|
Sector Number
|
Sector Size
|
Actions
|
|
2063
|
512 Bytes
|
|
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
There are no files for this filter
There are no files in this analysis
|
Filename
|
Category
|
Type
|
Severity
|
Actions
|
|
Mime Type
|
application/vnd.microsoft.portable-executable
|
|
File Size
|
2.78 MB
|
|
MD5
|
39669b01da7e6072c925892520188713
|
|
SHA1
|
e3cf806edca0e8ab8cbc55f4cb5b7a47520a284c
|
|
SHA256
|
eb54f4c20a3c751c77aa152fc22d39c3069b7231bd687a85e231cdb2222df753
|
|
SSDeep
|
49152:nWMaXXHd/CWKvtHMLCj3llgUmWEAHtkzCk75:/aH969FH0g7gUmrz
|
|
ImpHash
|
91802a615b3a5c4bcc05bc5f66a5b219
|
|
Image Base
|
0x400000
|
|
Entry Point
|
0x462180
|
|
Size Of Code
|
0x14ee00
|
|
Size Of Initialized Data
|
0x1b000
|
|
File Type
|
FileType.executable
|
|
Subsystem
|
Subsystem.windows_gui
|
|
Machine Type
|
MachineType.amd64
|
|
Compile Timestamp
|
1970-01-01 00:00:00+00:00
|
|
Name
|
Virtual Address
|
Virtual Size
|
Raw Data Size
|
Raw Data Offset
|
Flags
|
Entropy
|
|
.text
|
0x401000
|
0x14eda9
|
0x14ee00
|
0x600
|
IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
|
5.92
|
|
.rdata
|
0x550000
|
0x15d264
|
0x15d400
|
0x14f400
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
|
5.31
|
|
.data
|
0x6ae000
|
0x4b6c8
|
0x1b000
|
0x2ac800
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
4.21
|
|
.idata
|
0x6fa000
|
0x442
|
0x600
|
0x2c7800
|
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
|
3.44
|
|
.symtab
|
0x6fb000
|
0x4
|
0x200
|
0x2c7e00
|
IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
|
0.02
|
|
API Name
|
Ordinal
|
IAT Address
|
Thunk RVA
|
Thunk Offset
|
Hint
|
|
WriteFile
|
0x0
|
0x6ae020
|
0x2fa312
|
0x2c7b12
|
0x0
|
|
WriteConsoleW
|
0x0
|
0x6ae028
|
0x2fa31a
|
0x2c7b1a
|
0x0
|
|
WaitForMultipleObjects
|
0x0
|
0x6ae030
|
0x2fa322
|
0x2c7b22
|
0x0
|
|
WaitForSingleObject
|
0x0
|
0x6ae038
|
0x2fa32a
|
0x2c7b2a
|
0x0
|
|
VirtualQuery
|
0x0
|
0x6ae040
|
0x2fa332
|
0x2c7b32
|
0x0
|
|
VirtualFree
|
0x0
|
0x6ae048
|
0x2fa33a
|
0x2c7b3a
|
0x0
|
|
VirtualAlloc
|
0x0
|
0x6ae050
|
0x2fa342
|
0x2c7b42
|
0x0
|
|
SwitchToThread
|
0x0
|
0x6ae058
|
0x2fa34a
|
0x2c7b4a
|
0x0
|
|
SuspendThread
|
0x0
|
0x6ae060
|
0x2fa352
|
0x2c7b52
|
0x0
|
|
SetWaitableTimer
|
0x0
|
0x6ae068
|
0x2fa35a
|
0x2c7b5a
|
0x0
|
|
SetUnhandledExceptionFilter
|
0x0
|
0x6ae070
|
0x2fa362
|
0x2c7b62
|
0x0
|
|
SetProcessPriorityBoost
|
0x0
|
0x6ae078
|
0x2fa36a
|
0x2c7b6a
|
0x0
|
|
SetEvent
|
0x0
|
0x6ae080
|
0x2fa372
|
0x2c7b72
|
0x0
|
|
SetErrorMode
|
0x0
|
0x6ae088
|
0x2fa37a
|
0x2c7b7a
|
0x0
|
|
SetConsoleCtrlHandler
|
0x0
|
0x6ae090
|
0x2fa382
|
0x2c7b82
|
0x0
|
|
ResumeThread
|
0x0
|
0x6ae098
|
0x2fa38a
|
0x2c7b8a
|
0x0
|
|
PostQueuedCompletionStatus
|
0x0
|
0x6ae0a0
|
0x2fa392
|
0x2c7b92
|
0x0
|
|
LoadLibraryA
|
0x0
|
0x6ae0a8
|
0x2fa39a
|
0x2c7b9a
|
0x0
|
|
LoadLibraryW
|
0x0
|
0x6ae0b0
|
0x2fa3a2
|
0x2c7ba2
|
0x0
|
|
SetThreadContext
|
0x0
|
0x6ae0b8
|
0x2fa3aa
|
0x2c7baa
|
0x0
|
|
GetThreadContext
|
0x0
|
0x6ae0c0
|
0x2fa3b2
|
0x2c7bb2
|
0x0
|
|
GetSystemInfo
|
0x0
|
0x6ae0c8
|
0x2fa3ba
|
0x2c7bba
|
0x0
|
|
GetSystemDirectoryA
|
0x0
|
0x6ae0d0
|
0x2fa3c2
|
0x2c7bc2
|
0x0
|
|
GetStdHandle
|
0x0
|
0x6ae0d8
|
0x2fa3ca
|
0x2c7bca
|
0x0
|
|
GetQueuedCompletionStatus
|
0x0
|
0x6ae0e0
|
0x2fa3d2
|
0x2c7bd2
|
0x0
|
|
GetProcessAffinityMask
|
0x0
|
0x6ae0e8
|
0x2fa3da
|
0x2c7bda
|
0x0
|
|
GetProcAddress
|
0x0
|
0x6ae0f0
|
0x2fa3e2
|
0x2c7be2
|
0x0
|
|
GetEnvironmentStringsW
|
0x0
|
0x6ae0f8
|
0x2fa3ea
|
0x2c7bea
|
0x0
|
|
GetConsoleMode
|
0x0
|
0x6ae100
|
0x2fa3f2
|
0x2c7bf2
|
0x0
|
|
FreeEnvironmentStringsW
|
0x0
|
0x6ae108
|
0x2fa3fa
|
0x2c7bfa
|
0x0
|
|
ExitProcess
|
0x0
|
0x6ae110
|
0x2fa402
|
0x2c7c02
|
0x0
|
|
DuplicateHandle
|
0x0
|
0x6ae118
|
0x2fa40a
|
0x2c7c0a
|
0x0
|
|
CreateThread
|
0x0
|
0x6ae120
|
0x2fa412
|
0x2c7c12
|
0x0
|
|
CreateIoCompletionPort
|
0x0
|
0x6ae128
|
0x2fa41a
|
0x2c7c1a
|
0x0
|
|
CreateEventA
|
0x0
|
0x6ae130
|
0x2fa422
|
0x2c7c22
|
0x0
|
|
CloseHandle
|
0x0
|
0x6ae138
|
0x2fa42a
|
0x2c7c2a
|
0x0
|
|
AddVectoredExceptionHandler
|
0x0
|
0x6ae140
|
0x2fa432
|
0x2c7c32
|
0x0
|
|
Name
|
Process ID
|
Start VA
|
End VA
|
Dump Reason
|
PE Rebuild
|
Bitness
|
Entry Point
|
AV
|
YARA
|
Actions
|
|
bild.exe
|
1
|
0x00400000
|
0x006FBFFF
|
Relevant Image
|
|
64-bit
|
0x00461910
|
|
|
|
|
bild.exe
|
1
|
0x00400000
|
0x006FBFFF
|
Final Dump
|
|
64-bit
|
0x00409D40
|
|
|
|
|
Threat Name
|
Severity
|
|
Trojan.Ransomware.GenericKDS.43096543
|
|
