File name:

fgdump.exe

Full analysis: https://app.any.run/tasks/b85a0852-15fc-45d0-98a3-025821c0a4ee
Verdict: No threats detected
Analysis date: May 01, 2020, 13:17:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (console) Intel 80386, for MS Windows
MD5:

0762764E298C369A2DE8AFAEC5174ED9

SHA1:

EC932D26A059A188AF6320B8CA76CE6E609F4878

SHA256:

A6CAD2D0F8DC05246846D2A9618FC93B7D97681331D5826F8353E7C3A3206E86

SSDEEP:

12288:ED7lxIXgij3qi3MAxGQ3BdOukFfY+F1ldsui3hBTo:EEXjj3qgPGQ3BVkpY+F1ldsui37To

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • pwdump.exe (PID: 3600)
      • cachedump.exe (PID: 1756)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • fgdump.exe (PID: 4052)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2008:05:02 00:38:49+02:00
PEType: PE32
LinkerVersion: 7.1
CodeSize: 90112
InitializedDataSize: 888832
UninitializedDataSize: -
EntryPoint: 0xdd80
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows command line
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0017
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
CompanyName: Foofus Networking (www.foofus.net)
FileDescription: fgdump
FileVersion: 1, 0, 0, 0
InternalName: fgdump
LegalCopyright: Copyright (C) 2008 Foofus Networking (www.foofus.net)
LegalTrademarks: Licensed under the GPL - see COPYING for more information
OriginalFileName: fgdump.exe
ProductName: fgdump 1.x
ProductVersion: 1, 0, 0, 0

Summary

Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_CUI
Compilation Date: 01-May-2008 22:38:49
Detected languages:
  • English - United States
Debug artifacts:
  • c:\source\fgdump\Release\fgdump.pdb
CompanyName: Foofus Networking (www.foofus.net)
FileDescription: fgdump
FileVersion: 1, 0, 0, 0
InternalName: fgdump
LegalCopyright: Copyright (C) 2008 Foofus Networking (www.foofus.net)
LegalTrademarks: Licensed under the GPL - see COPYING for more information
OriginalFilename: fgdump.exe
ProductName: fgdump 1.x
ProductVersion: 1, 0, 0, 0

DOS Header

Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000E8

PE Headers

Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 4
Time date stamp: 01-May-2008 22:38:49
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:
  • IMAGE_FILE_32BIT_MACHINE
  • IMAGE_FILE_EXECUTABLE_IMAGE
  • IMAGE_FILE_LINE_NUMS_STRIPPED
  • IMAGE_FILE_LOCAL_SYMS_STRIPPED
  • IMAGE_FILE_RELOCS_STRIPPED

Sections

Name
Virtual Address
Virtual Size
Raw Size
Charateristics
Entropy
.text
0x00001000
0x000157D9
0x00016000
IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
6.48027
.rdata
0x00017000
0x0000734E
0x00008000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
4.935
.data
0x0001F000
0x00002818
0x00001000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
2.76777
.rsrc
0x00022000
0x000CD9F8
0x000CE000
IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
6.18884

Resources

Title
Entropy
Size
Codepage
Language
Type
1
3.41546
964
UNKNOWN
English - United States
RT_VERSION
130
5.94976
57344
UNKNOWN
English - United States
BIN
149
5.3728
49152
UNKNOWN
English - United States
BIN
174
6.24311
174080
UNKNOWN
English - United States
BIN
175
6.42295
126976
UNKNOWN
English - United States
BIN
176
6.1769
80896
UNKNOWN
English - United States
BIN
177
5.74017
77824
UNKNOWN
English - United States
BIN
178
6.25097
147456
UNKNOWN
English - United States
BIN
179
5.9317
69632
UNKNOWN
English - United States
BIN
180
5.9629
57344
UNKNOWN
English - United States
BIN

Imports

ADVAPI32.dll
KERNEL32.dll
MPR.dll
NETAPI32.dll
USER32.dll
ole32.dll
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start fgdump.exe pwdump.exe no specs cachedump.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1756 -vC:\Users\admin\AppData\Local\Temp\cachedump.exefgdump.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
5
Modules
Images
c:\users\admin\appdata\local\temp\cachedump.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3600 -o "C:\Users\admin\AppData\Local\Temp\127.0.0.1.pwdump" -u "(null)" -p "(null)" 127.0.0.1C:\Users\admin\AppData\Local\Temp\pwdump.exefgdump.exe
User:
admin
Company:
Foofus Networking
Integrity Level:
MEDIUM
Exit code:
0
Version:
1, 7, 0, 0
Modules
Images
c:\users\admin\appdata\local\temp\pwdump.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\rpcrt4.dll
4052"C:\Users\admin\AppData\Local\Temp\fgdump.exe" C:\Users\admin\AppData\Local\Temp\fgdump.exe
explorer.exe
User:
admin
Company:
Foofus Networking (www.foofus.net)
Integrity Level:
MEDIUM
Description:
fgdump
Exit code:
0
Version:
1, 0, 0, 0
Modules
Images
c:\users\admin\appdata\local\temp\fgdump.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\netutils.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\srvcli.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wkscli.dll
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
9
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\pwdump.exeexecutable
MD5:F959F07A120D759DDD1AE4AA9FF32C75
SHA256:3C796092F42A948018C3954F837B4047899105845019FCE75A6E82BC99317982
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\lsremora.dllexecutable
MD5:618E588A8CCFA331DAB8279A82A3E2D9
SHA256:E0327C1218FD3723E20ACC780E20135F41ABCA35C35E0F97F7ECCAC265F4F44E
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\fgexec.exeexecutable
MD5:A761BEA93C900044B9E67364F3C7B06F
SHA256:8697897BEE415F213CE7BC24F22C14002D660B8AAFFAB807490DDBF4F3F20249
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\cachedump.exeexecutable
MD5:9DE5B79050879AF333D8A0EC555D6B57
SHA256:CF58CA5BF8C4F87BB67E6A4E1FB9E8BADA50157DACBD08A92A4A779E40D569C4
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\2020-05-01-13-17-30.fgdump-logtext
MD5:
SHA256:
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\pstgdump.exeexecutable
MD5:9DFB61C0601EB935872D9A0639C44110
SHA256:368C10795DE10E988381B5DE5C7CD8B2D4B9718DCD4E5590ADC2556CBE9D13C1
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\servpw.exeexecutable
MD5:3D7C06D9A0151E6C1433D61988CBE9F2
SHA256:0F340B471EF34C69F5413540ACD3095C829FFC4DF38764E703345EB5E5020301
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\servpw64.exeexecutable
MD5:981E82F907D1943F3EE06E05AECF7C31
SHA256:97B39AC28794A7610ED83AD65E28C605397EA7BE878109C35228C126D43E2F46
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\lsremora64.dllexecutable
MD5:3FED6DC4BA33DF1EADCBC50D88DCEF7A
SHA256:EFA66F6391EC471CA52CD053159C8A8778F11F921DA14E6DAF76387F8C9AFCD5
4052fgdump.exeC:\Users\admin\AppData\Local\Temp\2020-05-01-13-17-30.failedtext
MD5:BF93019015BA55BE6578E09F4B52845D
SHA256:6CDEC6F96D5547C3492A6CE7FA4C5A56A1699D8F1B8A731686CDC65ED347BBF9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
fgdump.exe