Windows
Analysis Report
7GXKafhbnD.exe
Overview
General Information
Sample name: | 7GXKafhbnD.exerenamed because original name is a hash value |
Original sample name: | 5ef4cf46165c932ee117830e7cd38ccf.exe |
Analysis ID: | 1417461 |
MD5: | 5ef4cf46165c932ee117830e7cd38ccf |
SHA1: | d45fc4a83fcd2a1fec421d55635d51bf02646d37 |
SHA256: | 3ffdada986edc6412a966b49b35d63b38d836252f77c4c6488b3b564653f3af7 |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 7GXKafhbnD.exe (PID: 7392 cmdline:
"C:\Users\ user\Deskt op\7GXKafh bnD.exe" MD5: 5EF4CF46165C932EE117830E7CD38CCF) - WerFault.exe (PID: 7472 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7540 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7620 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 744 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7680 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 776 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7736 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 996 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7796 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 101 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7860 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 108 4 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7920 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 136 8 MD5: C31336C1EFC2CCB44B4326EA793040F2) - cmd.exe (PID: 7952 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /im "7GX KafhbnD.ex e" /f & er ase "C:\Us ers\user\D esktop\7GX KafhbnD.ex e" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7960 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 8024 cmdline:
taskkill / im "7GXKaf hbnD.exe" /f MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - WerFault.exe (PID: 8032 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 132 4 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
GCleaner | No Attribution |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
Click to see the 1 entries |
Timestamp: | 03/29/24-11:16:56.193727 |
SID: | 2856233 |
Source Port: | 49730 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Snort IDS: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00404610 | |
Source: | Code function: | 0_2_00409810 | |
Source: | Code function: | 0_2_00413C09 | |
Source: | Code function: | 0_2_00413414 | |
Source: | Code function: | 0_2_00421D88 | |
Source: | Code function: | 0_2_006E4877 | |
Source: | Code function: | 0_2_006E9A77 | |
Source: | Code function: | 0_2_006F367B |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_007A0116 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_00404610 | |
Source: | Command line argument: | 0_2_006E4877 | |
Source: | Command line argument: | 0_2_006E4877 | |
Source: | Command line argument: | 0_2_006E4877 | |
Source: | Command line argument: | 0_2_006E4877 |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00408541 | |
Source: | Code function: | 0_2_0040FFFB | |
Source: | Code function: | 0_2_006F41D7 | |
Source: | Code function: | 0_2_006F0262 | |
Source: | Code function: | 0_2_006FC678 | |
Source: | Code function: | 0_2_006FC6C9 | |
Source: | Code function: | 0_2_006F47CE | |
Source: | Code function: | 0_2_006E87A8 | |
Source: | Code function: | 0_2_007A280E | |
Source: | Code function: | 0_2_0079F0ED | |
Source: | Code function: | 0_2_007A3137 | |
Source: | Code function: | 0_2_007A3192 | |
Source: | Code function: | 0_2_0079F21D | |
Source: | Code function: | 0_2_007A22F9 | |
Source: | Code function: | 0_2_007A2333 | |
Source: | Code function: | 0_2_007A4EF8 | |
Source: | Code function: | 0_2_007A4EF8 | |
Source: | Code function: | 0_2_007A0EB5 | |
Source: | Code function: | 0_2_007A4EF8 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | API coverage: |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_00405C50 |
Source: | Code function: | 0_2_0040C12B |
Source: | Code function: | 0_2_00411142 | |
Source: | Code function: | 0_2_0040C631 | |
Source: | Code function: | 0_2_006EC898 | |
Source: | Code function: | 0_2_006E092B | |
Source: | Code function: | 0_2_006F13A9 | |
Source: | Code function: | 0_2_006E0D90 | |
Source: | Code function: | 0_2_0079F9F3 |
Source: | Code function: | 0_2_00416A3F |
Source: | Process token adjusted: |
Source: | Code function: | 0_2_0040C12B | |
Source: | Code function: | 0_2_00407C46 | |
Source: | Code function: | 0_2_00408625 | |
Source: | Code function: | 0_2_004087B9 | |
Source: | Code function: | 0_2_006E888C | |
Source: | Code function: | 0_2_006E8A20 | |
Source: | Code function: | 0_2_006EC392 | |
Source: | Code function: | 0_2_006E7EAD |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Process created: |
Source: | Code function: | 0_2_00408823 |
Source: | Code function: | 0_2_004188F2 | |
Source: | Code function: | 0_2_0041893D | |
Source: | Code function: | 0_2_004189D8 | |
Source: | Code function: | 0_2_00411252 | |
Source: | Code function: | 0_2_00418A63 | |
Source: | Code function: | 0_2_00418CB6 | |
Source: | Code function: | 0_2_00418DDC | |
Source: | Code function: | 0_2_00418EE2 | |
Source: | Code function: | 0_2_00411774 | |
Source: | Code function: | 0_2_00418FB1 | |
Source: | Code function: | 0_2_006F9043 | |
Source: | Code function: | 0_2_006F9149 | |
Source: | Code function: | 0_2_006F19DB | |
Source: | Code function: | 0_2_006F9218 | |
Source: | Code function: | 0_2_006F8B59 | |
Source: | Code function: | 0_2_006F8BA4 | |
Source: | Code function: | 0_2_006F8C3F | |
Source: | Code function: | 0_2_006F8CCA | |
Source: | Code function: | 0_2_006F14B9 | |
Source: | Code function: | 0_2_006F8F1D |
Source: | Code function: | 0_2_0040C9D1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 23 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1316639 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
25% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.172.128.90 | unknown | Russian Federation | 50916 | NADYMSS-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1417461 |
Start date and time: | 2024-03-29 11:16:07 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 27 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 7GXKafhbnD.exerenamed because original name is a hash value |
Original Sample Name: | 5ef4cf46165c932ee117830e7cd38ccf.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@15/38@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.22
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
11:17:08 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.172.128.90 | Get hash | malicious | GCleaner | Browse |
| |
Get hash | malicious | GCleaner, RedLine | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | Glupteba | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NADYMSS-ASRU | Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| |
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | GCleaner, RedLine | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | GCleaner, Nymaim | Browse |
| ||
Get hash | malicious | GCleaner, Nymaim | Browse |
| ||
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_0aead8bd-3d69-471e-88d4-9d281264b63e\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8800631974519376 |
Encrypted: | false |
SSDEEP: | 96:PiMsZsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKVL:AZs056rojhczuiF6Z24IO8q |
MD5: | 0298412F1B342699D1645E13FFA81CF9 |
SHA1: | 6FA28B11D30139DBB0FD49B1143AF9F638F91D26 |
SHA-256: | 5160FC6325B3C283880E702D0301EE917F557C6A050190445AC1F75695A6F41D |
SHA-512: | D754290863ADF729C14F82C3D578B0D8942D9F5A5007AA8D130FCE8A1E9A651311E053EFF3C678AB3E994DAB7CF30D7C2EB96DCD209433D10C34270D55C97D02 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_2071ee8d-b7b5-4580-802a-4d51b6c53b0d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8371838702982257 |
Encrypted: | false |
SSDEEP: | 96:RCsKsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKVhL:JKs056rojh6zuiF6Z24IO8q |
MD5: | BD75434DC71BEC8E0BE44FD829A3DB79 |
SHA1: | 6C7F4EEB0428EEC7636ED085692DD5F28757ED09 |
SHA-256: | 8356370F0B5908F1FD0B651EFF4EF6A23C7D41D1D4F7B74E5CDC7A8AF950F10A |
SHA-512: | AFFF5916769B78B1C05FFEE84B237360BE41CCE09E34403197C78EBB3AB82D0262C4BB69ADEFDF04DF91B3437E80F7E65FA1C464B54B44C6F7EFEE1CA7326827 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_31a3bfa8-276c-45f5-900e-ff34cdff71dc\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8370442095000293 |
Encrypted: | false |
SSDEEP: | 96:SRNFs1sxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKf:sc1s056rojh6zuiF6Z24IO8q |
MD5: | A70794080D0E244D47B2BC70D28BCECF |
SHA1: | E4C21FECA73A09A6E5F6B16A12DBDC5CC74EBF54 |
SHA-256: | FE6AD80AC8B6B077D0CA0B2FBBD4891883F4DA771AA379C40E43025D3E70DF0D |
SHA-512: | 3A4216BC6EBEE29B97F211A39938BCD793C617726F6CF1840E4699EB4E9BBE5376E63B518EDE58B29F523D85EF271A831A5E8B5049F9A9CF72D37375B3208BFD |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_5c5ac96f-d7e2-4949-80e3-2909ce5346b1\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9344790159119628 |
Encrypted: | false |
SSDEEP: | 96:rvmspsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKVd:/ps056rojhE7zuiF6Z24IO8q |
MD5: | 3F36F4FD14D4786DA7EA7DC7E4951E98 |
SHA1: | B6FB82E5CEFEA5CD938CCFD5A9148250275592D9 |
SHA-256: | 5FF937037C009A8273DCE58832C7C0A298986DA4D360E08D2415861908498A07 |
SHA-512: | B378AE63F7A7FD756DAC8CD53DB1151CD9BE12EE6E954034BAA04FDE73C6C815AC111C26C3BC3ED0968721E312B4E51543F7023B910C0FAC500ADB23D2504627 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_7f753e3f-3102-41ca-ade0-19e5c0e39648\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8593283098330304 |
Encrypted: | false |
SSDEEP: | 96:assGsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKVh3:QGs056rojhGzuiF6Z24IO8q |
MD5: | 4055EA2D808C960D0D7FC7D9723490EA |
SHA1: | 9C0321E30DC2719432D76E2E3F0921152B633BC9 |
SHA-256: | D30F88399EA07E647402C2721CA2B2B5AE8AD238F0B27C78D3B7D6C1434FE0B6 |
SHA-512: | 1C36BCF1996FF665E747B77BD044B542807D56AAC6214F5F2AF0E42B49E94C76AC7930619C306815360308603301790D3D50238F7781C96DC9E6F1AD9CE36A12 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_807cc0ca-2485-4f33-9f4a-dfce8bfb587c\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8370483785105234 |
Encrypted: | false |
SSDEEP: | 96:zqrDAyPsYYsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9W6:OABPs056rojh6zuiF6Z24IO8q |
MD5: | 56FF819AA07A872363676230D59F5EAC |
SHA1: | 6FABD19C2CC11BD222F1D192A886EA9DAB380FA3 |
SHA-256: | 2F434DFDA9AAB87B6AE389A140246E95BB33899A8430DAEB8672838BACB7D396 |
SHA-512: | 4F91BC73651196BB22A238AC1EAB9DB0A8E30C0E025F95CF23E3D4756241F7384C55F63B363AE9A58B15639A5C407CF372A1E87C8CC34FC0374BFDA0504DFB32 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_92628ab3-bdbe-4a55-ae04-f985aafaaeec\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.852584714889518 |
Encrypted: | false |
SSDEEP: | 96:J0susrsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADK1:lrs056rojhwzuiF6Z24IO8q |
MD5: | FAA3B1E010A8CF8E4F9204DB585578C9 |
SHA1: | 36AAB37D3C41369EAF9011C6EC17D38C472C114A |
SHA-256: | D64A098DE8CE6460E37716A061B551E4D810662BE79B36B9647F049BD4954AA8 |
SHA-512: | 765CB4BDE9C8194E8A046EE8AC67B625D86F50969E9527FABC87FCF13057D764DC860E59CF8AE8326B7AB015B38B60A6A77F6210888E20EA5306EAD0197C5E40 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_c878b971-1e7f-4be1-90e3-8a1ccd8f2f2c\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8371282400660914 |
Encrypted: | false |
SSDEEP: | 96:xmgxNshsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADC:sgxehs056rojh6zuiF6Z24IO8q |
MD5: | 12583B86E629565F252C7FE3E3B4CA87 |
SHA1: | 5E9C6C14D9DF3359D0C9EDF3CDEAC6806CFA4874 |
SHA-256: | 76B2106F92D57CAE89D9A4E869472EE6CB1763FFC253EB8AE3A72569390E05C5 |
SHA-512: | 5D8BAE67553CFCE9365874EF1962D1D9C6E766FF33FBDC1E33267D4D19F675EA62AF348562DA34676B63A24ECE02E3E0F2E6927B50C178D364DDFB5DE0E9AF51 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_f059f8719164c84f855d378d9bb8bb5244bf721d_0465960d_2553eece-d477-4481-9dc0-ee4e029d95cd\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9990182365205962 |
Encrypted: | false |
SSDEEP: | 96:+zB62sDsxhDj7efAQXIDcQSc6wQcEqcw3RP+HbHg/8BRTf32rLWIOy4H9WEADKV0:wBGDx0MUQAlUjhEYedzuiF6Z24IO8n |
MD5: | 454B22A50DD241D18B8DF66D38164DEB |
SHA1: | 723028A2D47B0DDA7C46F8B7F9608380E605D249 |
SHA-256: | FC359EF4E8D58C2123FAA218EB877E66E525E43A4C3489EEAE1E636193537285 |
SHA-512: | 298E1D05E2432E2F3022B1302C2FCAFD2C64E41CCE178102888B455A500C9ADA01F488B111C08C7C188E87C5005590994A09B1DE2C86875E213FBCF2D23F6B56 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60774 |
Entropy (8bit): | 2.175656964678194 |
Encrypted: | false |
SSDEEP: | 192:9d+YYXZn+dH8O2o5oNffN52UassfRMRdCWe7Io0kRRWVYqwUvL/m5LcjGDT007fN:eDn+dHzz5IfvsZMCryVYq/vL/m5hD/3 |
MD5: | FB9C400630E3F370BEF0409096261C6B |
SHA1: | E2C82B134393FA30B3AF4B38CE934431449BE67A |
SHA-256: | DEC6B8E3D4FFFBB7EC31837EB4BF81BA68998B682CA799779EE715DA9404AE95 |
SHA-512: | 7D107D74E86832F2A86D6C81AA6DAF31EF9C4F71DDFBAD8F77EF797EF25B302ED98EA12DF14A1FCC2110FF503957AC41F77108234C12740AC066C2DE94C22A14 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.706166979910624 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJaq6XgL6Y9cSUEdgmfW8pBRC89bPesf+AMlm:R6lXJX6Xc6Y2SUEdgmfW47Pdfr |
MD5: | BF85E4ABEF0DF577F71AF55EA8C58806 |
SHA1: | E826366918D5412058E42B228C1D50801A3B9C1A |
SHA-256: | 8B6E6FF1FE07D032E41FC53AFF54BD36F93792A1058061540E6E34E0232CE8DB |
SHA-512: | C99AD92822E2003974773DD052DC14736B9DE20E907BC8A00E442978454E313D449F7A9AB49D6A20864748645A366A063BA44E9EF72340FD3D90C04DC63F04FF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.488090684859657 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYTYm8M4JiJFF+q8vHBMN/Td:uIjf0I7vD7V7JCKh2/Td |
MD5: | 1A75E533B08E897A01304971CB771471 |
SHA1: | 0B24BE45E319EB6F493EDD9D5E6A613995588C80 |
SHA-256: | 55FF198E2F0F07DCDE7428EB3396DB6980E6A432EB4BF1204910140EADEB2C86 |
SHA-512: | C15F281741FEF29585D27D86FAFBA1AD2B2B12A1EF36C0F9F064BF533F51A840B6BD7CBFC736E4F98736EB9755D889EB07CC93F1E27838E0729CD623B2DD4AEC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 70446 |
Entropy (8bit): | 1.9294194592958627 |
Encrypted: | false |
SSDEEP: | 192:9+03xQXdeSH7gLO2oL3oNsU2St0s8I6zdsFTzWB7qNUvL/m5LcjrBQm4aI40Zu9H:Q0MeSH7gSzrbNsS8CqqvL/m5oBup/Kv |
MD5: | 98AC8438D37A5EBCAFC9518AF5416CAE |
SHA1: | 2753E4A92F64AEB2269A98849A363CBAE8152D5B |
SHA-256: | 8FF7DD23EA6FC5A52517D77E22FBA2C6A7B921013918DF86CD568A2107C39370 |
SHA-512: | 5CD64A2610E98C762D2A91CA1607BA50E21F20B2DB5D361FB05E7D37F20AFEE82DEF66FDA613D7834775D24233A6D3B79687599BDEE7900832E80231AF787888 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.7048863562766914 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJa165kK6Y9zSUZgrgmfW8pBa89bPesf1Dvlm:R6lXJo636YZSUZegmfWoPdf10 |
MD5: | 8E492319A8D981666DB071F889B7858C |
SHA1: | B1DD0E7650C85F48969B9C890D96B29C48A25F3E |
SHA-256: | 56CD6222F5E24F0BDD3CE6664922766C1A54F6B5DBB080518330AA497FC1CE69 |
SHA-512: | 9EB6DD5ECE346A72D6F3D1C8A6678C2D653ABB33B757D1E254A84D94E5D126047C0A6802DFA811217482D37C8063099A309780AB3F3DA665C11FBFAF7092C41C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.489578977185828 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYVYm8M4JiJFq0P+q8vHBMN/Td:uIjf0I7vD7VtJD0PKh2/Td |
MD5: | AB58FEC02DEA22FF13C379DA82381697 |
SHA1: | 7DE1FB6C72A762BBDFACA0E6511B0CF0D25A2837 |
SHA-256: | A20A540605756621E45B0967C9ED7DF138C444C9B74374E41C1354FC31CF6AA5 |
SHA-512: | EB48B3143DCF0C01D5C63483E6ADAEB3444443FAD97C675DB36FBA4F4DBB101C7484493F5254CAB7A389170A46F8EE0F87FDA783F796FD8C4CA1029353A3B6A7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 70022 |
Entropy (8bit): | 1.9450199532182377 |
Encrypted: | false |
SSDEEP: | 192:Q1H13xQXdeSHSO2oVuF6oNsU2nOqLqDDzWB7kiBusn5LNUvL/m5LcjMlDcprI2MK:yMeSHtzm6bheSkxs5LqvL/m5/lD+/T |
MD5: | F9B343A91E2C5F30B26A3CB97F3238DD |
SHA1: | 0D170BF2CDDBD9D764D576DDF386255956B169C1 |
SHA-256: | B6F8371E59DD882C8AEFCF3F416D19065CF6C8586B4A481B71B3AC97720D272F |
SHA-512: | DBAD81DFE3EA8C946CCA42C2C890BE1FDAF528605E871F0D7CAA1743DBAC4200239461CCDBC2F4D1F343B5DEA8D30C164CBFAD30CB247F8A29B501B29D563F73 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.704987626043707 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJaY65Z/6Y9ISUZgrgmfW8pBP89bGesfS0im:R6lXJV6H/6YiSUZegmfWbGdfSA |
MD5: | 8E6448EF806613C2BD8D6C5C9416D0A6 |
SHA1: | 5EAC622276DE91C14CAC416F7944AAC334CAA665 |
SHA-256: | 437443802A95631F280BC1D5759A7ADA8A7BB45109D6E9C364113B7167A39692 |
SHA-512: | 0205EA7553CAB09729EAF86F05629C391007BBF476A0847333F08257F5FBDE10A39A5F77EF48F30FCBFF40D23DE523E4060B02C8AA86614C577CFDB2126D855E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.488676510021866 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYBYm8M4JiJFV+q8vHBMN/Td:uIjf0I7vD7VxJmKh2/Td |
MD5: | 2C601628A51E0BDD399D638E3E6760F6 |
SHA1: | 89C6C2A3E09617FD9FC50A3B8F9D5D2F93422F08 |
SHA-256: | 62B35C5AE9D2D1BB47DD54F176B97503665F88161B61F64847D49C69043D19C0 |
SHA-512: | 33BFA6CB1676AEACCD5E8FB3912D60B727C6A4DDB7A3DDFF5E6689D554D3ACCDB104C8AF3736CB66E587AE6CDB1D1CC3B7B80BF7E7C9A736B825D536953290A4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 77066 |
Entropy (8bit): | 1.9046326848213526 |
Encrypted: | false |
SSDEEP: | 384:Aiu7z4UzRbn+ss1FdXi/m5oaGXVAI8ltxE:0n4UzRb+FdXmoE |
MD5: | ABBC31943B8F9AEF4BA5370C0AE28A09 |
SHA1: | 1D7E1E8CAAA2AD8CF520A0395B46FC4772ED27ED |
SHA-256: | 31A0822C2BD22A9A64FC84CC61B371778BEFC4E3B9A5953BF513DA153D6077B0 |
SHA-512: | 0CFD357515E4805EE8DC60CC9A4662F98E4CE81099C1AEF59D8489177A40082D1106AB03211A757692CBE2A409748052CA8B0C8DDB95F824DEAEB13D7C7FE7B1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.7042223462408335 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJaG6nc6Y9vSUZgrgmfW8pB089bGesfXim:R6lXJr6c6YVSUZegmfWaGdfj |
MD5: | 3787A250FE51557EB208CECD26CECBC2 |
SHA1: | 328568588DC8F1E879F83CC7514B644CB6FF4E1D |
SHA-256: | CA12105E49218081B1AA13ADF03E08B97FB4A7EC3D8CB3F385FE05924BA404D0 |
SHA-512: | A4225E1F2C45F4456F6C4E98217BB5E39552EDC7C294E02098B0730CFA94A006449A7E16E7226817850FA36DE9AC747AB5BDFF4B24E8E9AE2EA0A1BC1A8FEA8C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.487387999588773 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYaYm8M4JiJF8+q8vHBMN/Td:uIjf0I7vD7VeJXKh2/Td |
MD5: | 7F676A678C027EA075DE23734E95C7C0 |
SHA1: | 0EF7DDEFA7541A45A1160742630BEADBA7F22911 |
SHA-256: | 8C64D46B8EF3C9BB390E086840BC801F262F4135A3BA8D5431917917FB8F3235 |
SHA-512: | BDA4E4448C9BB51A1A64D328138CA8E44F184A4B338578D8A1DB8CB056770A97AD1439DB84B9B9FA54D5D4BBBFEE0505E50266C0C7FA8A98818198E86322A2AB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 85160 |
Entropy (8bit): | 1.9490286585420362 |
Encrypted: | false |
SSDEEP: | 384:a/Ef1z0hbcRsnV6IYkPOSptAXi/m5o0RaGOyvh:uy1z0hbcRzIYAO6+X6i |
MD5: | 222BCEA7498B50EF874116B0071376C2 |
SHA1: | 2C34261782620A77F16BB0FFCE8298D3C57A4973 |
SHA-256: | F3F49BFDDF0C4CCF47C8E69822BC83B47DDAD71E7C1B80410B24A6BB0E0DB8A7 |
SHA-512: | F68CB4EC35F884F567AF19701D5D19850F2DA3393547A07943080905499ECF4E4B3D3216236580540677BD4903BF6890F05B07524FC29B4DC67C31AC17780BAC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.702954776287513 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJaM6Xyw6Y9bSUIgKgmfW8pBa89b5esfYzm:R6lXJh6D6YBSUIPgmfWo5dfR |
MD5: | 335A0893D20A0E10E9ECE3736FCFB8DD |
SHA1: | D87F1937924A3B909245B6E786806B070429A1E9 |
SHA-256: | 3D890A9953F1FA599C73E4E704378B8BABB4D058ED836AACE4769467FC13F915 |
SHA-512: | A263944F5BA740B080DBCE59A59F864CB403D8F914800B4A03333E9D1BA98B271372E3A6C8AA798B4EF8CC27D8419D8A7AE1B723D890981C1AC37A7D11ABD392 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.486931913687568 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYiYm8M4JiJF9j+q8vHBMN/Td:uIjf0I7vD7VWJyjKh2/Td |
MD5: | 2B8491DED40B57895B895D6B24809C6D |
SHA1: | A2D909CB686C6EFF72D1A7A4A2520912129FF2FF |
SHA-256: | DA126E98D9534F1CD0E6579609FEBC1606F7C25F69C35022A21218784F37075A |
SHA-512: | 40A7A0FA6B7F69763420BDF22D3F22CAEDE4AC1DFE6B21D0A6BBFFE59FB6FCB2D1CAFB407AD40972D27B918CCE5684DDFBE66733549936B1B1667D2D4658FF7F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 95508 |
Entropy (8bit): | 1.9967945536656557 |
Encrypted: | false |
SSDEEP: | 384:HYmp/1dzVvBbc4idmKauvuJJp96EXi/m51szzEJ3rcLDXtXB3+HnOeUzj:42TzjbMdmKauv4JDJXX93v |
MD5: | 77581104E5F0C66E1A468B9FF2022BFC |
SHA1: | 20B607A045D6E5B4231AABF96D04DC8D93A22D6C |
SHA-256: | 91A4144A2AFD3C64FC501D039D21D831B62547B3FB8C1143D15D91790058CB3A |
SHA-512: | D51C187ACFD548957CE49237A62D1544A131596C1C09FE7E2799C4434CC698D6D858A7214D2EE6055A2AA0E6873DF3E22EE51084AA18CF8E13F84F288A272C18 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.704562602752272 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJa66Ob06Y9evSUIgKgmfW8pBG89bwesfPwm:R6lXJn6x6YEvSUIPgmfWEwdf9 |
MD5: | E12E1B18C8B1EF19086B193754D97310 |
SHA1: | 5CB02E9552C8370035CFB1F56CC6D319C094EB34 |
SHA-256: | BF5A51BEBDE7418B714FB2122A5010E29379D8C71D8F233AF7BD2EF8B1448F76 |
SHA-512: | 8B81E110D0DAF4F83AB9F5795238E59459EBC97F1CED6C6D513AF73ABA88984E5D4475D6BF8B104901455F65476048F22C4AB0F2D7A53D9D3EDD300824C8CCBB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.488507295254293 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYhPYm8M4JiJFo+q8vHBMN/Td:uIjf0I7vD7VxJfKh2/Td |
MD5: | 7A3D8496D9721D5BBFA265C1E17E7119 |
SHA1: | 30C2223119F42FDBAF2A652376BDC050D0900131 |
SHA-256: | 85778B85E2697B0CC25626D3084A45ECAD012CE8813EDC7BE5096DC99F56E6C5 |
SHA-512: | 5E7BC20E3411ECF9D9B5D58795D6B890DCD83104AC3E39D2029C81125F4D08F2C61D736FD0483A52A2140A03C313395341912E1138CE6DA96C158B454AAD51BE |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106154 |
Entropy (8bit): | 2.0637235881966087 |
Encrypted: | false |
SSDEEP: | 384:fvRCpEAL5zF3OGbc1s3gkr7lyBf2nzb+oSVKnX8lUF1m5JuBgqOrDr4Ar/c+Dr:fY+c5zBbc1QdJSkfSVKnXn9MrDrHl |
MD5: | 7906FB6DCA887C3A504C104F7C36E21D |
SHA1: | 177306CD361F0BBAB571BDD53BB8368E4C26DF90 |
SHA-256: | DA593FB516F2F967361AA559756D6048A06E6793906FECAB520313A6BF5A7485 |
SHA-512: | 8D60C925E8269A17CB1F3E8E7427B14E0294FDB4816C8F4E19426B2A0532466E354DAB32B462DB56740F9BE60738D6046B60938FCD8A72B85CFA9ACE070746DB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8412 |
Entropy (8bit): | 3.704773300725653 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJa1696Y9RSUNgn6GgmfW8pB089biesfYvWm:R6lXJY696Y7SUN+gmfWaidf4 |
MD5: | E04349F132BD431504037C2481DD2740 |
SHA1: | A92471C662D288E16653508709E6336A5DFEA696 |
SHA-256: | BAACF683BD70BFE5C7274A1A746B7C061824B68A0E589203CDBF1FEFFD613B1F |
SHA-512: | 85EF8F19386D3BE3884DE9D637E01623DC0A4C95DD26F1DB92E677503B5D2C3E7F99B3F6AF2A4C47FA4699AAAFBC038D60DD16350AD1D67F4E97728133EA5768 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.487223738628957 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYTYm8M4JiJFm/K+q8vHBMN/Td:uIjf0I7vD7VDJXiKh2/Td |
MD5: | C1F222E3912CF70C180E25A6345AB028 |
SHA1: | CF69B92151B0906C9B1C26CA87BB892B13C5A0D2 |
SHA-256: | 353026E5CB91C96FD4D4A0E5F655C440B185ABB37F890FC9E3C30DA926824C71 |
SHA-512: | 9F1262F0BC2394A5768CB329A8F44BD3376CB973D71D509454DA56BF7F4606C6CDCCEE8DC5818335D6CAE9C61907EBD757FCCFEA489BA769321E125A6469EC7B |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 44130 |
Entropy (8bit): | 2.6219495869549707 |
Encrypted: | false |
SSDEEP: | 384:YiGn+tQsRzUeqyJxmGy42iYUz5JyXof2:i+SsRznsiYgf |
MD5: | ED0D06AAFF2E5525F5A3A8D6EC81C1DB |
SHA1: | A647E00792E70980754543981C40BB462E27E179 |
SHA-256: | 911728A248A8ADED4CEAFE933A7F720D90308DD533FDC9293D10060B17B180F5 |
SHA-512: | 748766B5725160E3D80E5DB2E0B4E976DC14B096244581EBE18C46707D5F9C0056CF93EA08DDA5643F1BB75ED2888C092A2674A0C93A456475F43FA96BA9E73E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8316 |
Entropy (8bit): | 3.7033561042259735 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJaj6IpXu7w6Y9DSUt64GgmfrrsipDa89bVesfFanm:R6lXJu6Ipe7w6YZSUt8gmfrgcVdfFz |
MD5: | F0312278B2184630418A53E27E28227F |
SHA1: | 7572927A2B8D09FF355B401DC4F4F6AB4B7D66FB |
SHA-256: | 93E1FEB9BD0CF936D37AD632E5E38F69AEF5368C3B0E2E8B74AF7A9E91D6AC1E |
SHA-512: | B3B97FDC56FC105C3DFF735AFD289162000AA2D45761F860E0B05023DAFD640085FF83E5C22E0ADF407650EF8A79BA0F21DBA9488CF005A614E55F05EFD95CC2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4579 |
Entropy (8bit): | 4.470365382482564 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYX3Ym8M4JiWFAF+q8UZMN/Td:uIjf0I7vD7VTJsX2/Td |
MD5: | 06F846D36F2E30900B9B22EC9440BE6C |
SHA1: | 29CA6E181601A1CB066C3B759EF613B85827DCAE |
SHA-256: | 556FAF9921AA20EFEDE868CD50378701C89A1E886EB93F4E42339A3EA49949DD |
SHA-512: | C35E5F0240BA0658BDB918D676EEF5B5C1F7C64EF6886BC7A9F966AD215D10764AF290878F7FBFD45DFDEDC10676917BF40AD3E72ADEA39AD280081EA0ABBBB4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60882 |
Entropy (8bit): | 2.150038023698374 |
Encrypted: | false |
SSDEEP: | 384:P5Dn+dHnz1nskz8NfZfGyVYq/vL/m52jT+8w:P56HzlwNVGyVYq/+3 |
MD5: | 71B48E08C5D11B7087B3FD841FA34BCF |
SHA1: | 296C58544F34A9B478F8EBD6028C8FEE44682474 |
SHA-256: | 2CBD06CAED7515D942C0BEC74FAD6AA03593DC31EF3520EE853913FDE5FA5DC3 |
SHA-512: | 4F335CAAFD455A5722D922392831681316AA5079544055CB3900EBB440BD354BD14B9B23403633732FCB8DE735DE6F52E6A9859B2092A2B65162070E574F432D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8410 |
Entropy (8bit): | 3.705507528289536 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJaz68ke6Y9JSU7LgmfW8pBH89bUesfVA8m:R6lXJW6e6YDSU7LgmfWTUdfV6 |
MD5: | B421ABFC84D749025DD9801D238DEFFC |
SHA1: | D7996BBC1FC571D9C9EE0333334189E350575A85 |
SHA-256: | 71836630C3C73EBD79288A9D4650AAC70D5680BFDFB373A2BC0FF61AF4D1E383 |
SHA-512: | 0435C59DF799D6FA9D6B2C3EDEE1A15E02AB8D43415A2D7FC5AE86ABC4F658000F8F684C36BE891634BF599265AF4E69F994D63695DCAC4805758107A68541D7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.488592867304526 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VY3Ym8M4JiJF5N+q8vHBMN/Td:uIjf0I7vD7VrJkKh2/Td |
MD5: | 0C7EBB1A4BAF9F1212034E9B29948C36 |
SHA1: | D239F129157765B681D8223EB2276FA98DF10174 |
SHA-256: | B1F4917B3F20DA725A593C848A0A09AFA54D7964B98D825352777DD3B811C7D7 |
SHA-512: | C2D7524FE4B09E2B784F42AA653B628A48B4D088FCB2DD2AAA9167F9A8CFCE1B1C089F4C942AB99C6A787654A72F384F817EC750FF51D9BDF2299BB40E94406E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\7GXKafhbnD.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:V:V |
MD5: | CFCD208495D565EF66E7DFF9F98764DA |
SHA1: | B6589FC6AB0DC82CF12099D1C2D40AB994E8410C |
SHA-256: | 5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9 |
SHA-512: | 31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.46543540889398 |
Encrypted: | false |
SSDEEP: | 6144:VIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN7dwBCswSbd:WXD94+WlLZMM6YFH9+d |
MD5: | 7BC76060C43DF705FCD87AE0EC9198DA |
SHA1: | C64BF93937F7DFCC3D32B2D1285AD161255EE4F2 |
SHA-256: | 9FD6A13E1A29DCF7041A7D3EB6933BFF911A3F206AA7DE7446F77CEA6E6039FB |
SHA-512: | 769B563D568FBC2293E53999E877BFB0AFBD4D19A8595420748D5A49F49DC1FFB7A2BA19DFC9B2ABEB9ADFD9EAC9095A95B631EE5BD2091F36503E9DD27354CB |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.72210431191036 |
TrID: |
|
File name: | 7GXKafhbnD.exe |
File size: | 265'728 bytes |
MD5: | 5ef4cf46165c932ee117830e7cd38ccf |
SHA1: | d45fc4a83fcd2a1fec421d55635d51bf02646d37 |
SHA256: | 3ffdada986edc6412a966b49b35d63b38d836252f77c4c6488b3b564653f3af7 |
SHA512: | 33a5d66a67e4e81b105a7ce4f4e4c82fb5d42cd8d3de4b0ac42f2cf2825b65d3699d7987ecbd323de69a7ac72227e9f934c73478c48ab9add9fa6bf7edd536be |
SSDEEP: | 6144:crMgT9iXeD45U2VHSmAuLfNqeo7FGN1MFlsWY:QT9iXg45UAHJjNqeWFLc |
TLSH: | 6044D0D177E0C873D567163168B887A20A7A7D326A70C98B3758EB7E5EB03D04A36713 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Y...Y...Y...6.'.A...6...-...6...~...P.*.P...Y...2...6...X...6.#.X...6.$.X...RichY...................PE..L......e........... |
Icon Hash: | 1369454529370f17 |
Entrypoint: | 0x4028b2 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6518D4D7 [Sun Oct 1 02:09:27 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 257369aa226cb4b09879eb1a5063d4d0 |
Instruction |
---|
call 00007F597C81F520h |
jmp 00007F597C81B1CEh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 00411270h |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007F597C81B34Eh |
test byte ptr [eax], 00000008h |
je 00007F597C81B349h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [004110B8h] |
leave |
retn 0008h |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 00000328h |
mov dword ptr [00439358h], eax |
mov dword ptr [00439354h], ecx |
mov dword ptr [00439350h], edx |
mov dword ptr [0043934Ch], ebx |
mov dword ptr [00439348h], esi |
mov dword ptr [00439344h], edi |
mov word ptr [00439370h], ss |
mov word ptr [00439364h], cs |
mov word ptr [00439340h], ds |
mov word ptr [0043933Ch], es |
mov word ptr [00439338h], fs |
mov word ptr [00439334h], gs |
pushfd |
pop dword ptr [00439368h] |
mov eax, dword ptr [ebp+00h] |
mov dword ptr [0043935Ch], eax |
mov eax, dword ptr [ebp+04h] |
mov dword ptr [00439360h], eax |
lea eax, dword ptr [ebp+08h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x364b4 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x13c000 | 0x7fa8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x35ae8 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x35aa0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x190 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xfe03 | 0x10000 | 4cccaf6f1dc9d2d34e05898692d80d0b | False | 0.5941009521484375 | data | 6.641755435184662 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x11000 | 0x25dda | 0x25e00 | c109ae0e87715279c2f562d109f94b5a | False | 0.7511280424917491 | data | 6.876609517052601 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x37000 | 0x1032e4 | 0x2200 | cbb46c41e8183385fa1121a9ee063c8a | False | 0.20335477941176472 | data | 2.335031179825399 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x13b000 | 0x9cd | 0xa00 | b85f229e4962d23b2bc27d3fefa72e8e | False | 0.010546875 | data | 0.004986070829181356 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x13c000 | 0x7fa8 | 0x8000 | c4b8da47629fbad4be85db1975aae629 | False | 0.54833984375 | data | 5.557271483281829 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x142d08 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4276315789473684 | ||
RT_CURSOR | 0x142e50 | 0x134 | Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001" | 0.75 | ||
RT_ICON | 0x13c490 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Spanish | Peru | 0.43550106609808104 |
RT_ICON | 0x13d338 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Spanish | Peru | 0.5708483754512635 |
RT_ICON | 0x13dbe0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Spanish | Peru | 0.6382488479262672 |
RT_ICON | 0x13e2a8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Spanish | Peru | 0.7124277456647399 |
RT_ICON | 0x13e810 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Spanish | Peru | 0.5570539419087137 |
RT_ICON | 0x140db8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Spanish | Peru | 0.5895872420262664 |
RT_ICON | 0x141e60 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Spanish | Peru | 0.6676229508196722 |
RT_ICON | 0x1427e8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Spanish | Peru | 0.7118794326241135 |
RT_DIALOG | 0x143190 | 0x98 | data | 0.7631578947368421 | ||
RT_STRING | 0x143228 | 0xee | data | 0.5588235294117647 | ||
RT_STRING | 0x143318 | 0x6e2 | data | 0.42622020431328034 | ||
RT_STRING | 0x143a00 | 0x160 | data | 0.4971590909090909 | ||
RT_STRING | 0x143b60 | 0x448 | data | 0.458029197080292 | ||
RT_ACCELERATOR | 0x142cc8 | 0x40 | data | 0.859375 | ||
RT_GROUP_CURSOR | 0x142e38 | 0x14 | data | 1.15 | ||
RT_GROUP_CURSOR | 0x142f88 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
RT_GROUP_ICON | 0x142c50 | 0x76 | data | Spanish | Peru | 0.6610169491525424 |
RT_VERSION | 0x142fa0 | 0x1f0 | MS Windows COFF PowerPC object file | 0.5705645161290323 |
DLL | Import |
---|---|
KERNEL32.dll | CreateFileA, GetNumaProcessorNode, DebugActiveProcessStop, GetConsoleAliasExesLengthA, SetUnhandledExceptionFilter, InterlockedIncrement, HeapFree, WaitForSingleObject, SetComputerNameW, ConnectNamedPipe, GetModuleHandleW, ReadConsoleOutputA, GlobalFindAtomA, LoadLibraryW, GetLocaleInfoW, GetFileAttributesA, HeapCreate, lstrcpynW, GetAtomNameW, GetModuleFileNameW, FindNextVolumeMountPointW, SetConsoleTitleA, GetLastError, GetLongPathNameW, GetThreadLocale, GetProcAddress, CreateHardLinkW, SetConsoleDisplayMode, FindAtomA, SetSystemTime, SetConsoleTitleW, HeapSetInformation, GetCurrentDirectoryA, DeleteCriticalSection, SetCalendarInfoA, FindAtomW, CreateFileW, ReadFile, FlushFileBuffers, HeapReAlloc, GetStringTypeW, HeapAlloc, ExitProcess, DecodePointer, GetCommandLineA, GetStartupInfoW, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, IsProcessorFeaturePresent, WriteFile, GetStdHandle, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetModuleFileNameA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, Sleep, RtlUnwind, MultiByteToWideChar, HeapSize, SetStdHandle, WriteConsoleW, LCMapStringW, CloseHandle |
USER32.dll | CopyRect, GetMonitorInfoW, LoadIconA |
ole32.dll | CoTaskMemFree |
WINHTTP.dll | WinHttpAddRequestHeaders, WinHttpCloseHandle |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Spanish | Peru |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
03/29/24-11:16:56.193727 | TCP | 2856233 | ETPRO TROJAN Win32/Unknown Loader Related Activity (GET) | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 29, 2024 11:16:56.009535074 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 29, 2024 11:16:56.193474054 CET | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Mar 29, 2024 11:16:56.193556070 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 29, 2024 11:16:56.193727016 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 29, 2024 11:16:56.378149986 CET | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Mar 29, 2024 11:16:57.738781929 CET | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Mar 29, 2024 11:16:57.738862038 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 29, 2024 11:17:02.744152069 CET | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Mar 29, 2024 11:17:02.744321108 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Mar 29, 2024 11:17:09.252444029 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 185.172.128.90 | 80 | 7392 | C:\Users\user\Desktop\7GXKafhbnD.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Mar 29, 2024 11:16:56.193727016 CET | 411 | OUT | |
Mar 29, 2024 11:16:57.738781929 CET | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 11:16:50 |
Start date: | 29/03/2024 |
Path: | C:\Users\user\Desktop\7GXKafhbnD.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 265'728 bytes |
MD5 hash: | 5EF4CF46165C932EE117830E7CD38CCF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 11:16:51 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 11:16:51 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 11:16:52 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 11:16:53 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 11:16:53 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 11:16:54 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 11:16:54 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 11:16:57 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 18 |
Start time: | 11:16:58 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 11:16:58 |
Start date: | 29/03/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 21 |
Start time: | 11:16:58 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2c0000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 22 |
Start time: | 11:16:58 |
Start date: | 29/03/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x60000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.7% |
Dynamic/Decrypted Code Coverage: | 6.6% |
Signature Coverage: | 14.4% |
Total number of Nodes: | 423 |
Total number of Limit Nodes: | 6 |
Graph
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C50 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007A0116 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D70 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 311networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403140 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403240 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041239F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0079FDD5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418FB1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418DDC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F9043 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408625 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E888C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418A63 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F8CCA Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C9D1 Relevance: 3.0, APIs: 2, Instructions: 34timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408823 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418CB6 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F8F1D Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418EE2 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F9149 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411252 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F14B9 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004087B9 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E8A20 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E9A77 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A3F Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421D88 Relevance: 1.2, Instructions: 1219COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C09 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409810 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0079F9F3 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E0D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411142 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F13A9 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D020 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006ED287 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407ED4 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416FE1 Relevance: 18.4, APIs: 12, Instructions: 373COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AED2 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EB139 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410BD8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F0E3F Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417400 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F7667 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041666A Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F68D1 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407A49 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041141B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E7CB0 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E5EB7 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C673 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A86C Relevance: 7.7, APIs: 5, Instructions: 244COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E2E47 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413001 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415544 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006F57AB Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006E33A7 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408044 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7F7 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EEA5E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B27C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 006EB4E3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |