Edit tour
Windows
Analysis Report
7GXKafhbnD.exe
Overview
General Information
| Sample name: | 7GXKafhbnD.exerenamed because original name is a hash value |
| Original sample name: | 5ef4cf46165c932ee117830e7cd38ccf.exe |
| Analysis ID: | 1417461 |
| MD5: | 5ef4cf46165c932ee117830e7cd38ccf |
| SHA1: | d45fc4a83fcd2a1fec421d55635d51bf02646d37 |
| SHA256: | 3ffdada986edc6412a966b49b35d63b38d836252f77c4c6488b3b564653f3af7 |
| Tags: | 32exetrojan |
| Infos: |  |
 | |
Detection
GCleaner
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected GCleaner
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
One or more processes crash
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match
Classification
- System is w10x64
7GXKafhbnD.exe (PID: 7392 cmdline: "C:\Users\ user\Deskt op\7GXKafh bnD.exe" MD5: 5EF4CF46165C932EE117830E7CD38CCF) 
WerFault.exe (PID: 7472 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 740 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7540 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 732 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7620 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 744 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7680 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 776 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7736 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 996 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7796 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 101 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7860 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 108 4 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7920 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 136 8 MD5: C31336C1EFC2CCB44B4326EA793040F2) 
cmd.exe (PID: 7952 cmdline: "C:\Window s\System32 \cmd.exe" /c taskkil l /im "7GX KafhbnD.ex e" /f & er ase "C:\Us ers\user\D esktop\7GX KafhbnD.ex e" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7960 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) 
taskkill.exe (PID: 8024 cmdline: taskkill / im "7GXKaf hbnD.exe" /f MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - WerFault.exe (PID: 8032 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 392 -s 132 4 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| GCleaner | No Attribution |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
| Click to see the 1 entries | ||||
⊘No Sigma rule has matched
| Timestamp: | 03/29/24-11:16:56.193727 |
| SID: | 2856233 |
| Source Port: | 49730 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Joe Sandbox ML: | ||
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00404610 | |
| Source: | Code function: | 0_2_00409810 | |
| Source: | Code function: | 0_2_00413C09 | |
| Source: | Code function: | 0_2_00413414 | |
| Source: | Code function: | 0_2_00421D88 | |
| Source: | Code function: | 0_2_006E4877 | |
| Source: | Code function: | 0_2_006E9A77 | |
| Source: | Code function: | 0_2_006F367B | |
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Section loaded: | |||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_007A0116 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Command line argument: | 0_2_00404610 | |
| Source: | Command line argument: | 0_2_00404610 | |
| Source: | Command line argument: | 0_2_00404610 | |
| Source: | Command line argument: | 0_2_006E4877 | |
| Source: | Command line argument: | 0_2_006E4877 | |
| Source: | Command line argument: | 0_2_006E4877 | |
| Source: | Command line argument: | 0_2_006E4877 | |
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_00408541 | |
| Source: | Code function: | 0_2_0040FFFB | |
| Source: | Code function: | 0_2_006F41D7 | |
| Source: | Code function: | 0_2_006F0262 | |
| Source: | Code function: | 0_2_006FC678 | |
| Source: | Code function: | 0_2_006FC6C9 | |
| Source: | Code function: | 0_2_006F47CE | |
| Source: | Code function: | 0_2_006E87A8 | |
| Source: | Code function: | 0_2_007A280E | |
| Source: | Code function: | 0_2_0079F0ED | |
| Source: | Code function: | 0_2_007A3137 | |
| Source: | Code function: | 0_2_007A3192 | |
| Source: | Code function: | 0_2_0079F21D | |
| Source: | Code function: | 0_2_007A22F9 | |
| Source: | Code function: | 0_2_007A2333 | |
| Source: | Code function: | 0_2_007A4EF8 | |
| Source: | Code function: | 0_2_007A4EF8 | |
| Source: | Code function: | 0_2_007A0EB5 | |
| Source: | Code function: | 0_2_007A4EF8 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | API coverage: | ||
| Source: | Last function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405C50 | |
| Source: | Code function: | 0_2_0040C12B | |
| Source: | Code function: | 0_2_00411142 | |
| Source: | Code function: | 0_2_0040C631 | |
| Source: | Code function: | 0_2_006EC898 | |
| Source: | Code function: | 0_2_006E092B | |
| Source: | Code function: | 0_2_006F13A9 | |
| Source: | Code function: | 0_2_006E0D90 | |
| Source: | Code function: | 0_2_0079F9F3 | |
| Source: | Code function: | 0_2_00416A3F | |
| Source: | Process token adjusted: | ||
| Source: | Code function: | 0_2_0040C12B | |
| Source: | Code function: | 0_2_00407C46 | |
| Source: | Code function: | 0_2_00408625 | |
| Source: | Code function: | 0_2_004087B9 | |
| Source: | Code function: | 0_2_006E888C | |
| Source: | Code function: | 0_2_006E8A20 | |
| Source: | Code function: | 0_2_006EC392 | |
| Source: | Code function: | 0_2_006E7EAD | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | ||
| Source: | Code function: | 0_2_00408823 | |
| Source: | Code function: | 0_2_004188F2 | |
| Source: | Code function: | 0_2_0041893D | |
| Source: | Code function: | 0_2_004189D8 | |
| Source: | Code function: | 0_2_00411252 | |
| Source: | Code function: | 0_2_00418A63 | |
| Source: | Code function: | 0_2_00418CB6 | |
| Source: | Code function: | 0_2_00418DDC | |
| Source: | Code function: | 0_2_00418EE2 | |
| Source: | Code function: | 0_2_00411774 | |
| Source: | Code function: | 0_2_00418FB1 | |
| Source: | Code function: | 0_2_006F9043 | |
| Source: | Code function: | 0_2_006F9149 | |
| Source: | Code function: | 0_2_006F19DB | |
| Source: | Code function: | 0_2_006F9218 | |
| Source: | Code function: | 0_2_006F8B59 | |
| Source: | Code function: | 0_2_006F8BA4 | |
| Source: | Code function: | 0_2_006F8C3F | |
| Source: | Code function: | 0_2_006F8CCA | |
| Source: | Code function: | 0_2_006F14B9 | |
| Source: | Code function: | 0_2_006F8F1D | |
| Source: | Code function: | 0_2_0040C9D1 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Virtualization/Sandbox Evasion | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 1 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 23 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 42% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1316639 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 25% | Virustotal | Browse |
⊘No contacted domains info
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 185.172.128.90 | unknown | Russian Federation | 50916 | NADYMSS-ASRU | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1417461 |
| Start date and time: | 2024-03-29 11:16:07 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 56s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 27 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 7GXKafhbnD.exerenamed because original name is a hash value |
| Original Sample Name: | 5ef4cf46165c932ee117830e7cd38ccf.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@15/38@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.22
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 11:17:08 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 185.172.128.90 | Get hash | malicious | GCleaner | Browse |
| |
| Get hash | malicious | GCleaner, RedLine | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | Glupteba | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
|
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| NADYMSS-ASRU | Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| |
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | GCleaner, RedLine | Browse |
| ||
| Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
| Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | GCleaner, Nymaim | Browse |
| ||
| Get hash | malicious | GCleaner, Nymaim | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | GCleaner | Browse |
| ||
| Get hash | malicious | Amadey, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_0aead8bd-3d69-471e-88d4-9d281264b63e\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8800631974519376 |
| Encrypted: | false |
| SSDEEP: | 96:PiMsZsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKVL:AZs056rojhczuiF6Z24IO8q |
| MD5: | 0298412F1B342699D1645E13FFA81CF9 |
| SHA1: | 6FA28B11D30139DBB0FD49B1143AF9F638F91D26 |
| SHA-256: | 5160FC6325B3C283880E702D0301EE917F557C6A050190445AC1F75695A6F41D |
| SHA-512: | D754290863ADF729C14F82C3D578B0D8942D9F5A5007AA8D130FCE8A1E9A651311E053EFF3C678AB3E994DAB7CF30D7C2EB96DCD209433D10C34270D55C97D02 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_2071ee8d-b7b5-4580-802a-4d51b6c53b0d\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8371838702982257 |
| Encrypted: | false |
| SSDEEP: | 96:RCsKsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKVhL:JKs056rojh6zuiF6Z24IO8q |
| MD5: | BD75434DC71BEC8E0BE44FD829A3DB79 |
| SHA1: | 6C7F4EEB0428EEC7636ED085692DD5F28757ED09 |
| SHA-256: | 8356370F0B5908F1FD0B651EFF4EF6A23C7D41D1D4F7B74E5CDC7A8AF950F10A |
| SHA-512: | AFFF5916769B78B1C05FFEE84B237360BE41CCE09E34403197C78EBB3AB82D0262C4BB69ADEFDF04DF91B3437E80F7E65FA1C464B54B44C6F7EFEE1CA7326827 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_31a3bfa8-276c-45f5-900e-ff34cdff71dc\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8370442095000293 |
| Encrypted: | false |
| SSDEEP: | 96:SRNFs1sxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKf:sc1s056rojh6zuiF6Z24IO8q |
| MD5: | A70794080D0E244D47B2BC70D28BCECF |
| SHA1: | E4C21FECA73A09A6E5F6B16A12DBDC5CC74EBF54 |
| SHA-256: | FE6AD80AC8B6B077D0CA0B2FBBD4891883F4DA771AA379C40E43025D3E70DF0D |
| SHA-512: | 3A4216BC6EBEE29B97F211A39938BCD793C617726F6CF1840E4699EB4E9BBE5376E63B518EDE58B29F523D85EF271A831A5E8B5049F9A9CF72D37375B3208BFD |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_5c5ac96f-d7e2-4949-80e3-2909ce5346b1\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9344790159119628 |
| Encrypted: | false |
| SSDEEP: | 96:rvmspsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKVd:/ps056rojhE7zuiF6Z24IO8q |
| MD5: | 3F36F4FD14D4786DA7EA7DC7E4951E98 |
| SHA1: | B6FB82E5CEFEA5CD938CCFD5A9148250275592D9 |
| SHA-256: | 5FF937037C009A8273DCE58832C7C0A298986DA4D360E08D2415861908498A07 |
| SHA-512: | B378AE63F7A7FD756DAC8CD53DB1151CD9BE12EE6E954034BAA04FDE73C6C815AC111C26C3BC3ED0968721E312B4E51543F7023B910C0FAC500ADB23D2504627 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_7f753e3f-3102-41ca-ade0-19e5c0e39648\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8593283098330304 |
| Encrypted: | false |
| SSDEEP: | 96:assGsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADKVh3:QGs056rojhGzuiF6Z24IO8q |
| MD5: | 4055EA2D808C960D0D7FC7D9723490EA |
| SHA1: | 9C0321E30DC2719432D76E2E3F0921152B633BC9 |
| SHA-256: | D30F88399EA07E647402C2721CA2B2B5AE8AD238F0B27C78D3B7D6C1434FE0B6 |
| SHA-512: | 1C36BCF1996FF665E747B77BD044B542807D56AAC6214F5F2AF0E42B49E94C76AC7930619C306815360308603301790D3D50238F7781C96DC9E6F1AD9CE36A12 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_807cc0ca-2485-4f33-9f4a-dfce8bfb587c\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8370483785105234 |
| Encrypted: | false |
| SSDEEP: | 96:zqrDAyPsYYsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9W6:OABPs056rojh6zuiF6Z24IO8q |
| MD5: | 56FF819AA07A872363676230D59F5EAC |
| SHA1: | 6FABD19C2CC11BD222F1D192A886EA9DAB380FA3 |
| SHA-256: | 2F434DFDA9AAB87B6AE389A140246E95BB33899A8430DAEB8672838BACB7D396 |
| SHA-512: | 4F91BC73651196BB22A238AC1EAB9DB0A8E30C0E025F95CF23E3D4756241F7384C55F63B363AE9A58B15639A5C407CF372A1E87C8CC34FC0374BFDA0504DFB32 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_92628ab3-bdbe-4a55-ae04-f985aafaaeec\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.852584714889518 |
| Encrypted: | false |
| SSDEEP: | 96:J0susrsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADK1:lrs056rojhwzuiF6Z24IO8q |
| MD5: | FAA3B1E010A8CF8E4F9204DB585578C9 |
| SHA1: | 36AAB37D3C41369EAF9011C6EC17D38C472C114A |
| SHA-256: | D64A098DE8CE6460E37716A061B551E4D810662BE79B36B9647F049BD4954AA8 |
| SHA-512: | 765CB4BDE9C8194E8A046EE8AC67B625D86F50969E9527FABC87FCF13057D764DC860E59CF8AE8326B7AB015B38B60A6A77F6210888E20EA5306EAD0197C5E40 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_17664c7d7e239f5f4c8c8e5e8a5c7dd6414cea4_0465960d_c878b971-1e7f-4be1-90e3-8a1ccd8f2f2c\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.8371282400660914 |
| Encrypted: | false |
| SSDEEP: | 96:xmgxNshsxhDoA7RT6tQXIDcQnc6rCcEhcw3rT+HbHg/8BRTf32rLWIOy4H9WEADC:sgxehs056rojh6zuiF6Z24IO8q |
| MD5: | 12583B86E629565F252C7FE3E3B4CA87 |
| SHA1: | 5E9C6C14D9DF3359D0C9EDF3CDEAC6806CFA4874 |
| SHA-256: | 76B2106F92D57CAE89D9A4E869472EE6CB1763FFC253EB8AE3A72569390E05C5 |
| SHA-512: | 5D8BAE67553CFCE9365874EF1962D1D9C6E766FF33FBDC1E33267D4D19F675EA62AF348562DA34676B63A24ECE02E3E0F2E6927B50C178D364DDFB5DE0E9AF51 |
| Malicious: | false |
| Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_7GXKafhbnD.exe_f059f8719164c84f855d378d9bb8bb5244bf721d_0465960d_2553eece-d477-4481-9dc0-ee4e029d95cd\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9990182365205962 |
| Encrypted: | false |
| SSDEEP: | 96:+zB62sDsxhDj7efAQXIDcQSc6wQcEqcw3RP+HbHg/8BRTf32rLWIOy4H9WEADKV0:wBGDx0MUQAlUjhEYedzuiF6Z24IO8n |
| MD5: | 454B22A50DD241D18B8DF66D38164DEB |
| SHA1: | 723028A2D47B0DDA7C46F8B7F9608380E605D249 |
| SHA-256: | FC359EF4E8D58C2123FAA218EB877E66E525E43A4C3489EEAE1E636193537285 |
| SHA-512: | 298E1D05E2432E2F3022B1302C2FCAFD2C64E41CCE178102888B455A500C9ADA01F488B111C08C7C188E87C5005590994A09B1DE2C86875E213FBCF2D23F6B56 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60774 |
| Entropy (8bit): | 2.175656964678194 |
| Encrypted: | false |
| SSDEEP: | 192:9d+YYXZn+dH8O2o5oNffN52UassfRMRdCWe7Io0kRRWVYqwUvL/m5LcjGDT007fN:eDn+dHzz5IfvsZMCryVYq/vL/m5hD/3 |
| MD5: | FB9C400630E3F370BEF0409096261C6B |
| SHA1: | E2C82B134393FA30B3AF4B38CE934431449BE67A |
| SHA-256: | DEC6B8E3D4FFFBB7EC31837EB4BF81BA68998B682CA799779EE715DA9404AE95 |
| SHA-512: | 7D107D74E86832F2A86D6C81AA6DAF31EF9C4F71DDFBAD8F77EF797EF25B302ED98EA12DF14A1FCC2110FF503957AC41F77108234C12740AC066C2DE94C22A14 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8412 |
| Entropy (8bit): | 3.706166979910624 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJaq6XgL6Y9cSUEdgmfW8pBRC89bPesf+AMlm:R6lXJX6Xc6Y2SUEdgmfW47Pdfr |
| MD5: | BF85E4ABEF0DF577F71AF55EA8C58806 |
| SHA1: | E826366918D5412058E42B228C1D50801A3B9C1A |
| SHA-256: | 8B6E6FF1FE07D032E41FC53AFF54BD36F93792A1058061540E6E34E0232CE8DB |
| SHA-512: | C99AD92822E2003974773DD052DC14736B9DE20E907BC8A00E442978454E313D449F7A9AB49D6A20864748645A366A063BA44E9EF72340FD3D90C04DC63F04FF |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4720 |
| Entropy (8bit): | 4.488090684859657 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYTYm8M4JiJFF+q8vHBMN/Td:uIjf0I7vD7V7JCKh2/Td |
| MD5: | 1A75E533B08E897A01304971CB771471 |
| SHA1: | 0B24BE45E319EB6F493EDD9D5E6A613995588C80 |
| SHA-256: | 55FF198E2F0F07DCDE7428EB3396DB6980E6A432EB4BF1204910140EADEB2C86 |
| SHA-512: | C15F281741FEF29585D27D86FAFBA1AD2B2B12A1EF36C0F9F064BF533F51A840B6BD7CBFC736E4F98736EB9755D889EB07CC93F1E27838E0729CD623B2DD4AEC |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 70446 |
| Entropy (8bit): | 1.9294194592958627 |
| Encrypted: | false |
| SSDEEP: | 192:9+03xQXdeSH7gLO2oL3oNsU2St0s8I6zdsFTzWB7qNUvL/m5LcjrBQm4aI40Zu9H:Q0MeSH7gSzrbNsS8CqqvL/m5oBup/Kv |
| MD5: | 98AC8438D37A5EBCAFC9518AF5416CAE |
| SHA1: | 2753E4A92F64AEB2269A98849A363CBAE8152D5B |
| SHA-256: | 8FF7DD23EA6FC5A52517D77E22FBA2C6A7B921013918DF86CD568A2107C39370 |
| SHA-512: | 5CD64A2610E98C762D2A91CA1607BA50E21F20B2DB5D361FB05E7D37F20AFEE82DEF66FDA613D7834775D24233A6D3B79687599BDEE7900832E80231AF787888 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8412 |
| Entropy (8bit): | 3.7048863562766914 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJa165kK6Y9zSUZgrgmfW8pBa89bPesf1Dvlm:R6lXJo636YZSUZegmfWoPdf10 |
| MD5: | 8E492319A8D981666DB071F889B7858C |
| SHA1: | B1DD0E7650C85F48969B9C890D96B29C48A25F3E |
| SHA-256: | 56CD6222F5E24F0BDD3CE6664922766C1A54F6B5DBB080518330AA497FC1CE69 |
| SHA-512: | 9EB6DD5ECE346A72D6F3D1C8A6678C2D653ABB33B757D1E254A84D94E5D126047C0A6802DFA811217482D37C8063099A309780AB3F3DA665C11FBFAF7092C41C |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4720 |
| Entropy (8bit): | 4.489578977185828 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYVYm8M4JiJFq0P+q8vHBMN/Td:uIjf0I7vD7VtJD0PKh2/Td |
| MD5: | AB58FEC02DEA22FF13C379DA82381697 |
| SHA1: | 7DE1FB6C72A762BBDFACA0E6511B0CF0D25A2837 |
| SHA-256: | A20A540605756621E45B0967C9ED7DF138C444C9B74374E41C1354FC31CF6AA5 |
| SHA-512: | EB48B3143DCF0C01D5C63483E6ADAEB3444443FAD97C675DB36FBA4F4DBB101C7484493F5254CAB7A389170A46F8EE0F87FDA783F796FD8C4CA1029353A3B6A7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 70022 |
| Entropy (8bit): | 1.9450199532182377 |
| Encrypted: | false |
| SSDEEP: | 192:Q1H13xQXdeSHSO2oVuF6oNsU2nOqLqDDzWB7kiBusn5LNUvL/m5LcjMlDcprI2MK:yMeSHtzm6bheSkxs5LqvL/m5/lD+/T |
| MD5: | F9B343A91E2C5F30B26A3CB97F3238DD |
| SHA1: | 0D170BF2CDDBD9D764D576DDF386255956B169C1 |
| SHA-256: | B6F8371E59DD882C8AEFCF3F416D19065CF6C8586B4A481B71B3AC97720D272F |
| SHA-512: | DBAD81DFE3EA8C946CCA42C2C890BE1FDAF528605E871F0D7CAA1743DBAC4200239461CCDBC2F4D1F343B5DEA8D30C164CBFAD30CB247F8A29B501B29D563F73 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8412 |
| Entropy (8bit): | 3.704987626043707 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJaY65Z/6Y9ISUZgrgmfW8pBP89bGesfS0im:R6lXJV6H/6YiSUZegmfWbGdfSA |
| MD5: | 8E6448EF806613C2BD8D6C5C9416D0A6 |
| SHA1: | 5EAC622276DE91C14CAC416F7944AAC334CAA665 |
| SHA-256: | 437443802A95631F280BC1D5759A7ADA8A7BB45109D6E9C364113B7167A39692 |
| SHA-512: | 0205EA7553CAB09729EAF86F05629C391007BBF476A0847333F08257F5FBDE10A39A5F77EF48F30FCBFF40D23DE523E4060B02C8AA86614C577CFDB2126D855E |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4720 |
| Entropy (8bit): | 4.488676510021866 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYBYm8M4JiJFV+q8vHBMN/Td:uIjf0I7vD7VxJmKh2/Td |
| MD5: | 2C601628A51E0BDD399D638E3E6760F6 |
| SHA1: | 89C6C2A3E09617FD9FC50A3B8F9D5D2F93422F08 |
| SHA-256: | 62B35C5AE9D2D1BB47DD54F176B97503665F88161B61F64847D49C69043D19C0 |
| SHA-512: | 33BFA6CB1676AEACCD5E8FB3912D60B727C6A4DDB7A3DDFF5E6689D554D3ACCDB104C8AF3736CB66E587AE6CDB1D1CC3B7B80BF7E7C9A736B825D536953290A4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 77066 |
| Entropy (8bit): | 1.9046326848213526 |
| Encrypted: | false |
| SSDEEP: | 384:Aiu7z4UzRbn+ss1FdXi/m5oaGXVAI8ltxE:0n4UzRb+FdXmoE |
| MD5: | ABBC31943B8F9AEF4BA5370C0AE28A09 |
| SHA1: | 1D7E1E8CAAA2AD8CF520A0395B46FC4772ED27ED |
| SHA-256: | 31A0822C2BD22A9A64FC84CC61B371778BEFC4E3B9A5953BF513DA153D6077B0 |
| SHA-512: | 0CFD357515E4805EE8DC60CC9A4662F98E4CE81099C1AEF59D8489177A40082D1106AB03211A757692CBE2A409748052CA8B0C8DDB95F824DEAEB13D7C7FE7B1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8412 |
| Entropy (8bit): | 3.7042223462408335 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJaG6nc6Y9vSUZgrgmfW8pB089bGesfXim:R6lXJr6c6YVSUZegmfWaGdfj |
| MD5: | 3787A250FE51557EB208CECD26CECBC2 |
| SHA1: | 328568588DC8F1E879F83CC7514B644CB6FF4E1D |
| SHA-256: | CA12105E49218081B1AA13ADF03E08B97FB4A7EC3D8CB3F385FE05924BA404D0 |
| SHA-512: | A4225E1F2C45F4456F6C4E98217BB5E39552EDC7C294E02098B0730CFA94A006449A7E16E7226817850FA36DE9AC747AB5BDFF4B24E8E9AE2EA0A1BC1A8FEA8C |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4720 |
| Entropy (8bit): | 4.487387999588773 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYaYm8M4JiJF8+q8vHBMN/Td:uIjf0I7vD7VeJXKh2/Td |
| MD5: | 7F676A678C027EA075DE23734E95C7C0 |
| SHA1: | 0EF7DDEFA7541A45A1160742630BEADBA7F22911 |
| SHA-256: | 8C64D46B8EF3C9BB390E086840BC801F262F4135A3BA8D5431917917FB8F3235 |
| SHA-512: | BDA4E4448C9BB51A1A64D328138CA8E44F184A4B338578D8A1DB8CB056770A97AD1439DB84B9B9FA54D5D4BBBFEE0505E50266C0C7FA8A98818198E86322A2AB |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 85160 |
| Entropy (8bit): | 1.9490286585420362 |
| Encrypted: | false |
| SSDEEP: | 384:a/Ef1z0hbcRsnV6IYkPOSptAXi/m5o0RaGOyvh:uy1z0hbcRzIYAO6+X6i |
| MD5: | 222BCEA7498B50EF874116B0071376C2 |
| SHA1: | 2C34261782620A77F16BB0FFCE8298D3C57A4973 |
| SHA-256: | F3F49BFDDF0C4CCF47C8E69822BC83B47DDAD71E7C1B80410B24A6BB0E0DB8A7 |
| SHA-512: | F68CB4EC35F884F567AF19701D5D19850F2DA3393547A07943080905499ECF4E4B3D3216236580540677BD4903BF6890F05B07524FC29B4DC67C31AC17780BAC |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8412 |
| Entropy (8bit): | 3.702954776287513 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJaM6Xyw6Y9bSUIgKgmfW8pBa89b5esfYzm:R6lXJh6D6YBSUIPgmfWo5dfR |
| MD5: | 335A0893D20A0E10E9ECE3736FCFB8DD |
| SHA1: | D87F1937924A3B909245B6E786806B070429A1E9 |
| SHA-256: | 3D890A9953F1FA599C73E4E704378B8BABB4D058ED836AACE4769467FC13F915 |
| SHA-512: | A263944F5BA740B080DBCE59A59F864CB403D8F914800B4A03333E9D1BA98B271372E3A6C8AA798B4EF8CC27D8419D8A7AE1B723D890981C1AC37A7D11ABD392 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4720 |
| Entropy (8bit): | 4.486931913687568 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYiYm8M4JiJF9j+q8vHBMN/Td:uIjf0I7vD7VWJyjKh2/Td |
| MD5: | 2B8491DED40B57895B895D6B24809C6D |
| SHA1: | A2D909CB686C6EFF72D1A7A4A2520912129FF2FF |
| SHA-256: | DA126E98D9534F1CD0E6579609FEBC1606F7C25F69C35022A21218784F37075A |
| SHA-512: | 40A7A0FA6B7F69763420BDF22D3F22CAEDE4AC1DFE6B21D0A6BBFFE59FB6FCB2D1CAFB407AD40972D27B918CCE5684DDFBE66733549936B1B1667D2D4658FF7F |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 95508 |
| Entropy (8bit): | 1.9967945536656557 |
| Encrypted: | false |
| SSDEEP: | 384:HYmp/1dzVvBbc4idmKauvuJJp96EXi/m51szzEJ3rcLDXtXB3+HnOeUzj:42TzjbMdmKauv4JDJXX93v |
| MD5: | 77581104E5F0C66E1A468B9FF2022BFC |
| SHA1: | 20B607A045D6E5B4231AABF96D04DC8D93A22D6C |
| SHA-256: | 91A4144A2AFD3C64FC501D039D21D831B62547B3FB8C1143D15D91790058CB3A |
| SHA-512: | D51C187ACFD548957CE49237A62D1544A131596C1C09FE7E2799C4434CC698D6D858A7214D2EE6055A2AA0E6873DF3E22EE51084AA18CF8E13F84F288A272C18 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8412 |
| Entropy (8bit): | 3.704562602752272 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJa66Ob06Y9evSUIgKgmfW8pBG89bwesfPwm:R6lXJn6x6YEvSUIPgmfWEwdf9 |
| MD5: | E12E1B18C8B1EF19086B193754D97310 |
| SHA1: | 5CB02E9552C8370035CFB1F56CC6D319C094EB34 |
| SHA-256: | BF5A51BEBDE7418B714FB2122A5010E29379D8C71D8F233AF7BD2EF8B1448F76 |
| SHA-512: | 8B81E110D0DAF4F83AB9F5795238E59459EBC97F1CED6C6D513AF73ABA88984E5D4475D6BF8B104901455F65476048F22C4AB0F2D7A53D9D3EDD300824C8CCBB |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4720 |
| Entropy (8bit): | 4.488507295254293 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYhPYm8M4JiJFo+q8vHBMN/Td:uIjf0I7vD7VxJfKh2/Td |
| MD5: | 7A3D8496D9721D5BBFA265C1E17E7119 |
| SHA1: | 30C2223119F42FDBAF2A652376BDC050D0900131 |
| SHA-256: | 85778B85E2697B0CC25626D3084A45ECAD012CE8813EDC7BE5096DC99F56E6C5 |
| SHA-512: | 5E7BC20E3411ECF9D9B5D58795D6B890DCD83104AC3E39D2029C81125F4D08F2C61D736FD0483A52A2140A03C313395341912E1138CE6DA96C158B454AAD51BE |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 106154 |
| Entropy (8bit): | 2.0637235881966087 |
| Encrypted: | false |
| SSDEEP: | 384:fvRCpEAL5zF3OGbc1s3gkr7lyBf2nzb+oSVKnX8lUF1m5JuBgqOrDr4Ar/c+Dr:fY+c5zBbc1QdJSkfSVKnXn9MrDrHl |
| MD5: | 7906FB6DCA887C3A504C104F7C36E21D |
| SHA1: | 177306CD361F0BBAB571BDD53BB8368E4C26DF90 |
| SHA-256: | DA593FB516F2F967361AA559756D6048A06E6793906FECAB520313A6BF5A7485 |
| SHA-512: | 8D60C925E8269A17CB1F3E8E7427B14E0294FDB4816C8F4E19426B2A0532466E354DAB32B462DB56740F9BE60738D6046B60938FCD8A72B85CFA9ACE070746DB |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8412 |
| Entropy (8bit): | 3.704773300725653 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJa1696Y9RSUNgn6GgmfW8pB089biesfYvWm:R6lXJY696Y7SUN+gmfWaidf4 |
| MD5: | E04349F132BD431504037C2481DD2740 |
| SHA1: | A92471C662D288E16653508709E6336A5DFEA696 |
| SHA-256: | BAACF683BD70BFE5C7274A1A746B7C061824B68A0E589203CDBF1FEFFD613B1F |
| SHA-512: | 85EF8F19386D3BE3884DE9D637E01623DC0A4C95DD26F1DB92E677503B5D2C3E7F99B3F6AF2A4C47FA4699AAAFBC038D60DD16350AD1D67F4E97728133EA5768 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4720 |
| Entropy (8bit): | 4.487223738628957 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYTYm8M4JiJFm/K+q8vHBMN/Td:uIjf0I7vD7VDJXiKh2/Td |
| MD5: | C1F222E3912CF70C180E25A6345AB028 |
| SHA1: | CF69B92151B0906C9B1C26CA87BB892B13C5A0D2 |
| SHA-256: | 353026E5CB91C96FD4D4A0E5F655C440B185ABB37F890FC9E3C30DA926824C71 |
| SHA-512: | 9F1262F0BC2394A5768CB329A8F44BD3376CB973D71D509454DA56BF7F4606C6CDCCEE8DC5818335D6CAE9C61907EBD757FCCFEA489BA769321E125A6469EC7B |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 44130 |
| Entropy (8bit): | 2.6219495869549707 |
| Encrypted: | false |
| SSDEEP: | 384:YiGn+tQsRzUeqyJxmGy42iYUz5JyXof2:i+SsRznsiYgf |
| MD5: | ED0D06AAFF2E5525F5A3A8D6EC81C1DB |
| SHA1: | A647E00792E70980754543981C40BB462E27E179 |
| SHA-256: | 911728A248A8ADED4CEAFE933A7F720D90308DD533FDC9293D10060B17B180F5 |
| SHA-512: | 748766B5725160E3D80E5DB2E0B4E976DC14B096244581EBE18C46707D5F9C0056CF93EA08DDA5643F1BB75ED2888C092A2674A0C93A456475F43FA96BA9E73E |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8316 |
| Entropy (8bit): | 3.7033561042259735 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJaj6IpXu7w6Y9DSUt64GgmfrrsipDa89bVesfFanm:R6lXJu6Ipe7w6YZSUt8gmfrgcVdfFz |
| MD5: | F0312278B2184630418A53E27E28227F |
| SHA1: | 7572927A2B8D09FF355B401DC4F4F6AB4B7D66FB |
| SHA-256: | 93E1FEB9BD0CF936D37AD632E5E38F69AEF5368C3B0E2E8B74AF7A9E91D6AC1E |
| SHA-512: | B3B97FDC56FC105C3DFF735AFD289162000AA2D45761F860E0B05023DAFD640085FF83E5C22E0ADF407650EF8A79BA0F21DBA9488CF005A614E55F05EFD95CC2 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4579 |
| Entropy (8bit): | 4.470365382482564 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VYX3Ym8M4JiWFAF+q8UZMN/Td:uIjf0I7vD7VTJsX2/Td |
| MD5: | 06F846D36F2E30900B9B22EC9440BE6C |
| SHA1: | 29CA6E181601A1CB066C3B759EF613B85827DCAE |
| SHA-256: | 556FAF9921AA20EFEDE868CD50378701C89A1E886EB93F4E42339A3EA49949DD |
| SHA-512: | C35E5F0240BA0658BDB918D676EEF5B5C1F7C64EF6886BC7A9F966AD215D10764AF290878F7FBFD45DFDEDC10676917BF40AD3E72ADEA39AD280081EA0ABBBB4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60882 |
| Entropy (8bit): | 2.150038023698374 |
| Encrypted: | false |
| SSDEEP: | 384:P5Dn+dHnz1nskz8NfZfGyVYq/vL/m52jT+8w:P56HzlwNVGyVYq/+3 |
| MD5: | 71B48E08C5D11B7087B3FD841FA34BCF |
| SHA1: | 296C58544F34A9B478F8EBD6028C8FEE44682474 |
| SHA-256: | 2CBD06CAED7515D942C0BEC74FAD6AA03593DC31EF3520EE853913FDE5FA5DC3 |
| SHA-512: | 4F335CAAFD455A5722D922392831681316AA5079544055CB3900EBB440BD354BD14B9B23403633732FCB8DE735DE6F52E6A9859B2092A2B65162070E574F432D |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8410 |
| Entropy (8bit): | 3.705507528289536 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJaz68ke6Y9JSU7LgmfW8pBH89bUesfVA8m:R6lXJW6e6YDSU7LgmfWTUdfV6 |
| MD5: | B421ABFC84D749025DD9801D238DEFFC |
| SHA1: | D7996BBC1FC571D9C9EE0333334189E350575A85 |
| SHA-256: | 71836630C3C73EBD79288A9D4650AAC70D5680BFDFB373A2BC0FF61AF4D1E383 |
| SHA-512: | 0435C59DF799D6FA9D6B2C3EDEE1A15E02AB8D43415A2D7FC5AE86ABC4F658000F8F684C36BE891634BF599265AF4E69F994D63695DCAC4805758107A68541D7 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4720 |
| Entropy (8bit): | 4.488592867304526 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs+Jg77aI9ciCWpW8VY3Ym8M4JiJF5N+q8vHBMN/Td:uIjf0I7vD7VrJkKh2/Td |
| MD5: | 0C7EBB1A4BAF9F1212034E9B29948C36 |
| SHA1: | D239F129157765B681D8223EB2276FA98DF10174 |
| SHA-256: | B1F4917B3F20DA725A593C848A0A09AFA54D7964B98D825352777DD3B811C7D7 |
| SHA-512: | C2D7524FE4B09E2B784F42AA653B628A48B4D088FCB2DD2AAA9167F9A8CFCE1B1C089F4C942AB99C6A787654A72F384F817EC750FF51D9BDF2299BB40E94406E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\7GXKafhbnD.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:V:V |
| MD5: | CFCD208495D565EF66E7DFF9F98764DA |
| SHA1: | B6589FC6AB0DC82CF12099D1C2D40AB994E8410C |
| SHA-256: | 5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9 |
| SHA-512: | 31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.46543540889398 |
| Encrypted: | false |
| SSDEEP: | 6144:VIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uN7dwBCswSbd:WXD94+WlLZMM6YFH9+d |
| MD5: | 7BC76060C43DF705FCD87AE0EC9198DA |
| SHA1: | C64BF93937F7DFCC3D32B2D1285AD161255EE4F2 |
| SHA-256: | 9FD6A13E1A29DCF7041A7D3EB6933BFF911A3F206AA7DE7446F77CEA6E6039FB |
| SHA-512: | 769B563D568FBC2293E53999E877BFB0AFBD4D19A8595420748D5A49F49DC1FFB7A2BA19DFC9B2ABEB9ADFD9EAC9095A95B631EE5BD2091F36503E9DD27354CB |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.72210431191036 |
| TrID: |
|
| File name: | 7GXKafhbnD.exe |
| File size: | 265'728 bytes |
| MD5: | 5ef4cf46165c932ee117830e7cd38ccf |
| SHA1: | d45fc4a83fcd2a1fec421d55635d51bf02646d37 |
| SHA256: | 3ffdada986edc6412a966b49b35d63b38d836252f77c4c6488b3b564653f3af7 |
| SHA512: | 33a5d66a67e4e81b105a7ce4f4e4c82fb5d42cd8d3de4b0ac42f2cf2825b65d3699d7987ecbd323de69a7ac72227e9f934c73478c48ab9add9fa6bf7edd536be |
| SSDEEP: | 6144:crMgT9iXeD45U2VHSmAuLfNqeo7FGN1MFlsWY:QT9iXg45UAHJjNqeWFLc |
| TLSH: | 6044D0D177E0C873D567163168B887A20A7A7D326A70C98B3758EB7E5EB03D04A36713 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Y...Y...Y...6.'.A...6...-...6...~...P.*.P...Y...2...6...X...6.#.X...6.$.X...RichY...................PE..L......e........... |
 | |
| Icon Hash: | 1369454529370f17 |
| Entrypoint: | 0x4028b2 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x6518D4D7 [Sun Oct 1 02:09:27 2023 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | 257369aa226cb4b09879eb1a5063d4d0 |
| Instruction |
|---|
| call 00007F597C81F520h |
| jmp 00007F597C81B1CEh |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| sub esp, 20h |
| mov eax, dword ptr [ebp+08h] |
| push esi |
| push edi |
| push 00000008h |
| pop ecx |
| mov esi, 00411270h |
| lea edi, dword ptr [ebp-20h] |
| rep movsd |
| mov dword ptr [ebp-08h], eax |
| mov eax, dword ptr [ebp+0Ch] |
| pop edi |
| mov dword ptr [ebp-04h], eax |
| pop esi |
| test eax, eax |
| je 00007F597C81B34Eh |
| test byte ptr [eax], 00000008h |
| je 00007F597C81B349h |
| mov dword ptr [ebp-0Ch], 01994000h |
| lea eax, dword ptr [ebp-0Ch] |
| push eax |
| push dword ptr [ebp-10h] |
| push dword ptr [ebp-1Ch] |
| push dword ptr [ebp-20h] |
| call dword ptr [004110B8h] |
| leave |
| retn 0008h |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| sub esp, 00000328h |
| mov dword ptr [00439358h], eax |
| mov dword ptr [00439354h], ecx |
| mov dword ptr [00439350h], edx |
| mov dword ptr [0043934Ch], ebx |
| mov dword ptr [00439348h], esi |
| mov dword ptr [00439344h], edi |
| mov word ptr [00439370h], ss |
| mov word ptr [00439364h], cs |
| mov word ptr [00439340h], ds |
| mov word ptr [0043933Ch], es |
| mov word ptr [00439338h], fs |
| mov word ptr [00439334h], gs |
| pushfd |
| pop dword ptr [00439368h] |
| mov eax, dword ptr [ebp+00h] |
| mov dword ptr [0043935Ch], eax |
| mov eax, dword ptr [ebp+04h] |
| mov dword ptr [00439360h], eax |
| lea eax, dword ptr [ebp+08h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x364b4 | 0x64 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x13c000 | 0x7fa8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x35ae8 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x35aa0 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x11000 | 0x190 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xfe03 | 0x10000 | 4cccaf6f1dc9d2d34e05898692d80d0b | False | 0.5941009521484375 | data | 6.641755435184662 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x11000 | 0x25dda | 0x25e00 | c109ae0e87715279c2f562d109f94b5a | False | 0.7511280424917491 | data | 6.876609517052601 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x37000 | 0x1032e4 | 0x2200 | cbb46c41e8183385fa1121a9ee063c8a | False | 0.20335477941176472 | data | 2.335031179825399 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x13b000 | 0x9cd | 0xa00 | b85f229e4962d23b2bc27d3fefa72e8e | False | 0.010546875 | data | 0.004986070829181356 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x13c000 | 0x7fa8 | 0x8000 | c4b8da47629fbad4be85db1975aae629 | False | 0.54833984375 | data | 5.557271483281829 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0x142d08 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4276315789473684 | ||
| RT_CURSOR | 0x142e50 | 0x134 | Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001" | 0.75 | ||
| RT_ICON | 0x13c490 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Spanish | Peru | 0.43550106609808104 |
| RT_ICON | 0x13d338 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Spanish | Peru | 0.5708483754512635 |
| RT_ICON | 0x13dbe0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Spanish | Peru | 0.6382488479262672 |
| RT_ICON | 0x13e2a8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Spanish | Peru | 0.7124277456647399 |
| RT_ICON | 0x13e810 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Spanish | Peru | 0.5570539419087137 |
| RT_ICON | 0x140db8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Spanish | Peru | 0.5895872420262664 |
| RT_ICON | 0x141e60 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Spanish | Peru | 0.6676229508196722 |
| RT_ICON | 0x1427e8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Spanish | Peru | 0.7118794326241135 |
| RT_DIALOG | 0x143190 | 0x98 | data | 0.7631578947368421 | ||
| RT_STRING | 0x143228 | 0xee | data | 0.5588235294117647 | ||
| RT_STRING | 0x143318 | 0x6e2 | data | 0.42622020431328034 | ||
| RT_STRING | 0x143a00 | 0x160 | data | 0.4971590909090909 | ||
| RT_STRING | 0x143b60 | 0x448 | data | 0.458029197080292 | ||
| RT_ACCELERATOR | 0x142cc8 | 0x40 | data | 0.859375 | ||
| RT_GROUP_CURSOR | 0x142e38 | 0x14 | data | 1.15 | ||
| RT_GROUP_CURSOR | 0x142f88 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | 1.3 | ||
| RT_GROUP_ICON | 0x142c50 | 0x76 | data | Spanish | Peru | 0.6610169491525424 |
| RT_VERSION | 0x142fa0 | 0x1f0 | MS Windows COFF PowerPC object file | 0.5705645161290323 |
| DLL | Import |
|---|---|
| KERNEL32.dll | CreateFileA, GetNumaProcessorNode, DebugActiveProcessStop, GetConsoleAliasExesLengthA, SetUnhandledExceptionFilter, InterlockedIncrement, HeapFree, WaitForSingleObject, SetComputerNameW, ConnectNamedPipe, GetModuleHandleW, ReadConsoleOutputA, GlobalFindAtomA, LoadLibraryW, GetLocaleInfoW, GetFileAttributesA, HeapCreate, lstrcpynW, GetAtomNameW, GetModuleFileNameW, FindNextVolumeMountPointW, SetConsoleTitleA, GetLastError, GetLongPathNameW, GetThreadLocale, GetProcAddress, CreateHardLinkW, SetConsoleDisplayMode, FindAtomA, SetSystemTime, SetConsoleTitleW, HeapSetInformation, GetCurrentDirectoryA, DeleteCriticalSection, SetCalendarInfoA, FindAtomW, CreateFileW, ReadFile, FlushFileBuffers, HeapReAlloc, GetStringTypeW, HeapAlloc, ExitProcess, DecodePointer, GetCommandLineA, GetStartupInfoW, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, IsProcessorFeaturePresent, WriteFile, GetStdHandle, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, GetModuleFileNameA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, Sleep, RtlUnwind, MultiByteToWideChar, HeapSize, SetStdHandle, WriteConsoleW, LCMapStringW, CloseHandle |
| USER32.dll | CopyRect, GetMonitorInfoW, LoadIconA |
| ole32.dll | CoTaskMemFree |
| WINHTTP.dll | WinHttpAddRequestHeaders, WinHttpCloseHandle |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Spanish | Peru |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 03/29/24-11:16:56.193727 | TCP | 2856233 | ETPRO TROJAN Win32/Unknown Loader Related Activity (GET) | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 29, 2024 11:16:56.009535074 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Mar 29, 2024 11:16:56.193474054 CET | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
| Mar 29, 2024 11:16:56.193556070 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Mar 29, 2024 11:16:56.193727016 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Mar 29, 2024 11:16:56.378149986 CET | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
| Mar 29, 2024 11:16:57.738781929 CET | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
| Mar 29, 2024 11:16:57.738862038 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Mar 29, 2024 11:17:02.744152069 CET | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
| Mar 29, 2024 11:17:02.744321108 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
| Mar 29, 2024 11:17:09.252444029 CET | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 185.172.128.90 | 80 | 7392 | C:\Users\user\Desktop\7GXKafhbnD.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 29, 2024 11:16:56.193727016 CET | 411 | OUT | |
| Mar 29, 2024 11:16:57.738781929 CET | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 11:16:50 |
| Start date: | 29/03/2024 |
| Path: | C:\Users\user\Desktop\7GXKafhbnD.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 265'728 bytes |
| MD5 hash: | 5EF4CF46165C932EE117830E7CD38CCF |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 11:16:51 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 11:16:51 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 7 |
| Start time: | 11:16:52 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 11:16:53 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 11 |
| Start time: | 11:16:53 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 13 |
| Start time: | 11:16:54 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 15 |
| Start time: | 11:16:54 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 17 |
| Start time: | 11:16:57 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 18 |
| Start time: | 11:16:58 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\cmd.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x240000 |
| File size: | 236'544 bytes |
| MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 19 |
| Start time: | 11:16:58 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7699e0000 |
| File size: | 862'208 bytes |
| MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 21 |
| Start time: | 11:16:58 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\taskkill.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x2c0000 |
| File size: | 74'240 bytes |
| MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 22 |
| Start time: | 11:16:58 |
| Start date: | 29/03/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x60000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 2.7% |
| Dynamic/Decrypted Code Coverage: | 6.6% |
| Signature Coverage: | 14.4% |
| Total number of Nodes: | 423 |
| Total number of Limit Nodes: | 6 |
Graph
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C50 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 007A0116 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D70 Relevance: 26.6, APIs: 9, Strings: 6, Instructions: 311networkCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403140 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403240 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041239F Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0079FDD5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418FB1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418DDC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F9043 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408625 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E888C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418A63 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F8CCA Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C9D1 Relevance: 3.0, APIs: 2, Instructions: 34timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408823 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418CB6 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F8F1D Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00418EE2 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F9149 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00411252 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F14B9 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004087B9 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E8A20 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E9A77 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A3F Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00421D88 Relevance: 1.2, Instructions: 1219COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C09 Relevance: .6, Instructions: 637COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00409810 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0079F9F3 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E0D90 Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00411142 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F13A9 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D020 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006ED287 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407ED4 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00416FE1 Relevance: 18.4, APIs: 12, Instructions: 373COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AED2 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006EB139 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00410BD8 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F0E3F Relevance: 15.1, APIs: 10, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00417400 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F7667 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041666A Relevance: 12.2, APIs: 8, Instructions: 203COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F68D1 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407A49 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041141B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E7CB0 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E5EB7 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD37 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C673 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A86C Relevance: 7.7, APIs: 5, Instructions: 244COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E2E47 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413001 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 99COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415544 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006F57AB Relevance: 6.1, APIs: 4, Instructions: 86COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006E33A7 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00408044 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E7F7 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006EEA5E Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B27C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 006EB4E3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |