Windows
Analysis Report
Wz9s7ibPaf.exe
Overview
General Information
Sample name: | Wz9s7ibPaf.exerenamed because original name is a hash value |
Original sample name: | 072808f550a495b45920fa2f0f239d3e.exe |
Analysis ID: | 1416955 |
MD5: | 072808f550a495b45920fa2f0f239d3e |
SHA1: | 72c07f574b55f5da5d8bea8d1c87e024e5925f15 |
SHA256: | 99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9 |
Tags: | 32exeGCleanertrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Wz9s7ibPaf.exe (PID: 6860 cmdline:
"C:\Users\ user\Deskt op\Wz9s7ib Paf.exe" MD5: 072808F550A495B45920FA2F0F239D3E) - WerFault.exe (PID: 1344 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 860 -s 736 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4340 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 860 -s 728 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 4908 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 860 -s 784 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 3168 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 860 -s 792 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 2944 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 860 -s 908 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 916 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 860 -s 101 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 1344 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 860 -s 130 8 MD5: C31336C1EFC2CCB44B4326EA793040F2) - cmd.exe (PID: 5004 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /im "Wz9 s7ibPaf.ex e" /f & er ase "C:\Us ers\user\D esktop\Wz9 s7ibPaf.ex e" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 4340 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 6792 cmdline:
taskkill / im "Wz9s7i bPaf.exe" /f MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - WerFault.exe (PID: 4908 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 860 -s 132 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
GCleaner | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
Click to see the 1 entries |
Timestamp: | 03/28/24-10:42:54.613617 |
SID: | 2856233 |
Source Port: | 49729 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00404610 | |
Source: | Code function: | 0_2_00409810 | |
Source: | Code function: | 0_2_00413C09 | |
Source: | Code function: | 0_2_00413414 | |
Source: | Code function: | 0_2_00421D88 | |
Source: | Code function: | 0_2_02739A77 | |
Source: | Code function: | 0_2_02734877 | |
Source: | Code function: | 0_2_0274367B |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00B6F78E |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_02734877 | |
Source: | Command line argument: | 0_2_02734877 | |
Source: | Command line argument: | 0_2_02734877 | |
Source: | Command line argument: | 0_2_02734877 |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00408541 | |
Source: | Code function: | 0_2_0040FFFB | |
Source: | Code function: | 0_2_00B7280A | |
Source: | Code function: | 0_2_00B719AB | |
Source: | Code function: | 0_2_00B71971 | |
Source: | Code function: | 0_2_00B74570 | |
Source: | Code function: | 0_2_00B7052D | |
Source: | Code function: | 0_2_00B74570 | |
Source: | Code function: | 0_2_00B74570 | |
Source: | Code function: | 0_2_00B71E86 | |
Source: | Code function: | 0_2_00B727AF | |
Source: | Code function: | 0_2_02740262 | |
Source: | Code function: | 0_2_027441D7 | |
Source: | Code function: | 0_2_0274C678 | |
Source: | Code function: | 0_2_0274C6C9 | |
Source: | Code function: | 0_2_027447CE | |
Source: | Code function: | 0_2_027387A8 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | API coverage: |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_0040C12B |
Source: | Code function: | 0_2_00411142 | |
Source: | Code function: | 0_2_0040C631 | |
Source: | Code function: | 0_2_00B6F06B | |
Source: | Code function: | 0_2_027413A9 | |
Source: | Code function: | 0_2_0273C898 | |
Source: | Code function: | 0_2_0273092B | |
Source: | Code function: | 0_2_02730D90 |
Source: | Code function: | 0_2_00416A3F |
Source: | Process token adjusted: |
Source: | Code function: | 0_2_0040C12B | |
Source: | Code function: | 0_2_00407C46 | |
Source: | Code function: | 0_2_00408625 | |
Source: | Code function: | 0_2_004087B9 | |
Source: | Code function: | 0_2_02738A20 | |
Source: | Code function: | 0_2_0273C392 | |
Source: | Code function: | 0_2_0273888C | |
Source: | Code function: | 0_2_02737EAD |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Process created: |
Source: | Code function: | 0_2_00408823 |
Source: | Code function: | 0_2_004188F2 | |
Source: | Code function: | 0_2_0041893D | |
Source: | Code function: | 0_2_004189D8 | |
Source: | Code function: | 0_2_00411252 | |
Source: | Code function: | 0_2_00418A63 | |
Source: | Code function: | 0_2_00418CB6 | |
Source: | Code function: | 0_2_00418DDC | |
Source: | Code function: | 0_2_00418EE2 | |
Source: | Code function: | 0_2_00411774 | |
Source: | Code function: | 0_2_00418FB1 | |
Source: | Code function: | 0_2_02749218 | |
Source: | Code function: | 0_2_02748B59 | |
Source: | Code function: | 0_2_02748BA4 | |
Source: | Code function: | 0_2_02749043 | |
Source: | Code function: | 0_2_02749149 | |
Source: | Code function: | 0_2_027419DB | |
Source: | Code function: | 0_2_02748F1D | |
Source: | Code function: | 0_2_02748C3F | |
Source: | Code function: | 0_2_02748CCA | |
Source: | Code function: | 0_2_027414B9 |
Source: | Code function: | 0_2_0040C9D1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 23 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1313018 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
25% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.172.128.90 | unknown | Russian Federation | 50916 | NADYMSS-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1416955 |
Start date and time: | 2024-03-28 10:42:04 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 54s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Wz9s7ibPaf.exerenamed because original name is a hash value |
Original Sample Name: | 072808f550a495b45920fa2f0f239d3e.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@12/34@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.21
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
10:43:05 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.172.128.90 | Get hash | malicious | GCleaner | Browse |
| |
Get hash | malicious | Glupteba | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | GCleaner | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NADYMSS-ASRU | Get hash | malicious | Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| |
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | Glupteba | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Wz9s7ibPaf.exe_f181a67ed63bcdd052bb3ff94add6735e2d249_0b1d89a7_0e031f6b-4428-4c4a-a405-dd5e9d062cde\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8465174334446215 |
Encrypted: | false |
SSDEEP: | 96:1jivcQ1J1xs2WlDoA7JfPQXIDcQnc6rCcEhcw3rj+Q+HbHg/8BRTf3o8Fa9OyRg5:e7b056r4j/mzuiFDZ24IO8X |
MD5: | 472295C3A552A8DDC6DDAAAB8C5E6AB1 |
SHA1: | CF083919862E2D836958C35171D90C2715C0B8B0 |
SHA-256: | 99CC51D1E0E5078C885E0A2923BFCC40EA6D163D7222A0AC10E331531DBB6F92 |
SHA-512: | BE314B74F1068A0B02AE920EE46428B15471D5BD8EAC68721BFE27C4450822D29C8A4F943851781A38AEF41F6D43311FF5FB9AE800ECC1533AD92C6AE8DE1973 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Wz9s7ibPaf.exe_f181a67ed63bcdd052bb3ff94add6735e2d249_0b1d89a7_80f436c6-af69-4120-a4c7-e7d0131884fb\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8244167986092 |
Encrypted: | false |
SSDEEP: | 96:gOcQ1Jns2WlDoA7JfPQXIDcQnc6rCcEhcw3rj+Q+HbHg/8BRTf3o8Fa9OyRgEVsN:Nnb056r4j/YzuiFDZ24IO8X |
MD5: | 37C11AFE401BBF3372A6524F7D8DE6D1 |
SHA1: | 9A8F429714E87D8C2D74D6E7CDEBEBCEC92BA99D |
SHA-256: | 4ECBEC8847F3C90E7D0C7F556DA2098DF5900BACE1FC8AE407EE2FC0A726EAE8 |
SHA-512: | 21C9127168EBC03C9C131AE34B4A86017115592B7C9BB9B05EAF0C96BB58BEC217B951B36B2A6AC0435CF2A37D9DEF1AE5F4448ADACF69EE168AE4527170ACA4 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Wz9s7ibPaf.exe_f181a67ed63bcdd052bb3ff94add6735e2d249_0b1d89a7_bda0dbbb-a008-4244-948c-8a472dc44b70\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8243748629817801 |
Encrypted: | false |
SSDEEP: | 96:viScQ1JXs2WlDoA7JfPQXIDcQnc6rCcEhcw3rj+Q+HbHg/8BRTf3o8Fa9OyRgEVe:9Xb056r4j/YzuiFDZ24IO8X |
MD5: | A4CC3F54BAA3381B102AAF8E47E43681 |
SHA1: | DEADC79468209558800E5DFC75F1A34464CF0DA8 |
SHA-256: | 1AB440E26402D7AE78CC68254AA6CEED85C243C1A46DD6A78E19595E2D400334 |
SHA-512: | 4286745B32D601640B8345CFB08D8312CAF0B17979A4FFC045003E4A5F2DB339AF80869446ABFDA2010EABA55C226793FAEACA7FE6FC6D03B7E47A8DE7E9BA89 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Wz9s7ibPaf.exe_f181a67ed63bcdd052bb3ff94add6735e2d249_0b1d89a7_c4420ece-c0f0-440a-9931-8596a838f6b7\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.928411888563932 |
Encrypted: | false |
SSDEEP: | 96:EAcQ1JBs2WlDoA7JfPQXIDcQnc6rCcEhcw3rj+Q+HbHg/8BRTf3o8Fa9OyRgEVsZ:DBb056r4j/ObzuiFDZ24IO8X |
MD5: | FDFFA557CDB54A0CBA93867A7A00CEEC |
SHA1: | F05B2082622467359A7F0571B29F53181754A613 |
SHA-256: | 7825BC2005964EB5D7EC85CA9259623AB17F62495A5AFF268F9F18D8ABE33069 |
SHA-512: | 3A5A8F4980615FC6EAAD7570113E5AF5FC9B0F550B6298C1CD7566F9C6B9CF4ACF2477ECEEB49ABB5C6CAD9FF9D19E0959D53BD764E5F9C9DACC8C75C0C8D6DE |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Wz9s7ibPaf.exe_f181a67ed63bcdd052bb3ff94add6735e2d249_0b1d89a7_d2d5cf9e-50f2-4b02-a216-447df7720eca\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.824171480090721 |
Encrypted: | false |
SSDEEP: | 96:bImDcQ1J8s2WlDoA7JfPQXIDcQnc6rCcEhcw3rj+Q+HbHg/8BRTf3o8Fa9OyRgE8:bvx8b056r4j/YzuiFDZ24IO8X |
MD5: | 3CBFC485B2836AC70E864BA7A5B73A63 |
SHA1: | EC4AA827621559DD5E0C7A2D1C3BC3DAF9FA2B53 |
SHA-256: | B95DE2DBBC10F174CF2C826A28394A338A33666F9F785578D446B6CD35006256 |
SHA-512: | 09EE276C916AD1CAA425B95D07EDC43BCB0680DC0B92C1479A311CBCA95C906FA79C71C06BEE80703633813237A9BCAB0EAFA33B09304AD4B3E9421A505EC091 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Wz9s7ibPaf.exe_f181a67ed63bcdd052bb3ff94add6735e2d249_0b1d89a7_ee114863-becb-4248-ab63-0249124ae223\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8466547952327369 |
Encrypted: | false |
SSDEEP: | 96:gGcQ1Jos2WlDoA7JfPQXIDcQnc6rCcEhcw3rj+Q+HbHg/8BRTf3o8Fa9OyRgEVsD:1ob056r4j/mzuiFDZ24IO8X |
MD5: | 6089EBC0F55B1000598375CEBA568796 |
SHA1: | 595B2FEB4A6AEBDBF7997C646331C54CD843C08B |
SHA-256: | E501194C61194A0C6B34F1962B0B3F0FF2C945555B2C68A5FD8C39FDC8306C61 |
SHA-512: | 9EBC0E2D58FB226C5BACD46A09D97F2AAB4219DD1C9783412B126C22DC5AF06472F820C46BBE100A8387BF06F848E58CCF47416C68CDF43C03AF49A29C5F7C82 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Wz9s7ibPaf.exe_f181a67ed63bcdd052bb3ff94add6735e2d249_0b1d89a7_f7f4859b-76b0-4143-940d-0fbe0c9e4287\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8241236318212507 |
Encrypted: | false |
SSDEEP: | 96:g3ZcQ1JCs2WlDoA7JfPQXIDcQnc6rCcEhcw3rj+Q+HbHg/8BRTf3o8Fa9OyRgEVe:uDCb056r4j/YzuiFDZ24IO8X |
MD5: | 03652029007ABD72AB0519743AAFA974 |
SHA1: | DA1AA49899F6AE5B54305E43B077DAD4A027DAA5 |
SHA-256: | F108F9889C675FCA02D75665F0356C974C50C3E05E6AAA3D9A742B7B5D4586B9 |
SHA-512: | 6489C6B7AC4EE71BF893858464AFF32815B8BC9870B1EF145325E35503FAE5B4FF7DE894CE3AEF699061874601916D58CE011D015EDEA42524E04120C3BF9705 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Wz9s7ibPaf.exe_f459711f485bbcf164c61a2ff3e667fb09e59c_0b1d89a7_bfcb485d-762c-41bb-8a95-9f95d805c8ea\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9984600324961873 |
Encrypted: | false |
SSDEEP: | 96:/kcjc/QvGcQ1JBs2WlD2MfenqMQXIDcQcc6XcEwcw3/m+Q+HbHg/8BRTf3o8Fa96:I/QqBI0yTarhj/O4WdzuiFDZ24IO8X |
MD5: | 1895A5C49CD17F245E86C59F1AA4C999 |
SHA1: | 730305D357AB0D46A8894E65DC755D5F0E2A3EB5 |
SHA-256: | DDCF7ED0DCB97F112BC24299AED15554E351C74163B2B59D324A47919FDB9AAB |
SHA-512: | 7F2B4E49892EC7CCD069F55B4B4F2F9868CD24F551A66D37969CEA6373FA25DA1C4488681832E2B87084289AC6F9BE7E32B068E0BBCDD1A65088C28771E4B9D1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 70186 |
Entropy (8bit): | 2.2831393399840065 |
Encrypted: | false |
SSDEEP: | 384:lyu1a+1LfV8t3eoNfpOZ0WsRzEMKRg6erAQM/Q5ZqLUFO01m4:lyQaiLfm3RNc0W1LTerAz/Q5ZqLUFjm |
MD5: | 2B836573C1C3AD5CCA2E5DE2BF318E25 |
SHA1: | 07A09AF8B1037D9B192FE9F059FCA055366A12B4 |
SHA-256: | 28F0A26C8701B1E04973DBA89248A4234E7E568A3A141506F2BDE57B66ED4E36 |
SHA-512: | 844E1578406B01D8AB97D18A60EC15777960E8D1CDB99367A1C197CD24E25D88BB4561BA1176719A7113E34F066BCAF325DAD76D6A5A10BB5E20C43CA44E2EF9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8348 |
Entropy (8bit): | 3.701307303283701 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJN36lBTk6Y9dSU9UTfZxgmfBRpBM89blHsfr9Xm:R6lXJ9686YXSU90xgmfBXlMfrg |
MD5: | F840BD3C254EB1D710F91C281740CB8B |
SHA1: | 71208103980F80334B988B1FA6191801964A1373 |
SHA-256: | A4090D4CBCC0E8FD64E2FD55F824F66619AB665C2991829DC8FF7CB2B8A941E7 |
SHA-512: | 245A146DBA07E52AC8A1A61DA256CB9AB7F4883C04A409C1FC60FB626D4F1CF4211A42123A9EBAAF0A5A58AF0C802CA3E9BE66EB00DD1473CD430F518EFA123A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4621 |
Entropy (8bit): | 4.4952763709024675 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9pAVXWpW8VYzYm8M4Jqrj4F17+q8ZV3ESAEuquLd:uIjfHI7oU7VjJ7qES0nLd |
MD5: | F0A1394E7B7841FF2EAA4EB741170326 |
SHA1: | 979079B0CD83BCC7B31ED0F87F89FFC63CE7F680 |
SHA-256: | A34948E4FE7464A3D37E84D9AA457DEA9B5D9FD27DDF19753BB4EEA046BA4596 |
SHA-512: | 6B49AC7BEF9A4DA30C18B9929B5782F6FB555A1FEB21E447DBC6E7C4FDF95542D22EC41AF874C702A206914C808787313BD0C7CB4A12BE49A74F5603AA5AFBD3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 70078 |
Entropy (8bit): | 2.302331479366408 |
Encrypted: | false |
SSDEEP: | 384:P1a+1tt3SAWfpONn5sJGOEMKRg6erAQM/Q5ZqLUFQvJzAD:taiv3/Won5NFLTerAz/Q5ZqLUFek |
MD5: | 5FF3C759FEFD1558CF4263FCBA1DE67F |
SHA1: | 3F1F5620C1DF67F6E8EF2E30DC5952EE5B25F991 |
SHA-256: | 13FB24FF2CBADBABDF4D6EF720CF14BDF99B28A6DD003D5B21E4A5BA2C12CB3E |
SHA-512: | 8BBB13C66276A51F23D49669CBACA2EF7F1508A0FDF622F0AB56DC91E343CA4D4D2F5224902E9355D4B6EFEDFF5B77F8C3FCC4F63DBD76C9421D39091FF1B2B9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8348 |
Entropy (8bit): | 3.6987003757006836 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNU6l8T9U6Y93SU9lxZxgmfBRpBv89bVHsf5nm:R6lXJe6x6YdSU9VxgmfBOVMfU |
MD5: | FBAB2266B04A52C1966D62571ACBD0BF |
SHA1: | E7E85793ECD9926301A63A8E5DDA5CD617450CDA |
SHA-256: | EFEB828B36E5B56BE6E2C09522A4493FBFEAED004CE7B43D9D79B6B397D90D6D |
SHA-512: | 8BE3E296AC10D1C39DB2049E56C2CD19C53B6827EB20260EF5F2985CA7753C7D5A91F499673EB589E828DEF63431E9EC03EA4CDA97E7F12F5FB7094730DE0E64 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4621 |
Entropy (8bit): | 4.492777055332544 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9pAVXWpW8VYxJYm8M4Jqrj4FB+q8ZV3ESAEuquLd:uIjfHI7oU7VXJ/qES0nLd |
MD5: | 90867AAA81BC50F0375522127D7420FA |
SHA1: | 53E0B83008D99A117AB7900F3A47C13A9B1D6050 |
SHA-256: | E71A85ADED80C7EBAF50CCFAECA114780E37F4CA0954AD888C99BD204541AFDC |
SHA-512: | 44576F9C05BF5FDEE3418FFAAB999406CE2D172DE8378555437CB2982F0595D9052D2276E39CF549F9117270D667011E1F56B2DAD3B7CF058567088837E75E37 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 79750 |
Entropy (8bit): | 2.0980557998254508 |
Encrypted: | false |
SSDEEP: | 384:kAHOVNt3zF8ws9BxzBSg6erAQM/Q5ZqLUFq7/WvZ5RS:kcyP3zqwGBAerAz/Q5ZqLUFqWvZ5E |
MD5: | E0CFDFBB76985862741BBD126A706909 |
SHA1: | 18EC5D19BBDE864DD9802A87D1E1692D63FA32E1 |
SHA-256: | 50F94C9ACE12890DD1D3F7FFE8B648789E45FA9AABC13C9D1F8AB5250A08E072 |
SHA-512: | 24EDF886AE813B2D88DF7B714FC6D1D6C04C98B8B6A84CF611B81A18B806EC8AFB6767F06E76B4721141F561A7BC5447887C7F6ECFCB36C9E219035402649078 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8356 |
Entropy (8bit): | 3.699501109405873 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNQ6PfiGH/w6Y96SU9kzZIgmfBRpBZ89bVHsfAnm:R6lXJa6zH/w6YgSU9aIgmfBIVMfN |
MD5: | CFF157070B255A76D1A8FA844570A270 |
SHA1: | 5520631B3B873443645666D8A78F24CF2B2D335F |
SHA-256: | 0A755FFD138991CFC932DF9D5AFABA5724A4A648F9C6BE21D4E1E098FB465882 |
SHA-512: | 5D20DBB089660949B3D378B80E1C1ED992767E37A69942FB70D202D55FCD82A2C4F38F0C716A2E5C0F19CBB26761349F32176E1BFB96D6BCFECF0D4F8934EB77 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4621 |
Entropy (8bit): | 4.492787264104831 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9pAVXWpW8VY5Ym8M4Jqrj4FUwr+q8ZV3ESAEuquLd:uIjfHI7oU7VxJxqES0nLd |
MD5: | C4BC6EC1B84F84E3AF92C6E4AB68F95F |
SHA1: | F40649B6EECE0690CAF538BA10F63D52DBE239A5 |
SHA-256: | 23070B5BC4D24C3F7FA3C4009AE5F61F0F5CA35B98E35E04062FBBD0BBBFB034 |
SHA-512: | 1AB6E43D81DFD940BA699E35F6A1C76B6FB5BA49AFE923F5E3859F530E8F3006B8E28D138A2CE1587ADC20F6BA0575B7932E6EC3E89576D0D07235350A1E4BFE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 79326 |
Entropy (8bit): | 2.1077004740533387 |
Encrypted: | false |
SSDEEP: | 384:ZHOVRrt3nehzTMsgJg6erAQM/Q5ZqLUFDDq0k:hyn3n6TMperAz/Q5ZqLUFq5 |
MD5: | 08AEB2715F0FF76421E2D2F40EE36979 |
SHA1: | 3AD0B7C7CB2F3E9B4E5B52B75F9FCC06BE351976 |
SHA-256: | 7CDAD6D2591D65EE4651CC3DF32F8AD8E98EBCE0FA87F8F9C48F6651B022CF3F |
SHA-512: | EC003B67602A6642C87AB44BB021FDBCA2A558CC33793DADE56EA6DD7D75BA8455FFD18820C318240BB2461F7A72E64E17F2A2CFBCE3622666921007CD4B999A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8358 |
Entropy (8bit): | 3.698959315612063 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNy6PdiPf2v9o6Y9KSU9kzZIgmfBRpBv89bMHsfSvkm:R6lXJY6sf2v9o6YASU9aIgmfBOMMfSp |
MD5: | FDEC017222A902A750565600A829F8F5 |
SHA1: | 7334DA30CC911986F3C066B8BE4C958CB4887CAD |
SHA-256: | CF645EF072C9EE8FCD3FE22969FB593ED015D85F17BBECD26F48CA5C0D13ECD7 |
SHA-512: | 9398D3B0922771FC85103AF346A7FE5BA793465766ECF24750BC16FA6D4CA8046E9A4A2CE1B46D4E4B7803C8C5667E7CB4925E147AADDA67C3EF07124D73A566 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4621 |
Entropy (8bit): | 4.494761481753252 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9pAVXWpW8VYrDYm8M4Jqrj4Fsng+q8ZV3ESAEuquLd:uIjfHI7oU7VuWJCngqES0nLd |
MD5: | EFAFCDEDA2883C71721283B546302038 |
SHA1: | 331EAFFDC5EDE0A025646FB62F6042B3E626F06E |
SHA-256: | F7CB4BF0E86D8A22E082B3F7011DE7A28FBA2FECF707AB02928F96B44936F687 |
SHA-512: | FB8443913CD41923CE78E1D30C9ED985B8D9C384C165D2964383F6E56701D7D4E45898DBBEFFD65B3C4287101A95AC7A5B179CC88BD5747CA11943FD098EBD50 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86546 |
Entropy (8bit): | 2.071050263935982 |
Encrypted: | false |
SSDEEP: | 384:49Sve+t38E2+Yz7nRsTP9m/erAQM/Q5ZqLpFpTTozPaabwTXx:rGy3D2Z7nR69SerAz/Q5ZqLpFJqSEwz |
MD5: | B20D07658372877B65EC76C767780745 |
SHA1: | 2439F2C732CA07997FF123083CDF1EF89487BA95 |
SHA-256: | DA3802327134911F41EC76F72BCF05B7B4C122F94026F644C10E21A7A24DE117 |
SHA-512: | 06A44C58E26DB815D198591850599ECA6072235C7C72134DA2558D9FABE835A3B0464C53F91882254E7A658C275071A8D80D53FFB12AD3A2252239FDE3433FCE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8360 |
Entropy (8bit): | 3.699043617972848 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNg6x8CU76Y96SU9kzZIgmfBRpBw89bHHsflNm:R6lXJK6x8CU76YgSU9aIgmfBDHMf+ |
MD5: | 6D885989A61912437488C856650BDB2B |
SHA1: | EA3EC4C46D88518D36F2FD0CC3A679832456FDEC |
SHA-256: | 6017F3FED9449640F746EE541EF330890A0C79F85B31783CEC1A6107807D3F62 |
SHA-512: | 961120CF0C4F80DEE3ECD53CF513A830F60E03DEB0ED6A9BD981FDB4020DC20259D9320945C32EE107AF638B4CE3D10427D67C14C0C7571F0209003E938ABCAD |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4621 |
Entropy (8bit): | 4.495892615164502 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9pAVXWpW8VYFYm8M4Jqrj4F/U+q8ZV3ESAEuquLd:uIjfHI7oU7VtJ6qES0nLd |
MD5: | F9BDBFBA18B5DA7D000FCA8160AC3D48 |
SHA1: | 60ED5BEB59F4E70E21A325EA2ABAD071849E6E1A |
SHA-256: | BADFADD1451F26B8F199B428FE59923B0DBFC1BD21994435260493212F9A93FF |
SHA-512: | 917A9F6E998736A3CF47D213BD4823DEB8F9C314CA5FC484EA0D41470998D1CD2EB5249C69A10842BC9737FC2B5DBE3E32CB8F41CE2A7BEE985E098EE38450E9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 95156 |
Entropy (8bit): | 2.0514836841733044 |
Encrypted: | false |
SSDEEP: | 384:oieMXIt3jUY6zVs+BWJAmm/erAQM/Q5ZqLpF6Cl8DDc3EokrYBZ4eplxp9:8CQ3w1VDgOmSerAz/Q5ZqLpFH99 |
MD5: | EE84405058B819B9F4F97BC222B86E90 |
SHA1: | 04CA743F4345FAACC05865A74CD3021CE1BFA90B |
SHA-256: | 1970447DB782FD26738EF4C940E14CBC438048566FCAC5C271C63AE8F7EE685C |
SHA-512: | 6BABEF6BF30E588C57CC39E5431B776A8FF029A0283A67D8B90CE11562FCFA41C8057F6DA92C7330F9BD07E4E2F4D04B72F06B64DDC161B652B5B1D3C3D3CA05 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8360 |
Entropy (8bit): | 3.7000085218087597 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNv6h7gqN6Y93SU9kzZrgmfBRpBRC89bHHsfHNm:R6lXJF6NgqN6YNSU9KrgmfBv7HMfw |
MD5: | 1839FE7B0B957FB64EFF1985ECFF12A3 |
SHA1: | 8A14499489297FD6FE9A4A2CF68EFC7A2AC32DD7 |
SHA-256: | 61C66D8502524C24D7EF54B5A4055169C176FEA5DA713CFDE88FB66DA6639CBA |
SHA-512: | 6043DF47D6E36D213BA5588500EE49A589AB191A50FDD84A27914727361E2F52595B605B8A2B6FA8C003E130EEB8EE586BF3852832E08A0EE158280725224F47 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4621 |
Entropy (8bit): | 4.49453478219321 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9pAVXWpW8VYdYm8M4Jqrj4FM+q8ZV3ESAEuquLd:uIjfHI7oU7VhJ6qES0nLd |
MD5: | 8781236B8B047989F87A9B10790756F3 |
SHA1: | 6266B4BFE3F2A192FFD1B94F0158B085E258BC9F |
SHA-256: | 65CD0B2D8F269783AE318B3A694DB111655D3835A4794D0F80A9B9A72DACE299 |
SHA-512: | E2FC3ADAF47318B303F3F87210F5EDB7F5608DA67FEE16C702F6B155EF6DD17A616B05812F80F36D03005DCC88E9938C9D55DB1DCCCBAA4CC296B45895749D1D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 109992 |
Entropy (8bit): | 2.2102654817891314 |
Encrypted: | false |
SSDEEP: | 768:IeiyYo3zsJ3NJmypS7u9P+PrrAb/QZZiLqFgm3ByNO:hMpNUyCrAbRIByNO |
MD5: | 2E573E83089229F7AC6AB27FBBE657D8 |
SHA1: | 7F5FD370A98C725A0C029AC483BC81CCE2146183 |
SHA-256: | 2B11E93BAB7E918BFF099DFADD53F3C0140B2DC35684297A1B08B2360975CD00 |
SHA-512: | 5951CE0B5928650B7DC84A3138167C81AE976FDF4A366A35642BD8B603436F8826736A41F6F4C7878FAD3C0DBD6248C3546BB0D6D8B542072872249B290BAE1C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8364 |
Entropy (8bit): | 3.6986737265805294 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJN56ISiRKkT6Y9HSU9tZGgmfBRpBa89bxHsfQbm:R6lXJz6ISiKkT6YdSU97GgmfB9xMfx |
MD5: | E5713379D29ED74050EC04C6BE82DCB3 |
SHA1: | 1C29DDE102673716D0AB19D02CF046EF34130EC1 |
SHA-256: | E8E4182CC8350932579A024EBD5B085B53EA14B572DB1E4036BEAC9E5FA38B46 |
SHA-512: | 16895AD34380C3D0A6B7CE57A81FC4AA8DA17A4A5C0D39736CC77ACA2913CDE4695B07C9C74449DF180769622F53613163CDFD48272EE7DD02F2D788F818E256 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4621 |
Entropy (8bit): | 4.4964090222404645 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9pAVXWpW8VYiYm8M4Jqrj4Fv1+q8ZV3ESAEuquLd:uIjfHI7oU7V2Jt1qES0nLd |
MD5: | CC30462520F1F166E54B1B32F0A572E9 |
SHA1: | 6D0EA15CCBB5C2CDCF103E2E2045F64F4FD22159 |
SHA-256: | AEA8A7A9AAEA9E09278C97A895C6F26134E21A6A4D70AF6F5E433EA5A7C389D7 |
SHA-512: | 7BF8203CF44873FB797C3BC977999D8511A32AB247F3E17149E3327A5B8DDECAFD9CD35F02D80A41699D8293ACDA506F31BC54A02EC93C22265C05461FE65955 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53436 |
Entropy (8bit): | 2.7637474336586374 |
Encrypted: | false |
SSDEEP: | 384:+I+bCL9Jt3hFR4sjrA4M/QZZiLqFJoNLdMEI/myl:y2L9D3JjrAb/QZZiLqFSNmIy |
MD5: | B3DC0926F4F60CF6D7CB7B13435317A6 |
SHA1: | 57E8959670D717D42036FB7D49EA04ABFF6CE857 |
SHA-256: | 13C25E4ADA0AD196165E165CF695B7AA8239822A63C9148E1D4CCD2FA4358637 |
SHA-512: | 3243EAE07B7D8BDCC751DABA194A10D39BC63038AB826C0C1B966B6BDB006698A50E30BC27FC565377B80AD9FAA8BE1434A8C1E4BEB85E9FBC25ECFB5C2CED95 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8326 |
Entropy (8bit): | 3.6931107964276846 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJNb6IRZle6Y9KSU9OZGgmfAyQpDRC89boHsf8vYm:R6lXJB6IRi6YASU9eGgmfAyq7oMf8V |
MD5: | B495F79E9D155728B138101A4EE67B08 |
SHA1: | 18BA339E692491A21DC5DDC7880534BCF6218DF2 |
SHA-256: | 3701064C4161C583CB70C2104582C8259C04044652F8DF14F56903A6B4CB309F |
SHA-512: | A9AB953EFE2514D79423F8E4516695E5E15D2B0AA78BF483A63B0E7AA56C031BAD75533744FAF33B0C8841BF48CB542C9C202C8A78D460D5C974C21B3E902C3B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4583 |
Entropy (8bit): | 4.4615254764035175 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zstJg77aI9pAVXWpW8VYtHYm8M4JqrjNjFq+q8ZVgtESAEuquLd:uIjfHI7oU7V+aJ/jES0nLd |
MD5: | 38C718F49EC06A7398563D35BD8C498F |
SHA1: | 8FDB342E1D0504CD5EFED67AD9F7289C2402337A |
SHA-256: | BA1C752371D37BD7CCA4A35C1E198254420880FD63AE76DCA1BE363E8AE1B8C8 |
SHA-512: | 5A8CE58091279CC5B9B1170190DEFC80CA4B19F1AB06938F4E4A6FFC97962D33A335A9EC25BFADA7D9F546F4F63B2F9787F45F6291C256419F5C388C64343A17 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\Wz9s7ibPaf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:V:V |
MD5: | CFCD208495D565EF66E7DFF9F98764DA |
SHA1: | B6589FC6AB0DC82CF12099D1C2D40AB994E8410C |
SHA-256: | 5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9 |
SHA-512: | 31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.4654059849519845 |
Encrypted: | false |
SSDEEP: | 6144:UIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNzdwBCswSbo:pXD94+WlLZMM6YFHx+o |
MD5: | BE037DAF12D4EC4DFF9777080F706108 |
SHA1: | 040170E59300068628D39EB13676C226946A9D7A |
SHA-256: | 9B53AF9362BBFBA17B846D1861CF7F7B244352C3D59276225A7F33C941977471 |
SHA-512: | 5FAA7763267BC94A3B7CD5EBA57343F117191B88717451B8F7BB1340F32ECE019DBFA06C0CBC15ECB6773FD2B0B0209D688A6DE9C8B644E82C4265B3BFB4995C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.166794276158295 |
TrID: |
|
File name: | Wz9s7ibPaf.exe |
File size: | 318'976 bytes |
MD5: | 072808f550a495b45920fa2f0f239d3e |
SHA1: | 72c07f574b55f5da5d8bea8d1c87e024e5925f15 |
SHA256: | 99d42ee02b2d43170796ccb36e5f05318a713fbbb2b48067024a555a58a57dc9 |
SHA512: | 1cbb966a3216c8968fbd58ebecdd2d55dec2567cd8d89857acd618c0d6c128c61d5edb93e7518766ea3166c8e47ecb6920360c06d37e0d1de825dd2fb16445f7 |
SSDEEP: | 3072:WOhBfC8R+bIlGXY+XKdK1QUdLUUDO3bvd+A+kYiTmxtViZmmJVjkKbzGbIXyrN9H:L8pdoxiskxe4KW+qN9Xi |
TLSH: | 4D649E2272E1AC64F6734B33FD3DC6A4162EF9614FA9675B33186E0F04710A1C66A763 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................PE..L......c................... |
Icon Hash: | 63796de971636e0f |
Entrypoint: | 0x403c06 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x63B3B0C2 [Tue Jan 3 04:36:18 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | d6cc7eef7e91d5b40575c3542ffc17dc |
Instruction |
---|
call 00007FA9E4E51F52h |
jmp 00007FA9E4E4D525h |
push 00000014h |
push 00415CE8h |
call 00007FA9E4E50359h |
call 00007FA9E4E52123h |
movzx esi, ax |
push 00000002h |
call 00007FA9E4E51EE5h |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007FA9E4E4D526h |
xor ebx, ebx |
jmp 00007FA9E4E4D555h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007FA9E4E4D50Dh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007FA9E4E4D4FFh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007FA9E4E4D52Bh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007FA9E4E51958h |
test eax, eax |
jne 00007FA9E4E4D52Ah |
push 0000001Ch |
call 00007FA9E4E4D601h |
pop ecx |
call 00007FA9E4E4F4A2h |
test eax, eax |
jne 00007FA9E4E4D52Ah |
push 00000010h |
call 00007FA9E4E4D5F0h |
pop ecx |
call 00007FA9E4E51F5Eh |
and dword ptr [ebp-04h], 00000000h |
call 00007FA9E4E50F8Ch |
test eax, eax |
jns 00007FA9E4E4D52Ah |
push 0000001Bh |
call 00007FA9E4E4D5D6h |
pop ecx |
call dword ptr [004100BCh] |
mov dword ptr [00AE7948h], eax |
call 00007FA9E4E51F79h |
mov dword ptr [004411ACh], eax |
call 00007FA9E4E5191Ch |
test eax, eax |
jns 00007FA9E4E4D52Ah |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x160f4 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6e8000 | 0xe5f8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x101f0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x15638 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x155f0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x10000 | 0x198 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xe550 | 0xe600 | bdc1a5737de7c01fe76d9fbda10767f9 | False | 0.6031929347826087 | data | 6.695412901641901 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x10000 | 0x6a4c | 0x6c00 | 2c94cb5ef1915ec87a6e05805b7d885d | False | 0.38577835648148145 | data | 4.707533963712006 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x17000 | 0x6d094c | 0x2a200 | 66a19646004007b643646b8259029872 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x6e8000 | 0xe5f8 | 0xe600 | 743bc7d093c75c5734e2f6fa44c8d21d | False | 0.3995414402173913 | data | 4.412904910165574 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
YAMIXOZUMIXEFIZ | 0x6f1f60 | 0x9e7 | ASCII text, with very long lines (2535), with no line terminators | Romanian | Romania | 0.6035502958579881 |
RT_CURSOR | 0x6f2948 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.2953091684434968 | ||
RT_CURSOR | 0x6f37f0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.46705776173285196 | ||
RT_CURSOR | 0x6f4098 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5361271676300579 | ||
RT_CURSOR | 0x6f4630 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4375 | ||
RT_CURSOR | 0x6f4760 | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 0 | 0.44886363636363635 | ||
RT_ICON | 0x6e8620 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.5345622119815668 |
RT_ICON | 0x6e8ce8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.4107883817427386 |
RT_ICON | 0x6eb290 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.44592198581560283 |
RT_ICON | 0x6eb728 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Romanian | Romania | 0.5173240938166311 |
RT_ICON | 0x6ec5d0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Romanian | Romania | 0.5090252707581228 |
RT_ICON | 0x6ece78 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Romanian | Romania | 0.4544930875576037 |
RT_ICON | 0x6ed540 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Romanian | Romania | 0.47398843930635837 |
RT_ICON | 0x6edaa8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | Romanian | Romania | 0.28018672199170125 |
RT_ICON | 0x6f0050 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | Romanian | Romania | 0.30816135084427765 |
RT_ICON | 0x6f10f8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | Romanian | Romania | 0.33729508196721314 |
RT_ICON | 0x6f1a80 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | Romanian | Romania | 0.36879432624113473 |
RT_STRING | 0x6f4a20 | 0x4b0 | data | Romanian | Romania | 0.4483333333333333 |
RT_STRING | 0x6f4ed0 | 0x3c2 | data | Romanian | Romania | 0.4490644490644491 |
RT_STRING | 0x6f5298 | 0x5cc | data | Romanian | Romania | 0.4420485175202156 |
RT_STRING | 0x6f5868 | 0x666 | data | Romanian | Romania | 0.4352869352869353 |
RT_STRING | 0x6f5ed0 | 0x4c6 | data | Romanian | Romania | 0.4533551554828151 |
RT_STRING | 0x6f6398 | 0x260 | data | Romanian | Romania | 0.4753289473684211 |
RT_GROUP_CURSOR | 0x6f4600 | 0x30 | data | 0.9375 | ||
RT_GROUP_CURSOR | 0x6f4810 | 0x22 | data | 1.0588235294117647 | ||
RT_GROUP_ICON | 0x6eb6f8 | 0x30 | data | Romanian | Romania | 0.9375 |
RT_GROUP_ICON | 0x6f1ee8 | 0x76 | data | Romanian | Romania | 0.6694915254237288 |
RT_VERSION | 0x6f4838 | 0x1e8 | data | 0.5532786885245902 |
DLL | Import |
---|---|
KERNEL32.dll | InterlockedIncrement, SetConsoleTextAttribute, ReadConsoleA, GetCurrentProcess, GetTickCount, GetCommConfig, GetConsoleAliasesLengthA, GetWindowsDirectoryA, GlobalAlloc, GetVolumeInformationA, GetLocaleInfoW, GetSystemPowerStatus, GetConsoleAliasExesLengthW, GetVersionExW, FindNextVolumeW, GetConsoleAliasW, CreateFileW, ExitThread, GetHandleInformation, GetLastError, GetCurrentDirectoryW, FindResourceW, PeekConsoleInputW, RemoveDirectoryA, LoadLibraryA, WriteConsoleA, GetNumberFormatW, QueryDosDeviceW, GlobalFindAtomW, GetModuleFileNameA, FindFirstVolumeMountPointA, VirtualProtect, _lopen, GetCurrentProcessId, ResetWriteWatch, AreFileApisANSI, OutputDebugStringW, HeapReAlloc, LoadLibraryExW, GetProcAddress, GetEnvironmentVariableW, MultiByteToWideChar, EncodePointer, DecodePointer, ReadFile, GetCommandLineA, RaiseException, RtlUnwind, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, FlushFileBuffers, WriteFile, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, DeleteCriticalSection, ExitProcess, GetModuleHandleExW, HeapSize, HeapFree, IsDebuggerPresent, SetFilePointerEx, GetStdHandle, GetFileType, GetStartupInfoW, HeapAlloc, GetProcessHeap, GetModuleFileNameW, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetModuleHandleW, GetStringTypeW, LCMapStringW, SetStdHandle, WriteConsoleW, CloseHandle |
USER32.dll | ChangeMenuA, CharLowerBuffA, DrawFrameControl, CharUpperBuffW |
ADVAPI32.dll | ReadEventLogA |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Romanian | Romania |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
03/28/24-10:42:54.613617 | TCP | 2856233 | ETPRO TROJAN Win32/Unknown Loader Related Activity (GET) | 49729 | 80 | 192.168.2.4 | 185.172.128.90 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 28, 2024 10:42:54.426615953 CET | 49729 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 28, 2024 10:42:54.610027075 CET | 80 | 49729 | 185.172.128.90 | 192.168.2.4 |
Mar 28, 2024 10:42:54.613435030 CET | 49729 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 28, 2024 10:42:54.613616943 CET | 49729 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 28, 2024 10:42:54.796967983 CET | 80 | 49729 | 185.172.128.90 | 192.168.2.4 |
Mar 28, 2024 10:42:55.451370955 CET | 80 | 49729 | 185.172.128.90 | 192.168.2.4 |
Mar 28, 2024 10:42:55.451476097 CET | 49729 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 28, 2024 10:43:00.456558943 CET | 80 | 49729 | 185.172.128.90 | 192.168.2.4 |
Mar 28, 2024 10:43:00.457356930 CET | 49729 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 28, 2024 10:43:07.540776968 CET | 49729 | 80 | 192.168.2.4 | 185.172.128.90 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49729 | 185.172.128.90 | 80 | 6860 | C:\Users\user\Desktop\Wz9s7ibPaf.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 28, 2024 10:42:54.613616943 CET | 411 | OUT | |
Mar 28, 2024 10:42:55.451370955 CET | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 10:42:48 |
Start date: | 28/03/2024 |
Path: | C:\Users\user\Desktop\Wz9s7ibPaf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 318'976 bytes |
MD5 hash: | 072808F550A495B45920FA2F0F239D3E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 10:42:49 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 10:42:49 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 10:42:50 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 10:42:51 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 10:42:51 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 10:42:52 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 10:42:54 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 10:42:54 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 10:42:54 |
Start date: | 28/03/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 10:42:54 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd70000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 20 |
Start time: | 10:42:54 |
Start date: | 28/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x130000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.6% |
Dynamic/Decrypted Code Coverage: | 7% |
Signature Coverage: | 12% |
Total number of Nodes: | 401 |
Total number of Limit Nodes: | 6 |
Graph
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6F78E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D70 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 311networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0273003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403140 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403240 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02730E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041239F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6F44D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418FB1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02749043 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418DDC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0273888C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408625 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02748CCA Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418A63 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0273092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C9D1 Relevance: 3.0, APIs: 2, Instructions: 34timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408823 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02748F1D Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418CB6 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02749149 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418EE2 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027414B9 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411252 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02738A20 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004087B9 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02739A77 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A3F Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421D88 Relevance: 1.2, Instructions: 1219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C09 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409810 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B6F06B Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02730D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027413A9 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411142 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0273D287 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D020 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407ED4 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416FE1 Relevance: 18.4, APIs: 12, Instructions: 373COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0273B139 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AED2 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02740E3F Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410BD8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02747667 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417400 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027468D1 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041666A Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407A49 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041141B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02737CB0 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02735EB7 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C50 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C673 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A86C Relevance: 7.7, APIs: 5, Instructions: 244COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02732E47 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413001 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027457AB Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415544 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 027333A7 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408044 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0273EA5E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7F7 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0273B4E3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B27C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |