GuLoader/CloudEye | IOCs
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: -
Threat Names:
Trojan.GenericKD.33970835
Trojan.GenericKD.43289240
Gen:Variant.Razy.679603
...

xeuovifzzc.exe

Windows Exe (x86-32)

Created at 2020-06-15T07:35:00

...

Indicators

File (14)
»
Filename Hash Operations Category Severity
C:\Users\FD1HVy\Desktop\xeuovifzzc.exe MD5: 4d361636994eb14917467808fd94cad0
SHA1: b83834a176fcb3eae08d6c1d34ac1c9acac81228
SHA256: b240e52ea8a55a50760de6017d644d2d0fcc43fd8918abdf99964efb464c37b6
SSDeep: 3072:Erdhvrr4E7jSkjuZjlWxBpUza52zXu6UVSLoYRLfPK:ELIGvuUwJ6
ImpHash: f838f5f3d768134274b21cb017be38ad 		Sample File
Malicious
C:\Program Files\Qemu-ga\qemu-ga.exe - Access
Not Available
C:\Program Files\qga\qga.exe - Access
Not Available
C:\Users\FD1HVy\Desktop - Access
Not Available
C:\Users\FD1HVy\Desktop\xeuovifzzc.exe - Access
Not Available
C:\WINDOWS\SYSTEM32\MSVBVM60.DLL - Access
Not Available
C:\WINDOWS\system32 - Access
Not Available
C:\Windows\SysWOW64\cmd.exe - Access
Not Available
\??\C:\Users\FD1HVy\AppData\Roaming\Desktop\xeuovifzzc.exe - Access, Create
Not Available
\??\C:\Users\FD1HVy\Desktop\xeuovifzzc.exe - Access, Create, Read
Not Available
\??\C:\WINDOWS\SYSTEM32\ntdll.dll - Access, Create, Read
Not Available
\??\C:\WINDOWS\System32\drivers\etc\hosts - Access, Create, Read
Not Available
\??\C:\WINDOWS\syswow64\msvbvm60.dll - Access
Not Available
\??\C:\Windows\SysWOW64\cmstp.exe - Access, Create, Read
Not Available
Registry (21)
»
Registry Key Name Operations
HKEY_CURRENT_USER\Software\Microsoft\Command Processor Access
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions Access, Read
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar Access, Read
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System Access
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\antistrike\VIKTUALIEFORRETNINGS Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors Access
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion Access, Create
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductName Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor Access
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions Access, Read
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar Access, Read
Mutex (4)
»
Mutex Name Operations
Access
310A-4BA29U3JAIZ Access
507R49362TX68WZz Access
S-1-5-21-1051304-1376299523134 Access
Domain (2)
»
Domain Sources Severity
webredir.vip.gandi.net PCAP, Function Log
Not Queried
www.consultgenou.com PCAP, Function Log
Not Queried
URL (1)
»
URL Operations Category Severity
http://5.206.227.100/private/smarty.bin GET Contacted
Not Queried
IP (2)
»
IP Protocols Sources
217.70.184.50 DNS PCAP, Function Log
5.206.227.100 TCP, HTTP PCAP, Function Log
Export to TXT Export to JSON
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image