Windows
Analysis Report
JtBBqKs53G.exe
Overview
General Information
Sample name: | JtBBqKs53G.exerenamed because original name is a hash value |
Original sample name: | c4ec38ae5ddce37cb56b4c6d88bee7c3.exe |
Analysis ID: | 1416895 |
MD5: | c4ec38ae5ddce37cb56b4c6d88bee7c3 |
SHA1: | ad97d501d7d2dc64f23ba989139fac33f4dbdec4 |
SHA256: | d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2 |
Tags: | 32exeGCleanertrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- JtBBqKs53G.exe (PID: 6960 cmdline:
"C:\Users\ user\Deskt op\JtBBqKs 53G.exe" MD5: C4EC38AE5DDCE37CB56B4C6D88BEE7C3) - WerFault.exe (PID: 1472 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -pss -s 456 -p 69 60 -ip 696 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4364 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 960 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 2016 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 960 -s 720 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 3300 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 960 -s 792 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4044 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 960 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 3172 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 960 -s 980 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 2524 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 960 -s 102 0 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 5928 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 960 -s 134 4 MD5: C31336C1EFC2CCB44B4326EA793040F2) - cmd.exe (PID: 1472 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /im "JtB BqKs53G.ex e" /f & er ase "C:\Us ers\user\D esktop\JtB BqKs53G.ex e" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 1016 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 1088 cmdline:
taskkill / im "JtBBqK s53G.exe" /f MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - WerFault.exe (PID: 5708 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 960 -s 146 4 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
GCleaner | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
Click to see the 1 entries |
Timestamp: | 03/28/24-09:11:05.860144 |
SID: | 2856233 |
Source Port: | 49715 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Source: | Code function: | 0_2_00415802 | |
Source: | Code function: | 0_2_02765A69 |
Networking |
---|
Source: | Snort IDS: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00404610 | |
Source: | Code function: | 0_2_00409810 | |
Source: | Code function: | 0_2_00418101 | |
Source: | Code function: | 0_2_00413C09 | |
Source: | Code function: | 0_2_00413414 | |
Source: | Code function: | 0_2_00421DEE | |
Source: | Code function: | 0_2_02759A77 | |
Source: | Code function: | 0_2_02768368 | |
Source: | Code function: | 0_2_02754877 | |
Source: | Code function: | 0_2_0276367B |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00D8E2DE |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_02754877 | |
Source: | Command line argument: | 0_2_02754877 | |
Source: | Command line argument: | 0_2_02754877 | |
Source: | Command line argument: | 0_2_02754877 |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00408541 | |
Source: | Code function: | 0_2_00D930C0 | |
Source: | Code function: | 0_2_00D930C0 | |
Source: | Code function: | 0_2_00D930C0 | |
Source: | Code function: | 0_2_00D8F07D | |
Source: | Code function: | 0_2_00D909D6 | |
Source: | Code function: | 0_2_00D912FF | |
Source: | Code function: | 0_2_00D9135A | |
Source: | Code function: | 0_2_00D904C1 | |
Source: | Code function: | 0_2_00D904FB | |
Source: | Code function: | 0_2_027641D7 | |
Source: | Code function: | 0_2_0276C678 | |
Source: | Code function: | 0_2_0276C6C9 | |
Source: | Code function: | 0_2_027647CE | |
Source: | Code function: | 0_2_027587A8 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | API coverage: |
Source: | Last function: |
Source: | Code function: | 0_2_00415802 | |
Source: | Code function: | 0_2_02765A69 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_0040C12B |
Source: | Code function: | 0_2_00411142 | |
Source: | Code function: | 0_2_0040C631 | |
Source: | Code function: | 0_2_00D8DBBB | |
Source: | Code function: | 0_2_027613A9 | |
Source: | Code function: | 0_2_0275C898 | |
Source: | Code function: | 0_2_0275092B | |
Source: | Code function: | 0_2_02750D90 |
Source: | Code function: | 0_2_00416A3F |
Source: | Process token adjusted: |
Source: | Code function: | 0_2_0040C12B | |
Source: | Code function: | 0_2_00407C46 | |
Source: | Code function: | 0_2_00408625 | |
Source: | Code function: | 0_2_004087B9 | |
Source: | Code function: | 0_2_02758A20 | |
Source: | Code function: | 0_2_0275C392 | |
Source: | Code function: | 0_2_0275888C | |
Source: | Code function: | 0_2_02757EAD |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Process created: |
Source: | Code function: | 0_2_00408823 |
Source: | Code function: | 0_2_004188F2 | |
Source: | Code function: | 0_2_0041893D | |
Source: | Code function: | 0_2_004189D8 | |
Source: | Code function: | 0_2_00411252 | |
Source: | Code function: | 0_2_00418A63 | |
Source: | Code function: | 0_2_00418CB6 | |
Source: | Code function: | 0_2_00418DDC | |
Source: | Code function: | 0_2_00418650 | |
Source: | Code function: | 0_2_00418EE2 | |
Source: | Code function: | 0_2_00411774 | |
Source: | Code function: | 0_2_00418FB1 | |
Source: | Code function: | 0_2_02769218 | |
Source: | Code function: | 0_2_02768B59 | |
Source: | Code function: | 0_2_02768BA4 | |
Source: | Code function: | 0_2_02769043 | |
Source: | Code function: | 0_2_027688B7 | |
Source: | Code function: | 0_2_02769149 | |
Source: | Code function: | 0_2_027619DB | |
Source: | Code function: | 0_2_02768F1D | |
Source: | Code function: | 0_2_02768C3F | |
Source: | Code function: | 0_2_02768CCA | |
Source: | Code function: | 0_2_027614B9 |
Source: | Code function: | 0_2_0040C9D1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 23 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Win32.Packed.Generic | ||
48% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1313018 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
25% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.172.128.90 | unknown | Russian Federation | 50916 | NADYMSS-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1416895 |
Start date and time: | 2024-03-28 09:10:05 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | JtBBqKs53G.exerenamed because original name is a hash value |
Original Sample Name: | c4ec38ae5ddce37cb56b4c6d88bee7c3.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@16/34@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92
- Excluded domains from analysis (whitelisted): client.wns.windows.com, onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
09:11:08 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.172.128.90 | Get hash | malicious | Glupteba | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NADYMSS-ASRU | Get hash | malicious | Glupteba | Browse |
| |
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JtBBqKs53G.exe_43d6ce5f53bd281f18a59363e8da9060d2ba981_31749536_158baf81-6414-4184-a1ea-1e0ccdfb985b\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8540154739003708 |
Encrypted: | false |
SSDEEP: | 96:VmsCFBOsrhDoA7Rn6tQXIDcQnc6rCcEhcw3r7+HbHg/8BRTf3o8Fa9OyRgEVsPqQ:EsuBOS056rwj/mzuiF9Z24IO8+a |
MD5: | CCBEF6BD3A4003371C38BB1A3B1DCDA1 |
SHA1: | D4A50E9576048B541EEB45EA273345E2621855B4 |
SHA-256: | D4E2A9BA7880B2DDBE98FDC841C139D94C92530AE928D9A4C8720BFBB4A48C47 |
SHA-512: | 3F7633FDEA526851B173006B09F284F5C213C4770BC866FA573495E68A6C12F91FE00D97F1D42A8420C666B29825E97365DB44621450A1E0E015EBBF95372FCE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JtBBqKs53G.exe_43d6ce5f53bd281f18a59363e8da9060d2ba981_31749536_337f4289-2901-4a0a-8114-1c832252c4ac\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9355044472293971 |
Encrypted: | false |
SSDEEP: | 96:uFUFlsrhDoA7Rn6tQXIDcQnc6rCcEhcw3r7+HbHg/8BRTf3o8Fa9OyRgEVsPq185:k0lS056rwj/+7zuiF9Z24IO8+a |
MD5: | 0AA1BEEA5A9E5D357294E7BD181C2999 |
SHA1: | B773BC665FB8C7B65B97A48E4A229BB0D3283B79 |
SHA-256: | 4E9D079C1863082F3EE63CB903C79B4A37D4E6E32500B9BF04CCBE144002CD5F |
SHA-512: | 47B0CE4D7F4C444B083112F5DB0C63FB3C62ED193DC0660D2F6880DAAAF09ED7E908E6F188A8B724127A64D4ACC820C7142749B4F71D93889DBAB00B040BFCD0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JtBBqKs53G.exe_43d6ce5f53bd281f18a59363e8da9060d2ba981_31749536_96b2b60c-1c54-4bc6-a7a2-06bc0ed65fbd\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8812602585847777 |
Encrypted: | false |
SSDEEP: | 96:clT0UWkFhsrhDoA7Rn6tQXIDcQnc6rCcEhcw3r7+HbHg/8BRTf3o8Fa9OyRgEVsb:cxoEhS056rwj/qzuiF9Z24IO8+a |
MD5: | 2F65F330CD4B092C8043BF750FB73361 |
SHA1: | BEF08B1A7471B9974C757EB9533DA1FCA00926A1 |
SHA-256: | E4FDB9A0A1EFEE3B21B1162EB148F28AA77B8D6AAE6F14A8F1C5FB0D140B11F1 |
SHA-512: | AF55780B9D4D97469FB39DD996F405E5651021CD4D79F0F7FDC8F974DED18B8451F99762756E0FC4690B017F610617BD93DC81D9131DBE7DD8F4ED58178C4671 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JtBBqKs53G.exe_43d6ce5f53bd281f18a59363e8da9060d2ba981_31749536_b6345be3-c38a-45fe-a2e1-34d493e51155\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.831422380657415 |
Encrypted: | false |
SSDEEP: | 96:S5lvYWHFMsrhDoA7Rn6tQXIDcQnc6rCcEhcw3r7+HbHg/8BRTf3o8Fa9OyRgEVsh:czlMS056rwj/YzuiF9Z24IO8+a |
MD5: | B98BF9FDCA607C348322234E68749E97 |
SHA1: | 7FCBF0441FF3A3D2AE826CBCF184FAEF75AD47DC |
SHA-256: | 4496F1967105D091E0BA42DF4698FCDD4C2B08D8A8C664027A010D348A7DEDE6 |
SHA-512: | AA293AE829E6AE4BB832389139846E3EA1FD85116E3A299674CBBD73A46630409A94C78617F483311A1C5B0124368DD2B6C8A67702A51F6D1005FD39395928F7 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JtBBqKs53G.exe_43d6ce5f53bd281f18a59363e8da9060d2ba981_31749536_c4668a89-5dfa-4b2e-8346-60fb2b69516b\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8315633378775569 |
Encrypted: | false |
SSDEEP: | 96:19sFrsrhDoA7Rn6tQXIDcQnc6rCcEhcw3r7+HbHg/8BRTf3o8Fa9OyRgEVsPq18l:HcrS056rwj/YzuiF9Z24IO8+a |
MD5: | E699783C09CAFD064752BF3CEC16D802 |
SHA1: | 8893A69474971570A5E44E64A26E80ABFA092ED8 |
SHA-256: | 9934F4D50102CEE83F5DA90B3A8CAD6C75FF9ABC800118311AC271C243B422EF |
SHA-512: | C22CE9B80726078AF33186E61C69D54C8EB484417D0C17B0AA75ACFE3F15D970BC5D290C2A8CDB2865465E170BF96B5AA799F13F07C3E2F303828C904E8884BE |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JtBBqKs53G.exe_43d6ce5f53bd281f18a59363e8da9060d2ba981_31749536_e2ec837c-8e96-458a-987c-dc06c15e4699\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8317320561700655 |
Encrypted: | false |
SSDEEP: | 96:5PFNsrhDoA7Rn6tQXIDcQnc6rCcEhcw3r7+HbHg/8BRTf3o8Fa9OyRgEVsPq18aW:jNS056rwj/YzuiF9Z24IO8+a |
MD5: | 5E2C911AA54C0BA747F05F0149ACE921 |
SHA1: | C064E6EDB022F0098E8B2505C09EFFD053307FDA |
SHA-256: | D917FE64DF06EBBCB37FBF3EA4480868EA01A18AADA9790AD2041605F2503FCE |
SHA-512: | BAB9729E97C5DD414D4414491BCD9290E065822E430D09ED9291C80718710F13B36B02E35DA4B6219DEAC3A480CD1922B341F8FB0566F00BD29052EFA72E9AB7 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JtBBqKs53G.exe_43d6ce5f53bd281f18a59363e8da9060d2ba981_31749536_f988a173-b8e9-414b-9cb5-1c4fef1cb4f4\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8316590459524346 |
Encrypted: | false |
SSDEEP: | 96:dtN+l8F8srhDoA7Rn6tQXIDcQnc6rCcEhcw3r7+HbHg/8BRTf3o8Fa9OyRgEVsPZ:/N+ls8S056rwj/YzuiF9Z24IO8+a |
MD5: | 808B17965140B3E6C90CE177B1DBD8BB |
SHA1: | F462B006FEB0B31917E41B8F8FF44782CD80E4BA |
SHA-256: | 56CA68AE113FEB49BEAC7F21CA838E21FA291EAFAE005B9677531F80410C9981 |
SHA-512: | F60A31D524ADF229375C23FE4DF4EBC7DD4E05BF7854E337CA488E24C953D3076CC303A14839CAC2EC8BBA8F4025D77D59A0FAD686CC0E3C7542DB16F65A91A4 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_JtBBqKs53G.exe_bf7c8ad7f1083a49e48c6263938b6f798e05de0_31749536_e45e9632-8dec-46bd-b4a8-a4b543e6c8cb\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.000302684040235 |
Encrypted: | false |
SSDEEP: | 192:hT+EpGT40q2q8MSj/+rxdzuiF9Z24IO8ba:hiEpGTTq2q/SjgzuiF9Y4IO8b |
MD5: | 45515110C2ADE0FA12D46ABA788CD830 |
SHA1: | 810597B16F806CC4F3647783275A908DDAA4ADBF |
SHA-256: | 5DCE6D39D12B150E28121E01C090362AFE47789235D04D3724D7DAFF596A8EF5 |
SHA-512: | 6D7B945110998ADC4048CF20F1A0B14426ECACBB469E50AB7C717BBD55C30C654B15FF3BE4777BE26F5E269659D89DF772D1BF37DC5EDBA66FC8101F9C853EE8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73782 |
Entropy (8bit): | 2.3214137566850637 |
Encrypted: | false |
SSDEEP: | 384:aY0aJ0zhEy3QpF6VG2X+GSeHJodhsd5tx6QKikpQPNlrhkk:J0aGtEy3I2uNd+dx6Q62PNn |
MD5: | BF4E321800E1782189A8E4041505B14E |
SHA1: | 8261E0DB461D43C52909F1942FF54C34A4AFD966 |
SHA-256: | 38BEE299DA907DCD99C06BFBC62283046AF86570C28C384B11DDACA56F63EB92 |
SHA-512: | 82964353B7575357708578132DFEFC0898515F14860EF76248BAE77C2950A38D1F526B0D4E1477627276B99A5023775086E66890402C77D885F7C143931CDC7A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8410 |
Entropy (8bit): | 3.703389122717517 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJW26l316Y2DtSU9t3gmf0MpBZ89b3ksfBNJ9m:R6lXJf6H6YASU9t3gmf0N3XfBNq |
MD5: | BEBCF4A85A01B3F38DE1B54FB9BA12BB |
SHA1: | 25BABAE39FD6E47803219A86071800C68D21E6DA |
SHA-256: | 8D2710AFA3E3DF7B7C720CEDFBC0A7755B64DD1C90537BF41F65DAFA0E121B18 |
SHA-512: | FC06B1FDFC88084ECCEB154E017AC5787C514F5610414BA1661CC663CBB4F33850A82C2C52020AD12E5265CF67929AACAFEE50E00CC1D94CCE1BBD72F9225F58 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.492872807252103 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg77aI996WpW8VY+Ym8M4JajntFz+q8vPnG2m4+wawVd:uIjffI7X77VqJwK+2mYbVd |
MD5: | 86556EE6A3D3579FE5C235FFC96AF8C5 |
SHA1: | 137CC8C0790107521D6C077215241BE68A7CC3A2 |
SHA-256: | 0BE927EBA5AB8234163BBD86CECEE7ABC4A58AD871D17ADD079C304A8F1BABA0 |
SHA-512: | 70AA0D74F16A418E711017D4292CE134B6148994A6BB358282595F202D80B5F9BC6897E1C1179663E2B71DF4046206B7215B5279F4D4237893BB7A4BBFBFD2D0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73674 |
Entropy (8bit): | 2.3422172816359788 |
Encrypted: | false |
SSDEEP: | 384:JvaJ0j3yekNpF6XSFWm4XcbHwHJodhsd5tx6QKikpQPNND1g0B1:haGj3JPpoH1d+dx6Q62PNf1 |
MD5: | BEE03390863DB678711BE97F31606D9B |
SHA1: | D7203EAE13F013A13173189E9B361ECA6BF473F6 |
SHA-256: | DD0D24CF05BA2212BB57E4405D5947781797E9B24AB490B9A31D973CE91CD511 |
SHA-512: | CB0C13A9A9EE386087EB4EA94EADDC09B9FAFD17C32C0165E1F4739CA8B1F3F72BD1380FFE8EA29B88973D0F1E616279517D056DF71BE93CBAC15FFA1185E428 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.7043177377753245 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJWL6lc26Y2DLSU938Pgmf0MpBP89buksfX6m:R6lXJ66F6YGSU938Pgmf0ruXf7 |
MD5: | 60B0DE29181C26952BC732F9AEF0FFE0 |
SHA1: | 2BAD239B69F5240D0908BF53F1AAE37694E3D2C4 |
SHA-256: | C61D6E2ACBA296709B0ABCA542BF8EC102EFCEF756F200E7F1D8EF00E8173BA5 |
SHA-512: | F0889C905B2AF4CD683A8FCD804F6092F30249BD9608A54ABE344D3A8B381A72791C1E5049D0C6BC2514AD9B5A1456A0BB1B4776D9CE8FA356D5D4DAE9DFA65A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.492105516048956 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg77aI996WpW8VYYYm8M4JajntF4+q8vPnG2m4+wawVd:uIjffI7X77VEJTK+2mYbVd |
MD5: | 300909F16ABEBA296C378E6BD8ADAF11 |
SHA1: | 032A50866C5A7938C5FDF53ECBCD2BB5C7C68AA3 |
SHA-256: | 4AFFAC53677B88BB6FA613CA60784C6CC0D2F915760689AC62BF14CD09FE7647 |
SHA-512: | 96CF4D522AC1FE9E48ABAF291749557D0F2A5DA290B7806D4E77099022B5A1A15D6A24F4E35A1B162880CCEA7B6E0CCA307642A983667E1721F1ADFF96ADB723 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 79710 |
Entropy (8bit): | 2.103196383366518 |
Encrypted: | false |
SSDEEP: | 384:6ilyJUe3+W9eKpl6uB1Hc5tx6QKikpQPNIrg7CytS:7Yme3hD1H6x6Q62PNHi |
MD5: | 7376F9AC0F5609A2CEC801CB0617B3AA |
SHA1: | 948E976636152BBB1E3673A6442E02E844BEBA49 |
SHA-256: | BDBA964A16671269C6EE31377038E3DD0B47F769B89B2D54B98C1DFD03B692C4 |
SHA-512: | 571C58A2CF6D8904ED50EA194148E513C17E0A42ECFDC722E023C673C4E1764943B41C5C603427001DBB64742644D6127C24E1FDEC0A22ABE7CE4FBFF8D79932 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8418 |
Entropy (8bit): | 3.7014718347677356 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJW56P3R9vi/b6Y2DDSU938Pgmf0MpBG89bFksfDXm:R6lXJI6Li/b6YOSU938Pgmf0UFXfa |
MD5: | 7D5DD258B30BBBD0DB314A8F12DD1F14 |
SHA1: | 7CD793C7A24B601DE9DE1C32906A92B028878311 |
SHA-256: | BD95C02E3EB236A1DD7C9474EC0AF61987ABEA14006300DA24A83DFAAAD5D465 |
SHA-512: | 74A470DD8723290FDF6FEA25EE655FEEDDA5651E87859F6B24DD79967B6D4EA1CC93DE890903E47CB17E8A2729F0D85D9D7FB4120A41A0E044021CD603186A1F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.493078686976311 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg77aI996WpW8VYjYm8M4JajntF1l+q8vPnG2m4+wawVd:uIjffI7X77VrJ6lK+2mYbVd |
MD5: | EF49247120CF458DDD7ED4DFA2237D19 |
SHA1: | 094BB44CF8D1D150E65167BDE346D679A564CA36 |
SHA-256: | 35BEEC23F1FDC4BAE81989139FC47309D955FA2F512BA14C34E85EE644ED97DE |
SHA-512: | 098348E987867FAAAAE0547ABB6D717530461ED6CBDE1BB2662A0CC09A7AB7D5F6E1429D3B62494B49D8EE29A4DA7C733565DE73C14B802216A3B0F3117D7DDF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 79286 |
Entropy (8bit): | 2.116747311095948 |
Encrypted: | false |
SSDEEP: | 384:gdJU030app6Ha1Hc5tx6QKikpQPN+FTiCORR8sxj:ym03081H6x6Q62PN+FOx |
MD5: | 9E273A71CB67ED1CE66694B74D308068 |
SHA1: | 2DB7E8844AAD04F63E9801FD7104EB88638856B7 |
SHA-256: | ED66E13560FE7BF462618A5A29069027790426D332FA3A972440160BDF28E84F |
SHA-512: | 870349ED6F159C7803475B0DCA1705191EFFE2A13D4B4904F098389283D8DAA28CC951FA779A0654B45572D01B42BD6C6B68590ED0155BBBC3CCA5258CC70E18 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8422 |
Entropy (8bit): | 3.7010392552866826 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJWT6Pn90AKv9o6Y2D8SU9eKgmf0MpBa89bFksfJkXm:R6lXJy6yAKv9o6YRSU9eKgmf04FXfJ5 |
MD5: | 789A1A4EF16C44D69A57C0007520DAF8 |
SHA1: | 97B7F0A1ECEC79F23B2B169154118815A0E8C73B |
SHA-256: | 0AB81A99A9BE74C08B21059F9B55B126376FCE9A48B88C88BC983842FE618853 |
SHA-512: | 60068670E4544CE79C153E97376116C5F129B4269BBAAF5E4D2918F737345DE81AE3624CFE16E2217B952E8F9C9BDE30F8963E9FFC9E98BCD317AC95E410E254 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.492677762706155 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg77aI996WpW8VYlYm8M4JajntFwpF+q8vPnG2m4+wawVd:uIjffI7X77VNJrK+2mYbVd |
MD5: | B1E426B42098DEF6AE3AA812C2F6BD47 |
SHA1: | 3437B21AFED2733FE05A8D8F9C5E8C3D6ABBED9A |
SHA-256: | 8011612E1DC4FE876C9BCFDB78C780F7D96AF57288812F6823FE362CC262EEFE |
SHA-512: | 52A2BE54542A44C50E7857F0F10622EB39EAAE61CD79AC460FA5B0A3EFB1A22B05E3CB201945CD1D0E1AAA3F91F67C94FED6E04C8EA580AC1061A40CF1D98A5D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86526 |
Entropy (8bit): | 2.077351156469614 |
Encrypted: | false |
SSDEEP: | 384:0a5ALQgi3AaJp6bY5GWXtRHgx6QKikpQLoxRaQN1nwbWxPZ:TePi3AK5ftRHgx6Q62Lol3P |
MD5: | 8366C828D4381309B3263CC46EF42B0D |
SHA1: | D648C7132727881E93B38FDA83117BB5F038EB8E |
SHA-256: | D88F81B1B75331550AEF5691A34DAF4E7B79260027BFF7653AC4A1CE93AD0821 |
SHA-512: | ACEF873A4585BCEB689696F41CECB245C71C92D3BC60B9735B99A25FD173B2FD811A7BC8CA4CF2743121E537C0E211086F96DF95EF1C49B239FF3583680B1DFB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8422 |
Entropy (8bit): | 3.700335569734174 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJWu6wc2X/6Y2D2SU9yRgmf0MpBRC89b8ksfCEUm:R6lXJP6wc2X/6YbSU9yRgmf0o78XfCO |
MD5: | 348C179F722983E2B5E77D684B53115C |
SHA1: | 7F2F5D93436E9A3DD30D7277BCD60A6B7325B195 |
SHA-256: | D1A4D8B8BE5DBF2A6E1BDFE09AD51FA9E3FE5DBD473A86168B22128F92D02A39 |
SHA-512: | BFAF3F45A1B01CB79A66A73713DBF6CB056173DD892C7F9EB494EDA22522B8201FB07F430FE4A36A45486A741D86F96ADDB8376B74A7BE8AD42C35E6F30F64B4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.492182840961305 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg77aI996WpW8VY0Ym8M4JajntFMq17uP+q8vPnG2m4+wawVd:uIjffI7X77VIJ5EoK+2mYbVd |
MD5: | 85C73B844B540A530415661F8C82FA48 |
