Try VMRay Platform
Malicious
Classifications

Injector Spyware

Threat Names

RedLine.E Mal/Generic-S

Dynamic Analysis Report

Created on 2024-06-06T22:28:59+00:00

AMD89270195629.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "5 minutes, 10 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\AMD89270195629.exe Sample File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 531.50 KB
MD5 3d8d0b6499504343f6953587c60d31a1 Copy to Clipboard
SHA1 1549a25522a89233948a3401ee73643e209ced1b Copy to Clipboard
SHA256 f9547f1d7dea3927c4ddeaced997544c7bfc28b458fc188a717b10682f681040 Copy to Clipboard
SSDeep 12288:UgplY5LqIDuuH719kcHZJh18HL3q7brnceBtfGZbBykQFNgrW2q8kbAmz/d6Hb3g:UgplY5LqIdHnx Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x00400000
Entry Point 0x0048C00A
Size Of Code 0x00048600
Size Of Initialized Data 0x0003C400
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-06-06 10:05 (UTC)
Version Information (11)
»
Comments We made cars for new innovation.
CompanyName Tesla Corporation Technologies
FileDescription Tesla Corporation
FileVersion 5.3.3.1
InternalName AMD89270195629.exe
LegalCopyright Copyright © 2024
LegalTrademarks Tesla Corporation Trademark
OriginalFilename AMD89270195629.exe
ProductName Tesla Corporation Solutions
ProductVersion 5.3.3.1
Assembly Version 5.3.3.1
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
|I&7 0x00402000 0x0003B990 0x0003BA00 0x00000400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 8.0
.text 0x0043E000 0x00048230 0x00048400 0x0003BE00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 4.78
.rsrc 0x00488000 0x000006A8 0x00000800 0x00084200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.7
.reloc 0x0048A000 0x0000000C 0x00000200 0x00084A00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
0x0048C000 0x00000010 0x00000200 0x00084C00 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 0.14
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x0048C000 0x0003E774 0x0003C574 0x00000000
Memory Dumps (5)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
amd89270195629.exe 1 0x00180000 0x0020DFFF Relevant Image False 32-bit - False
...
buffer 1 0x00780000 0x00780FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
kernel32.dll 1 0x76B60000 0x76C3FFFF First Execution False 32-bit 0x76B71BA0 False
...
ntdll.dll 1 0x77840000 0x779BAFFF First Execution False 32-bit 0x778B6E10 False
...
amd89270195629.exe 1 0x00180000 0x0020DFFF Process Termination False 32-bit - False
...
C:\Users\RDhJ0CNFevzX\AppData\Roaming\d3d9.dll Dropped File Binary
Malicious
...
»
MIME Type application/vnd.microsoft.portable-executable
File Size 235.00 KB
MD5 2f25b3e3f4648f18c7ded72dc3609763 Copy to Clipboard
SHA1 a17b864b80cc31d8fbd67f69850599105c896a6e Copy to Clipboard
SHA256 a4d74fff85db049e69c37bd84963294c72bbb56a22237f4361d3300b2f6c8659 Copy to Clipboard
SSDeep 6144:A4ad2QNAN+9CJCFDkWYMkYyNcAahuXFJ:lad2QI+kJChDFhuXb Copy to Clipboard
ImpHash e1197fe54e8372084a3ab5ca8ffe789f Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
PE Information
»
Image Base 0x10000000
Entry Point 0x1000C24E
Size Of Code 0x00016E00
Size Of Initialized Data 0x00024400
File Type IMAGE_FILE_DLL
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2024-06-06 10:05 (UTC)
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x00016CB3 0x00016E00 0x00000400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.65
.rdata 0x10018000 0x00006416 0x00006600 0x00017200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.02
.data 0x1001F000 0x0001C95C 0x0001C000 0x0001D800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 6.03
.reloc 0x1003C000 0x000013A8 0x00001400 0x00039800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.6
Imports (2)
»
USER32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShowWindow - 0x10018148 0x0001DDFC 0x0001CFFC 0x000002B8
KERNEL32.dll (81)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RaiseException - 0x10018000 0x0001DCB4 0x0001CEB4 0x00000483
WriteConsoleW - 0x10018004 0x0001DCB8 0x0001CEB8 0x00000639
GetCurrentProcess - 0x10018008 0x0001DCBC 0x0001CEBC 0x0000022C
GetModuleHandleA - 0x1001800C 0x0001DCC0 0x0001CEC0 0x0000028C
K32GetModuleInformation - 0x10018010 0x0001DCC4 0x0001CEC4 0x000003C4
GetModuleFileNameA - 0x10018014 0x0001DCC8 0x0001CEC8 0x0000028A
CreateFileA - 0x10018018 0x0001DCCC 0x0001CECC 0x000000D2
CreateFileMappingA - 0x1001801C 0x0001DCD0 0x0001CED0 0x000000D3
CloseHandle - 0x10018020 0x0001DCD4 0x0001CED4 0x00000094
MapViewOfFile - 0x10018024 0x0001DCD8 0x0001CED8 0x000003FE
VirtualProtect - 0x10018028 0x0001DCDC 0x0001CEDC 0x000005F4
GetModuleHandleW - 0x1001802C 0x0001DCE0 0x0001CEE0 0x0000028F
GetProcAddress - 0x10018030 0x0001DCE4 0x0001CEE4 0x000002C6
GetConsoleWindow - 0x10018034 0x0001DCE8 0x0001CEE8 0x0000021B
CreateProcessW - 0x10018038 0x0001DCEC 0x0001CEEC 0x000000F6
VirtualAlloc - 0x1001803C 0x0001DCF0 0x0001CEF0 0x000005EE
GetThreadContext - 0x10018040 0x0001DCF4 0x0001CEF4 0x00000313
VirtualAllocEx - 0x10018044 0x0001DCF8 0x0001CEF8 0x000005EF
WriteProcessMemory - 0x10018048 0x0001DCFC 0x0001CEFC 0x00000643
ReadProcessMemory - 0x1001804C 0x0001DD00 0x0001CF00 0x00000497
SetThreadContext - 0x10018050 0x0001DD04 0x0001CF04 0x0000057A
ResumeThread - 0x10018054 0x0001DD08 0x0001CF08 0x000004EF
UnhandledExceptionFilter - 0x10018058 0x0001DD0C 0x0001CF0C 0x000005D5
SetUnhandledExceptionFilter - 0x1001805C 0x0001DD10 0x0001CF10 0x00000594
TerminateProcess - 0x10018060 0x0001DD14 0x0001CF14 0x000005B4
IsProcessorFeaturePresent - 0x10018064 0x0001DD18 0x0001CF18 0x000003A5
QueryPerformanceCounter - 0x10018068 0x0001DD1C 0x0001CF1C 0x0000046D
GetCurrentProcessId - 0x1001806C 0x0001DD20 0x0001CF20 0x0000022D
GetCurrentThreadId - 0x10018070 0x0001DD24 0x0001CF24 0x00000231
GetSystemTimeAsFileTime - 0x10018074 0x0001DD28 0x0001CF28 0x00000303
InitializeSListHead - 0x10018078 0x0001DD2C 0x0001CF2C 0x00000381
IsDebuggerPresent - 0x1001807C 0x0001DD30 0x0001CF30 0x0000039D
GetStartupInfoW - 0x10018080 0x0001DD34 0x0001CF34 0x000002EA
CreateFileW - 0x10018084 0x0001DD38 0x0001CF38 0x000000DA
InterlockedFlushSList - 0x10018088 0x0001DD3C 0x0001CF3C 0x0000038A
RtlUnwind - 0x1001808C 0x0001DD40 0x0001CF40 0x000004F5
GetLastError - 0x10018090 0x0001DD44 0x0001CF44 0x00000277
SetLastError - 0x10018094 0x0001DD48 0x0001CF48 0x00000555
EnterCriticalSection - 0x10018098 0x0001DD4C 0x0001CF4C 0x00000145
LeaveCriticalSection - 0x1001809C 0x0001DD50 0x0001CF50 0x000003DD
DeleteCriticalSection - 0x100180A0 0x0001DD54 0x0001CF54 0x00000122
InitializeCriticalSectionAndSpinCount - 0x100180A4 0x0001DD58 0x0001CF58 0x0000037D
TlsAlloc - 0x100180A8 0x0001DD5C 0x0001CF5C 0x000005C6
TlsGetValue - 0x100180AC 0x0001DD60 0x0001CF60 0x000005C8
TlsSetValue - 0x100180B0 0x0001DD64 0x0001CF64 0x000005C9
TlsFree - 0x100180B4 0x0001DD68 0x0001CF68 0x000005C7
FreeLibrary - 0x100180B8 0x0001DD6C 0x0001CF6C 0x000001BF
LoadLibraryExW - 0x100180BC 0x0001DD70 0x0001CF70 0x000003E3
EncodePointer - 0x100180C0 0x0001DD74 0x0001CF74 0x00000141
