Files

Filters:

File Name	Category	Type	Verdict	Actions

C:\Users\RDhJ0CNFevzX\Desktop\ClubHouse.exe

Sample File

Binary

MIME Type	application/vnd.microsoft.portable-executable
File Size	1.46 MB
MD5	0b30c8bd37d51f2818ccba788c52dab3
SHA1	37a107065aed53ee7f358ab93cedb1aa168d18b0
SHA256	acc6e87935368643d87179159fd49c31cb9ae2ad41472dc5f531612390fb6c6d
SSDeep	24576:X+9pDz+F22s53PLD7BVzCbagdfaAVvSB7qRKap7ATI6Whz25ug:X+9pDz+FsYxr7GIhIr
ImpHash	f34d5f2d4577ed6d9ceec516c1f5a744

AV Matches (1)

Threat Name	Verdict
Trojan.GenericKD.46036754	malicious

PE Information

Image Base	0x400000
Entry Point	0x519c8e
Size Of Code	0x117e00
Size Of Initialized Data	0x5b000
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2021-04-06 17:23:26+00:00

Version Information (11)

Comments	-
CompanyName	Oklahoma Tire & Supply Company
FileDescription	ApplicationFusion
FileVersion	1.7.9.11
InternalName	SoapDuration.exe
LegalCopyright	Oklahoma Tire & Supply Company © 2021
LegalTrademarks	-
OriginalFilename	SoapDuration.exe
ProductName	ApplicationFusion
ProductVersion	1.7.9.11
Assembly Version	1.7.8.11

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x402000	0x117c94	0x117e00	0x200	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	7.06
.rsrc	0x51a000	0x5ad6a	0x5ae00	0x118000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.73
.reloc	0x576000	0xc	0x200	0x172e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	0.1

Imports (1)

mscoree.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
_CorExeMain	-	0x402000	0x119c64	0x117e64	0x0

Digital Signature Information

Verification Status	Failed
Verification Error	The signature hash does not match the file contents

Certificate: Signal Messenger, LLC

Issued by	Signal Messenger, LLC
Parent Certificate	Entrust Extended Validation Code Signing CA - EVCS1
Country Name	US
Valid From	2020-08-04 20:36 (UTC+2)
Valid Until	2023-08-04 20:36 (UTC+2)
Algorithm	sha256_rsa
Serial Number	20 E5 A3 07 97 EF EB 90 99 4A 2C 99 E9 DB 46 68
Thumbprint	8C 9A 0B 5C 85 2E C7 03 D8 3E F7 BF BC EB 54 B7 96 07 37 59

Certificate: Entrust Extended Validation Code Signing CA - EVCS1

Issued by	Entrust Extended Validation Code Signing CA - EVCS1
Country Name	US
Valid From	2015-06-10 15:42 (UTC+2)
Valid Until	2030-11-10 15:12 (UTC+1)
Algorithm	sha256_rsa
Serial Number	87 82 52 60 00 00 00 00 51 D3 73 D9
Thumbprint	64 B8 F1 ED EF 40 D7 D2 86 02 B6 B9 17 1A FF 11 4E 12 A6 46

Memory Dumps (29)

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
clubhouse.exe	1	0x00400000	0x00577FFF	Relevant Image	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x05050178	0x0505017F	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050501A0	0x050501A7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050501C8	0x050501CF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050BDF5E	0x050BDF68	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050BDF52	0x050BDF5C	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x05050208	0x0505024F	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x05098670	0x05098673	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x05098694	0x0509869B	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x0509869C	0x0509869F	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986A0	0x050986A7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986A8	0x050986AB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986AC	0x050986AF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986B0	0x050986B3	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986B4	0x050986BB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986BC	0x050986BF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986C0	0x050986C7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986C8	0x050986CB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986CC	0x050986CF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986D0	0x050986D7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986D8	0x050986DB	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986DC	0x050986DF	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986E0	0x050986E7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x050986F0	0x050986F7	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x05098704	0x0509870B	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x05098714	0x0509871B	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x0509871C	0x0509871F	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	1	0x05098720	0x05098723	Marked Executable	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	2	0x00400000	0x00577FFF	Image In Buffer	32-bit	-	... Memory Dump Actions Go to Process Download Dump

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp8757.tmp

Dropped File

ZIP

Also Known As	C:\Users\RDhJ0CNFevzX\Documents\6RGBC4R6fkZNUuT.docx (Dropped File)
MIME Type	application/zip
File Size	90.65 KB
MD5	6cb18cd51f5a0d22b9f6107320903a26
SHA1	9b04e54135aa8be1fa94769431844b46bb8252bc
SHA256	15c62711c4666b1feef66d1419164818321783393941951af5ec074b0dc723ae
SSDeep	1536:2CzgADSrA6UeA4kK9vn2K6iigcmvNorr75gQzX1:d0A+E6Vv28iD0NonHzX1
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp8D62.tmp

Dropped File

ZIP

Also Known As	C:\Users\RDhJ0CNFevzX\Documents\8B2VTze5DiPdQSbD iBD.docx (Dropped File)
MIME Type	application/zip
File Size	8.94 KB
MD5	ca381c03469a1834d5658216d3bb3542
SHA1	1b96e6298b0f5d8f3f4da9ee1dc6ab877046413e
SHA256	47c7914ffdab60df26a32f42286cd51c8d9756e804aa4aaa0b4e33aa1f57c20a
SSDeep	192:y7HOdtsrjYcgC3qnZlz11JVylw6my0LZO2tQ0BXfUBzFt2zmw:ykcBa3z11JVemB0FcMxFt2zmw
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp8D73.tmp

Dropped File

Unknown

Also Known As	C:\Users\RDhJ0CNFevzX\Documents\CeTZXo-jUvUDd_D.doc (Dropped File)
MIME Type	application/CDFV2
File Size	56.45 KB
MD5	b6e6eb555c05547c5ec93b044cdeb3d5
SHA1	530bfa161c6512101588f16b1c6586d19b576708
SHA256	0b4b9d2fcb48182574a9c2692776abe941bb4cd3cff2cce621f561e02702572a
SSDeep	1536:d+bo/XvYkV+oYCsoMku2SjLxBjdUF6l9i:d+gYQjPdMV2SjLxBqFAi
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp8D84.tmp

Dropped File

ZIP

Also Known As	C:\Users\RDhJ0CNFevzX\Documents\dsu6cZV71Ci5rbF8L.docx (Dropped File)
MIME Type	application/zip
File Size	87.95 KB
MD5	c94a15797d0a855b62310af295e5206d
SHA1	b9a830c9afc1d62f20849800c50f39664fdb924f
SHA256	7457da4be96ace29a63aed71737d8f7bbfe4982230488dfecd3953435bd67e45
SSDeep	1536:+/C2C3zwC70xQEJaM29DLSRYUVrZAFRQW58liBtR5f2M62bkUbNu/OPyu22VZXl8:+qljwCrLSRYUVtAAWOliBUM6QzNkE2+I
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp8D94.tmp

Dropped File

ZIP

Also Known As	C:\Users\RDhJ0CNFevzX\Documents\nqcKw6_Tq5C.docx (Dropped File)
MIME Type	application/zip
File Size	46.81 KB
MD5	f576673bccd42bd86f6d4dce5ba762ab
SHA1	10baad1baabf87bc22e445c9b38510ee5ef3db76
SHA256	7f094228ede8204496f72b2fe11b2f0981ac0cf57b3f65ee9b471c82d570a5d4
SSDeep	768:0QVdkJYKNKzF9W4Gfsqd5laKWowEvzHPHZ86DF6S+Xp5lBDlCWsx5OGDKRXUr9Cu:jkjNKrFGfsNsPHZVDF61lBDsnzDKF+9T
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Local\Temp\tmp8DA5.tmp

Dropped File

ZIP

Also Known As	C:\Users\RDhJ0CNFevzX\Documents\VJkUMUrIlrLs6.docx (Dropped File)
MIME Type	application/zip
File Size	1.64 KB
MD5	530beaa75aa0028f709914abaec4209b
SHA1	e7631889e0f4a4dada1f575f21e5e850ddb8ba0d
SHA256	f075d76a06e0897d62d01de77567e444878201041462d4aca147d4f6236c3203
SSDeep	24:9ZcSmnknHmfCM5AIAnmu9soh3VZ8txFJm9zUIHoiQZRXh8cGp+ydQYwsknU+6okr:9KdkQAnRsNtxS9zTHoxLxJzW/wskGMhi
ImpHash	-

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After