SHA1: | 453586E8BD7ACEC0C2856F92EB8C97602BFDEC3B |
SHA-256: | 8BC3717F573EDCC28E35ECF25D627C46A6F86B2100301090F37023BEB29268E5 |
SHA-512: | D4768937C3066BD6199EDFC8F1F6BFBC896AB44BF581ADFD08DDF03D7B6B111870C5A355F3FFA6F7892FDFB53C94D2ABFE8E3B34C13F846AF66C22D92404F93C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 99270 |
Entropy (8bit): | 2.161065704393504 |
Encrypted: | false |
SSDEEP: | 384:p9COhnf3H8JuyYJ56HSQkhDJa4zsY0S1Hwx6Q1DkGQ/Uuxq+x5+VybO8FN:yinf3HIuj5NJDzsO1Hwx6QuX/U+kx |
MD5: | 5A4AC38CC3A1CE4FC037ED345431FD71 |
SHA1: | 14CA233196C4F4E1F7DA5FC4BDFFB02ABDB95AAB |
SHA-256: | 560E7825453115C95974FC467A59DEF81BA93FCB4327CA79FBF58DFC285DAFCC |
SHA-512: | A0E49D598FB06A3AFEB6944EF6EC234A5BB0CDB06D972E5C13BBA6B99EE8BF62C7FB2747F84761A76EFD7B4CAA85E4069DCABB584BFD387B1FD93D0ED32ADD58 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8422 |
Entropy (8bit): | 3.702987053777561 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJWq6Pn2Q6Y2DiSU9yEgmf0MpBa89bTksfXzxm:R6lXJL6Pn2Q6YfSU9yEgmf04TXfXI |
MD5: | 5CC7D3BEFE5020801A5E8ADCF88271A4 |
SHA1: | EBA7547622883883E78F981835461A96E0A57F27 |
SHA-256: | C7A7EF9AE6FC5C2079EF788209D19AC7385AC39AFFC2F081C07202F37842E3DC |
SHA-512: | B76E47C5F69F8C520EE1E8DEDF20E392093F5CE6FCDAD97F13FC7C713B26B87C34E6D66C6EC5293D122C4D6058F9BA824FDA97E232740D4B4F0424E1370321CE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.492689821241728 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg77aI996WpW8VYpPYm8M4JajntFt+q8vPnG2m4+wawVd:uIjffI7X77VOSJiK+2mYbVd |
MD5: | 26FA0CE2F199575C269DF52FCF551153 |
SHA1: | 64E1E05380E8478F3882DC5E58406128B2EED99B |
SHA-256: | AA74BDA40856927714FD376B33A6FF114BE20A9C8E495C6CF09A1008C3DB0582 |
SHA-512: | C395AD7E9F6B35330657D68EC4EAD78886B4ACBC17AA018A07747466018DAD8E93D50F4EE6D1C3D8A203AD6B074E00E210C8DC726F605C1048005C9F48154AE7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 109758 |
Entropy (8bit): | 2.212631097464652 |
Encrypted: | false |
SSDEEP: | 768:1CfL32b2xodrH9V9HDZx6QunZUh78d8c:wKb/HF2kwd8 |
MD5: | 8B4158FE35E252C282D0E49DE05AAECB |
SHA1: | BE2FA78EBAB2DA0BA7D95128FF9715CA263313D6 |
SHA-256: | FDC63859B547A19B6937463DAE4CBCF2501E77390A393CEB5252FD712FA4C832 |
SHA-512: | B5C37073BF4714460C075B57E039334972B63177B1E93041DB095D559BDEF149CE7C3C0C251A1D21F05935B58B14AFB5362ED6BCC53056FF3C41A22E09955667 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8426 |
Entropy (8bit): | 3.7015446352374997 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJWv6I+n7TA6Y2DCSU9nFgmf0MpB089bhksfhILm:R6lXJ+6I+7TA6YvSU9nFgmf0qhXfhJ |
MD5: | 52E4EA2AA440020E42D954469358FDB6 |
SHA1: | CD626E970CB1CD433912CDDD3DB28AC491CC3052 |
SHA-256: | 160554E838AA021817D6DE4D0CCFC5DF530FD0442410C6A287029D496AF21BC9 |
SHA-512: | 5A75330126F7EAE5FDC2BC0F3B052CD8755F81B25E18BBFBDAA176124E66F40DD0DE6E20C880EDF3499C978CAD81D5A1AEE39C8CBEBAC4E6483BB54E7A0F43F9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.491427724811832 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg77aI996WpW8VYrYm8M4JajntFR+q8vPnG2m4+wawVd:uIjffI7X77V/JqK+2mYbVd |
MD5: | 7768BB590EC79EA4852E674319E03750 |
SHA1: | 087E86ADFC37423BDE1948EA0CE96832AFB0AFF0 |
SHA-256: | 09FF36361FE302666A32007107173DDADE14FF6F2656D419A2CC65044EBE1D96 |
SHA-512: | 3A407A217E85687DFAD205626EA2C52D5FF3931803E1518A223DF1FABF3CA41450074DF5087E12B0BCE486DE67A15844692263D2483FCE5628E1AC205F14E2F8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53222 |
Entropy (8bit): | 2.767644002069204 |
Encrypted: | false |
SSDEEP: | 384:rX8fwsGt3aBIpx6Q1DkGAmwUxAsXyR4Y1JE:7OwsK3zx6QunmwUSsiZK |
MD5: | FFE1F6581CF334537827176BBB71D7C2 |
SHA1: | 707F2B79911C66FE03D984A2D19A11B078D75CAD |
SHA-256: | 180A259560CF4E56B1896FBEB50ED40CD2BE8B5EB0B4091DB9C175623DEE523A |
SHA-512: | 7FDDE18CB6145CF732DB452AF9EA4014A3FE6A3178B04877A211AC440DD16B670098500F597DF0D3E415C7E41BA5318B66DDE598B6A15254829E791D4BCC92AB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8322 |
Entropy (8bit): | 3.702257058062611 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJWc6Iu76Y2DmSU9rmyzgmfgwMwpDa89bibksfKQ8jm:R6lXJN6Iu76YbSU9r/gmfgT+ibXfKj6 |
MD5: | CE6F60A8B1C9B710AA3048B46A7DDBE2 |
SHA1: | CE06A841EE9735AD08E164A28F94A68477588065 |
SHA-256: | 228B5001787FAADB86435C551CC0D2C5E6597ABA4074C69E6AA436010E2D99CE |
SHA-512: | C7509F7311921E2641407B70069FDA4588C6447EDECA6E4C0B6912ED083B587039CFDEBBA152B509F51E86A2178A498C694211D5D8B85E4B2477765B98438BEA |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4579 |
Entropy (8bit): | 4.476232008998536 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsFJg77aI996WpW8VYmYm8M4JajnPdFK4+q8jTmP2m4+wawVd:uIjffI7X77VmJIj2mYbVd |
MD5: | 93BDF9EA7333945235475D5BA9980F85 |
SHA1: | 5AC8297E5E06C325ACC70045B474D6766B561BDF |
SHA-256: | 02B895B8DFB1209A04EC00DF08993493D706431C2000CE1B0A1037BE1902D7F8 |
SHA-512: | 0EB699B9E2FFC74B9242170DB7577FCF7B766F5BC7B7DECD32D1522D2FBB53089CE6B7EEF08F84522CA4FA5C56492C38BD9243A59DCC796E9FB8011380C874E8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\JtBBqKs53G.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:V:V |
MD5: | CFCD208495D565EF66E7DFF9F98764DA |
SHA1: | B6589FC6AB0DC82CF12099D1C2D40AB994E8410C |
SHA-256: | 5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9 |
SHA-512: | 31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.468604502522587 |
Encrypted: | false |
SSDEEP: | 6144:QzZfpi6ceLPx9skLmb0fTZWSP3aJG8nAgeiJRMMhA2zX4WABluuNejDH5S:GZHtTZWOKnMM6bFpIj4 |
MD5: | C51469CCAFE985162F7BE53DF708C666 |
SHA1: | 5BF9E5928C3ADE17DE942E8E9A07548A9F740EF9 |
SHA-256: | 23A6F1570E34BEAF500889F5AD6A454684CE328360A1FABD9493B6E95A1548DE |
SHA-512: | 3D304C896E3DEC5BEE9FE79A7B24A3BD66E4C279F217F3686F11C31AA12958F9E84B73B2CA541B87D8D896E8AF2D757AFCCA340705E4FC28B9E969F271B7C988 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.16849636386835 |
TrID: |
|
File name: | JtBBqKs53G.exe |
File size: | 319'488 bytes |
MD5: | c4ec38ae5ddce37cb56b4c6d88bee7c3 |
SHA1: | ad97d501d7d2dc64f23ba989139fac33f4dbdec4 |
SHA256: | d0d93869aac6091af6c953475915831f4b300377931bb4dac2adcdceeb5616b2 |
SHA512: | 85f3723f2a3991d96d3cecf480d46f94f58959d55fa54e98dd5ad9ce64cbd6288fd1a77b65b7e636e64d2c6b97203eccd454247463f5e818022320db5a3bc8e9 |
SSDEEP: | 3072:0u/Yc8E9PlkOF+XldS/yBjQuhLSLf7tU7zCHCOkSPK412YdBZxo9XOddA:zFKkwvSj7EuihSPKo3LXo9Xk |
TLSH: | 92648E3372E16C64F6720B33ED3DC694262EF9614EA96B5B33186E0F14701A1C6AB753 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L......d................... |
Icon Hash: | 63796de161436e0f |
Entrypoint: | 0x403c06 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x64EFD810 [Thu Aug 31 00:00:16 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | d6cc7eef7e91d5b40575c3542ffc17dc |
Instruction |
---|
call 00007F8240B16A02h |
jmp 00007F8240B11FD5h |
push 00000014h |
push 00415CE8h |
call 00007F8240B14E09h |
call 00007F8240B16BD3h |
movzx esi, ax |
push 00000002h |
call 00007F8240B16995h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007F8240B11FD6h |
xor ebx, ebx |
jmp 00007F8240B12005h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007F8240B11FBDh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007F8240B11FAFh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007F8240B11FDBh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007F8240B16408h |
test eax, eax |
jne 00007F8240B11FDAh |
push 0000001Ch |
call 00007F8240B120B1h |
pop ecx |
call 00007F8240B13F52h |
test eax, eax |
jne 00007F8240B11FDAh |
push 00000010h |
call 00007F8240B120A0h |
pop ecx |
call 00007F8240B16A0Eh |
and dword ptr [ebp-04h], 00000000h |
call 00007F8240B15A3Ch |
test eax, eax |
jns 00007F8240B11FDAh |
push 0000001Bh |
call 00007F8240B12086h |
pop ecx |
call dword ptr [004100BCh] |
mov dword ptr [00AE7AA8h], eax |
call 00007F8240B16A29h |
mov dword ptr [0044130Ch], eax |
call 00007F8240B163CCh |
test eax, eax |
jns 00007F8240B11FDAh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x160f4 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6e8000 | 0xe600 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x101f0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x15638 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x155f0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x10000 | 0x198 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xe550 | 0xe600 | 945db389de57a00fd42ec5332ef15baa | False | 0.6029891304347826 | data | 6.689592308793184 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x10000 | 0x6a4c | 0x6c00 | 7245d33b586bcdd3dc5cdcdd494199bd | False | 0.3861038773148148 | data | 4.709571715045628 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x17000 | 0x6d0aac | 0x2a400 | 1d4c4c7f1c66d20a0796e12ac927ce00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x6e8000 | 0xe600 | 0xe600 | 1919714dd5e6e0b759cf72ba63bba6c1 | False | 0.4002717391304348 | data | 4.417949726927747 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
YAMIXOZUMIXEFIZ | 0x6f1f60 | 0x9e7 | ASCII text, with very long lines (2535), with no line terminators | Romanian | Romania | 0.6035502958579881 |
RT_CURSOR | 0x6f2948 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.2953091684434968 | ||
RT_CURSOR | 0x6f37f0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.46705776173285196 | ||
RT_CURSOR | 0x6f4098 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5361271676300579 | ||
RT_CURSOR | 0x6f4630 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4375 | ||
RT_CURSOR | 0x6f4760 | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 0 | 0.44886363636363635 | ||
RT_ICON | 0x6e8620 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5362903225806451 |
RT_ICON | 0x6e8ce8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.40985477178423235 |
RT_ICON | 0x6eb290 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.44769503546099293 |
RT_ICON | 0x6eb728 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Romanian | Romania | 0.5173240938166311 |
RT_ICON | 0x6ec5d0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Romanian | Romania | 0.5090252707581228 |
RT_ICON | 0x6ece78 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Romanian | Romania | 0.4544930875576037 |
RT_ICON | 0x6ed540 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Romanian | Romania | 0.47398843930635837 |
RT_ICON | 0x6edaa8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Romanian | Romania | 0.28018672199170125 |
RT_ICON | 0x6f0050 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Romanian | Romania | 0.30816135084427765 |
RT_ICON | 0x6f10f8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Romanian | Romania | 0.33729508196721314 |
RT_ICON | 0x6f1a80 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Romanian | Romania | 0.36879432624113473 |
RT_STRING | 0x6f4a28 | 0x4b0 | data | Romanian | Romania | 0.4483333333333333 |
RT_STRING | 0x6f4ed8 | 0x3c2 | data | Romanian | Romania | 0.4490644490644491 |
RT_STRING | 0x6f52a0 | 0x5cc | data | Romanian | Romania | 0.4420485175202156 |
RT_STRING | 0x6f5870 | 0x666 | data | Romanian | Romania | 0.4352869352869353 |
RT_STRING | 0x6f5ed8 | 0x4c6 | data | Romanian | Romania | 0.4533551554828151 |
RT_STRING | 0x6f63a0 | 0x260 | data | Romanian | Romania | 0.4753289473684211 |
RT_GROUP_CURSOR | 0x6f4600 | 0x30 | data | 0.9375 | ||
RT_GROUP_CURSOR | 0x6f4810 | 0x22 | data | 1.0588235294117647 | ||
RT_GROUP_ICON | 0x6eb6f8 | 0x30 | data | Romanian | Romania | 0.9375 |
RT_GROUP_ICON | 0x6f1ee8 | 0x76 | data | Romanian | Romania | 0.6694915254237288 |
RT_VERSION | 0x6f4838 | 0x1f0 | MS Windows COFF PowerPC object file | 0.5564516129032258 |
DLL | Import |
---|---|
KERNEL32.dll | InterlockedIncrement, SetConsoleTextAttribute, ReadConsoleA, GetCurrentProcess, GetTickCount, GetCommConfig, GetConsoleAliasesLengthA, GetWindowsDirectoryA, GlobalAlloc, GetVolumeInformationA, GetLocaleInfoW, GetSystemPowerStatus, GetConsoleAliasExesLengthW, GetVersionExW, FindNextVolumeW, GetConsoleAliasW, CreateFileW, ExitThread, GetHandleInformation, GetLastError, GetCurrentDirectoryW, FindResourceW, PeekConsoleInputW, RemoveDirectoryA, LoadLibraryA, WriteConsoleA, GetNumberFormatW, QueryDosDeviceW, GlobalFindAtomW, GetModuleFileNameA, FindFirstVolumeMountPointA, VirtualProtect, _lopen, GetCurrentProcessId, ResetWriteWatch, AreFileApisANSI, OutputDebugStringW, HeapReAlloc, LoadLibraryExW, GetProcAddress, GetEnvironmentVariableW, MultiByteToWideChar, EncodePointer, DecodePointer, ReadFile, GetCommandLineA, RaiseException, RtlUnwind, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, FlushFileBuffers, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, DeleteCriticalSection, ExitProcess, GetModuleHandleExW, HeapSize, HeapFree, IsDebuggerPresent, SetFilePointerEx, GetStdHandle, GetFileType, GetStartupInfoW, HeapAlloc, GetProcessHeap, GetModuleFileNameW, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, GetStringTypeW, LCMapStringW, SetStdHandle, WriteConsoleW, CloseHandle |
USER32.dll | ChangeMenuA, CharLowerBuffA, DrawFrameControl, CharUpperBuffW |
ADVAPI32.dll | ReadEventLogA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Romanian | Romania |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
03/28/24-09:11:05.860144 | TCP | 2856233 | ETPRO TROJAN Win32/Unknown Loader Related Activity (GET) | 49715 | 80 | 192.168.2.6 | 185.172.128.90 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 09:11:05.672434092 CET | 49715 | 80 | 192.168.2.6 | 185.172.128.90 |
Mar 28, 2024 09:11:05.859174013 CET | 80 | 49715 | 185.172.128.90 | 192.168.2.6 |
Mar 28, 2024 09:11:05.859321117 CET | 49715 | 80 | 192.168.2.6 | 185.172.128.90 |
Mar 28, 2024 09:11:05.860143900 CET | 49715 | 80 | 192.168.2.6 | 185.172.128.90 |
Mar 28, 2024 09:11:06.043623924 CET | 80 | 49715 | 185.172.128.90 | 192.168.2.6 |
Mar 28, 2024 09:11:06.718964100 CET | 80 | 49715 | 185.172.128.90 | 192.168.2.6 |
Mar 28, 2024 09:11:06.719105959 CET | 49715 | 80 | 192.168.2.6 | 185.172.128.90 |
Mar 28, 2024 09:11:09.579515934 CET | 49715 | 80 | 192.168.2.6 | 185.172.128.90 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49715 | 185.172.128.90 | 80 | 6960 | C:\Users\user\Desktop\JtBBqKs53G.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 09:11:05.860143900 CET | 411 | OUT | |
Mar 28, 2024 09:11:06.718964100 CET | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 09:10:59 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\Desktop\JtBBqKs53G.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 319'488 bytes |
MD5 hash: | C4EC38AE5DDCE37CB56B4C6D88BEE7C3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 09:11:00 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 09:11:00 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 6 |
Start time: | 09:11:01 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 09:11:01 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 09:11:02 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 09:11:03 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 09:11:04 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 09:11:06 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 18 |
Start time: | 09:11:06 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 09:11:06 |
Start date: | 28/03/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff66e660000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 21 |
Start time: | 09:11:06 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x370000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 22 |
Start time: | 09:11:06 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x350000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.6% |
Dynamic/Decrypted Code Coverage: | 7% |
Signature Coverage: | 11.9% |
Total number of Nodes: | 402 |
Total number of Limit Nodes: | 6 |
Graph
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D8E2DE Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D70 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 311networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403140 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403240 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02750E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041239F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D8DF9D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418650 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 251COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418FB1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02769043 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418DDC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275888C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408625 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02768CCA Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418A63 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C9D1 Relevance: 3.0, APIs: 2, Instructions: 34timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408823 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02765A69 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415802 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02768F1D Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418CB6 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02769149 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418EE2 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02758A20 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004087B9 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02759A77 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A3F Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421DEE Relevance: 1.2, Instructions: 1186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C09 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02768368 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418101 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409810 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D8DBBB Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02750D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027613A9 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411142 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275D287 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D020 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407ED4 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416FE1 Relevance: 18.4, APIs: 12, Instructions: 373COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275B139 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AED2 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02760E3F Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410BD8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02767667 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417400 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027668D1 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041666A Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407A49 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041141B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02757CB0 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02755EB7 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C50 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C673 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02752E47 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413001 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027657AB Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415544 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027533A7 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408044 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275EA5E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7F7 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0275B4E3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B27C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |