Windows
Analysis Report
ab.exe
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is start
- ab.exe (PID: 2704 cmdline:
"C:\Users\ abbas\Down loads\MjdQ McMxBd\ab. exe" MD5: 0B486FE0503524CFE4726A4022FA6A68)
- ab.exe (PID: 4556 cmdline:
"C:\Users\ abbas\Down loads\MjdQ McMxBd\ab. exe" MD5: 0B486FE0503524CFE4726A4022FA6A68) - WMIC.exe (PID: 6576 cmdline:
wmic SHADO WCOPY DELE TE /nointe ractive MD5: 82BB8430531876FBF5266E53460A393E) - conhost.exe (PID: 3392 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: D837FA4DEE7D84C19FF6F71FC48A6625) - WMIC.exe (PID: 5372 cmdline:
wmic SHADO WCOPY DELE TE /nointe ractive MD5: 82BB8430531876FBF5266E53460A393E) - conhost.exe (PID: 5956 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: D837FA4DEE7D84C19FF6F71FC48A6625) - WMIC.exe (PID: 5540 cmdline:
wmic SHADO WCOPY DELE TE /nointe ractive MD5: 82BB8430531876FBF5266E53460A393E) - conhost.exe (PID: 412 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: D837FA4DEE7D84C19FF6F71FC48A6625)
- WMIC.exe (PID: 7136 cmdline:
wmic SHADO WCOPY DELE TE /nointe ractive MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD) - conhost.exe (PID: 460 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: D837FA4DEE7D84C19FF6F71FC48A6625)
- WMIC.exe (PID: 5968 cmdline:
wmic SHADO WCOPY DELE TE /nointe ractive MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD) - conhost.exe (PID: 3084 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: D837FA4DEE7D84C19FF6F71FC48A6625)
- WMIC.exe (PID: 3836 cmdline:
wmic SHADO WCOPY DELE TE /nointe ractive MD5: A2EF3F0AD95FDA9262A5F9533B6DD1BD) - conhost.exe (PID: 4316 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: D837FA4DEE7D84C19FF6F71FC48A6625)
- ab.exe (PID: 6468 cmdline:
C:\Users\a bbas\AppDa ta\Roaming \Microsoft \Windows\a b.exe MD5: 0B486FE0503524CFE4726A4022FA6A68)
- cleanup
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Avira: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Static PE information: |
Spreading |
---|
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Spam, unwanted Advertisements and Ransom Demands |
---|
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
System Summary |
---|
Source: | Joe Sandbox Cloud Basic: | Perma Link |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | File read: |
Source: | Static PE information: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: |
Source: | File written: |
Source: | Classification label: |
Source: | File read: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior |
---|
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: | ||
Source: | File created: |
Source: | Process queried: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Replication Through Removable Media | 11 Windows Management Instrumentation | Path Interception | 1 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | 1 Taint Shared Content | Data from Local System | Exfiltration Over Other Network Medium | 1 Non-Application Layer Protocol | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | 1 Replication Through Removable Media | Data from Removable Media | Exfiltration Over Bluetooth | 1 Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | 11 Peripheral Device Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 File Deletion | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
87% | Virustotal | Browse | ||
66% | Metadefender | Browse | ||
96% | ReversingLabs | Win32.Ransomware.Avaddon |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1136765 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
140.31.126.40.in-addr.arpa | unknown | unknown | true | unknown | |
13.173.189.20.in-addr.arpa | unknown | unknown | true | unknown | |
252.0.0.224.in-addr.arpa | unknown | unknown | true |
| unknown |
251.0.0.224.in-addr.arpa | unknown | unknown | true |
| unknown |
1.1.1.1.in-addr.arpa | unknown | unknown | true | unknown | |
250.255.255.239.in-addr.arpa | unknown | unknown | true | unknown | |
254.81.26.67.in-addr.arpa | unknown | unknown | true | unknown | |
209.205.72.20.in-addr.arpa | unknown | unknown | true | unknown | |
254.158.27.67.in-addr.arpa | unknown | unknown | true | unknown |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 1730341 |
Start date: | 01.02.2022 |
Start time: | 12:14:29 |
Joe Sandbox Product: | Cloud |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | ab.exe |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Number of analysed new started processes analysed: | 34 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.rans.spre.winEXE@18/46@9/0 |
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MusNotification.exe, dllhost.exe, consent.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, VSSVC.exe, svchost.exe, UsoClient.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.13, 20.83.130.102, 20.72.205.209, 67.27.158.254, 8.248.119.254, 67.27.159.254, 8.253.95.120, 67.27.158.126, 67.26.81.254, 8.248.149.254, 67.27.159.126, 92.123.195.41, 92.123.195.57
- Excluded domains from analysis (whitelisted): client.wns.windows.com, 102.1.168.192.in-addr.arpa, fg.download.windowsupdate.com.c.footprint.net, wd-prod-cp-us-east-3-fe.eastus.cloudapp.azure.com, wu-shim.trafficmanager.net, 90.1.168.192.in-addr.arpa, ctldl.windowsupdate.com, 111.1.168.192.in-addr.arpa, wdcp.microsoft.com, a767.dspw65.akamai.net, wd-prod-cp.trafficmanager.net, 201.1.168.192.in-addr.arpa, settingsfd-geo.trafficmanager.net, download.windowsupdate.com.edgesuite.net, onedscolprdwus12.westus.cloudapp.azure.com, 255.1.168.192.in-addr.arpa, wpad.ad01.local, c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa, 3.0.0.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa, _ldap._tcp.Default-First-Site-Name._sites.ad01.local, 107.1.168.192.in-addr.arpa, f.4.f.0.c.f.d.2.f.c.0.e.e.c.9.2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: 1.1.1.1.in-addr.arpa
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | modified |
Size (bytes): | 129 |
Entropy (8bit): | 5.323600488446077 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 794112 |
Entropy (8bit): | 6.16411908069709 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.980003303855256 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.980003303855256 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.97860916412443 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.97860916412443 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.97744184456267 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.97744184456267 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3775 |
Entropy (8bit): | 5.73339183790735 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.979265732844343 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.979265732844343 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | modified |
Size (bytes): | 8728 |
Entropy (8bit): | 7.9760042591280165 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.9760042591280165 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.980989009458387 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.976139977910017 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.976139977910017 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.981862314842239 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.981862314842239 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.978201573871916 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.978201573871916 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.980221378895594 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.980221378895594 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3767 |
Entropy (8bit): | 5.732856634724589 |
Encrypted: | false |
SSDEEP: | |
MD5: | 7F667C5043C13EF8C7FE84FB09E8BD40 |
SHA1: | BDC0DA66FDA4BFFE3A79542B71C437A5A13B737D |
SHA-256: | F266487A7EACF5C42C2AEA38F2B1A917189E77FBD1622441E146B13004861FCE |
SHA-512: | A48217B52D9F39E1DE225C008B26D68306B4FBFC8B226A764F22311E46315F1CEFD81D52360EEF299DBAD46025AB50A5EF707664988B906DFF9912CF71FC3870 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | modified |
Size (bytes): | 8728 |
Entropy (8bit): | 7.9797690361834475 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.977753367936546 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.9777735966039245 |
Encrypted: | false |
SSDEEP: | |
MD5: | 584B68D58631074B26271D2FA9A7BB87 |
SHA1: | 0CA017E39916E1EF715D25B1CAE7AA23C8179FEF |
SHA-256: | 93233651DA71AD48F3036723EAD37FADD01E514A52ABC2BBC12AA5A0F8D9B316 |
SHA-512: | 9E43E91065564181BBA5237677322B04B0ACE80A85D03223DA4A527BFDA121CE496FBF01662B1A184569A6E2CC6DA93DCBB5C4926CAFEC37293B997E8B9BBCCF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.9777735966039245 |
Encrypted: | false |
SSDEEP: | |
MD5: | 584B68D58631074B26271D2FA9A7BB87 |
SHA1: | 0CA017E39916E1EF715D25B1CAE7AA23C8179FEF |
SHA-256: | 93233651DA71AD48F3036723EAD37FADD01E514A52ABC2BBC12AA5A0F8D9B316 |
SHA-512: | 9E43E91065564181BBA5237677322B04B0ACE80A85D03223DA4A527BFDA121CE496FBF01662B1A184569A6E2CC6DA93DCBB5C4926CAFEC37293B997E8B9BBCCF |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.982132068377269 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.976969885908933 |
Encrypted: | false |
SSDEEP: | |
MD5: | E58047559B3792896E40170B9826E448 |
SHA1: | 5E40A596CA91175124F7F6EA3D2C2F82286E0AF1 |
SHA-256: | C918FA01AB90075B913A8268A6A1B779A74218C3D04E4B3D1901EBE367ECB30E |
SHA-512: | D9925B4C3D32F0045143F9C932D347ABDBA57768DB5CB337EFD370F58494A2636A60D203FB192888A0881A3958DE1B56C49F7CCC23D472449E262A8B46550E5D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.976969885908933 |
Encrypted: | false |
SSDEEP: | |
MD5: | E58047559B3792896E40170B9826E448 |
SHA1: | 5E40A596CA91175124F7F6EA3D2C2F82286E0AF1 |
SHA-256: | C918FA01AB90075B913A8268A6A1B779A74218C3D04E4B3D1901EBE367ECB30E |
SHA-512: | D9925B4C3D32F0045143F9C932D347ABDBA57768DB5CB337EFD370F58494A2636A60D203FB192888A0881A3958DE1B56C49F7CCC23D472449E262A8B46550E5D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.979260137384466 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6D855CB97419357298E41616D514E6A4 |
SHA1: | F9C80B30456970C30C85F165432B7D9330DB58D1 |
SHA-256: | 81804E4489EE9FC59B7AB167599821013042DE03FD72A35AA9D4DA37362997B6 |
SHA-512: | 53532479600F770853E5E1C22C78310BD943A7CAD7B10266E2B407B2EAFA8E2143BDAE75BC36E96DC877149A8787EC07A1D8312B14C222E09D636D6E6C660002 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.979260137384466 |
Encrypted: | false |
SSDEEP: | |
MD5: | 6D855CB97419357298E41616D514E6A4 |
SHA1: | F9C80B30456970C30C85F165432B7D9330DB58D1 |
SHA-256: | 81804E4489EE9FC59B7AB167599821013042DE03FD72A35AA9D4DA37362997B6 |
SHA-512: | 53532479600F770853E5E1C22C78310BD943A7CAD7B10266E2B407B2EAFA8E2143BDAE75BC36E96DC877149A8787EC07A1D8312B14C222E09D636D6E6C660002 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.978098351617084 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3067AA92E9C18C2F3E06812E35033B5D |
SHA1: | CACA2F7672F085A029A56DE69FC9AC437499A59F |
SHA-256: | F8313D0270E1ED45174454400524778515FA61C694B04E521EF87E902850CC0A |
SHA-512: | 1B82100530049EDB68A1A390F70E84C1B3DD20343F191C74C881CC825153CEEDCAB3F7D19E1DE07BB8750AF264AD7B24EFF2780CB1544ABB03407B3DAA284A1E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.978098351617084 |
Encrypted: | false |
SSDEEP: | |
MD5: | 3067AA92E9C18C2F3E06812E35033B5D |
SHA1: | CACA2F7672F085A029A56DE69FC9AC437499A59F |
SHA-256: | F8313D0270E1ED45174454400524778515FA61C694B04E521EF87E902850CC0A |
SHA-512: | 1B82100530049EDB68A1A390F70E84C1B3DD20343F191C74C881CC825153CEEDCAB3F7D19E1DE07BB8750AF264AD7B24EFF2780CB1544ABB03407B3DAA284A1E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.976639186102637 |
Encrypted: | false |
SSDEEP: | |
MD5: | DAC15735F286C42A4875524C07711542 |
SHA1: | 06B3B80A67A8371153C3929729369B80417235DE |
SHA-256: | 11205EE1F88ABBAF94056A90F0236D3EBAABE165F9CB1867E191547FFF04B133 |
SHA-512: | 4B999E449BA43834C3E91A91E4AC05CCC397A813364BA41AA74E12D02D35A40FF4CEC04F7069DD4479BC5732C3C09BA5026D1A616141346B4BA439A142850D96 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | modified |
Size (bytes): | 3774 |
Entropy (8bit): | 5.7325519148058985 |
Encrypted: | false |
SSDEEP: | |
MD5: | E3EF42CBB4B0EC5B95EDBE0E7AC1BFE8 |
SHA1: | 48454D9025C48E132330C57516146FC318083A12 |
SHA-256: | 921F96A5FF2E014807A2B4D7A6FA17D3E12268873131FD8D3BCAE9A44E728C49 |
SHA-512: | BD2CD2B42A7DEC0FEBDCE3FD9BE004A6FA363DD668227DA190930D67F173D98415F4D738453CAFC45324F42AA94706BD8304E696C8891023745E52105B5AC075 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\wbem\WMIC.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48 |
Entropy (8bit): | 4.305255793112395 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16920 |
Entropy (8bit): | 7.989725459788761 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.979125071058783 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16920 |
Entropy (8bit): | 7.989457966165604 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16920 |
Entropy (8bit): | 7.989725459788761 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\abbas\Downloads\MjdQMcMxBd\ab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8728 |
Entropy (8bit): | 7.979125071058783 |
Encrypted: | false |
SSDEEP: | |
MD5: | D41D8CD98F00B204E9800998ECF8427E |
SHA1: | DA39A3EE5E6B4B0D3255BFEF95601890AFD80709 |
SHA-256: | E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855 |
SHA-512: | CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.16411908069709 |
TrID: |
|
File name: | ab.exe |
File size: | 794112 |
MD5: | 0b486fe0503524cfe4726a4022fa6a68 |
SHA1: | 297dea71d489768ce45d23b0f8a45424b469ab00 |
SHA256: | 1228d0f04f0ba82569fc1c0609f9fd6c377a91b9ea44c1e7f9f84b2b90552da2 |
SHA512: | f4273ca5cc3a9360af67f4b4ee0bf067cf218c5dc8caeafbfa1b809715effe742f2e1f54e4fe9ec8d4b8e3ae697d57f91c2b49bdf203648508d75d4a76f53619 |
SSDEEP: | 24576:TCs99+OXLpMePfI8TgmBTCDqEbOpPtpFhyxfq:5GOXLpMePfzVTCD7gPtLhSfq |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......9.I.}.'}}.'}}.'}i.$|l.'}i."|..'}i.#|j.'}i.!|..'}..#|l.'}..$|k.'}.."|..'}i.&|j.'}}.&}..'}...|l.'}...}|.'}}..}|.'}..%||.'}Rich}.' |
Entrypoint: | 0x43f186 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x60689947 [Sat Apr 3 16:35:19 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | b56503b8c4f46a3a086734c09c6bd0f3 |
Instruction |
---|
call 00007F2B1CD46F4Fh |
jmp 00007F2B1CD465CFh |
mov ecx, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], ecx |
pop ecx |
pop edi |
pop edi |
pop esi |
pop ebx |
mov esp, ebp |
pop ebp |
push ecx |
ret |
mov ecx, dword ptr [ebp-10h] |
xor ecx, ebp |
call 00007F2B1CD4601Fh |
jmp 00007F2B1CD46730h |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [004B4018h] |
xor eax, ebp |
push eax |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [004B4018h] |
xor eax, ebp |
push eax |
mov dword ptr [ebp-10h], eax |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [004B4018h] |
xor eax, ebp |
push eax |
mov dword ptr [ebp-10h], esp |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb20a0 | 0xf0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xbc000 | 0x5d8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xbd000 | 0x8d44 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xa6e2c | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xa6e68 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x84000 | 0x358 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x8284c | 0x82a00 | False | 0.488630756579 | data | 6.60983970569 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x84000 | 0x2f3d6 | 0x2f400 | False | 0.264529596561 | data | 3.62244340935 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xb4000 | 0x7818 | 0x6800 | False | 0.106745793269 | data | 3.31661959005 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xbc000 | 0x5d8 | 0x600 | False | 0.453125 | data | 4.07117757835 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xbd000 | 0x8d44 | 0x8e00 | False | 0.518926056338 | data | 6.64901147486 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xbc0a0 | 0x3ac | data | English | United States |
RT_MANIFEST | 0xbc450 | 0x188 | XML 1.0 document text | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetVolumeInformationW, WriteFile, CreateFileW, ReadFile, GetFileSizeEx, GetQueuedCompletionStatus, GetFileAttributesW, PostQueuedCompletionStatus, SetFileAttributesW, GetSystemInfo, SetFilePointerEx, MoveFileExW, CreateIoCompletionPort, FindFirstFileW, FindNextFileW, GetEnvironmentVariableW, FindClose, GetDiskFreeSpaceW, GetLocaleInfoA, GetComputerNameA, WriteConsoleW, GetTickCount, OpenMutexW, CopyFileW, CreateProcessW, GetProcessHeap, GetThreadContext, HeapAlloc, CloseHandle, Process32FirstW, GetCurrentThread, Process32NextW, GetLastError, Sleep, CreateToolhelp32Snapshot, CheckRemoteDebuggerPresent, WaitForSingleObject, CreateMutexW, GetModuleFileNameW, TerminateProcess, GetCurrentProcess, HeapFree, WideCharToMultiByte, MultiByteToWideChar, FindNextVolumeW, GetVolumePathNamesForVolumeNameW, FindVolumeClose, SetVolumeMountPointW, FindFirstVolumeW, HeapSize, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, FindFirstFileExW, GetFileType, GetTimeZoneInformation, HeapReAlloc, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, OpenProcess, IsDebuggerPresent, GetTimeFormatW, GetDateFormatW, GetStdHandle, ExitProcess, GetModuleHandleExW, ExitThread, RaiseException, RtlUnwind, LoadLibraryW, UnregisterWaitEx, QueryDepthSList, InterlockedFlushSList, QueryDosDeviceW, GetLogicalDrives, EnterCriticalSection, LeaveCriticalSection, TryEnterCriticalSection, DeleteCriticalSection, GetCurrentThreadId, WaitForSingleObjectEx, SwitchToThread, GetExitCodeThread, GetStringTypeW, QueryPerformanceCounter, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, EncodePointer, DecodePointer, GetCPInfo, LocalFree, CompareStringW, LCMapStringW, GetLocaleInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetStartupInfoW, GetCurrentProcessId, InitializeSListHead, CreateTimerQueue, SetEvent, SignalObjectAndWait, CreateThread, SetThreadPriority, GetThreadPriority, GetLogicalProcessorInformation, CreateTimerQueueTimer, ChangeTimerQueueTimer, DeleteTimerQueueTimer, GetNumaHighestNodeNumber, GetProcessAffinityMask, SetThreadAffinityMask, RegisterWaitForSingleObject, UnregisterWait, GetThreadTimes, FreeLibrary, FreeLibraryAndExitThread, GetModuleHandleA, LoadLibraryExW, GetVersionExW, VirtualAlloc, VirtualProtect, VirtualFree, DuplicateHandle, ReleaseSemaphore, InterlockedPopEntrySList, InterlockedPushEntrySList |
ADVAPI32.dll | ControlService, OpenServiceW, GetTokenInformation, CryptDuplicateKey, CryptSetKeyParam, CryptDestroyKey, CryptAcquireContextW, CryptEncrypt, CryptExportKey, CryptImportKey, CryptGenKey, CryptReleaseContext, LookupPrivilegeValueW, AdjustTokenPrivileges, InitiateShutdownW, RegCloseKey, CloseServiceHandle, OpenSCManagerW, DeleteService, RegOpenKeyExW, EnumDependentServicesW, RegSetValueExW, OpenProcessToken, StartServiceW, QueryServiceStatusEx |
SHELL32.dll | SHEmptyRecycleBinW, ShellExecuteW |
ole32.dll | CoInitializeEx, CoUninitialize, CoCreateInstance, CoInitializeSecurity, CoSetProxyBlanket |
OLEAUT32.dll | VariantClear, SysAllocString, SysFreeString, SysAllocStringByteLen, VariantInit, SysStringByteLen |
MPR.dll | WNetGetConnectionW |
NETAPI32.dll | NetDfsEnum, NetShareEnum, NetApiBufferFree |
IPHLPAPI.DLL | SendARP |
WS2_32.dll | gethostbyname, gethostname, inet_addr, htons, getnameinfo, WSACleanup, inet_ntoa, WSAStartup |
RstrtMgr.DLL | RmEndSession, RmShutdown, RmGetList, RmStartSession, RmRegisterResources |
CRYPT32.dll | CryptStringToBinaryA |
Description | Data |
---|---|
LegalCopyright | Microsoft Corporation. All rights reserved. |
InternalName | taskhost.exe |
FileVersion | 10.0.17763.831 (WinBuild.160101.0800) |
CompanyName | Microsoft Corporation |
ProductName | Microsoft Windows Operating System |
ProductVersion | 10.0.17763.831 |
FileDescription | Host Process for Windows Tasks |
OriginalFilename | taskhost.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |