a5590a98...6130 | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Ransomware, Trojan

gfvrib.exe

Windows Exe (x86-32)

Created 6 years ago

...

VMRay Threat Identifiers (10 rules, 4097 matches)

SeverityCategoryOperationCountClassification
5/5
File SystemEncrypts content of user files1Ransomware
5/5
ReputationKnown malicious file1Trojan
3/5
File SystemPossibly drops ransom note files1Ransomware
2/5
Anti AnalysisResolves APIs dynamically to possibly evade static detection1-
1/5
ProcessCreates system object1-
1/5
File SystemModifies application directory6364-
1/5
File SystemCreates an unusually large number of files1-
1/5
NetworkChecks external IP address1-
1/5
NetworkConnects to HTTP server2-
1/5
StaticUnparsable sections in file1-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Software Packing
Credential Access
Discovery
System Network Configuration Discovery
Lateral Movement
Collection
Command and Control
Standard Application Layer Protocol
Exfiltration
Impact
Data Encrypted for Impact

Sample Information

ID#165801
MD5
0f3deda483df5e5f8043ea20297d243b
SHA1
70dac7f3934659e583f962e7c5bff51a4b97dd11
SHA256
a5590a987d125a8ca6629e33e3ff1f3eb7d5f41f62133025d3476e1a6e4c6130
SSDeep
3072:CEBqvIftQC2mCBBGVPZRgUluWH+0XmJazMgXjJOBN4Fl4NgIE4cQd2/RfDnropYB:FOKPVIWH+0XRgGl8acpjgQ2UV5e
ImpHash
296368c880fbf799c243544727d93dc8
Filenamegfvrib.exe
File Size246.00 kB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time:2019-09-02 23:09 (UTC+)
Analysis Duration:00:03:10
Number of Monitored Processes1
Execution SuccessfulTrue
Reputation EnabledTrue
WHOIS EnabledFalse
Local AV EnabledTrue
YARA EnabledTrue
Number of AV Matches0
Number of YARA Matches0
Termination ReasonMaximum binlog size reached
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image