dfecb460...9620 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -
Threat Names:
Gen:Variant.Ser.Razy.13274
Gen:Variant.Razy.728766

Setup.exe

Windows Exe (x86-32)

Created at 2020-09-24T13:27:00

...
Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Setup.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 68.00 KB
MD5 9e5c89c84cdbf460fc6857c4e32dafdf Copy to Clipboard
SHA1 ee0a95846ce48c59261eda0fdd6b38dfc83d9f4d Copy to Clipboard
SHA256 dfecb46078038bcfa9d0b8db18bdc0646f33bad55ee7dd5ee46e61c6cf399620 Copy to Clipboard
SSDeep 1536:7ufJPTAoUei1obcxtZbW3BqlIS2IyUY4h2wEsOolJT+y9v:7upTAneif03BqarUY4l Copy to Clipboard
ImpHash bd51a645a9c68bd03b2e51586e5cbdcb Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x405660
Size Of Code 0xd800
Size Of Initialized Data 0x3600
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-09-14 20:46:37+00:00
Sections (4)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xd70d 0xd800 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.47
.rdata 0x40f000 0x31e0 0x3200 0xdc00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.08
.data 0x413000 0x40 0x0 0x0 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.0
.reloc 0x414000 0x174 0x200 0x10e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 4.72
Imports (1)
»
KERNEL32.dll (2)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetProcAddress 0x0 0x40f000 0x121a4 0x10da4 0x2ae
LoadLibraryA 0x0 0x40f004 0x121a8 0x10da8 0x3c1
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
setup.exe 1 0x01390000 0x013A4FFF Relevant Image True 32-bit 0x0139BA10 True False
...
setup.exe 1 0x01390000 0x013A4FFF Final Dump True 32-bit - True False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Ser.Razy.13274
Malicious
C:\Config.Msi\DECRYPT-JebdYG-decrypt.hta Dropped File Text
Suspicious
...
»
Mime Type text/html
File Size 6.45 KB
MD5 f33234aac8e232f693e7b1684cb7ec4e Copy to Clipboard
SHA1 804afcbae4147afffce3ec3b6649b76cb850b97f Copy to Clipboard
SHA256 e58876f0468e2a3f2fef40007c3ca0f45443454ffc541ef2abd7e7e3f26c0f20 Copy to Clipboard
SSDeep 96:TmSF3zV/7jE7tI8KnRtW0CNisir4X+NQw1WE1HhGC6qvVubmdI:6SzHOWfnRtW0CwszXV2BGCpV6J Copy to Clipboard
ImpHash -
Embedded URLs (2)
»
URL First Seen Categories Threat Names Reputation Status WHOIS Data Actions
https://www.torproject.org/download/ - anonymization -
Suspicious
Not Queried
...
http://7iulpt5i6whht6zo2r52f7vptxtjxs3vfcdxxazllikrtqpupn4epnqd.onion/ - - -
Unknown
Not Queried
...
c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat Modified File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 32.00 KB
MD5 8dcf461c8fc7008041374a0ff9b872ca Copy to Clipboard
SHA1 25396fab0ba85edd03df76551c58ea3f14be927a Copy to Clipboard
SHA256 4c665e25a9e45a718048b8aac9f2eaa05706a4ab64c76ca3c73174b8bdeac271 Copy to Clipboard
SSDeep 3:qRFiJ2totWIltvl3sl5llNvl/N1oIKY3lljRntd/txRt/r/i//llevRR//:qjyxEB9/blKY3/jRR1ji1IRX Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat Modified File Stream
Whitelisted
...
»
Also Known As c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat (Modified File)
Mime Type application/octet-stream
File Size 16.00 KB
MD5 d7a950fefd60dbaa01df2d85fefb3862 Copy to Clipboard
SHA1 15740b197555ba8e162c37a60ba655151e3bebae Copy to Clipboard
SHA256 75d0b1743f61b76a35b1fedd32378837805de58d79fa950cb6e8164bfa72073a Copy to Clipboard
SSDeep 3:qRFiJ2totWIlXllll:qjyx Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\$recycle.bin\s-1-5-18\desktop.ini Dropped File Unknown
Whitelisted
...
»
Mime Type application/x-wine-extension-ini
File Size 129 Bytes
MD5 a526b9e7c716b3489d8cc062fbce4005 Copy to Clipboard
SHA1 2df502a944ff721241be20a9e449d2acd07e0312 Copy to Clipboard
SHA256 e1b9ce9b57957b1a0607a72a057d6b7a9b34ea60f3f8aa8f38a3af979bd23066 Copy to Clipboard
SSDeep 3:0NdQDjoqxyRVIQBU+1IVLfAPmBACaWZcy/FbBmedyn:0NwoSyzI2U8MAPVCawbBmeUn Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.JebdYG Dropped File Text
