File name: | Dosia.exe |
Full analysis: | https://app.any.run/tasks/df4119ce-5cd3-41f3-b883-24cc518d63a7 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2022, 06:20:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (console) Intel 80386, for MS Windows |
MD5: | 21BE396619D3AB2EFA6A70387180E58F |
SHA1: | 09A3B689A5077BD89331ACD157EBE621C8714A89 |
SHA256: | 77CC16BE9E6F910BE9B154981DF07EE9E426863E1543E0D84FBDFB7DC6C9D09F |
SSDEEP: | 98304:I68cgXwWux4ffGqIVkwAZgEkoA/M9wMVuA7r5jF/vKqdD5g+:ZYe2fGNhAJkb/YwM82rhJf |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_CUI |
Compilation Date: | 2022-Jul-01 09:53:45 |
e_magic: | MZ |
---|---|
e_cblp: | 144 |
e_cp: | 3 |
e_crlc: | - |
e_cparhdr: | 4 |
e_minalloc: | - |
e_maxalloc: | 65535 |
e_ss: | - |
e_sp: | 184 |
e_csum: | - |
e_ip: | - |
e_cs: | - |
e_ovno: | - |
e_oemid: | - |
e_oeminfo: | - |
e_lfanew: | 248 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
NumberofSections: | 5 |
TimeDateStamp: | 2022-Jul-01 09:53:45 |
PointerToSymbolTable: | - |
NumberOfSymbols: | - |
SizeOfOptionalHeader: | 224 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 4096 | 151122 | 151552 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.65753 |
.rdata | 155648 | 55268 | 55296 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.15306 |
.data | 212992 | 63700 | 3072 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 1.88335 |
.rsrc | 278528 | 61444 | 61952 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 7.35622 |
.reloc | 344064 | 7560 | 7680 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 6.66216 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
0 | 2.71858 | 104 | Latin 1 / Western European | UNKNOWN | RT_GROUP_ICON |
1 | 5.58652 | 3752 | Latin 1 / Western European | UNKNOWN | RT_ICON |
2 | 6.05629 | 2216 | Latin 1 / Western European | UNKNOWN | RT_ICON |
3 | 5.5741 | 1384 | Latin 1 / Western European | UNKNOWN | RT_ICON |
4 | 7.95079 | 37019 | Latin 1 / Western European | UNKNOWN | RT_ICON |
5 | 5.29119 | 9640 | Latin 1 / Western European | UNKNOWN | RT_ICON |
6 | 5.43869 | 4264 | Latin 1 / Western European | UNKNOWN | RT_ICON |
7 | 5.89356 | 1128 | Latin 1 / Western European | UNKNOWN | RT_ICON |
1 (#2) | 5.29093 | 1416 | Latin 1 / Western European | UNKNOWN | RT_MANIFEST |
ADVAPI32.dll |
KERNEL32.dll |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2436 | "C:\Users\admin\AppData\Local\Temp\Dosia.exe" | C:\Users\admin\AppData\Local\Temp\Dosia.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 2 Modules
| |||||||||||||||
2732 | "C:\Users\admin\AppData\Local\Temp\Dosia.exe" | C:\Users\admin\AppData\Local\Temp\Dosia.exe | — | Dosia.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 2 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-debug-l1-1-0.dll | executable | |
MD5:CE61A5D4134DE9112F87D67CA0869CF5 | SHA256:EE461EDA292F793D049F67153FA784B56EF2386E49A3B2BCF5EC1B3253E3ED72 | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\_socket.pyd | executable | |
MD5:A7A2A5A17BFD12376E6AEDB5F531C21B | SHA256:F869311C8D4EB3B0CDEF30486EB37C679A35CF11AFA803CD5D9FD61265344810 | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\_lzma.pyd | executable | |
MD5:C573346309D8E967A7ADEBF047F5A693 | SHA256:8F8B3CF6CE8A798398139B91B55A5F2CFCA6D997622C7E04DC99455C3AD6997F | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-console-l1-1-0.dll | executable | |
MD5:DED0A05ECD081921F854C718401839A9 | SHA256:CD49E371C79A0D242293E764CB9CBA1C6B071BBEDA18E7D2AF28804E7721BA3E | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\_hashlib.pyd | executable | |
MD5:4F3BF6E8EFAA31A5812F10963182EC96 | SHA256:F3A4E21F451667415F88C17D2F58AFCF110A922487228CEFA6D4F8D4261A067C | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-file-l1-1-0.dll | executable | |
MD5:9383F2D137B9A23B858AF26979973F90 | SHA256:316CDC6B0993217DE0FBDF2D481E907955A7F7D552171D4ECE7469C7281F6781 | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-memory-l1-1-0.dll | executable | |
MD5:DBFC2D434F864455F4F1C2257D050940 | SHA256:2A76304FBFA3869F152CA955CA76864897409289C0B60EA8FD3C314F4C56ABA6 | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-libraryloader-l1-1-0.dll | executable | |
MD5:F84DD01E37844165EF8CD0DF2D0B45A4 | SHA256:2C3F5F8E9861B05F734DE06A6AC27696DA2DB6193EE003FB62561B6859AFDE11 | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\api-ms-win-core-heap-l1-1-0.dll | executable | |
MD5:483FF5DFE47A187010B9247799EEB174 | SHA256:2AD76AE13FA4BD279F1779312BC2E62D048C9CBB6A528E65B968DFE7431DFEAE | |||
2436 | Dosia.exe | C:\Users\admin\AppData\Local\Temp\_MEI24362\_ssl.pyd | executable | |
MD5:411AE4B3C3ACDD207570576ABE296E01 | SHA256:4766EC375DAD3E2106EEEECC6E2069B7D99E1D7691241735B0EBB39564FE339F |