006D77 0x00005000 0x0008B000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 4.67
.idata 0x00492000 0x000005DA 0x00001000 0x00090000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 1.08
.rsrc 0x00493000 0x00000643 0x00001000 0x00091000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 0.94
.reloc 0x00494000 0x000017E9 0x00002000 0x00092000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 3.94
Imports (7)
»
KERNEL32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WaitForSingleObjectEx - 0x0049223C 0x000920D0 0x000900D0 0x000004FA
GetBinaryTypeW - 0x00492240 0x000920D4 0x000900D4 0x00000171
GetModuleFileNameW - 0x00492244 0x000920D8 0x000900D8 0x00000214
CloseHandle - 0x00492248 0x000920DC 0x000900DC 0x00000052
GetCurrentThreadId - 0x0049224C 0x000920E0 0x000900E0 0x000001C5
OLEAUT32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetRecordInfoFromGuids 0x00000142 0x00492280 0x00092114 0x00090114 -
POWRPROF.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ReadPwrScheme - 0x004922B0 0x00092144 0x00090144 0x00000055
USER32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
UpdateWindow - 0x00492310 0x000921A4 0x000901A4 0x00000311
SystemParametersInfoW - 0x00492314 0x000921A8 0x000901A8 0x000002EC
ChangeDisplaySettingsW - 0x00492318 0x000921AC 0x000901AC 0x00000026
SETUPAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetupPromptForDiskW - 0x004922E0 0x00092174 0x00090174 0x00000211
GDI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetMapperFlags - 0x0049220C 0x000920A0 0x000900A0 0x00000295
msvcrt.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
memset - 0x00492348 0x000921DC 0x000901DC 0x000004EE
c:\lsarpc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\srvsvc Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 Downloaded File HTML
Clean
Known to be clean.
...
»
MIME Type text/html
File Size 548 Bytes
MD5 370e16c3b7dba286cff055f93b9a94d8 Copy to Clipboard
SHA1 65f3537c3c798f7da146c55aef536f7b5d0cb943 Copy to Clipboard
SHA256 d465172175d35d493fb1633e237700022bd849fa123164790b168b8318acb090 Copy to Clipboard
SSDeep 12:TjeRHVIdtklI5r8INGlTF5TF5TF5TF5TF5TFK:neRH68DTPTPTPTPTPTc Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image