DecodePointer - 0x100180C4 0x0001DD78 0x0001CF78 0x0000011B
ExitProcess - 0x100180C8 0x0001DD7C 0x0001CF7C 0x00000172
GetModuleHandleExW - 0x100180CC 0x0001DD80 0x0001CF80 0x0000028E
GetModuleFileNameW - 0x100180D0 0x0001DD84 0x0001CF84 0x0000028B
HeapAlloc - 0x100180D4 0x0001DD88 0x0001CF88 0x00000363
HeapFree - 0x100180D8 0x0001DD8C 0x0001CF8C 0x00000367
FindClose - 0x100180DC 0x0001DD90 0x0001CF90 0x00000189
FindFirstFileExW - 0x100180E0 0x0001DD94 0x0001CF94 0x0000018F
FindNextFileW - 0x100180E4 0x0001DD98 0x0001CF98 0x000001A0
IsValidCodePage - 0x100180E8 0x0001DD9C 0x0001CF9C 0x000003AB
GetACP - 0x100180EC 0x0001DDA0 0x0001CFA0 0x000001C6
GetOEMCP - 0x100180F0 0x0001DDA4 0x0001CFA4 0x000002AF
GetCPInfo - 0x100180F4 0x0001DDA8 0x0001CFA8 0x000001D5
GetCommandLineA - 0x100180F8 0x0001DDAC 0x0001CFAC 0x000001EA
GetCommandLineW - 0x100180FC 0x0001DDB0 0x0001CFB0 0x000001EB
MultiByteToWideChar - 0x10018100 0x0001DDB4 0x0001CFB4 0x0000040F
WideCharToMultiByte - 0x10018104 0x0001DDB8 0x0001CFB8 0x00000626
GetEnvironmentStringsW - 0x10018108 0x0001DDBC 0x0001CFBC 0x0000024C
FreeEnvironmentStringsW - 0x1001810C 0x0001DDC0 0x0001CFC0 0x000001BE
LCMapStringW - 0x10018110 0x0001DDC4 0x0001CFC4 0x000003D1
GetProcessHeap - 0x10018114 0x0001DDC8 0x0001CFC8 0x000002CD
GetStdHandle - 0x10018118 0x0001DDCC 0x0001CFCC 0x000002EC
GetFileType - 0x1001811C 0x0001DDD0 0x0001CFD0 0x00000263
GetStringTypeW - 0x10018120 0x0001DDD4 0x0001CFD4 0x000002F1
HeapSize - 0x10018124 0x0001DDD8 0x0001CFD8 0x0000036C
HeapReAlloc - 0x10018128 0x0001DDDC 0x0001CFDC 0x0000036A
SetStdHandle - 0x1001812C 0x0001DDE0 0x0001CFE0 0x00000570
FlushFileBuffers - 0x10018130 0x0001DDE4 0x0001CFE4 0x000001B3
WriteFile - 0x10018134 0x0001DDE8 0x0001CFE8 0x0000063A
GetConsoleOutputCP - 0x10018138 0x0001DDEC 0x0001CFEC 0x00000214
GetConsoleMode - 0x1001813C 0x0001DDF0 0x0001CFF0 0x00000210
SetFilePointerEx - 0x10018140 0x0001DDF4 0x0001CFF4 0x00000545
Exports (1)
»
API Name EAT Address Ordinal
HonorInc 0x00002EB0 0x00000001
110976bbbb95a474a5562bff39dc00ef2fbdeb453cd44682b8e5e660ffaa47cd Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 12.00 KB
MD5 7b34e7f0d146c04a637fa5cffe807263 Copy to Clipboard
SHA1 9aa9d56f93c4a6c7a4553d36b08bbf0b11592659 Copy to Clipboard
SHA256 110976bbbb95a474a5562bff39dc00ef2fbdeb453cd44682b8e5e660ffaa47cd Copy to Clipboard
SSDeep 192:HoVRpVi21ORpVi2PScEidFSqugxu6Rnigni6U3qV0OKPGBRpVi27ad1WOv:HIRW24RW2PSAtVHPOqVbe8RW27Uv Copy to Clipboard
ImpHash -
Extracted URLs (12)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://telegram.org/img/apple-touch-icon.png
Show WHOIS
Not Available
-
...
http://telegram.org/dl?tme=04e47454cc45897090_815686055855444179
Show WHOIS
Not Available
-
...
http://telegram.org/img/favicon-32x32.png
Show WHOIS
Not Available
-
...
http://telegram.org/img/website_icon.svg?4
Show WHOIS
Not Available
-
...
http://telegram.org/img/favicon-16x16.png
Show WHOIS
Not Available
-
...
http://telegram.org/css/font-roboto.css?1
Show WHOIS
Not Available
-
...
https://web.telegram.org
Show WHOIS
Not Available
-
...
http://telegram.org/css/telegram.css?237
Show WHOIS
Not Available
-
...
http://telegram.org/css/bootstrap.min.css?3
Show WHOIS
Not Available
-
...
http://telegram.org/js/tgwallpaper.min.js?3
Show WHOIS
Not Available
-
...
http://telegram.org/img/favicon.ico
Show WHOIS
Not Available
-
...
http://telegram.org
Show WHOIS
Not Available
-
...
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image