Malicious Javascript from MYOB Email Attack | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 18
Modified files count 1
c:\users\5p5nrgjn0js halpmcxz\desktop\MYOB Supply Order.js
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\desktop\MYOB Supply Order.js (Sample File)
Size 7.15 KB (7318 bytes)
Hash Values MD5: a91f4575d5270ccb1257c5328bdadc3a
SHA1: 29b7ca174c735c54ea1e1aedbc98517e75f8cead
SHA256: 24139566e338de0e3c54fba4668eab701caa9ee7c8853b2ab2e2746277c57857
Actions
c:\users\5p5nrg~1\appdata\local\temp\pst790mv.exe
-
File Properties
Names c:\users\5p5nrg~1\appdata\local\temp\pst790mv.exe (Created File)
Size 505.50 KB (517632 bytes)
Hash Values MD5: 39dbb6858f88f7059a28700384c4d0f3
SHA1: fabec36aedbccf2c7a5b0c0e7e8ec7ea64a6a505
SHA256: dc83d603a4589aa8397aba960b132fc7cae24cd7bca4d252616aac2c11beb6f6
Actions
PE Information
+
File Properties
Image Base 0x10000000
Entry Point 0x10018233
Size Of Code 0x25600
Size Of Initialized Data 0x58c00
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2015-01-19 13:43:12
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x255b4 0x25600 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.48
.rdata 0x10027000 0x6f3a 0x7000 0x25a00 CNT_INITIALIZED_DATA, MEM_READ 6.09
.data 0x1002e000 0x4864 0x2a00 0x2ca00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 6.39
.rsrc 0x10033000 0x4f168 0x4f200 0x2f400 CNT_INITIALIZED_DATA, MEM_READ 7.93
Imports (177)
+
KERNEL32.dll (96)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SetConsoleTextAttribute 0x0 0x10027068 0x2cf6c 0x2b96c
GetStdHandle 0x0 0x1002706c 0x2cf70 0x2b970
WaitForSingleObject 0x0 0x10027070 0x2cf74 0x2b974
GetSystemInfo 0x0 0x10027074 0x2cf78 0x2b978
GetVolumeInformationA 0x0 0x10027078 0x2cf7c 0x2b97c
FileTimeToSystemTime 0x0 0x1002707c 0x2cf80 0x2b980
GetFileTime 0x0 0x10027080 0x2cf84 0x2b984
OpenFile 0x0 0x10027084 0x2cf88 0x2b988
GetSystemTime 0x0 0x10027088 0x2cf8c 0x2b98c
SetHandleInformation 0x0 0x1002708c 0x2cf90 0x2b990
CreatePipe 0x0 0x10027090 0x2cf94 0x2b994
GetTickCount 0x0 0x10027094 0x2cf98 0x2b998
SetEndOfFile 0x0 0x10027098 0x2cf9c 0x2b99c
WriteConsoleW 0x0 0x1002709c 0x2cfa0 0x2b9a0
HeapSize 0x0 0x100270a0 0x2cfa4 0x2b9a4
LCMapStringW 0x0 0x100270a4 0x2cfa8 0x2b9a8
CreateFileA 0x0 0x100270a8 0x2cfac 0x2b9ac
LoadLibraryW 0x0 0x100270ac 0x2cfb0 0x2b9b0
HeapReAlloc 0x0 0x100270b0 0x2cfb4 0x2b9b4
FlushFileBuffers 0x0 0x100270b4 0x2cfb8 0x2b9b8
GetConsoleMode 0x0 0x100270b8 0x2cfbc 0x2b9bc
GetConsoleCP 0x0 0x100270bc 0x2cfc0 0x2b9c0
SetStdHandle 0x0 0x100270c0 0x2cfc4 0x2b9c4
GetSystemTimeAsFileTime 0x0 0x100270c4 0x2cfc8 0x2b9c8
GetCurrentProcessId 0x0 0x100270c8 0x2cfcc 0x2b9cc
HeapCreate 0x0 0x100270cc 0x2cfd0 0x2b9d0
GetEnvironmentStringsW 0x0 0x100270d0 0x2cfd4 0x2b9d4
WideCharToMultiByte 0x0 0x100270d4 0x2cfd8 0x2b9d8
FreeEnvironmentStringsW 0x0 0x100270d8 0x2cfdc 0x2b9dc
GetModuleFileNameA 0x0 0x100270dc 0x2cfe0 0x2b9e0
GetModuleFileNameW 0x0 0x100270e0 0x2cfe4 0x2b9e4
IsProcessorFeaturePresent 0x0 0x100270e4 0x2cfe8 0x2b9e8
FindFirstChangeNotificationA 0x0 0x100270e8 0x2cfec 0x2b9ec
IsValidCodePage 0x0 0x100270ec 0x2cff0 0x2b9f0
GetOEMCP 0x0 0x100270f0 0x2cff4 0x2b9f4
GetACP 0x0 0x100270f4 0x2cff8 0x2b9f8
GetCurrentThreadId 0x0 0x100270f8 0x2cffc 0x2b9fc
SetLastError 0x0 0x100270fc 0x2d000 0x2ba00
TlsFree 0x0 0x10027100 0x2d004 0x2ba04
TlsSetValue 0x0 0x10027104 0x2d008 0x2ba08
TlsGetValue 0x0 0x10027108 0x2d00c 0x2ba0c
TlsAlloc 0x0 0x1002710c 0x2d010 0x2ba10
GetCPInfo 0x0 0x10027110 0x2d014 0x2ba14
ExitProcess 0x0 0x10027114 0x2d018 0x2ba18
CloseHandle 0x0 0x10027118 0x2d01c 0x2ba1c
FindNextChangeNotification 0x0 0x1002711c 0x2d020 0x2ba20
Sleep 0x0 0x10027120 0x2d024 0x2ba24
CreateSemaphoreA 0x0 0x10027124 0x2d028 0x2ba28
GetLastError 0x0 0x10027128 0x2d02c 0x2ba2c
ReleaseSemaphore 0x0 0x1002712c 0x2d030 0x2ba30
SetConsoleWindowInfo 0x0 0x10027130 0x2d034 0x2ba34
SetConsoleScreenBufferSize 0x0 0x10027134 0x2d038 0x2ba38
GetConsoleWindow 0x0 0x10027138 0x2d03c 0x2ba3c
GlobalAlloc 0x0 0x1002713c 0x2d040 0x2ba40
GlobalFree 0x0 0x10027140 0x2d044 0x2ba44
VirtualProtect 0x0 0x10027144 0x2d048 0x2ba48
GlobalLock 0x0 0x10027148 0x2d04c 0x2ba4c
GlobalUnlock 0x0 0x1002714c 0x2d050 0x2ba50
GetModuleHandleA 0x0 0x10027150 0x2d054 0x2ba54
GetProcAddress 0x0 0x10027154 0x2d058 0x2ba58
HeapAlloc 0x0 0x10027158 0x2d05c 0x2ba5c
GlobalAddAtomA 0x0 0x1002715c 0x2d060 0x2ba60
CreateFileW 0x0 0x10027160 0x2d064 0x2ba64
QueryPerformanceCounter 0x0 0x10027164 0x2d068 0x2ba68
WriteFile 0x0 0x10027168 0x2d06c 0x2ba6c
GetFullPathNameA 0x0 0x1002716c 0x2d070 0x2ba70
GetModuleHandleW 0x0 0x10027170 0x2d074 0x2ba74
SetFilePointer 0x0 0x10027174 0x2d078 0x2ba78
DeleteCriticalSection 0x0 0x10027178 0x2d07c 0x2ba7c
GetFileType 0x0 0x1002717c 0x2d080 0x2ba80
InitializeCriticalSectionAndSpinCount 0x0 0x10027180 0x2d084 0x2ba84
SetHandleCount 0x0 0x10027184 0x2d088 0x2ba88
HeapFree 0x0 0x10027188 0x2d08c 0x2ba8c
DecodePointer 0x0 0x1002718c 0x2d090 0x2ba90
EncodePointer 0x0 0x10027190 0x2d094 0x2ba94
ReadFile 0x0 0x10027194 0x2d098 0x2ba98
MultiByteToWideChar 0x0 0x10027198 0x2d09c 0x2ba9c
IsDebuggerPresent 0x0 0x1002719c 0x2d0a0 0x2baa0
SetUnhandledExceptionFilter 0x0 0x100271a0 0x2d0a4 0x2baa4
UnhandledExceptionFilter 0x0 0x100271a4 0x2d0a8 0x2baa8
GetCurrentProcess 0x0 0x100271a8 0x2d0ac 0x2baac
TerminateProcess 0x0 0x100271ac 0x2d0b0 0x2bab0
GetStartupInfoW 0x0 0x100271b0 0x2d0b4 0x2bab4
HeapSetInformation 0x0 0x100271b4 0x2d0b8 0x2bab8
GetCommandLineA 0x0 0x100271b8 0x2d0bc 0x2babc
FindFirstFileA 0x0 0x100271bc 0x2d0c0 0x2bac0
FindNextFileA 0x0 0x100271c0 0x2d0c4 0x2bac4
QueryPerformanceFrequency 0x0 0x100271c4 0x2d0c8 0x2bac8
GetStringTypeW 0x0 0x100271c8 0x2d0cc 0x2bacc
RaiseException 0x0 0x100271cc 0x2d0d0 0x2bad0
RtlUnwind 0x0 0x100271d0 0x2d0d4 0x2bad4
InterlockedIncrement 0x0 0x100271d4 0x2d0d8 0x2bad8
InterlockedDecrement 0x0 0x100271d8 0x2d0dc 0x2badc
LeaveCriticalSection 0x0 0x100271dc 0x2d0e0 0x2bae0
EnterCriticalSection 0x0 0x100271e0 0x2d0e4 0x2bae4
GetProcessHeap 0x0 0x100271e4 0x2d0e8 0x2bae8
USER32.dll (42)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadIconA 0x0 0x10027234 0x2d138 0x2bb38
CallWindowProcA 0x0 0x10027238 0x2d13c 0x2bb3c
EndPaint 0x0 0x1002723c 0x2d140 0x2bb40
BeginPaint 0x0 0x10027240 0x2d144 0x2bb44
GetMenuItemInfoA 0x0 0x10027244 0x2d148 0x2bb48
DrawMenuBar 0x0 0x10027248 0x2d14c 0x2bb4c
SetMenuItemInfoA 0x0 0x1002724c 0x2d150 0x2bb50
GetSystemMetrics 0x0 0x10027250 0x2d154 0x2bb54
GetAsyncKeyState 0x0 0x10027254 0x2d158 0x2bb58
GetForegroundWindow 0x0 0x10027258 0x2d15c 0x2bb5c
GetWindowTextA 0x0 0x1002725c 0x2d160 0x2bb60
IsWindow 0x0 0x10027260 0x2d164 0x2bb64
GetClientRect 0x0 0x10027264 0x2d168 0x2bb68
SetWindowLongA 0x0 0x10027268 0x2d16c 0x2bb6c
GetWindowLongA 0x0 0x1002726c 0x2d170 0x2bb70
IsDlgButtonChecked 0x0 0x10027270 0x2d174 0x2bb74
GetDesktopWindow 0x0 0x10027274 0x2d178 0x2bb78
GetWindowRect 0x0 0x10027278 0x2d17c 0x2bb7c
SetWindowPos 0x0 0x1002727c 0x2d180 0x2bb80
CheckMenuItem 0x0 0x10027280 0x2d184 0x2bb84
MessageBoxA 0x0 0x10027284 0x2d188 0x2bb88
GetMenu 0x0 0x10027288 0x2d18c 0x2bb8c
DefWindowProcA 0x0 0x1002728c 0x2d190 0x2bb90
FillRect 0x0 0x10027290 0x2d194 0x2bb94
SetWindowRgn 0x0 0x10027294 0x2d198 0x2bb98
LoadCursorA 0x0 0x10027298 0x2d19c 0x2bb9c
RegisterClassA 0x0 0x1002729c 0x2d1a0 0x2bba0
CreateWindowExA 0x0 0x100272a0 0x2d1a4 0x2bba4
ShowWindow 0x0 0x100272a4 0x2d1a8 0x2bba8
UpdateWindow 0x0 0x100272a8 0x2d1ac 0x2bbac
LoadAcceleratorsA 0x0 0x100272ac 0x2d1b0 0x2bbb0
GetMessageA 0x0 0x100272b0 0x2d1b4 0x2bbb4
TranslateAcceleratorA 0x0 0x100272b4 0x2d1b8 0x2bbb8
TranslateMessage 0x0 0x100272b8 0x2d1bc 0x2bbbc
DispatchMessageA 0x0 0x100272bc 0x2d1c0 0x2bbc0
wsprintfA 0x0 0x100272c0 0x2d1c4 0x2bbc4
MoveWindow 0x0 0x100272c4 0x2d1c8 0x2bbc8
SendDlgItemMessageA 0x0 0x100272c8 0x2d1cc 0x2bbcc
SetWindowTextA 0x0 0x100272cc 0x2d1d0 0x2bbd0
GetDC 0x0 0x100272d0 0x2d1d4 0x2bbd4
SendMessageA 0x0 0x100272d4 0x2d1d8 0x2bbd8
GetClassNameA 0x0 0x100272d8 0x2d1dc 0x2bbdc
GDI32.dll (18)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateMetaFileA 0x0 0x1002700c 0x2cf10 0x2b910
GetPixel 0x0 0x10027010 0x2cf14 0x2b914
CreateCompatibleBitmap 0x0 0x10027014 0x2cf18 0x2b918
SetBoundsRect 0x0 0x10027018 0x2cf1c 0x2b91c
TextOutW 0x0 0x1002701c 0x2cf20 0x2b920
GetObjectA 0x0 0x10027020 0x2cf24 0x2b924
CreateCompatibleDC 0x0 0x10027024 0x2cf28 0x2b928
GetDeviceCaps 0x0 0x10027028 0x2cf2c 0x2b92c
CreateFontA 0x0 0x1002702c 0x2cf30 0x2b930
SelectObject 0x0 0x10027030 0x2cf34 0x2b934
BitBlt 0x0 0x10027034 0x2cf38 0x2b938
SetStretchBltMode 0x0 0x10027038 0x2cf3c 0x2b93c
StretchBlt 0x0 0x1002703c 0x2cf40 0x2b940
GdiAlphaBlend 0x0 0x10027040 0x2cf44 0x2b944
CreateSolidBrush 0x0 0x10027044 0x2cf48 0x2b948
DeleteObject 0x0 0x10027048 0x2cf4c 0x2b94c
GetStockObject 0x0 0x1002704c 0x2cf50 0x2b950
DeleteDC 0x0 0x10027050 0x2cf54 0x2b954
ADVAPI32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetSecurityDescriptorRMControl 0x0 0x10027000 0x2cf04 0x2b904
GetSecurityDescriptorGroup 0x0 0x10027004 0x2cf08 0x2b908
ole32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateStreamOnHGlobal 0x0 0x100272ec 0x2d1f0 0x2bbf0
GetHGlobalFromStream 0x0 0x100272f0 0x2d1f4 0x2bbf4
OLEAUT32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
OleCreatePictureIndirect 0x1a3 0x10027210 0x2d114 0x2bb14
MPR.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WNetGetConnectionA 0x0 0x100271ec 0x2d0f0 0x2baf0
WNetEnumResourceA 0x0 0x100271f0 0x2d0f4 0x2baf4
WNetCloseEnum 0x0 0x100271f4 0x2d0f8 0x2baf8
WNetOpenEnumA 0x0 0x100271f8 0x2d0fc 0x2bafc
MSACM32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
acmStreamOpen 0x0 0x10027200 0x2d104 0x2bb04
pdh.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
PdhBrowseCountersA 0x0 0x100272f8 0x2d1fc 0x2bbfc
OPENGL32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
glMatrixMode 0x0 0x10027218 0x2d11c 0x2bb1c
glClearColor 0x0 0x1002721c 0x2d120 0x2bb20
glClear 0x0 0x10027220 0x2d124 0x2bb24
glLoadIdentity 0x0 0x10027224 0x2d128 0x2bb28
GLU32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
gluPerspective 0x0 0x10027058 0x2cf5c 0x2b95c
IMM32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ImmGetDefaultIMEWnd 0x0 0x10027060 0x2cf64 0x2b964
OLEACC.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateStdAccessibleObject 0x0 0x10027208 0x2d10c 0x2bb0c
WTSAPI32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WTSFreeMemory 0x0 0x100272e0 0x2d1e4 0x2bbe4
WTSQuerySessionInformationA 0x0 0x100272e4 0x2d1e8 0x2bbe8
TRAFFIC.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
TcSetInterface 0x0 0x1002722c 0x2d130 0x2bb30
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp, ...
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp (Created File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.33 KB (336 bytes)
Hash Values MD5: 7c71ee83af910dec760c54b96ae19f9a
SHA1: ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8
SHA256: 33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp, ...
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp (Created File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.38 KB (384 bytes)
Hash Values MD5: f7b1337a85bf965b4b8ab67d65ec26c3
SHA1: 79670586cdfc33f738677af4da640abcbc308743
SHA256: 80428142e41c382f97a47b5a2366e158d40942112cd017a9ce3a1b74fc9ffd93
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp, ...
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp (Created File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.36 KB (368 bytes)
Hash Values MD5: 39b7c9d83ee86f07436876987f6bf5b3
SHA1: 1892bd53396dbf427c13c63c22be20630d7c614f
SHA256: 376c27701b84ccb518346deb5217c61516c42dd3c2a6280787f6d8756750e8aa
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp, ...
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp (Created File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.44 KB (448 bytes)
Hash Values MD5: bbd299bace19431a912dceadba1d4683
SHA1: 99388285449acf2c01cde866d921270a0e708484
SHA256: 414946b215d6c2418bad7c558de09dd603f14c54c24447a6774e2e4a51d76a02
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp, ...
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp (Created File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.58 KB (592 bytes)
Hash Values MD5: 29040b560ca4c807bd187e4a070be64a
SHA1: 558a339dacdce5b3c05e950712b856e57bc218e2
SHA256: bab2056daedad19db5a348dd37d32e97fda7261082808a9b5ceae04ec3b246a3
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp, ...
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat.tmp (Created File)
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.61 KB (624 bytes)
Hash Values MD5: 96de3dad77a9333b3941edcf97763093
SHA1: f89776d007f38a71ae967afa9006611704630e59
SHA256: a96413ba7afe34fa111e17ae8b01befe0cdb546be04904a02f92e113899b3ee0
Actions
c:\windows\tasks\407dad5a-b5c6-4985-9878-a37532f9a55f.job
-
File Properties
Names c:\windows\tasks\407dad5a-b5c6-4985-9878-a37532f9a55f.job (Created File)
Size 0.49 KB (504 bytes)
Hash Values MD5: 103b6c9ab3452427fab5839ea9ca1270
SHA1: afa53dd55fb041a1561da10d726663ba34f62ed8
SHA256: 912fc888e36f94b7be9216aacd71817489db4b37c44ba27ad64b08c0b7034e79
Actions
c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat
-
File Properties
Names c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\1.dat (Created File)
Size 0.03 KB (32 bytes)
Hash Values MD5: c18642c37123dd9520efa18db227cba1
SHA1: 961fe841ad06e3d18495ecd3c7c1f90250f4363a
SHA256: 4d4c440ee23a5e4a5c03928c7085c8bcea0d3b8d78c53c9e03970152064c83ce
Actions
c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll
-
File Properties
Names c:\programdata\252e9d6f-46f0-4cf5-8686-f2a673c579a2\af77746e-8a65-4302-8042-f6017918c669.dll (Modified File)
Size 133.00 KB (136192 bytes)
Hash Values MD5: ca98762b43ad6d6e4147089cae636fd5
SHA1: a8fb38628d6a0e3cbf3b593fdb16fba59ddbb04a
SHA256: d36bca25ec22d09410b4432fcc65fca29ac1101953dabd8be67598e8bb603210
Actions
PE Information
+
File Properties
Image Base 0x10000000
Entry Point 0x100022f7
Size Of Code 0xb000
Size Of Initialized Data 0x16a00
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-11-07 08:26:53
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xaf97 0xb000 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.64
.rdata 0x1000c000 0x56d4 0x5800 0xb400 CNT_INITIALIZED_DATA, MEM_READ 4.84
.data 0x10012000 0x10158 0xf800 0x10c00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 7.93
.reloc 0x10023000 0xf54 0x1000 0x20400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 6.51
Imports (71)
+
KERNEL32.dll (69)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
VirtualAlloc 0x0 0x1000c000 0x11088 0x10488
VirtualProtect 0x0 0x1000c004 0x1108c 0x1048c
VirtualFree 0x0 0x1000c008 0x11090 0x10490
Sleep 0x0 0x1000c00c 0x11094 0x10494
ExitProcess 0x0 0x1000c010 0x11098 0x10498
GetModuleHandleW 0x0 0x1000c014 0x1109c 0x1049c
GetModuleHandleA 0x0 0x1000c018 0x110a0 0x104a0
GetProcAddress 0x0 0x1000c01c 0x110a4 0x104a4
DecodePointer 0x0 0x1000c020 0x110a8 0x104a8
WriteConsoleW 0x0 0x1000c024 0x110ac 0x104ac
CloseHandle 0x0 0x1000c028 0x110b0 0x104b0
QueryPerformanceCounter 0x0 0x1000c02c 0x110b4 0x104b4
GetCurrentProcessId 0x0 0x1000c030 0x110b8 0x104b8
GetCurrentThreadId 0x0 0x1000c034 0x110bc 0x104bc
GetSystemTimeAsFileTime 0x0 0x1000c038 0x110c0 0x104c0
InitializeSListHead 0x0 0x1000c03c 0x110c4 0x104c4
IsDebuggerPresent 0x0 0x1000c040 0x110c8 0x104c8
UnhandledExceptionFilter 0x0 0x1000c044 0x110cc 0x104cc
SetUnhandledExceptionFilter 0x0 0x1000c048 0x110d0 0x104d0
GetStartupInfoW 0x0 0x1000c04c 0x110d4 0x104d4
IsProcessorFeaturePresent 0x0 0x1000c050 0x110d8 0x104d8
GetCurrentProcess 0x0 0x1000c054 0x110dc 0x104dc
TerminateProcess 0x0 0x1000c058 0x110e0 0x104e0
InterlockedFlushSList 0x0 0x1000c05c 0x110e4 0x104e4
RtlUnwind 0x0 0x1000c060 0x110e8 0x104e8
GetLastError 0x0 0x1000c064 0x110ec 0x104ec
SetLastError 0x0 0x1000c068 0x110f0 0x104f0
EnterCriticalSection 0x0 0x1000c06c 0x110f4 0x104f4
LeaveCriticalSection 0x0 0x1000c070 0x110f8 0x104f8
DeleteCriticalSection 0x0 0x1000c074 0x110fc 0x104fc
InitializeCriticalSectionAndSpinCount 0x0 0x1000c078 0x11100 0x10500
TlsAlloc 0x0 0x1000c07c 0x11104 0x10504
TlsGetValue 0x0 0x1000c080 0x11108 0x10508
TlsSetValue 0x0 0x1000c084 0x1110c 0x1050c
TlsFree 0x0 0x1000c088 0x11110 0x10510
FreeLibrary 0x0 0x1000c08c 0x11114 0x10514
LoadLibraryExW 0x0 0x1000c090 0x11118 0x10518
GetModuleHandleExW 0x0 0x1000c094 0x1111c 0x1051c
GetModuleFileNameA 0x0 0x1000c098 0x11120 0x10520
MultiByteToWideChar 0x0 0x1000c09c 0x11124 0x10524
WideCharToMultiByte 0x0 0x1000c0a0 0x11128 0x10528
HeapFree 0x0 0x1000c0a4 0x1112c 0x1052c
HeapAlloc 0x0 0x1000c0a8 0x11130 0x10530
FindClose 0x0 0x1000c0ac 0x11134 0x10534
FindFirstFileExA 0x0 0x1000c0b0 0x11138 0x10538
FindNextFileA 0x0 0x1000c0b4 0x1113c 0x1053c
IsValidCodePage 0x0 0x1000c0b8 0x11140 0x10540
GetACP 0x0 0x1000c0bc 0x11144 0x10544
GetOEMCP 0x0 0x1000c0c0 0x11148 0x10548
GetCPInfo 0x0 0x1000c0c4 0x1114c 0x1054c
GetCommandLineA 0x0 0x1000c0c8 0x11150 0x10550
GetCommandLineW 0x0 0x1000c0cc 0x11154 0x10554
GetEnvironmentStringsW 0x0 0x1000c0d0 0x11158 0x10558
FreeEnvironmentStringsW 0x0 0x1000c0d4 0x1115c 0x1055c
LCMapStringW 0x0 0x1000c0d8 0x11160 0x10560
GetProcessHeap 0x0 0x1000c0dc 0x11164 0x10564
GetStdHandle 0x0 0x1000c0e0 0x11168 0x10568
GetFileType 0x0 0x1000c0e4 0x1116c 0x1056c
GetStringTypeW 0x0 0x1000c0e8 0x11170 0x10570
HeapSize 0x0 0x1000c0ec 0x11174 0x10574
HeapReAlloc 0x0 0x1000c0f0 0x11178 0x10578
SetStdHandle 0x0 0x1000c0f4 0x1117c 0x1057c
FlushFileBuffers 0x0 0x1000c0f8 0x11180 0x10580
WriteFile 0x0 0x1000c0fc 0x11184 0x10584
GetConsoleCP 0x0 0x1000c100 0x11188 0x10588
GetConsoleMode 0x0 0x1000c104 0x1118c 0x1058c
SetFilePointerEx 0x0 0x1000c108 0x11190 0x10590
CreateFileW 0x0 0x1000c10c 0x11194 0x10594
RaiseException 0x0 0x1000c110 0x11198 0x10598
USER32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetDesktopWindow 0x0 0x1000c118 0x111a0 0x105a0
MessageBoxA 0x0 0x1000c11c 0x111a4 0x105a4
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.73 KB (752 bytes)
Hash Values MD5: 4f1cd6376847e04626ed1f864b6d83c6
SHA1: 58bba1d3e7b4e9f751937b584c8869689f2bd76a
SHA256: 2d4db92a8f4db77980ffc53b50440cfa158e237dcae23f758fbcadc1e813309d
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.75 KB (768 bytes)
Hash Values MD5: 2124dedcce45e017b2b52ceea067f908
SHA1: b2ef626c65632a0e2cf8672e8a1b935970cfe9b5
SHA256: ff889ae413ec5a3f93750c59fd587b46849a1046ab401698507ff1fe2b9ffb0c
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.78 KB (800 bytes)
Hash Values MD5: d2907d752b69c6654c839ea5186f8991
SHA1: 040859a0b7a8d960957057fb46de31ac1efbbf60
SHA256: 16d95ef314aa437c57296fb044c62b8866b1988883de2e061d2905e961fcd726
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.81 KB (832 bytes)
Hash Values MD5: 00642690ded7bb60887302ae669d3594
SHA1: c7d1b92ee49ef4af1a217e3f714966d0e429feeb
SHA256: e81d72ecc715998879b1c65bbc11852f4e2b36b5e409e301df146c5dfd46fe69
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.84 KB (864 bytes)
Hash Values MD5: 2fcabfa8f45e908bdd322512d97af55c
SHA1: bc870d783d89b1dfe87dfe83572cbbe0d9d51373
SHA256: 74a7a900be85839c0cca0a5afca690aaa0d3c359886e87983a4af890680effb7
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 0.86 KB (880 bytes)
Hash Values MD5: 05d9c03b1d498b1ed988482850ce1d27
SHA1: 75a080f4c54005703fd524c4a6b4272941d3d110
SHA256: ea6250d4e68955c06ff481da3fa354653dbb4417867e338861f04fc439716849
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 1.00 KB (1024 bytes)
Hash Values MD5: 59b0194db8f7ab4b531fe53c5d318861
SHA1: 27b7876c04a3d91007cb6b2d127a66613ebdc1df
SHA256: 832baecc09332b754abdb3b3d3a7f32e19bfb533ad6d2cca49b86a8092861b2e
Actions
c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\appdata\local\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\container.dat (Created File)
Size 1.06 KB (1088 bytes)
Hash Values MD5: fc2d4c590d9c78b2f8bb25fb284ca97f
SHA1: 591fe8f17424e2284e0c893f1d4e213c47a400a1
SHA256: 0e6a06ecd934e0c6a62c59e13dd5bee3f4cb279f6767c7d5488b14ce8f8ad4c4
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image