Whitelisted
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact (Dropped File)
Mime Type text/xml
File Size 66.78 KB
MD5 d61627234aa1c0c1ab115cca8d8db645 Copy to Clipboard
SHA1 4a4964c38b3bc34fcc5330fc536ca0d10e11204a Copy to Clipboard
SHA256 9082303a92e82cb121947a8e40686f1f9caa3ad4099267e8541bbb51242fe93f Copy to Clipboard
SSDeep 768:lKA7EXQSbAyh8DKAx/mu18JRRooagPENslMdtNmszlrIlHNlUTAngSilCf1Vzd6t:lbYgjx3N12YoE28tY2i1vU6g50fcn Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.JebdYGkey Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 512 Bytes
MD5 6c65b24aff5d9f6e3c0fff3de3b13525 Copy to Clipboard
SHA1 21beac9dae40a500f727ff572b10e0674af539cd Copy to Clipboard
SHA256 2cb304577b6b0f2e2a50d80e05f1dcfb6d857f9706e0269e4b60835dc4c65eee Copy to Clipboard
SSDeep 12:McEKLclEsRR7xAnGyqRq+ZDFl6mQgNvekXdBxKszatoIXDKdb:MvLRRtYGjRq+XMgZpBKDtRKdb Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Administrator.contact.JebdYGkey Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 512 Bytes
MD5 7413fe5978981bf35a4309ebcefbbc02 Copy to Clipboard
SHA1 e5ed8e22e4dc04c3a7214cc113683c4ed9c0dfab Copy to Clipboard
SHA256 31f701e137894e2e3e311ab65bd6644b1a6b80265e7bea51ad8f0ff583a1f1ba Copy to Clipboard
SSDeep 12:ZZIO29jgsaHlsKUqQXaz/JwrDctLC3uYxHKNYha9aXE1Tmk6G+EJ1bAq:ZZUjXaHuVaz/Joct2uYOaXcC1EPEq Copy to Clipboard
ImpHash -
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi.JebdYG Dropped File Stream
Unknown
...
»
Also Known As C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\boot.sdi (Dropped File)
Mime Type application/octet-stream
File Size 3.06 MB
MD5 2c1aad5938ae4aecc6232d33052047c7 Copy to Clipboard
SHA1 fd939dbcae76c0670b163f69e368dd9d397b08fc Copy to Clipboard
SHA256 f7ffc070aef07c79dcdd4de8c20bcb669ec0ffdb33a2c597c906a3b639256771 Copy to Clipboard
SSDeep 24576:qbZyA7ceZshceZssceZssceZssceZsYeTqlVn:qbZyA4ZGZLZLZLZYe+lVn Copy to Clipboard
ImpHash -
C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim.JebdYG Dropped File Stream
Unknown
...
»
Also Known As C:\Recovery\e9e23962-4a25-11e7-88e8-91fb2ec43f0b\Winre.wim (Dropped File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 73a965d81d3558c6d000c7ac372ff7bb Copy to Clipboard
SHA1 a5ae9fe1cd55a799af340ca074e7f50ad33679a7 Copy to Clipboard
SHA256 2ceb231bc960904294350d4ebff7da70019555f91a6fa001348ab4506b0d6c6a Copy to Clipboard
SSDeep 196608:+jQNHjwJ1oXgdL+PUl6xqojQRljrffo1feRTC+JO7MAVgqBpiTGWs:+jSjwJ18yL+cl6ZjeljrffowRxMMGcin Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact.JebdYG Dropped File Text
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\Aclviho ASldjfl.contact (Dropped File)
Mime Type text/xml
File Size 1.15 KB
MD5 6e533543dcebefebf8b23dc0fced93b4 Copy to Clipboard
SHA1 1ee0048ad98b90f1418f90f25d6f36da14cb3fb1 Copy to Clipboard
SHA256 91c43449ac715b10e4b8db29243e27565591d0b53353d4b81c7d4aa372c6ef2e Copy to Clipboard
SSDeep 24:2d9V+ta8K+UBSGO+p8627A2sYUb7M/3DHUW4fGuKM8T+w:c98ta8t1GOO8B7A2hUb7gDHUW4uiRw Copy to Clipboard
ImpHash -
C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact.JebdYG Dropped File Text
Unknown
...
»
Also Known As C:\Users\5p5NrGJn0jS HALPmcxz\Contacts\asdlfk poopvy.contact (Dropped File)
Mime Type text/xml
File Size 1.14 KB
MD5 3b329adbe47d981303a09401865f93f7 Copy to Clipboard
SHA1 26a224b9089e1471c8fc27c8a550ec0b9d780b56 Copy to Clipboard
SHA256 a1690f61bdf36d0af90df5c8db8373163338689a2751fc6652dc02f4ec2a758d Copy to Clipboard
SSDeep 24:2d9V+ta8K+UBSGO+p86nLjEs1UrX7M/WUH4f0KzuKM8lew:c98ta8t1GOO8EjEEUrX75UH4Nzi4ew Copy to Clipboard
ImpHash -
C:\Users\5P5NRG~1\AppData\Local\Temp\Microsoft\Windows\89WbCm\windows.sys:dhpkxqkdun Dropped File Unknown
Not Queried
...
»
Also Known As c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\62axopq5\fgate[1].txt (Dropped File)
C:\Users\5P5NRG~1\AppData\Local\Temp\Microsoft\Windows\XpYGnn\windows.sys:qxoyhxveerelbnrwg (Dropped File)
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image