valkyrie logo
valkyrie logo
  • Download Threat Hunter Assessment Tool
DASHBOARD
  • Unknown File Hunter Scans
STATISTICS
SETTINGS
  • Summary
  • Static Analysis
  • Dynamic Analysis
  • Precise Detectors
  • Human Expert Analysis
  • File Details
Analyzing...
File Name:   crazydown.exe
SHA1:   e953cba0da973e377aa364b9dd08e03c530c2cc3
MD5:   31e8dd7f62b0d6210b603e64c438c120
First Seen Date:  2023-06-30 09:03:44.777618 ( 2023-06-30 09:03:44.777618 )
Number of Clients Seen:   7
Last Analysis Date:  2023-07-02 19:48:31.465734 ( 2023-07-02 19:48:31.465734 )
Human Expert Analysis Date:  2023-07-02 19:48:28.324233 ( 2023-07-02 19:48:28.324233 )
Human Expert Analysis Result:   Malware

Analysis Summary

Analysis Type Date Verdict
Signature Based Detection 2023-07-01 08:17:46.508928 Malware
Static Analysis Overall Verdict 2023-07-02 19:48:31.465734 No Threat Found help
Dynamic Analysis Overall Verdict 2023-07-02 19:48:31.465734 No Threat Found help
Precise Detectors Overall Verdict 2023-07-02 19:48:31.465734 No Match help
Human Expert Analysis Overall Verdict 2023-07-02 19:48:28.324233 Malware

Static Analysis

Static Analysis Overall Verdict Result
No Threat Found help
Detector Result
Optional Header LoaderFlags field is valued illegal Clean
Non-ascii or empty section names detected Clean
Illegal size of optional Header Clean
Packer detection on signature database Unknown help
Based on the sections entropy check! file is possibly packed Clean
Timestamp value suspicious Clean
Header Checksum is zero! Suspicious
Enrty point is outside the 1st(.code) section! Binary is possibly packed Clean
Optional Header NumberOfRvaAndSizes field is valued illegal Clean
Anti-vm present Clean
The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger Suspicious
TLS callback functions array detected Clean

Dynamic Analysis

Dynamic Analysis Overall Verdict Result
No Threat Found help
Suspicious Behaviors
Opens a file in a system directory
Has no visible windows

crazydown.exe tried to connect to some addresses pinned on the map below (click pins for more details):

Behavioral Information

LoadLibrary

imm32.dll

C:\Windows\system32\UXTHEME.dll

C:\Windows\system32\USERENV.dll

C:\Windows\system32\SETUPAPI.dll

API-MS-Win-Core-LocalRegistry-L1-1-0.dll

advapi32.dll

C:\Windows\system32\APPHELP.dll

C:\Windows\system32\PROPSYS.dll

ADVAPI32.dll

propsys.dll

C:\Windows\system32\DWMAPI.dll

C:\Windows\system32\CRYPTBASE.dll

C:\Windows\system32\OLEACC.dll

OLEACCRC.DLL

C:\Windows\system32\CLBCATQ.dll

C:\Windows\system32\NTMARTA.dll

C:\Windows\system32\SHFOLDER.dll

ole32.dll

comctl32.dll

SHELL32.dll

ntmarta.dll

C:\Windows\system32\IconCodecService.dll

WindowsCodecs.dll

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\System.dll

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\nsis7z.dll

api-ms-win-core-synch-l1-2-0

kernel32

api-ms-win-core-fibers-l1-1-1

api-ms-win-core-localization-l1-2-1

api-ms-win-appmodel-runtime-l1-1-2

CreateMutex

<NULL>

WriteFile

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\v8_context_snapshot.bin

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\fil.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\te.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ta.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\mr.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\tr.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\vk_swiftshader_icd.json

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\nsis7z.dll

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\chrome_100_percent.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\zh-CN.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\es-419.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\LICENSE.electron.txt

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\browser.js

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\en-US.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\pt-BR.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\et.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ko.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\it.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\app-64.7z

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\sk.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ca.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\sl.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\fi.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\linux\xsel

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\linux.js

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\cs.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\linux

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\id.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\icudtl.dat

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\bg.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\gu.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ja.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\sw.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\en-GB.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\pl.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\de.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\am.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\fr.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\nb.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\kn.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\package.json

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\el.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\th.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\fallbacks\windows

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\vi.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\license

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\System.dll

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ml.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\libGLESv2.dll

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\hu.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\es.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\zh-TW.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\termux.js

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ur.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ru.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\macos.js

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\bn.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\ffmpeg.dll

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\sv.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\libEGL.dll

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\uk.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\chrome_200_percent.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ms.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\LICENSES.chromium.html

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\lib\windows.js

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ar.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\sr.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\ro.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\pt-PT.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\fa.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\nl.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\da.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\snapshot_blob.bin

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\lt.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy\index.js

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\resources\app.asar.unpacked\node_modules\clipboardy

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\hr.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\af.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\lv.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\he.pak

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\7z-out\locales\hi.pak

ReadFile

C:\crazydown.exe

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\System.dll

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\app-64.7z

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp\nsis7z.dll

QueryFilePath

C:\crazydown.exe

DeleteFile

C:\Users\win7\AppData\Local\Temp\nsw7100.tmp

C:\Users\win7\AppData\Local\Temp\nsb716E.tmp

Precise Detectors Analysis Results

Detector Name Date Verdict Reason
Static Precise PUA Detector 1 2023-07-01 08:17:46.994667 No Match help NotDetected
Static Precise PUA Detector 4 2023-07-01 08:17:47.032692 No Match help NotDetected
Static Precise NI Detector 3 2023-07-01 08:17:47.107794 No Match help NotDetected
Static Precise PUA Detector 5 2023-07-01 08:17:47.158268 No Match help NotDetected
Static Precise Trojan Detector 1 2023-07-01 08:17:47.162204 No Match help NotDetected
Static Precise Trojan Detector 3 2023-07-01 08:17:47.168517 No Match help NotDetected
Static Precise PUA Detector 6 2023-07-01 08:17:47.202895 No Match help NotDetected
Static Precise Trojan Detector 12 2023-07-01 08:17:47.238611 No Match help NotDetected
Static Precise Virus Detector 1 2023-07-01 08:17:47.271953 No Match help NotDetected
Static Precise Virus Detector 2 2023-07-01 08:17:47.257873 No Match help NotDetected
Static Precise Trojan Detector 13 2023-07-01 08:17:47.308007 No Match help NotDetected
Static Precise PUA Detector 2 2023-07-01 08:17:47.325704 No Match help NotDetected

Advance Heuristics

No Advanced Heuristic Analysis Result Received

Detector Result

Human Expert Analysis Results

Analysis Start Date:   2023-06-30 10:06:26.559369 ( 2023-06-30 10:06:26.559369 )
Analysis End Date:  2023-07-02 19:48:28.324233 ( 2023-07-02 19:48:28.324233 )
File Upload Date:  2023-06-30 09:02:44.720154 ( 2023-06-30 09:02:44.720154 )
Update Date:  2023-07-02 19:48:29.165444 ( 2023-07-02 19:48:29.165444 )
Human Expert Analyst Feedback:  
Verdict:   Malware
Malware Family:  
Malware Type:   0

Additional File Information

Vendor Validation

Certificate Validation

PE Headers

Property Value

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy MD5

PE Imports

PE Exports

PE Resources

© Verdict Cloud, Xcitium, Inc. 2025. All rights reserved. v1.49.0-72-ENT
 
 
 
 
Loading...