Server Load
MS1.0.vmp.exe    Threatbook file behavior analysis report
Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis
Basic Information
file name:MS1.0.vmp.exe
file type:EXEx86
Submission time:2018-10-11 21:01:00
Threat level:malicious
MD5:dd8757a843fa9b799ae94ce72b75baec
sha256:6ae977a5f66f26b14a995cb748a5b74a2238693b0abb4e93d3e36c8836ddaaed
Document Threat Intelligence IOC Report
No intelligence IOC detected
Intelligence decision system
Abnormal flow detection system:0
Hunting system:0
DGA domain name recognition system:0
Network behavior report
domains
ip:58.211.137.74
domain:3.5yyz.com
dns
type:A
request:3.5yyz.com
http:0
hosts:1
Document release report
File release report not detected
File process number report
Process details:0
Document behavior signature report
api:NtCreateFile
category:file
type:call
category:.text
ioc:0x00000000
type:ioc
category:.rdata
ioc:0x00000000
type:ioc
category:.data
ioc:0x00000000
type:ioc
category:.vmp0
ioc:0x00000000
type:ioc
api:SetWindowsHookExA
category:system
type:call
api:SetWindowsHookExA
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
api:GetKeyState
category:system
type:call
Static information
PE section table information
Section name:.text
Virtual address:0x00001000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R-E
Section name:.rdata
Virtual address:0x000a3000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:R--
Section name:.data
Virtual address:0x00346000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RW-
Section name:.vmp0
Virtual address:0x00384000
Physical address:0x00000000
Physical size:0x00000000
Section permissions:RWE
Section name:.vmp1
Virtual address:0x00588000
Physical address:0x00001000
Physical size:0x0045b000
Section permissions:RWE
Section name:.rsrc
Virtual address:0x009e3000
Physical address:0x0045c000
Physical size:0x00012000
Section permissions:R--
PE basic information
import_hash:7afc23f391dac01a6b9e37b0e72d37d3
time_stamp:2018-10-11 20:33:09
entry_point_section:.vmp1
entry_point_section:.vmp1
image_base:0x400000
entry_point:0x9dba7e
PE resource information
name:RT_ICON
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x009e320c
size:0x000002e8
name:RT_ICON
language:LANG_CHINESE
filetype:GLS_BINARY_LSB_FIRST
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x009e34f4
size:0x00000128
name:RT_ICON
language:LANG_NEUTRAL
filetype:data
sublanguage:SUBLANG_NEUTRAL
offset:0x009e361c
size:0x00010828
name:RT_GROUP_ICON
language:LANG_NEUTRAL
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_NEUTRAL
offset:0x009f3e44
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x009f3e58
size:0x00000014
name:RT_GROUP_ICON
language:LANG_CHINESE
filetype:MS Windows icon resource - 1 icon
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x009f3e6c
size:0x00000014
name:RT_VERSION
language:LANG_CHINESE
filetype:data
sublanguage:SUBLANG_CHINESE_SIMPLIFIED
offset:0x009f3e80
size:0x000001fc
name:RT_MANIFEST
language:LANG_NEUTRAL
filetype:XML document text
sublanguage:SUBLANG_NEUTRAL
offset:0x009f407c
size:0x000001cd

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

京公网安备 11010802020746号