Try VMRay Platform
Malicious
Classifications

Wiper Ransomware PUA Spyware

Threat Names

Mal/Generic-S

Dynamic Analysis Report

Created on 2022-02-09T05:47:00

bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e.exe

Windows Exe (x86-32)
...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 minute, 28 seconds" to "10 seconds" to reveal dormant functionality.

(0x02000007): The operating system was rebooted during the analysis because the sample modified the master boot record (MBR).

Master Boot Record Changes
»
Sector Number Sector Size Actions
0 512 Bytes
...
2048 512 Bytes
...


Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e.exe Sample File Binary
malicious
...
»
Also Known As C:\Users\RDHJ0C~1\AppData\Local\Temp\卝祛覚梌櫛筻痋荵審蟉胰词積擭穀縰.exe (Dropped File)
MIME Type application/vnd.microsoft.portable-executable
File Size 289.50 KB
MD5 5c378b11848ac59704c2000b4e711c30 Copy to Clipboard
SHA1 6a46c53fd89b1f66d3fdab7653181e8a3e56d418 Copy to Clipboard
SHA256 bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e Copy to Clipboard
SSDeep 6144:bJuMc7iv8+gsg058LvD47vlOi9E3AAqgml:sKgX0MivlOi9E3AAqzl Copy to Clipboard
ImpHash 9ac10d3eb45e2af35269569591fda84b Copy to Clipboard
File Reputation Information
»
Verdict
suspicious
Names Mal/Generic-S
Classification PUA
PE Information
»
Image Base 0x400000
Entry Point 0x407712
Size Of Code 0x14600
Size Of Initialized Data 0x38c00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2021-06-09 12:22:35+00:00
Sections (6)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x145b8 0x14600 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.73
.rdata 0x416000 0xb774 0xb800 0x14a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.97
.data 0x422000 0x5634 0x800 0x20200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 2.01
_RDATA 0x428000 0x2608 0x2800 0x20a00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 6.08
.rsrc 0x42b000 0x23a80 0x23c00 0x23200 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.67
.reloc 0x44f000 0x176c 0x1800 0x46e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.65
Imports (6)
»
WINMM.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
waveOutWrite - 0x41620c 0x20e1c 0x1f81c 0xbd
waveOutUnprepareHeader - 0x416210 0x20e20 0x1f820 0xbc
waveOutReset - 0x416214 0x20e24 0x1f824 0xb7
waveOutOpen - 0x416218 0x20e28 0x1f828 0xb4
waveOutPrepareHeader - 0x41621c 0x20e2c 0x1f82c 0xb6
KERNEL32.dll (82)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep - 0x41604c 0x20c5c 0x1f65c 0x4b2
GetLastError - 0x416050 0x20c60 0x1f660 0x202
lstrcatW - 0x416054 0x20c64 0x1f664 0x53f
DeleteFileW - 0x416058 0x20c68 0x1f668 0xd6
CloseHandle - 0x41605c 0x20c6c 0x1f66c 0x52
LoadLibraryW - 0x416060 0x20c70 0x1f670 0x33f
CreateThread - 0x416064 0x20c74 0x1f674 0xb5
GetProcAddress - 0x416068 0x20c78 0x1f678 0x245
LocalFree - 0x41606c 0x20c7c 0x1f67c 0x348
CreateProcessW - 0x416070 0x20c80 0x1f680 0xa8
FreeLibrary - 0x416074 0x20c84 0x1f684 0x162
CopyFileW - 0x416078 0x20c88 0x1f688 0x75
lstrcpyW - 0x41607c 0x20c8c 0x1f68c 0x548
lstrcmpW - 0x416080 0x20c90 0x1f690 0x542
GetCurrentThreadId - 0x416084 0x20c94 0x1f694 0x1c5
HeapAlloc - 0x416088 0x20c98 0x1f698 0x2cb
GetProcessHeap - 0x41608c 0x20c9c 0x1f69c 0x24a
CreateMutexW - 0x416090 0x20ca0 0x1f6a0 0x9e
WaitForSingleObject - 0x416094 0x20ca4 0x1f6a4 0x4f9
TerminateThread - 0x416098 0x20ca8 0x1f6a8 0x4c1
HeapFree - 0x41609c 0x20cac 0x1f6ac 0x2cf
HeapSize - 0x4160a0 0x20cb0 0x1f6b0 0x2d4
GetStringTypeW - 0x4160a4 0x20cb4 0x1f6b4 0x269
GetFileType - 0x4160a8 0x20cb8 0x1f6b8 0x1f3
GetLogicalDriveStringsW - 0x4160ac 0x20cbc 0x1f6bc 0x208
LCMapStringW - 0x4160b0 0x20cc0 0x1f6c0 0x32d
FreeEnvironmentStringsW - 0x4160b4 0x20cc4 0x1f6c4 0x161
GetEnvironmentStringsW - 0x4160b8 0x20cc8 0x1f6c8 0x1da
GetCommandLineW - 0x4160bc 0x20ccc 0x1f6cc 0x187
GetCommandLineA - 0x4160c0 0x20cd0 0x1f6d0 0x186
GetCPInfo - 0x4160c4 0x20cd4 0x1f6d4 0x172
GetOEMCP - 0x4160c8 0x20cd8 0x1f6d8 0x237
IsValidCodePage - 0x4160cc 0x20cdc 0x1f6dc 0x30a
FindFirstFileExW - 0x4160d0 0x20ce0 0x1f6e0 0x134
SetFileAttributesW - 0x4160d4 0x20ce4 0x1f6e4 0x461
CreateFileW - 0x4160d8 0x20ce8 0x1f6e8 0x8f
FindClose - 0x4160dc 0x20cec 0x1f6ec 0x12e
GetTempPathW - 0x4160e0 0x20cf0 0x1f6f0 0x285
GetModuleFileNameW - 0x4160e4 0x20cf4 0x1f6f4 0x214
RemoveDirectoryW - 0x4160e8 0x20cf8 0x1f6f8 0x403
WriteFile - 0x4160ec 0x20cfc 0x1f6fc 0x525
GetCurrentProcess - 0x4160f0 0x20d00 0x1f700 0x1c0
FindNextFileW - 0x4160f4 0x20d04 0x1f704 0x145
FindFirstFileW - 0x4160f8 0x20d08 0x1f708 0x139
WriteConsoleW - 0x4160fc 0x20d0c 0x1f70c 0x524
ReadFile - 0x416100 0x20d10 0x1f710 0x3c0
HeapReAlloc - 0x416104 0x20d14 0x1f714 0x2d2
DecodePointer - 0x416108 0x20d18 0x1f718 0xca
FlushFileBuffers - 0x41610c 0x20d1c 0x1f71c 0x157
GetConsoleCP - 0x416110 0x20d20 0x1f720 0x19a
GetConsoleMode - 0x416114 0x20d24 0x1f724 0x1ac
SetFilePointerEx - 0x416118 0x20d28 0x1f728 0x467
SetStdHandle - 0x41611c 0x20d2c 0x1f72c 0x487
GetACP - 0x416120 0x20d30 0x1f730 0x168
GetModuleHandleExW - 0x416124 0x20d34 0x1f734 0x217
UnhandledExceptionFilter - 0x416128 0x20d38 0x1f738 0x4d3
SetUnhandledExceptionFilter - 0x41612c 0x20d3c 0x1f73c 0x4a5
TerminateProcess - 0x416130 0x20d40 0x1f740 0x4c0
IsProcessorFeaturePresent - 0x416134 0x20d44 0x1f744 0x304
QueryPerformanceCounter - 0x416138 0x20d48 0x1f748 0x3a7
GetCurrentProcessId - 0x41613c 0x20d4c 0x1f74c 0x1c1
GetSystemTimeAsFileTime - 0x416140 0x20d50 0x1f750 0x279
InitializeSListHead - 0x416144 0x20d54 0x1f754 0x2e7
IsDebuggerPresent - 0x416148 0x20d58 0x1f758 0x300
GetStartupInfoW - 0x41614c 0x20d5c 0x1f75c 0x263
GetModuleHandleW - 0x416150 0x20d60 0x1f760 0x218
RtlUnwind - 0x416154 0x20d64 0x1f764 0x418
SetLastError - 0x416158 0x20d68 0x1f768 0x473
EnterCriticalSection - 0x41615c 0x20d6c 0x1f76c 0xee
LeaveCriticalSection - 0x416160 0x20d70 0x1f770 0x339
DeleteCriticalSection - 0x416164 0x20d74 0x1f774 0xd1
InitializeCriticalSectionAndSpinCount - 0x416168 0x20d78 0x1f778 0x2e3
TlsAlloc - 0x41616c 0x20d7c 0x1f77c 0x4c5
TlsGetValue - 0x416170 0x20d80 0x1f780 0x4c7
TlsSetValue - 0x416174 0x20d84 0x1f784 0x4c8
TlsFree - 0x416178 0x20d88 0x1f788 0x4c6
LoadLibraryExW - 0x41617c 0x20d8c 0x1f78c 0x33e
RaiseException - 0x416180 0x20d90 0x1f790 0x3b1
GetStdHandle - 0x416184 0x20d94 0x1f794 0x264
MultiByteToWideChar - 0x416188 0x20d98 0x1f798 0x367
WideCharToMultiByte - 0x41618c 0x20d9c 0x1f79c 0x511
ExitProcess - 0x416190 0x20da0 0x1f7a0 0x119
USER32.dll (26)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetMessageW - 0x4161a0 0x20db0 0x1f7b0 0x15d
DispatchMessageW - 0x4161a4 0x20db4 0x1f7b4 0xaf
SetTimer - 0x4161a8 0x20db8 0x1f7b8 0x2bb
TranslateMessage - 0x4161ac 0x20dbc 0x1f7bc 0x2fc
EnumDisplayMonitors - 0x4161b0 0x20dc0 0x1f7c0 0xe6
GetWindowRect - 0x4161b4 0x20dc4 0x1f7c4 0x19c
GetDC - 0x4161b8 0x20dc8 0x1f7c8 0x121
EnumChildWindows - 0x4161bc 0x20dcc 0x1f7cc 0xdf
CallNextHookEx - 0x4161c0 0x20dd0 0x1f7d0 0x1c
GetSystemMetrics - 0x4161c4 0x20dd4 0x1f7d4 0x17e
SetWindowTextW - 0x4161c8 0x20dd8 0x1f7d8 0x2cb
DrawIcon - 0x4161cc 0x20ddc 0x1f7dc 0xc7
DestroyCursor - 0x4161d0 0x20de0 0x1f7e0 0xa2
ShowWindow - 0x4161d4 0x20de4 0x1f7e4 0x2df
GetCursorInfo - 0x4161d8 0x20de8 0x1f7e8 0x11f
RedrawWindow - 0x4161dc 0x20dec 0x1f7ec 0x24a
MoveWindow - 0x4161e0 0x20df0 0x1f7f0 0x21b
UnhookWindowsHookEx - 0x4161e4 0x20df4 0x1f7f4 0x300
EnumWindows - 0x4161e8 0x20df8 0x1f7f8 0xf2
mouse_event - 0x4161ec 0x20dfc 0x1f7fc 0x331
SetWindowsHookExW - 0x4161f0 0x20e00 0x1f800 0x2cf
SetCursorPos - 0x4161f4 0x20e04 0x1f804 0x28a
ReleaseDC - 0x4161f8 0x20e08 0x1f808 0x265
EnableWindow - 0x4161fc 0x20e0c 0x1f80c 0xd8
MessageBoxW - 0x416200 0x20e10 0x1f810 0x215
ExitWindowsEx - 0x416204 0x20e14 0x1f814 0xf5
GDI32.dll (10)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
DeleteDC - 0x416020 0x20c30 0x1f630 0xe3
CreatePen - 0x416024 0x20c34 0x1f634 0x4b
Ellipse - 0x416028 0x20c38 0x1f638 0xed
DeleteObject - 0x41602c 0x20c3c 0x1f63c 0xe6
CreateSolidBrush - 0x416030 0x20c40 0x1f640 0x54
BitBlt - 0x416034 0x20c44 0x1f644 0x13
SelectObject - 0x416038 0x20c48 0x1f648 0x277
CreateDIBSection - 0x41603c 0x20c4c 0x1f64c 0x35
CreateCompatibleDC - 0x416040 0x20c50 0x1f650 0x30
StretchBlt - 0x416044 0x20c54 0x1f654 0x2b3
ADVAPI32.dll (7)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LookupPrivilegeValueW - 0x416000 0x20c10 0x1f610 0x197
AdjustTokenPrivileges - 0x416004 0x20c14 0x1f614 0x1f
AllocateAndInitializeSid - 0x416008 0x20c18 0x1f618 0x20
SetEntriesInAclW - 0x41600c 0x20c1c 0x1f61c 0x2a6
SetNamedSecurityInfoW - 0x416010 0x20c20 0x1f620 0x2b1
OpenProcessToken - 0x416014 0x20c24 0x1f624 0x1f7
FreeSid - 0x416018 0x20c28 0x1f628 0x120
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW - 0x416198 0x20da8 0x1f7a8 0x122
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e.exe 1 0x01190000 0x011E0FFF Relevant Image False 32-bit 0x01198000 False
...
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e.exe 1 0x01190000 0x011E0FFF Process Termination False 32-bit - False
...
C:\Users\RDHJ0C~1\AppData\Local\Temp\卝祛覚梌櫛筻痋荵審蟉胰词積擭穀縰.txt Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 260 Bytes
MD5 7d7b20f8124609ffd1a457effe1d5609 Copy to Clipboard
SHA1 2de506278bb21e164d5009330014048373fa5088 Copy to Clipboard
SHA256 d86a575951dc3622d276679a9a43a35b9a40187c2b40d2a05eb68b9fa3c1ef91 Copy to Clipboard
SSDeep 3:aJNWflUbsFWPjBYt61D6ywTlPM3lT5PEQVBlyPXJl7NlUobSTAtt:xNUoFWWt61jwxMk0yPlLbSct Copy to Clipboard
ImpHash -
a2aafd999059ca980a170d576ebdca95e75d11d7f1c26e2e09bb57a66b988f75 Embedded File Image
clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e.exe
MIME Type image/png
File Size 8.15 KB
MD5 0831e4dff8d3b40847d05ebb886de6a9 Copy to Clipboard
SHA1 7924abbcde704c001c39ca06f86a827636d2c7c4 Copy to Clipboard
SHA256 a2aafd999059ca980a170d576ebdca95e75d11d7f1c26e2e09bb57a66b988f75 Copy to Clipboard
SSDeep 192:Q5N5N5NZMrpf+VshwHQOs4s4s4s98hG3LR0g3Yh:Q5N5N5NSrpWehwwXxxxFLaT Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image