IQY File Downloads FlawedAmmyy RAT | VMRay Analyzer Report
Try VMRay Analyzer
VTI SCORE: 100/100
Target: Windows 7 (SP1, 64-bit), MS Office 2016 (64-bit) | ms_office
Classification: Trojan, Dropper, Exploit, Downloader

ca0da220f7691059b3174b2de14bd41ddb96bf3f02a2824b2b8c103215c7403c (SHA256)

Sales invoice Z12_01 copy.iqy.iqy

Excel Document

Created at 2018-06-06 09:51:00

Notifications (2/2)

The overall sleep time of all monitored processes was truncated from "3 minutes, 21 seconds" to "2 seconds" to reveal dormant functionality.

Top Threat Indicators (View all 27 threat indicators)

Screenshots

Monitored Processes

Analysis Information

Creation Time 2018-06-06 11:51 (UTC+2)
Analysis Duration 00:02:40
Number of Monitored Processes 21
Execution Successful True
Reputation Enabled True
Termination Reason Timeout
Tags
#malware

Analyzer and Virtual Machine Information

Analyzer Version 2.2.1
Analyzer Build Date 2018-05-28 16:14 (UTC+2)
Adobe Acrobat Reader Version 10.0.0
Microsoft Office 2016
Microsoft Office Version 16.0.4266.1001
Internet Explorer Version 8.0.7601.17514
Chrome Version 60.0.3112.113
Firefox Version 25.0
Flash Version 11.2.202.233
Java Version 7.0.710.14
VM Name win7_64_sp1-mso2016
VM Description Windows 7 (SP1, 64-bit), MS Office 2016 (64-bit)
VM Architecture x86 64-bit
VM OS Windows 7
VM Kernel Version 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)

Sample Information

ID #1587234
MD5 Hash Value b9fdcd230f07ac2e62987fd620e42ca8
SHA1 Hash Value c1973ccf7000a0e45f501cb31ca37e9c10084f62
SHA256 Hash Value ca0da220f7691059b3174b2de14bd41ddb96bf3f02a2824b2b8c103215c7403c
Filename Sales invoice Z12_01 copy.iqy.iqy
File Size 0.06 KB
File Type Excel Document
Has VBA Macros False
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image