File name: | Manager.exe |
Full analysis: | https://app.any.run/tasks/7823c52d-b35b-41b6-b4df-8c7e113f41a5 |
Verdict: | Malicious activity |
Analysis date: | November 15, 2018, 07:54:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows |
MD5: | 20E2BEBE718A5B4A2266B9EDCC413B08 |
SHA1: | B60C6C3A9D9C8479F2336073580339316DBE533F |
SHA256: | 8F03AE3BC7542A4B9CB37A288635A471E0706AD1A70CBE2A9CBF5C2D25CA52E7 |
SSDEEP: | 12288:azuBWUQbt0zuBWUQbtzvXH/zuBWUQbt6urWzuBWUQbtiiVYIWxx0mqU1bP8AruBw:agWUJgWUCPfgWU3fgWUkMx0mqKzIWU |
.exe | | | Generic CIL Executable (.NET, Mono, etc.) (55.8) |
---|---|---|
.exe | | | Win64 Executable (generic) (21) |
.scr | | | Windows screen saver (9.9) |
.dll | | | Win32 Dynamic Link Library (generic) (5) |
.exe | | | Win32 Executable (generic) (3.4) |
MachineType: | Intel 386 or later, and compatibles |
---|---|
TimeStamp: | 2018:11:03 00:59:33+01:00 |
PEType: | PE32 |
LinkerVersion: | 11 |
CodeSize: | 1042944 |
InitializedDataSize: | 191488 |
UninitializedDataSize: | - |
EntryPoint: | 0x1008de |
OSVersion: | 4 |
ImageVersion: | - |
SubsystemVersion: | 4 |
Subsystem: | Windows GUI |
FileVersionNumber: | 1.0.0.0 |
ProductVersionNumber: | 1.0.0.0 |
FileFlagsMask: | 0x003f |
FileFlags: | (none) |
FileOS: | Win32 |
ObjectFileType: | Executable application |
FileSubtype: | - |
LanguageCode: | Neutral |
CharacterSet: | Unicode |
FileDescription: | Traffic Generator |
FileVersion: | 1.0.0.0 |
InternalName: | Traffic Generator.exe |
LegalCopyright: | Copyright © 2018 |
OriginalFileName: | Traffic Generator.exe |
ProductName: | Traffic Generator |
ProductVersion: | 1.0.0.0 |
AssemblyVersion: | 1.0.0.0 |
Architecture: | IMAGE_FILE_MACHINE_I386 |
---|---|
Subsystem: | IMAGE_SUBSYSTEM_WINDOWS_GUI |
Compilation Date: | 02-Nov-2018 23:59:33 |
Debug artifacts: |
|
FileDescription: | Traffic Generator |
FileVersion: | 1.0.0.0 |
InternalName: | Traffic Generator.exe |
LegalCopyright: | Copyright © 2018 |
OriginalFilename: | Traffic Generator.exe |
ProductName: | Traffic Generator |
ProductVersion: | 1.0.0.0 |
Assembly Version: | 1.0.0.0 |
Magic number: | MZ |
---|---|
Bytes on last page of file: | 0x0090 |
Pages in file: | 0x0003 |
Relocations: | 0x0000 |
Size of header: | 0x0004 |
Min extra paragraphs: | 0x0000 |
Max extra paragraphs: | 0xFFFF |
Initial SS value: | 0x0000 |
Initial SP value: | 0x00B8 |
Checksum: | 0x0000 |
Initial IP value: | 0x0000 |
Initial CS value: | 0x0000 |
Overlay number: | 0x0000 |
OEM identifier: | 0x0000 |
OEM information: | 0x0000 |
Address of NE header: | 0x00000080 |
Signature: | PE |
---|---|
Machine: | IMAGE_FILE_MACHINE_I386 |
Number of sections: | 4 |
Time date stamp: | 02-Nov-2018 23:59:33 |
Pointer to Symbol Table: | 0x00000000 |
Number of symbols: | 0 |
Size of Optional Header: | 0x00E0 |
Characteristics: |
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00002000 | 0x000FE8E4 | 0x000FEA00 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ | 6.7094 |
.sdata | 0x00102000 | 0x000000B5 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE | 2.60468 |
.rsrc | 0x00104000 | 0x0002E740 | 0x0002E800 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ | 6.14136 |
.reloc | 0x00134000 | 0x0000000C | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ | 0.0815394 |
Title | Entropy | Size | Codepage | Language | Type |
---|---|---|---|---|---|
1 | 3.28119 | 752 | UNKNOWN | UNKNOWN | RT_VERSION |
2 | 7.97863 | 27038 | UNKNOWN | UNKNOWN | RT_ICON |
3 | 5.25007 | 67624 | UNKNOWN | UNKNOWN | RT_ICON |
4 | 5.60223 | 38056 | UNKNOWN | UNKNOWN | RT_ICON |
5 | 5.61133 | 21640 | UNKNOWN | UNKNOWN | RT_ICON |
6 | 5.61127 | 16936 | UNKNOWN | UNKNOWN | RT_ICON |
7 | 5.70058 | 9640 | UNKNOWN | UNKNOWN | RT_ICON |
8 | 5.7741 | 4264 | UNKNOWN | UNKNOWN | RT_ICON |
9 | 5.87385 | 2440 | UNKNOWN | UNKNOWN | RT_ICON |
10 | 5.57494 | 1128 | UNKNOWN | UNKNOWN | RT_ICON |
mscoree.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3260 | "C:\Users\admin\AppData\Local\Temp\Manager.exe" | C:\Users\admin\AppData\Local\Temp\Manager.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: Traffic Generator Exit code: 0 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3260 | Manager.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@atwebmarket[1].txt | text | |
MD5:E668EFE4669D4973E1C7F1662DE1328B | SHA256:E9490FA27C9974B36F8649E2CD14371D0972CBF36A8F3DF3BD9B913D55652A73 | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\css[1].txt | text | |
MD5:2A4E7699AF9F514D727A0D54ED8ED190 | SHA256:E4590AD58189FD6198F38D6015E59039B1A7E298491A3555BFBB745F7F05F7C0 | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\style[1].css | text | |
MD5:461F476B04B1BA88314205CF71EF8ADE | SHA256:6A520F5FC7830D639628E90D82C4AF4550ED63862EC634918C6E488DD9075705 | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\woocommerce[1].css | text | |
MD5:5C6D2EC45500905D5F28153689F962EA | SHA256:F3E93CF12A6B8770951B213255BB9B043CE9713805DFD518E20382DBE1FBF330 | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D2YPIJ90\product-reviews-pro[1].css | text | |
MD5:8937A81D5B90FD15D200C635D672C4E6 | SHA256:F21BEE773050C930AE6EE85BBF604F00E0AF0BE75290CBB0187ACF95E1FBFB8D | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\atwebmarket_com[1].txt | html | |
MD5:6E02E97E313FDEBBBB95A26304FD4AD3 | SHA256:B52C07F79E27254A5A81100DA8D0882E03196BF007BB68EC87F0045D2FAA4131 | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\style[1].css | text | |
MD5:6B61C8B18EEE949C3A014610FD9A375C | SHA256:899CF1DE7B705DD61242FC080278373DE5ACA1E224B5B072C1D02475E323A425 | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\frontend[1].css | text | |
MD5:9B1360FF626CE99676D76E7235A7F4B9 | SHA256:1614F0FEF6249951C7030DD2261DB7771A1243339D0F565D3C8BA19E6074BB32 | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\wc-memberships-frontend.min[1].css | text | |
MD5:E8DD2DE61D735245356CC46C8DD80B7D | SHA256:E2785FCF8AB267453A920B4AAAF792CDB366885375AAEA3EA1B136F3B150D2A6 | |||
3260 | Manager.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UU90R59\memberships[1].css | text | |
MD5:29D7E7FB1E31EB7750F22B3A7ADCA9B7 | SHA256:45677F0B370CFABDC0568B00BE2467A689C65FE91A4080255CEBED3AF0C598B8 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3260 | Manager.exe | 216.58.206.10:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
3260 | Manager.exe | 216.58.206.3:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
3260 | Manager.exe | 192.254.233.247:443 | atwebmarket.com | Unified Layer | US | unknown |
Domain | IP | Reputation |
---|---|---|
atwebmarket.com |
| unknown |
ajax.googleapis.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |