efe7e143...67d8 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Ransomware
Threat Names:
Gen:Variant.Razy.760416

Clean.exe

Windows Exe (x86-32)

Created at 2020-10-26T18:29:00

...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 hour" to "10 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\Clean.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 406.50 KB
MD5 6a31e618496d7423ba2ebe54d460bafb Copy to Clipboard
SHA1 cf103bf47b19bf7c346e761ab141a46904928188 Copy to Clipboard
SHA256 efe7e143ae91dee769a7d039b00015a9c4972378060b9dd62d1c0f85e03267d8 Copy to Clipboard
SSDeep 6144:yX+Eo955ry777H6Q31gFsR0c6Q31gFsR0SGDCOi5LXq:C+vXyvzF14cF14SGnix6 Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x46627a
Size Of Code 0x64400
Size Of Initialized Data 0x1400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2104-12-01 21:25:32+00:00
Version Information (11)
»
Assembly Version 1.0.0.0
Comments -
CompanyName -
FileDescription Rasomware2.0
FileVersion 1.0.0.0
InternalName Rasomware2.0.exe
LegalCopyright Copyright © 2020
LegalTrademarks -
OriginalFilename Rasomware2.0.exe
ProductName Rasomware2.0
ProductVersion 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0x64288 0x64400 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.86
.rsrc 0x468000 0x1040 0x1200 0x64600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.79
.reloc 0x46a000 0xc 0x200 0x65800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0x66250 0x64450 0x0
Memory Dumps (31)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
clean.exe 1 0x00D20000 0x00D8BFFF Relevant Image True 64-bit - False False
...
buffer 1 0x7FFEDCA9E000 0x7FFEDCA9EFFF First Execution False 64-bit 0x7FFEDCA9E040 False False
...
buffer 1 0x7FFEDCBF5000 0x7FFEDCBF5FFF First Execution False 64-bit 0x7FFEDCBF5040 False False
...
buffer 1 0x1B7C4000 0x1B7C4FFF First Execution False 64-bit 0x1B7C407C False False
...
buffer 1 0x1B7C2000 0x1B7C3FFF First Execution False 64-bit 0x1B7C3D0C False False
...
buffer 1 0x7FFEDCBF6000 0x7FFEDCBF6FFF First Execution False 64-bit 0x7FFEDCBF6000 False False
...
buffer 1 0x7FFEDCBB3000 0x7FFEDCBB3FFF First Execution False 64-bit 0x7FFEDCBB3000 False False
...
clean.exe 1 0x00D20000 0x00D8BFFF Final Dump True 64-bit - False False
...
buffer 1 0x7FFEDCBF7000 0x7FFEDCBF7FFF First Execution False 64-bit 0x7FFEDCBF7012 False False
...
buffer 1 0x7FFEDCBF8000 0x7FFEDCBF8FFF First Execution False 64-bit 0x7FFEDCBF8060 False False
...
buffer 1 0x7FFEDCBF9000 0x7FFEDCBF9FFF First Execution False 64-bit 0x7FFEDCBF9020 False False
...
buffer 1 0x7FFEDCBFA000 0x7FFEDCBFAFFF First Execution False 64-bit 0x7FFEDCBFA032 False False
...
buffer 1 0x7FFEDCBB4000 0x7FFEDCBB4FFF First Execution False 64-bit 0x7FFEDCBB4000 False False
...
buffer 1 0x7FFEDCBFB000 0x7FFEDCBFBFFF First Execution False 64-bit 0x7FFEDCBFB000 False False
...
buffer 1 0x7FFEDCBFC000 0x7FFEDCBFCFFF First Execution False 64-bit 0x7FFEDCBFC040 False False
...
buffer 1 0x7FFEDCBFD000 0x7FFEDCBFDFFF First Execution False 64-bit 0x7FFEDCBFD000 False False
...
buffer 1 0x1B7C5000 0x1B7C6FFF First Execution False 64-bit 0x1B7C534C False False
...
buffer 1 0x7FFEDCBFE000 0x7FFEDCBFEFFF First Execution False 64-bit 0x7FFEDCBFE012 False False
...
buffer 1 0x7FFEDCBB4000 0x7FFEDCBB4FFF Content Changed False 64-bit 0x7FFEDCBB4740 False False
...
buffer 1 0x7FFEDCBF5000 0x7FFEDCBF5FFF Content Changed False 64-bit 0x7FFEDCBF5D60 False False
...
buffer 1 0x7FFEDCA9E000 0x7FFEDCA9EFFF Content Changed False 64-bit 0x7FFEDCA9E740 False False
...
buffer 1 0x7FFEDCBF8000 0x7FFEDCBF8FFF Content Changed False 64-bit 0x7FFEDCBF8060 False False
...
buffer 1 0x7FFEDCBF6000 0x7FFEDCBF6FFF Content Changed False 64-bit 0x7FFEDCBF62A0 False False
...
buffer 1 0x7FFEDCBF9000 0x7FFEDCBF9FFF Content Changed False 64-bit 0x7FFEDCBF9100 False False
...
buffer 1 0x7FFEDCBFD000 0x7FFEDCBFDFFF Content Changed False 64-bit 0x7FFEDCBFD0E0 False False
...
buffer 1 0x1B7C5000 0x1B7C6FFF Content Changed False 64-bit 0x1B7C534C False False
...
buffer 1 0x7FFEDCBFA000 0x7FFEDCBFAFFF Content Changed False 64-bit 0x7FFEDCBFA6E0 False False
...
buffer 1 0x7FFEDCBB3000 0x7FFEDCBB3FFF Content Changed False 64-bit 0x7FFEDCBB3710 False False
...
buffer 1 0x1B7C2000 0x1B7C3FFF Content Changed False 64-bit 0x1B7C3CBC False False
...
buffer 1 0x1B7C4000 0x1B7C4FFF Content Changed False 64-bit 0x1B7C4A8C False False
...
buffer 1 0x7FFEDCBF7000 0x7FFEDCBF7FFF Content Changed False 64-bit 0x7FFEDCBF7B20 False False
...
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Razy.760416
Malicious
C:\Users\FD1HVy\Desktop\-lEaF9KQ86xnw2Yu.bmp Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 54.78 KB
MD5 0ca9610351f127413853082df5f197d0 Copy to Clipboard
SHA1 41d562040b265db85955b67f0e006adbf15ee6f3 Copy to Clipboard
SHA256 f792a2017db22b8f99fb36083c1105e72f0e67fb56f3bf4fbe42e9bd89464411 Copy to Clipboard
SSDeep 1536:B1aVjKD1K4oByk/a5C+U0fjFZE41zBBcciY3l+r1Y35cpBtTS:udKD1KJgk/acvijFZNzxNl+xeD Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\2iz1JGsz8rVWP2JeDG_Z.bmp Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 21.62 KB
MD5 0dced8dc077aab5494d8dacfd363a8a6 Copy to Clipboard
SHA1 aacf6bec353b9ceac1e1d8759b14ac994f39801c Copy to Clipboard
SHA256 27422bdb82140268afdd32fa89ad7cfa6460a6bf01dec922d124d67d85b34cd4 Copy to Clipboard
SSDeep 384:ne/qyNlV0SZSTNa1ia9nVihMUuEjB7jQHnyZfHFu6awMi+1LpIRzBB2yK:nKmZa/pVgMUuw5QHyDIrLpI9ub Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\3nnYT8jqppvejc.swf Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 54.64 KB
MD5 c84e0953c67a8445fb2a779374698461 Copy to Clipboard
SHA1 69b7014d65da01dba47ec24beb31aeeafc60bb41 Copy to Clipboard
SHA256 aefa0d767fb4356464baa1ca7203b76a35b60c3c80f9204a875d9f13bf6e4381 Copy to Clipboard
SSDeep 1536:a4E4bx+lQaN6keBeJ4cjWHf/LeTaCVtvvlCklG:2VQaNDGQWHf6aCz5lG Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\3qs KZTKQGR8wlvOJt.mp3 Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 53.25 KB
MD5 22ea61ef5decc4d4f1179a1591645109 Copy to Clipboard
SHA1 981e93ce99bf67752c83b40a9d50dbb3ba993c4d Copy to Clipboard
SHA256 a3aaa947810d938ee6e7a58f25e57416e91dbd447422559474687af80ccbd696 Copy to Clipboard
SSDeep 1536:QIHpBp791NecXxySYFRbb7tg1OAzeEpdN/5hDjxwN:f5McB9Y3NlIJ/Px6 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\4G1ed.png Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 42.70 KB
MD5 f3184d9837faa7821b019fb8ec7eea0c Copy to Clipboard
SHA1 3f98a918b9bec25a1a90b23b12be58437528e71a Copy to Clipboard
SHA256 a06aac7ffc8d9217018f113b6798eaeeb1c5101aeea005fac00035bc5dfa957f Copy to Clipboard
SSDeep 768:gm9sId7Ns3hKuKJRPk5F8NcPxr4sRMEV4VzPrg7HDfRfiLH8AHjn:gvQ1uykn8NoR/1UPr4H9e/H7 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\55qp-QsmRD0Zs.mkv Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 14.83 KB
MD5 4cf419f664d4c616163037c10b9c5e3c Copy to Clipboard
SHA1 3549ea78c6673c88f51aa43c68400c5ac848708e Copy to Clipboard
SHA256 84270badf451b861124a4a846ad3bae06d651ea8e4e4c89ea91ddd1187a84ef6 Copy to Clipboard
SSDeep 384:b0Aulb8j+LEQIozpTNkTEO213PAQDR+xjF0:b1086LNzvisoQDijF0 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\5Jd_WK88oqH.jpg Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 46.39 KB
MD5 ec50ed2688aa950a3c83208bf0e7564a Copy to Clipboard
SHA1 29a2f02fc99f6f7f205de605aed5593edf3d6686 Copy to Clipboard
SHA256 6377ab6c2073f67dc3d9642d0f7787dae7e84306871f1c411f0f5cdc69137164 Copy to Clipboard
SSDeep 768:dl38sFzgENKXOA2AYVe1mSJJS/qcCtR/CgXi8vRTVSc18+O+pXF0fqApiXCrC:nLzgENK+AxYVe1m4S+DXfewtqfqApBC Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\6aMMGtRTQCK.png Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 75.62 KB
MD5 083fe8da60b683fb0845b26120361ced Copy to Clipboard
SHA1 b7a40f880d0f7bb803248c8c33440a9549e9b313 Copy to Clipboard
SHA256 7f900cdf34d1e224e6b064141fc54cca0f90e3030f5e1167f5725b316d7ac098 Copy to Clipboard
SSDeep 1536:bnG86EiKGuTwlx1HMmtgigINqaqKS6tBfTNm84eSH65ruL/7jhQuQQczlMpmDUD1:bGbjpXPsEEINqaRN1h9SHmruL/7iIs2F Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\9oohZWpC.odt Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 21.22 KB
MD5 5cbc6e6e8e302b02dcd99cb76bdab769 Copy to Clipboard
SHA1 2a18d6435c690d43cff951fe46addaf02c8ba8a6 Copy to Clipboard
SHA256 13c56648161a8af8a0f6d2af0d6ecaab4b4ff60de5756c820ce368f30d04df24 Copy to Clipboard
SSDeep 384:vFekZXH1KUhkXgPwutnIbV4TacuPWiZR7YZAKkTBPx9Zqj/+7glvN0/3mFn2zRv:9ek1VK9whIR4TKW8R7UuwyQvN0c2B Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\AEl7xFpzhL3MiFF2DB.gif Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 35.14 KB
MD5 b8177233fea38827af421144125d3fab Copy to Clipboard
SHA1 f3be5e3ec0948ee31df6bc2a92a9e60ec29dadf8 Copy to Clipboard
SHA256 12fda4ddda5f07d1ac4203bc7841444703c7d949ed9f105d45f7137b089ca394 Copy to Clipboard
SSDeep 768:E4M41iIOle9bHvrWlkb+RUPX9/W5TNumStDM3SnKzNAir7vBUPi7:zM4Qe9bqNWPmNu7tDMiuAOUa7 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\Desktop\BTJUhkayMP8PKsG8QSj.pptx Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 26.14 KB
MD5 370c022ae7924b6262e11412fe96f4ec Copy to Clipboard
SHA1 76c7dcc901efaed2b1f2901862751033244246ee Copy to Clipboard
SHA256 c248586afd1563f24823f6b5d3113e99a57ce8c9d61ec4c92f3f3191cfb3284a Copy to Clipboard
SSDeep 768:AxZprPvNodxv7nBeH5fitiXC32dleMJKe1+dpwg:ADl3NM0H5f+iS3I45dl Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image