Windows
Analysis Report
tatuJHXSR4.exe
Overview
General Information
Sample name: | tatuJHXSR4.exerenamed because original name is a hash value |
Original sample name: | 2a5f40e3ee04057e88c8b794ff258fd4.exe |
Analysis ID: | 1416003 |
MD5: | 2a5f40e3ee04057e88c8b794ff258fd4 |
SHA1: | 590e7f9870f13c8a2c060a6f2cb1bdf97901605c |
SHA256: | 30e8530fe027064f03f21e5dfc5d560338f8781c8133885b223ff3456ff16b65 |
Tags: | 64exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- tatuJHXSR4.exe (PID: 7304 cmdline:
"C:\Users\ user\Deskt op\tatuJHX SR4.exe" MD5: 2A5F40E3EE04057E88C8B794FF258FD4) - BitLockerToGo.exe (PID: 7620 cmdline:
C:\Windows \BitLocker DiscoveryV olumeConte nts\BitLoc kerToGo.ex e MD5: A64BEAB5D4516BECA4C40B25DC0C1CD8)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["pillowbrocccolipe.shop", "communicationgenerwo.shop", "diskretainvigorousiw.shop", "affordcharmcropwo.shop", "dismissalcylinderhostw.shop", "enthusiasimtitleow.shop", "worryfillvolcawoi.shop", "cleartotalfisherwo.shop", "communicationgenerwo.shop"], "Build id": "uYY3NI--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 6_2_007657B1 |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Directory queried: |
Source: | Code function: | 6_2_00759750 | |
Source: | Code function: | 6_2_00759750 | |
Source: | Code function: | 6_2_007667E0 | |
Source: | Code function: | 6_2_0076DC00 | |
Source: | Code function: | 6_2_0076DC00 | |
Source: | Code function: | 6_2_00763CF3 | |
Source: | Code function: | 6_2_00765DA9 | |
Source: | Code function: | 6_2_00765DA9 | |
Source: | Code function: | 6_2_00764075 | |
Source: | Code function: | 6_2_0076A181 | |
Source: | Code function: | 6_2_0078426F | |
Source: | Code function: | 6_2_0076A2B9 | |
Source: | Code function: | 6_2_00759290 | |
Source: | Code function: | 6_2_0076A31D | |
Source: | Code function: | 6_2_0077E570 | |
Source: | Code function: | 6_2_00787500 | |
Source: | Code function: | 6_2_00769732 | |
Source: | Code function: | 6_2_00766729 | |
Source: | Code function: | 6_2_007718A0 | |
Source: | Code function: | 6_2_0076A9F4 | |
Source: | Code function: | 6_2_0076F990 | |
Source: | Code function: | 6_2_0076CBF0 | |
Source: | Code function: | 6_2_00784BF0 | |
Source: | Code function: | 6_2_00771BC5 | |
Source: | Code function: | 6_2_00764C63 | |
Source: | Code function: | 6_2_00784C45 | |
Source: | Code function: | 6_2_00752CF0 | |
Source: | Code function: | 6_2_00786CA0 | |
Source: | Code function: | 6_2_0075CD10 | |
Source: | Code function: | 6_2_00764EA3 | |
Source: | Code function: | 6_2_00758FE0 | |
Source: | Code function: | 6_2_00772FA5 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 6_2_0077A1C0 |
Source: | Code function: | 6_2_0077A1C0 |
Source: | Code function: | 6_2_0077A3A0 |
Source: | Code function: | 6_2_00764160 | |
Source: | Code function: | 6_2_00765280 | |
Source: | Code function: | 6_2_00783316 | |
Source: | Code function: | 6_2_0076447E | |
Source: | Code function: | 6_2_00765465 | |
Source: | Code function: | 6_2_00766430 | |
Source: | Code function: | 6_2_00786500 | |
Source: | Code function: | 6_2_007866E0 | |
Source: | Code function: | 6_2_007878F0 | |
Source: | Code function: | 6_2_007838D4 | |
Source: | Code function: | 6_2_00768890 | |
Source: | Code function: | 6_2_00786920 | |
Source: | Code function: | 6_2_00764A59 | |
Source: | Code function: | 6_2_00786A40 | |
Source: | Code function: | 6_2_00768AC0 | |
Source: | Code function: | 6_2_00770B61 | |
Source: | Code function: | 6_2_0076DC00 | |
Source: | Code function: | 6_2_00786D30 | |
Source: | Code function: | 6_2_00786E40 | |
Source: | Code function: | 6_2_00783E33 | |
Source: | Code function: | 6_2_00783E87 | |
Source: | Code function: | 6_2_00781F90 | |
Source: | Code function: | 6_2_0076902E | |
Source: | Code function: | 6_2_0076D000 | |
Source: | Code function: | 6_2_00787160 | |
Source: | Code function: | 6_2_00780260 | |
Source: | Code function: | 6_2_007822E0 | |
Source: | Code function: | 6_2_007662B0 | |
Source: | Code function: | 6_2_0076A2B9 | |
Source: | Code function: | 6_2_00762384 | |
Source: | Code function: | 6_2_0076A46F | |
Source: | Code function: | 6_2_00787500 | |
Source: | Code function: | 6_2_007825E0 | |
Source: | Code function: | 6_2_0076C6C0 | |
Source: | Code function: | 6_2_00782740 | |
Source: | Code function: | 6_2_00769732 | |
Source: | Code function: | 6_2_007627DB | |
Source: | Code function: | 6_2_00782850 | |
Source: | Code function: | 6_2_0076C820 | |
Source: | Code function: | 6_2_00782980 | |
Source: | Code function: | 6_2_00782A90 | |
Source: | Code function: | 6_2_00786B70 | |
Source: | Code function: | 6_2_00783EE2 | |
Source: | Code function: | 6_2_0076FF68 |
Source: | Code function: | 6_2_00754750 | |
Source: | Code function: | 6_2_00751710 | |
Source: | Code function: | 6_2_0076DC00 | |
Source: | Code function: | 6_2_00756070 | |
Source: | Code function: | 6_2_0076902E | |
Source: | Code function: | 6_2_00780010 | |
Source: | Code function: | 6_2_00751000 | |
Source: | Code function: | 6_2_0076D000 | |
Source: | Code function: | 6_2_00787160 | |
Source: | Code function: | 6_2_00775152 | |
Source: | Code function: | 6_2_00760180 | |
Source: | Code function: | 6_2_007532B0 | |
Source: | Code function: | 6_2_00755300 | |
Source: | Code function: | 6_2_00787500 | |
Source: | Code function: | 6_2_00756650 | |
Source: | Code function: | 6_2_00769732 | |
Source: | Code function: | 6_2_00758820 | |
Source: | Code function: | 6_2_007788D9 | |
Source: | Code function: | 6_2_0077697D | |
Source: | Code function: | 6_2_00773992 | |
Source: | Code function: | 6_2_00782A90 | |
Source: | Code function: | 6_2_00757BF0 | |
Source: | Code function: | 6_2_00753D10 | |
Source: | Code function: | 6_2_00774DE2 | |
Source: | Code function: | 6_2_00752EA0 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary string: |
Source: | Classification label: |
Source: | Code function: | 6_2_0077802C |
Source: | File created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: |
Source: | Code function: | 6_3_00CF66CE | |
Source: | Code function: | 6_3_00CF66CE | |
Source: | Code function: | 6_3_00CF66CE | |
Source: | Code function: | 6_3_00CF66CA | |
Source: | Code function: | 6_3_00CF66CA | |
Source: | Code function: | 6_3_00CF66CA | |
Source: | Code function: | 6_3_00CF52DE | |
Source: | Code function: | 6_3_00CF52DE | |
Source: | Code function: | 6_3_00CF52DE | |
Source: | Code function: | 6_3_00CF52DA | |
Source: | Code function: | 6_3_00CF52DA | |
Source: | Code function: | 6_3_00CF52DA | |
Source: | Code function: | 6_3_00CF5126 | |
Source: | Code function: | 6_3_00CF5126 | |
Source: | Code function: | 6_3_00CF5126 | |
Source: | Code function: | 6_3_00CF529E | |
Source: | Code function: | 6_3_00CF529E | |
Source: | Code function: | 6_3_00CF529E | |
Source: | Code function: | 6_3_00CF589A | |
Source: | Code function: | 6_3_00CF589A | |
Source: | Code function: | 6_3_00CF589A | |
Source: | Code function: | 6_3_00CF52A2 | |
Source: | Code function: | 6_3_00CF52A2 | |
Source: | Code function: | 6_3_00CF52A2 | |
Source: | Code function: | 6_3_00CF567A | |
Source: | Code function: | 6_3_00CF567A | |
Source: | Code function: | 6_3_00CF567A | |
Source: | Code function: | 6_3_00CF5672 | |
Source: | Code function: | 6_3_00CF5672 | |
Source: | Code function: | 6_3_00CF5672 | |
Source: | Code function: | 6_3_00CF51CA |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | Directory queried: |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 311 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 111 Security Software Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 11 Virtualization/Sandbox Evasion | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 311 Process Injection | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 31 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Deobfuscate/Decode Files or Information | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 3 Obfuscated Files or Information | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
communicationgenerwo.shop | 172.67.166.251 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.166.251 | communicationgenerwo.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1416003 |
Start date and time: | 2024-03-26 18:22:09 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 36s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | tatuJHXSR4.exerenamed because original name is a hash value |
Original Sample Name: | 2a5f40e3ee04057e88c8b794ff258fd4.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/0@2/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
- Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, cdn.onenote.net, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target tatuJHXSR4.exe, PID 7304 because there are no executed function
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtCreateFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryDirectoryFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: tatuJHXSR4.exe
Time | Type | Description |
---|---|---|
18:23:26 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | MAC Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 6.342138892650738 |
TrID: |
|
File name: | tatuJHXSR4.exe |
File size: | 10'470'400 bytes |
MD5: | 2a5f40e3ee04057e88c8b794ff258fd4 |
SHA1: | 590e7f9870f13c8a2c060a6f2cb1bdf97901605c |
SHA256: | 30e8530fe027064f03f21e5dfc5d560338f8781c8133885b223ff3456ff16b65 |
SHA512: | 0d201a3c90f5ec338e9af66b1c2b50093c04b8b14039e8cd5437b96b2e5e0c729eb2a8001fcfbad78e290850b813adfb3aeef39d04a240ba657ccb3f3b27671d |
SSDEEP: | 98304:fGfgjfw8feH/u3v8/hTkYpEKA4CJj4DZ2Ig:fGp5W3v8/h4YqWceZW |
TLSH: | D0B64947FCA144E5C5EEC13089669216BB727C484B2127C73B60F7692F7ABD0AE7A350 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................$..C......T.............@....................................f.....`... ............................ |
Icon Hash: | 1430f482cac2c61d |
Entrypoint: | 0x1400014c0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x140000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, DEBUG_STRIPPED |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x0 [Thu Jan 1 00:00:00 1970 UTC] |
TLS Callbacks: | 0x40433660, 0x1, 0x40433630, 0x1, 0x404370d0, 0x1 |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 1 |
File Version Major: | 6 |
File Version Minor: | 1 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 1 |
Import Hash: | c595f1660e1a3c84f4d9b0761d23cd7a |
Instruction |
---|
dec eax |
sub esp, 28h |
dec eax |
mov eax, dword ptr [009B6015h] |
mov dword ptr [eax], 00000001h |
call 00007F546CF2A9BFh |
nop |
nop |
dec eax |
add esp, 28h |
ret |
nop dword ptr [eax] |
dec eax |
sub esp, 28h |
dec eax |
mov eax, dword ptr [009B5FF5h] |
mov dword ptr [eax], 00000000h |
call 00007F546CF2A99Fh |
nop |
nop |
dec eax |
add esp, 28h |
ret |
nop dword ptr [eax] |
dec eax |
sub esp, 28h |
call 00007F546D367C3Ch |
dec eax |
test eax, eax |
sete al |
movzx eax, al |
neg eax |
dec eax |
add esp, 28h |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
dec eax |
lea ecx, dword ptr [00000009h] |
jmp 00007F546CF2ACD9h |
nop dword ptr [eax+00h] |
ret |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
nop |
jmp dword ptr [eax] |
inc edi |
outsd |
and byte ptr [edx+75h], ah |
imul ebp, dword ptr [esp+20h], 203A4449h |
and cl, byte ptr [ebx+75h] |
push esp |
inc edi |
jo 00007F546CF2AD47h |
dec ebx |
inc ebx |
insd |
xor byte ptr [ecx+49h], cl |
dec ecx |
inc esi |
push 00000077h |
push edi |
push ebx |
jp 00007F546CF2AD31h |
jne 00007F546CF2AD7Ah |
outsd |
imul ecx, dword ptr [eax+32h], 58625970h |
pop edi |
dec edi |
push di |
dec eax |
dec esp |
das |
inc esp |
pop edi |
inc ebp |
xor dl, byte ptr [edi+62h] |
push edi |
dec edx |
pop edi |
xor byte ptr [edi+34h], dh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xa6d000 | 0x4e | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa6e000 | 0x1458 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa72000 | 0xe056 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x9b8000 | 0x1de38 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa81000 | 0x16978 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x9b6e40 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xa6e494 | 0x458 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x43dc00 | 0x43dc00 | 4d204adc3128543a03933ebab6a62a7e | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x43f000 | 0x76f30 | 0x77000 | 61bcbb499bb2b71a68743e8b4547066d | False | 0.3885631400997899 | dBase III DBT, version number 0, next free block index 10, 1st item "nNzJar+8KY+LPI6wiWrP/myHw=" | 5.600499607623445 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x4b6000 | 0x501c70 | 0x501e00 | b021c8f42fc513a4e3f09342ad0fd319 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
.pdata | 0x9b8000 | 0x1de38 | 0x1e000 | 6682d8d55c02004c2d47280e58157f3a | False | 0.39810384114583336 | data | 5.638546080934293 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
.xdata | 0x9d6000 | 0xc50 | 0xe00 | 979050a6b7bf6161154d748c100efafc | False | 0.2583705357142857 | data | 3.9945120572433783 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
.bss | 0x9d7000 | 0x952e0 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0xa6d000 | 0x4e | 0x200 | 07d4f7a3eb683855c6af60897a72395d | False | 0.08984375 | data | 0.6513844786319263 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ |
.idata | 0xa6e000 | 0x1458 | 0x1600 | e9a82f31e572d26076a408635fbd2166 | False | 0.29829545454545453 | data | 4.342722917773444 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.CRT | 0xa70000 | 0x70 | 0x200 | 229f13381e9bd504d71bde7b201dc7ec | False | 0.08203125 | data | 0.46601398182820153 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0xa71000 | 0x10 | 0x200 | bf619eac0cdf3f68d496ea9344137e8b | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xa72000 | 0xe056 | 0xe200 | fa3aa680db7c97fc632b574d278c3ac5 | False | 0.15486725663716813 | data | 2.509998495779265 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0xa81000 | 0x16978 | 0x16a00 | fed0f92e6b14a23efbd9ba9dcd66d328 | False | 0.21332225483425415 | data | 5.43066875103094 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0xa72370 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | 0.23655913978494625 | ||
RT_ICON | 0xa72658 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | 0.4222972972972973 | ||
RT_ICON | 0xa72780 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | 0.2667910447761194 | ||
RT_ICON | 0xa73628 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | 0.38402527075812276 | ||
RT_ICON | 0xa73ed0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | 0.5382947976878613 | ||
RT_ICON | 0xa74438 | 0xdb4 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.733751425313569 | ||
RT_ICON | 0xa751ec | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | 0.05018894662257912 | ||
RT_ICON | 0xa79414 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.06846473029045644 | ||
RT_ICON | 0xa7b9bc | 0x1a68 | Device independent bitmap graphic, 40 x 80 x 32, image size 6720 | 0.08505917159763314 | ||
RT_ICON | 0xa7d424 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.10858348968105065 | ||
RT_ICON | 0xa7e4cc | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.1569672131147541 | ||
RT_ICON | 0xa7ee54 | 0x6b8 | Device independent bitmap graphic, 20 x 40 x 32, image size 1680 | 0.20406976744186048 | ||
RT_ICON | 0xa7f50c | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.2429078014184397 | ||
RT_GROUP_ICON | 0xa7f974 | 0xbc | data | 0.6542553191489362 | ||
RT_VERSION | 0xa7fa30 | 0x2f4 | data | English | United States | 0.4576719576719577 |
RT_MANIFEST | 0xa7fd24 | 0x332 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.46943765281173594 |
DLL | Import |
---|---|
KERNEL32.dll | AddAtomA, AddVectoredContinueHandler, AddVectoredExceptionHandler, CloseHandle, CreateEventA, CreateFileA, CreateIoCompletionPort, CreateMutexA, CreateSemaphoreA, CreateThread, CreateWaitableTimerExW, DeleteAtom, DeleteCriticalSection, DuplicateHandle, EnterCriticalSection, ExitProcess, FindAtomA, FormatMessageA, FreeEnvironmentStringsW, GetAtomNameA, GetConsoleMode, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetEnvironmentStringsW, GetErrorMode, GetHandleInformation, GetLastError, GetProcAddress, GetProcessAffinityMask, GetQueuedCompletionStatusEx, GetStartupInfoA, GetStdHandle, GetSystemDirectoryA, GetSystemInfo, GetSystemTimeAsFileTime, GetThreadContext, GetThreadPriority, GetTickCount, InitializeCriticalSection, IsDBCSLeadByteEx, IsDebuggerPresent, LeaveCriticalSection, LoadLibraryExW, LoadLibraryW, LocalFree, MultiByteToWideChar, OpenProcess, OutputDebugStringA, PostQueuedCompletionStatus, QueryPerformanceCounter, QueryPerformanceFrequency, RaiseException, RaiseFailFastException, ReleaseMutex, ReleaseSemaphore, RemoveVectoredExceptionHandler, ResetEvent, ResumeThread, RtlLookupFunctionEntry, RtlVirtualUnwind, SetConsoleCtrlHandler, SetErrorMode, SetEvent, SetLastError, SetProcessAffinityMask, SetProcessPriorityBoost, SetThreadContext, SetThreadPriority, SetUnhandledExceptionFilter, SetWaitableTimer, Sleep, SuspendThread, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TryEnterCriticalSection, VirtualAlloc, VirtualFree, VirtualProtect, VirtualQuery, WaitForMultipleObjects, WaitForSingleObject, WerGetFlags, WerSetFlags, WideCharToMultiByte, WriteConsoleW, WriteFile, __C_specific_handler |
msvcrt.dll | ___lc_codepage_func, ___mb_cur_max_func, __getmainargs, __initenv, __iob_func, __lconv_init, __set_app_type, __setusermatherr, _acmdln, _amsg_exit, _beginthread, _beginthreadex, _cexit, _commode, _endthreadex, _errno, _fmode, _initterm, _lock, _memccpy, _onexit, _setjmp, _strdup, _ultoa, _unlock, abort, calloc, exit, fprintf, fputc, free, fwrite, localeconv, longjmp, malloc, memcpy, memmove, memset, printf, realloc, signal, strerror, strlen, strncmp, vfprintf, wcslen |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2024 18:23:27.891983986 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:27.892028093 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:27.892096043 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:27.911380053 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:27.911396980 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.135770082 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.135844946 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.155852079 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.155883074 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.156152010 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.205734968 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.225790024 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.225817919 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.225934982 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.667217970 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.667359114 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.667438984 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.672445059 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.672472000 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.672486067 CET | 49727 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.672492981 CET | 443 | 49727 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.684324026 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.684365988 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.684433937 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.684766054 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.684779882 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.885838032 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.885986090 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.887073040 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.887083054 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.887377977 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:28.888813019 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.888813019 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:28.888883114 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412426949 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412475109 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412509918 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412540913 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412580967 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412586927 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.412606001 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412620068 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.412642956 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412669897 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412669897 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.412683010 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.412803888 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.412906885 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.413075924 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.413101912 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.413110018 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.413151026 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.413167953 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.413175106 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.413547993 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.413553953 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.413979053 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.414216995 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.414376974 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.414397001 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.414418936 CET | 49729 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.414423943 CET | 443 | 49729 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.593039036 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.593091011 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.593307972 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.593568087 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.593580008 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.796722889 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.796808004 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.798113108 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.798130989 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.798388004 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:29.799680948 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.799823999 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:29.799858093 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.296804905 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.296946049 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.297086000 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.297863960 CET | 49730 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.297884941 CET | 443 | 49730 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.588450909 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.588495970 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.588567972 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.588871956 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.588890076 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.790688992 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.790801048 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.792198896 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.792213917 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.792503119 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.793894053 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.793894053 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.793936014 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:30.794027090 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:30.794034004 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.273519993 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.273699999 CET | 443 | 49731 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.273844004 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.273973942 CET | 49731 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.697478056 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.697515011 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.697680950 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.697937965 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.697948933 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.899907112 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.900027990 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.901257038 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.901263952 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.901523113 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.902731895 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.902892113 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.902921915 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:31.902983904 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:31.902992010 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:32.435430050 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:32.435573101 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:32.435646057 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:32.437331915 CET | 49732 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:32.437350035 CET | 443 | 49732 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:33.412810087 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:33.412838936 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:33.412902117 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:33.413238049 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:33.413253069 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:33.615912914 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:33.616044998 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:33.617394924 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:33.617402077 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:33.617728949 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:33.619112968 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:33.619251013 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:33.619273901 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.102233887 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.102359056 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.102441072 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.102603912 CET | 49733 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.102619886 CET | 443 | 49733 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.231576920 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.231620073 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.231731892 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.232069969 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.232080936 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.431498051 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.431567907 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.432931900 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.432944059 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.433187008 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.434506893 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.434561968 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.434571028 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.910912037 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.911041021 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:34.911962032 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:34.911962032 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.221478939 CET | 49734 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.221508980 CET | 443 | 49734 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.586797953 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.586838007 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.586931944 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.587243080 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.587255955 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.788011074 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.788093090 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.789378881 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.789387941 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.789637089 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.790930033 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.791840076 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.791873932 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.791981936 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.792020082 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.792174101 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.792216063 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.792361021 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.792395115 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.792542934 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.792581081 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.792731047 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.792761087 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.792772055 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.792783976 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.792910099 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.792937994 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.792962074 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.793086052 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.793124914 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.840231895 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.840502024 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.840550900 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.840579033 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.840599060 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:35.840646029 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:35.840676069 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:37.320141077 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:37.320280075 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Mar 26, 2024 18:23:37.320332050 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:37.320379972 CET | 49735 | 443 | 192.168.2.6 | 172.67.166.251 |
Mar 26, 2024 18:23:37.320400000 CET | 443 | 49735 | 172.67.166.251 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 26, 2024 18:23:27.789124012 CET | 59572 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 26, 2024 18:23:27.887204885 CET | 53 | 59572 | 1.1.1.1 | 192.168.2.6 |
Mar 26, 2024 18:23:40.255268097 CET | 64042 | 53 | 192.168.2.6 | 1.1.1.1 |
Mar 26, 2024 18:23:40.377813101 CET | 53 | 64042 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 26, 2024 18:23:27.789124012 CET | 192.168.2.6 | 1.1.1.1 | 0xa712 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 26, 2024 18:23:40.255268097 CET | 192.168.2.6 | 1.1.1.1 | 0x8ee7 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 26, 2024 18:23:27.887204885 CET | 1.1.1.1 | 192.168.2.6 | 0xa712 | No error (0) | 172.67.166.251 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 18:23:27.887204885 CET | 1.1.1.1 | 192.168.2.6 | 0xa712 | No error (0) | 104.21.83.19 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 18:23:40.377813101 CET | 1.1.1.1 | 192.168.2.6 | 0x8ee7 | No error (0) | 104.21.83.19 | A (IP address) | IN (0x0001) | false | ||
Mar 26, 2024 18:23:40.377813101 CET | 1.1.1.1 | 192.168.2.6 | 0x8ee7 | No error (0) | 172.67.166.251 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49727 | 172.67.166.251 | 443 | 7620 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:23:28 UTC | 272 | OUT | |
2024-03-26 17:23:28 UTC | 8 | OUT | |
2024-03-26 17:23:28 UTC | 822 | IN | |
2024-03-26 17:23:28 UTC | 7 | IN | |
2024-03-26 17:23:28 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49729 | 172.67.166.251 | 443 | 7620 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:23:28 UTC | 273 | OUT | |
2024-03-26 17:23:28 UTC | 49 | OUT | |
2024-03-26 17:23:29 UTC | 808 | IN | |
2024-03-26 17:23:29 UTC | 561 | IN | |
2024-03-26 17:23:29 UTC | 1369 | IN | |
2024-03-26 17:23:29 UTC | 1369 | IN | |
2024-03-26 17:23:29 UTC | 1369 | IN | |
2024-03-26 17:23:29 UTC | 1369 | IN | |
2024-03-26 17:23:29 UTC | 1369 | IN | |
2024-03-26 17:23:29 UTC | 1369 | IN | |
2024-03-26 17:23:29 UTC | 1369 | IN | |
2024-03-26 17:23:29 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49730 | 172.67.166.251 | 443 | 7620 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:23:29 UTC | 291 | OUT | |
2024-03-26 17:23:29 UTC | 12854 | OUT | |
2024-03-26 17:23:30 UTC | 810 | IN | |
2024-03-26 17:23:30 UTC | 22 | IN | |
2024-03-26 17:23:30 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49731 | 172.67.166.251 | 443 | 7620 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:23:30 UTC | 291 | OUT | |
2024-03-26 17:23:30 UTC | 15100 | OUT | |
2024-03-26 17:23:31 UTC | 810 | IN | |
2024-03-26 17:23:31 UTC | 22 | IN | |
2024-03-26 17:23:31 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49732 | 172.67.166.251 | 443 | 7620 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:23:31 UTC | 291 | OUT | |
2024-03-26 17:23:31 UTC | 15331 | OUT | |
2024-03-26 17:23:31 UTC | 4627 | OUT | |
2024-03-26 17:23:32 UTC | 812 | IN | |
2024-03-26 17:23:32 UTC | 22 | IN | |
2024-03-26 17:23:32 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49733 | 172.67.166.251 | 443 | 7620 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:23:33 UTC | 290 | OUT | |
2024-03-26 17:23:33 UTC | 5437 | OUT | |
2024-03-26 17:23:34 UTC | 814 | IN | |
2024-03-26 17:23:34 UTC | 22 | IN | |
2024-03-26 17:23:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49734 | 172.67.166.251 | 443 | 7620 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:23:34 UTC | 290 | OUT | |
2024-03-26 17:23:34 UTC | 1409 | OUT | |
2024-03-26 17:23:34 UTC | 814 | IN | |
2024-03-26 17:23:34 UTC | 22 | IN | |
2024-03-26 17:23:34 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49735 | 172.67.166.251 | 443 | 7620 | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-26 17:23:35 UTC | 292 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:35 UTC | 15331 | OUT | |
2024-03-26 17:23:37 UTC | 812 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 3 |
Start time: | 18:23:08 |
Start date: | 26/03/2024 |
Path: | C:\Users\user\Desktop\tatuJHXSR4.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff67e2a0000 |
File size: | 10'470'400 bytes |
MD5 hash: | 2A5F40E3EE04057E88C8B794FF258FD4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Go lang |
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 18:23:25 |
Start date: | 26/03/2024 |
Path: | C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe60000 |
File size: | 231'736 bytes |
MD5 hash: | A64BEAB5D4516BECA4C40B25DC0C1CD8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Execution Graph
Execution Coverage: | 15.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 50.8% |
Total number of Nodes: | 309 |
Total number of Limit Nodes: | 12 |
Graph
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00751710 Relevance: 10.6, Strings: 8, Instructions: 616COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00759750 Relevance: 10.4, Strings: 8, Instructions: 420COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00786500 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142nativememoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00768AC0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 334nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00754750 Relevance: 5.4, Strings: 4, Instructions: 435COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007866E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 146nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00786A40 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00768890 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 85nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007657B1 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 217encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00765DA9 Relevance: 2.8, Strings: 2, Instructions: 333COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00783E87 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00783EE2 Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00783E33 Relevance: 1.5, APIs: 1, Instructions: 17nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00763CF3 Relevance: 1.3, Strings: 1, Instructions: 16COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007667E0 Relevance: .4, Instructions: 428COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0077802C Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0077589C Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 94memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078342C Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00772354 Relevance: 3.6, APIs: 2, Instructions: 630COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00772357 Relevance: 3.6, APIs: 2, Instructions: 604COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0077188A Relevance: 3.6, APIs: 2, Instructions: 585COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00784848 Relevance: 1.6, APIs: 1, Instructions: 83memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00784996 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00783665 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007852CD Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781E00 Relevance: 1.5, APIs: 1, Instructions: 47memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781EE6 Relevance: 1.5, APIs: 1, Instructions: 45memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007804C2 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078464F Relevance: 1.5, APIs: 1, Instructions: 18libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076D000 Relevance: 19.9, APIs: 4, Strings: 7, Instructions: 605nativememoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00759290 Relevance: 15.4, Strings: 12, Instructions: 351COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00769732 Relevance: 14.1, APIs: 9, Instructions: 587nativelibrarymemoryCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076902E Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 432nativememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00787500 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 315nativememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007662B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95nativememoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007627DB Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95nativememoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078426F Relevance: 6.3, Strings: 5, Instructions: 54COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00786B70 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97nativememoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00758FE0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00755300 Relevance: 3.4, Strings: 2, Instructions: 864COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0077697D Relevance: 1.7, APIs: 1, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007788D9 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007718A0 Relevance: 1.5, Strings: 1, Instructions: 295COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00771BC5 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00756650 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076CBF0 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076A181 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00764075 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00786CA0 Relevance: 1.3, Strings: 1, Instructions: 42COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00784BF0 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00784C45 Relevance: 1.3, Strings: 1, Instructions: 12COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00757BF0 Relevance: .8, Instructions: 794COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007532B0 Relevance: .7, Instructions: 703COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00753D10 Relevance: .7, Instructions: 651COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00751000 Relevance: .5, Instructions: 539COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00756070 Relevance: .5, Instructions: 468COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00758820 Relevance: .3, Instructions: 348COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780010 Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00752CF0 Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00760180 Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00752EA0 Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00764EA3 Relevance: .1, Instructions: 119COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076F990 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0076A31D Relevance: .1, Instructions: 103COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00773992 Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0077E570 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00772FA5 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0075CD10 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00764C63 Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00766729 Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |