Xcitium Cloud Verdict

Information Discovery

Reads data out of its own binary image Show sources

api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x00052d01, length: 0x0000e000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0006085c, length: 0x0000b000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0006b6ff, length: 0x00014000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0007f3b2, length: 0x0001e000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0009c6bd, length: 0x00007000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x000a3604, length: 0x00016000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x000b8b8b, length: 0x00005000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x000bcecc, length: 0x0000a000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x000c6124, length: 0x00010000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x000d60df, length: 0x00023000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x000f8728, length: 0x00059000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x00151700, length: 0x0025c000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x003acddb, length: 0x00141000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x004edc2b, length: 0x0003d000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0052a6a1, length: 0x00006000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0052fd2d, length: 0x001e5000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x00713fcd, length: 0x00005000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x00718145, length: 0x00064000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0077bc61, length: 0x0003f000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x007ba5f6, length: 0x00034000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x007ee056, length: 0x0003b000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0082819e, length: 0x00026000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0084d329, length: 0x00001000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0084d331, length: 0x00001000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0084d33d, length: 0x00001000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0084d3cc, length: 0x00001000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0084e341, length: 0x00001000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0084e661, length: 0x00001000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0084ed24, length: 0x00002000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x0084fff8, length: 0x00001000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x00850062, length: 0x00001000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x009dc843, length: 0x00002000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x009de04b, length: 0x000007f8
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2272, offset: 0x009de7eb, length: 0x00000058
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2472, offset: 0x009dc843, length: 0x00002000
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2472, offset: 0x009de04b, length: 0x000007f8
api_process_name	process: 45b63e00c568632d21828d652ee538085ad64e11.exe, pid: 2472, offset: 0x009de7eb, length: 0x00000058

Spam, Unwanted Advertisements and Ransom Demands

Writes a potential ransom message to disk Show sources

file_write

METADATA

File Name: d191af7816640acd232d85dff54294cf0890d15d6d5d2c0fdfaa95babccf9a6c.exe

File Type: PE32+ executable (GUI) x86-64, for MS Windows

SHA1: 45b63e00c568632d21828d652ee538085ad64e11

MD5: 3affbe6f0688c8a598fef9d8bcef1c6b