Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Analysis ID:	1427743
MD5:	f4babeed860c7952cb00bae31c4bfa54
SHA1:	c818efd3d709df2baa44767b1332bb2df045f7a8
SHA256:	ef171f71804fe96bf375379c691e1f93b3fe38a3535b24f8f19d104e5eecf7aa
Tags:	AgentTeslaexe
Infos:

Detection

AgentTesla

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected AgentTesla

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Contains functionality to log keystrokes (.Net Source)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Outbound SMTP Connections

Uses 32bit PE files

Uses SMTP (mail sending)

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe (PID: 5860 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe" MD5: F4BABEED860C7952CB00BAE31C4BFA54)

SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe (PID: 2136 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe" MD5: F4BABEED860C7952CB00BAE31C4BFA54)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Agent Tesla, AgentTesla	A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.	SWEED	http://blog.nsfocus.net/sweed-611/ http://l1v1ngc0d3.wordpress.com/2021/11/12/agenttesla-dropped-via-nsis-installer/ http://ropgadget.com/posts/originlogger.html http://www.secureworks.com/research/threat-profiles/gold-galleon https://asec.ahnlab.com/ko/29133/	https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.3261785904.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.3261785904.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.3261785904.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 5860	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 5860	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 2136	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 2136	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x316bd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x3172f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x317b9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3184b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x318b5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x31927:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x319bd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31a4d:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
3.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
3.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.400000.0.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
3.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.400000.0.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334bd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x3352f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335b9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3364b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336b5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33727:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337bd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3384d:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x316bd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x3172f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x317b9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3184b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x318b5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x31927:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x319bd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x31a4d:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334bd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6dcdd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x3352f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6dd4f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335b9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6ddd9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3364b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6de6b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336b5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6ded5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33727:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6df47:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337bd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6dfdd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x3384d:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548 0x6e06d:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.raw.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.raw.unpack	JoeSecurity_AgentTesla_1	Yara detected AgentTesla	Joe Security
0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID	Detects executables referencing Windows vault credential objects. Observed in infostealers	ditekSHen	0x334bd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x6dedd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0xa86fd:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5 0x3352f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x6df4f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0xa876f:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55 0x335b9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x6dfd9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0xa87f9:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F 0x3364b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x6e06b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0xa888b:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28 0x336b5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x6e0d5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0xa88f5:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29 0x33727:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x6e147:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0xa8967:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC 0x337bd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0x6e1dd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B 0xa89fd:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
Click to see the 10 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Outbound SMTP Connections

Source: Network Connection

Author: frack113: Data: DestinationIp: 50.87.219.149, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, Initiated: true, ProcessId: 2136, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49709

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Avira: detected

Multi AV Scanner detection for submitted file

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Virustotal: Detection: 35%

Perma Link

Machine Learning detection for sample

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Joe Sandbox ML: detected

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49708 version: TLS 1.2

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Code function: 4x nop then jmp 078C3330h

0_2_078C37D3

Source: global traffic

TCP traffic: 192.168.2.5:49709 -> 50.87.219.149:587

Source: Joe Sandbox View	IP Address: 50.87.219.149 50.87.219.149
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: global traffic

TCP traffic: 192.168.2.5:49709 -> 50.87.219.149:587

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: api.ipify.org

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://mail.alkuwaiti.com
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000001005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3265792695.0000000006789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://r3.i.lencr.org/0
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000001005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3265792695.0000000006789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://r3.o.lencr.org0
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000001005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3265792695.0000000006789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000001005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3265792695.0000000006789000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://account.dyn.com/
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/t

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708

Source: unknown

HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.5:49708 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to log keystrokes (.Net Source)

Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, oAKy.cs

.Net Code: CHgRvKS

System Summary

Malicious sample detected (through community Yara rule)

Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen

.NET source code contains very large array initializations

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, Resources.cs

Large array initialization: : array initializer size 630549

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_05771538	0_2_05771538
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07420040	0_2_07420040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07423F98	0_2_07423F98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07420EF0	0_2_07420EF0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07423C80	0_2_07423C80
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07423240	0_2_07423240
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07426148	0_2_07426148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07426158	0_2_07426158
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07428177	0_2_07428177
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07428100	0_2_07428100
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07420006	0_2_07420006
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07423008	0_2_07423008
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_0742F010	0_2_0742F010
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_0742F020	0_2_0742F020
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_074280F0	0_2_074280F0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07422FF8	0_2_07422FF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07423F89	0_2_07423F89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07424E40	0_2_07424E40
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07420EB9	0_2_07420EB9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07421DD9	0_2_07421DD9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07421DE0	0_2_07421DE0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07423C70	0_2_07423C70
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07422C89	0_2_07422C89
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07422C98	0_2_07422C98
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_0742EBD0	0_2_0742EBD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_0742EBE8	0_2_0742EBE8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_078C0C50	0_2_078C0C50
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_078C02A0	0_2_078C02A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_078C1148	0_2_078C1148
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_0139E6A9	3_2_0139E6A9
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_01394AA0	3_2_01394AA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_01393E88	3_2_01393E88
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_013941D0	3_2_013941D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069EA068	3_2_069EA068
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F5598	3_2_069F5598
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F65E8	3_2_069F65E8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069FB230	3_2_069FB230
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F3048	3_2_069F3048
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069FC198	3_2_069FC198
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F7D78	3_2_069F7D78
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F7698	3_2_069F7698
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069FE3B0	3_2_069FE3B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F0040	3_2_069F0040
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F5CE5	3_2_069F5CE5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F0006	3_2_069F0006
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069F0556	3_2_069F0556

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2066897818.0000000004AA6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename4548b61d-822f-464b-a714-a9778dc216a9.exe4 vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2071632145.000000000B5D0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2065404021.000000000112E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2066200681.00000000030C1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2070374607.0000000005C50000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameSimpleLogin.dll8 vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2066200681.00000000033E6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename4548b61d-822f-464b-a714-a9778dc216a9.exe4 vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp	Binary or memory string: OriginalFilename4548b61d-822f-464b-a714-a9778dc216a9.exe4 vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260362205.0000000000BB8000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameUNKNOWN_FILET vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Binary or memory string: OriginalFilenamekugR.exe< vs SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, ekKu0.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, vKf1z6NvS.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, ZNAvlD7qmXc.cs	Cryptographic APIs: 'CreateDecryptor', 'TransformBlock'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, U2doU2.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, BgffYko.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, HrTdA63.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, Vvp22TrBv9g.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, Vvp22TrBv9g.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, Vvp22TrBv9g.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, Vvp22TrBv9g.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, ObjHrafHCDPkxn9Q6W.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, ObjHrafHCDPkxn9Q6W.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, WnXetM0ArtAll2FBvV.cs	Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, WnXetM0ArtAll2FBvV.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, WnXetM0ArtAll2FBvV.cs	Security API names: _0020.AddAccessRule
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, WnXetM0ArtAll2FBvV.cs	Security API names: _0020.SetAccessControl
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, WnXetM0ArtAll2FBvV.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, WnXetM0ArtAll2FBvV.cs	Security API names: _0020.AddAccessRule

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@3/1@2/2

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Mutant created: NULL
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Mutant created: \Sessions\1\BaseNamedObjects\vGcGFBmZoGZOceLrZDVsRB

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Virustotal: Detection: 35%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe:Zone.Identifier

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: msvcp140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Profiles

Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Data Obfuscation

.NET source code contains potential unpacker

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, Form1.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, WnXetM0ArtAll2FBvV.cs	.Net Code: oYn81KEEoR System.Reflection.Assembly.Load(byte[])
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, WnXetM0ArtAll2FBvV.cs	.Net Code: oYn81KEEoR System.Reflection.Assembly.Load(byte[])

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_056D226C push ebx; ret	0_2_056D226D
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_01393405 pushfd ; iretd	0_2_01393409
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_01393EF7 push ebp; ret	0_2_01393EF8
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_07420947 pushad ; retf	0_2_07420948
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_0742093D pushad ; retf	0_2_0742093E
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 0_2_078C6B75 push FFFFFF8Bh; iretd	0_2_078C6B77
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_01390C3D push edi; ret	3_2_01390CC2
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_01390C95 push edi; retf	3_2_01390C3A
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Code function: 3_2_069EFCBC push es; retf	3_2_069EFCC8

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Static PE information: section name: .text entropy: 7.9719974623886785

Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, W2oVZw8noIZNLftIfT.cs	High entropy of concatenated method names: 'QkLBsbjHra', 'uCDB0Pkxn9', 'i0IB3PMWXZ', 's7qBaXQm3S', 'T8jBloPT0H', 'AW9Bg877m5', 'DZTt2it8lpvyWaVGYq', 'X9W0kXz5JWYCiCxc7x', 'pIZBBbsjYL', 'WGABrIBIq9'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, XCK07T4CvUPZ0LZ4VF.cs	High entropy of concatenated method names: 'OlcR3NNpMn', 'Mu7Rab8voC', 'ToString', 'pA2RA5EfKQ', 'GT5RJsYJDr', 'VYWRxva6XA', 'lx0RFhDMnZ', 'XsIRIw2Tto', 'qGQRsXO3OA', 'zUsR0JocYU'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, pWUE6OJ8yOYNGaosMc.cs	High entropy of concatenated method names: 'Dispose', 'NvyBe8vpp7', 'W0NVX5o26A', 'fN9NNYHfAI', 'E61B2OyUpp', 'KrJBzm2V3h', 'ProcessDialogKey', 'WWBVGV8exN', 'QU6VBy0aXr', 'WByVVlaaP5'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, FgKc7VNucluUqd2h2R.cs	High entropy of concatenated method names: 'V4SRUh4kVF', 'JsuR2P5uVR', 'XHqSGJhNCB', 'SYrSBFKBij', 't8GRWFq37r', 'GkeRdYxFfn', 'tINR7oZ1hx', 'GGFRTdLWCX', 'YSAROTGN69', 'e8qRtp9YVf'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, WnXetM0ArtAll2FBvV.cs	High entropy of concatenated method names: 'GLOrjUs5qy', 'dZ7rAtnrsY', 'uSXrJdNmwT', 'uWJrxZhs63', 'GtgrFTMAFH', 'b0lrIal51v', 'nLCrsVpwA2', 'TRtr0it6Rr', 'P9yrovfMNu', 'SCqr3MVidQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, ObjHrafHCDPkxn9Q6W.cs	High entropy of concatenated method names: 'zsVJTdifkd', 'K2gJOAdnMc', 'uSrJt5dmgd', 'vCUJ4ex3ve', 'zNFJqbv3lo', 'PMVJNUBZ4O', 'O1QJbvQtPQ', 'qNqJU7sY5K', 'foGJeaX7rX', 'LVsJ2gL0VO'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, DmCcKFK0IPMWXZ97qX.cs	High entropy of concatenated method names: 'al2xcBZ7MT', 'xoaxvUucVx', 'IoQxflrdhn', 'AgpxKlGV1W', 'mHMxlaG0BJ', 'sCuxgQjHqH', 'WadxRxdIga', 'm88xSB5NlU', 'Ao8x972V01', 'SrXxZQCVOy'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, Q0HcW9D877m5eI86a7.cs	High entropy of concatenated method names: 'n9yIjFtbF4', 'iWTIJfrXuB', 'rHAIFyS4jK', 'AkKIsuABCr', 'oLjI0GduIk', 'seIFq89eLe', 'wXNFN8RFMX', 'hiQFbdbGpa', 'uj7FUCL17V', 'IwvFevvhXj'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, paaP5t23Wf5EZKU9I1.cs	High entropy of concatenated method names: 'wob9BhJf1i', 'pJw9rFO3G3', 'HbK98laKRd', 'ujP9AXcy6E', 'CAJ9J2bKvk', 'qxV9FuSymu', 'eRi9IKJdrT', 'QhbSbn4y0M', 'vLrSUmOLqs', 'CQhSeykZUp'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, SqDhCdBVqkPc7mcoojn.cs	High entropy of concatenated method names: 'S4vZP5rYfp', 'KliZhU151x', 'qCFZ16yeRl', 'wCkBN6RRbTy548C4HZf', 'kekOPURIjnk4AL3lYZO', 'GmCyYJRB7JptnivsnT6', 'KS27VdR7iTl4mxhD9gX', 'UNItjdRrjg2MXlyONrE'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, O3F0AYw1NXJKpFIM2X.cs	High entropy of concatenated method names: 'NtxsPGo2nG', 'ioNshXluY0', 'HOrs1VDWih', 'uPusc7k6lv', 'rQ1s52q8dR', 'PfLsvh9yDL', 'RwWsukrRTd', 'QKisfNsOQD', 'zB2sKSgo92', 'pvNsYslBjN'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, YcY1VjVQsRwIGoEksb.cs	High entropy of concatenated method names: 'aj41NE1Uv', 'XNncHpQkc', 'eGTvvMIHZ', 'a90ujNB2O', 'tsdKqnSI8', 'JRcYVJkPP', 'L4KStwn6wglDAD01JG', 'JXjkWB5wDn4bQPBmdy', 'TeQSHTDA6', 'J77ZjevBX'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, aNIa7szEoxQuTqJ4CQ.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'I0k96i8lc8', 'OZV9lQA20G', 'JoV9gjufDV', 'L6J9ROy66e', 'eUf9SwMd1J', 'YPW99dIgur', 'fox9ZylwBh'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, O3x211BGWSnFU7J8LK4.cs	High entropy of concatenated method names: 'WKY9P8vO37', 'hjR9hJuU2i', 'Ayl91FNJTK', 'Rlm9c934lt', 'dLV95tIg4a', 'qvS9vuCivf', 'ER99uHph47', 'Bof9fvo0BW', 'GRA9Kc6oHA', 'gAQ9YjQPZF'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, Im3SNUYA4OoAs48joP.cs	High entropy of concatenated method names: 'MGdF5BkT0b', 'fQxFuFuJ5C', 'dJTxn2fHdV', 'lD7xQHLDkv', 'dBdxk4AFrG', 'PqgxC32WAH', 'hxmxp0cUM3', 'rvoxmyHSi2', 'TAZxwCKAv5', 'gVhxLQn1GY'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, bV8exNe7U6y0aXrbBy.cs	High entropy of concatenated method names: 'm7ASDQH0pw', 'o6HSXBgBK1', 'k4kSnJU4DN', 'fOsSQhx5Ob', 'xeOSToXobr', 'jOSSkZfUVI', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, fxVcsY7ME09f7oRmwm.cs	High entropy of concatenated method names: 'Wxp6fQ0mPT', 'uoc6KwsXTy', 'Fy26D5V4Z4', 'pcj6XO2ZAQ', 'mlq6QQM1AI', 'LvP6kMWtFT', 'MPI6p8NxjY', 'ItA6mGtmNF', 'CV46L7Zxoq', 'may6WSQ0OZ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, LEBdxRTMrnSpatktya.cs	High entropy of concatenated method names: 'dPjlLHl2tc', 'v6oldqAcd7', 'qrulTdRZZp', 'oPKlODne83', 'q4ilXOhCx4', 'X8ilnAm2id', 'ub4lQH9dkc', 'FnGlkQYrUW', 'F1MlC5RW1n', 'Vnslp1ahfU'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, o1OyUpUpCrJm2V3hUW.cs	High entropy of concatenated method names: 'CZDSAo8vEb', 'yVaSJhIpX4', 'NbqSxEnSoi', 'qGGSFmwqS4', 'rtlSIwRkyL', 'hAHSsLgY7f', 'WL7S040oIt', 'RY3SoMECZR', 'ie3S3oNTbk', 'HTPSamPsiY'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, T2S5hSBrc8XPGFgEnTS.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wIMZTAYXRG', 'S6YZOxM0vT', 'RAbZt4T0ag', 'sV9Z4IwrT5', 'WNkZqbImeN', 'WdQZN7id9k', 'erbZbwHNQU'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4d2a400.4.raw.unpack, fYfX8Xp3pcvd29DGCX.cs	High entropy of concatenated method names: 'MFYsALOKMv', 'ypisxXb8sH', 'LcrsIcn8XH', 'bwjI2Vf5No', 'k12IzN1e9h', 'h3csGUtdRm', 'ii7sBQIU7C', 'jvWsVS65Xp', 'aaksrv57eN', 'ehis8LY5Jx'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, W2oVZw8noIZNLftIfT.cs	High entropy of concatenated method names: 'QkLBsbjHra', 'uCDB0Pkxn9', 'i0IB3PMWXZ', 's7qBaXQm3S', 'T8jBloPT0H', 'AW9Bg877m5', 'DZTt2it8lpvyWaVGYq', 'X9W0kXz5JWYCiCxc7x', 'pIZBBbsjYL', 'WGABrIBIq9'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, XCK07T4CvUPZ0LZ4VF.cs	High entropy of concatenated method names: 'OlcR3NNpMn', 'Mu7Rab8voC', 'ToString', 'pA2RA5EfKQ', 'GT5RJsYJDr', 'VYWRxva6XA', 'lx0RFhDMnZ', 'XsIRIw2Tto', 'qGQRsXO3OA', 'zUsR0JocYU'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, pWUE6OJ8yOYNGaosMc.cs	High entropy of concatenated method names: 'Dispose', 'NvyBe8vpp7', 'W0NVX5o26A', 'fN9NNYHfAI', 'E61B2OyUpp', 'KrJBzm2V3h', 'ProcessDialogKey', 'WWBVGV8exN', 'QU6VBy0aXr', 'WByVVlaaP5'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, FgKc7VNucluUqd2h2R.cs	High entropy of concatenated method names: 'V4SRUh4kVF', 'JsuR2P5uVR', 'XHqSGJhNCB', 'SYrSBFKBij', 't8GRWFq37r', 'GkeRdYxFfn', 'tINR7oZ1hx', 'GGFRTdLWCX', 'YSAROTGN69', 'e8qRtp9YVf'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, WnXetM0ArtAll2FBvV.cs	High entropy of concatenated method names: 'GLOrjUs5qy', 'dZ7rAtnrsY', 'uSXrJdNmwT', 'uWJrxZhs63', 'GtgrFTMAFH', 'b0lrIal51v', 'nLCrsVpwA2', 'TRtr0it6Rr', 'P9yrovfMNu', 'SCqr3MVidQ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, ObjHrafHCDPkxn9Q6W.cs	High entropy of concatenated method names: 'zsVJTdifkd', 'K2gJOAdnMc', 'uSrJt5dmgd', 'vCUJ4ex3ve', 'zNFJqbv3lo', 'PMVJNUBZ4O', 'O1QJbvQtPQ', 'qNqJU7sY5K', 'foGJeaX7rX', 'LVsJ2gL0VO'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, DmCcKFK0IPMWXZ97qX.cs	High entropy of concatenated method names: 'al2xcBZ7MT', 'xoaxvUucVx', 'IoQxflrdhn', 'AgpxKlGV1W', 'mHMxlaG0BJ', 'sCuxgQjHqH', 'WadxRxdIga', 'm88xSB5NlU', 'Ao8x972V01', 'SrXxZQCVOy'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, Q0HcW9D877m5eI86a7.cs	High entropy of concatenated method names: 'n9yIjFtbF4', 'iWTIJfrXuB', 'rHAIFyS4jK', 'AkKIsuABCr', 'oLjI0GduIk', 'seIFq89eLe', 'wXNFN8RFMX', 'hiQFbdbGpa', 'uj7FUCL17V', 'IwvFevvhXj'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, paaP5t23Wf5EZKU9I1.cs	High entropy of concatenated method names: 'wob9BhJf1i', 'pJw9rFO3G3', 'HbK98laKRd', 'ujP9AXcy6E', 'CAJ9J2bKvk', 'qxV9FuSymu', 'eRi9IKJdrT', 'QhbSbn4y0M', 'vLrSUmOLqs', 'CQhSeykZUp'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, SqDhCdBVqkPc7mcoojn.cs	High entropy of concatenated method names: 'S4vZP5rYfp', 'KliZhU151x', 'qCFZ16yeRl', 'wCkBN6RRbTy548C4HZf', 'kekOPURIjnk4AL3lYZO', 'GmCyYJRB7JptnivsnT6', 'KS27VdR7iTl4mxhD9gX', 'UNItjdRrjg2MXlyONrE'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, O3F0AYw1NXJKpFIM2X.cs	High entropy of concatenated method names: 'NtxsPGo2nG', 'ioNshXluY0', 'HOrs1VDWih', 'uPusc7k6lv', 'rQ1s52q8dR', 'PfLsvh9yDL', 'RwWsukrRTd', 'QKisfNsOQD', 'zB2sKSgo92', 'pvNsYslBjN'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, YcY1VjVQsRwIGoEksb.cs	High entropy of concatenated method names: 'aj41NE1Uv', 'XNncHpQkc', 'eGTvvMIHZ', 'a90ujNB2O', 'tsdKqnSI8', 'JRcYVJkPP', 'L4KStwn6wglDAD01JG', 'JXjkWB5wDn4bQPBmdy', 'TeQSHTDA6', 'J77ZjevBX'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, aNIa7szEoxQuTqJ4CQ.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'I0k96i8lc8', 'OZV9lQA20G', 'JoV9gjufDV', 'L6J9ROy66e', 'eUf9SwMd1J', 'YPW99dIgur', 'fox9ZylwBh'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, O3x211BGWSnFU7J8LK4.cs	High entropy of concatenated method names: 'WKY9P8vO37', 'hjR9hJuU2i', 'Ayl91FNJTK', 'Rlm9c934lt', 'dLV95tIg4a', 'qvS9vuCivf', 'ER99uHph47', 'Bof9fvo0BW', 'GRA9Kc6oHA', 'gAQ9YjQPZF'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, Im3SNUYA4OoAs48joP.cs	High entropy of concatenated method names: 'MGdF5BkT0b', 'fQxFuFuJ5C', 'dJTxn2fHdV', 'lD7xQHLDkv', 'dBdxk4AFrG', 'PqgxC32WAH', 'hxmxp0cUM3', 'rvoxmyHSi2', 'TAZxwCKAv5', 'gVhxLQn1GY'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, bV8exNe7U6y0aXrbBy.cs	High entropy of concatenated method names: 'm7ASDQH0pw', 'o6HSXBgBK1', 'k4kSnJU4DN', 'fOsSQhx5Ob', 'xeOSToXobr', 'jOSSkZfUVI', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, fxVcsY7ME09f7oRmwm.cs	High entropy of concatenated method names: 'Wxp6fQ0mPT', 'uoc6KwsXTy', 'Fy26D5V4Z4', 'pcj6XO2ZAQ', 'mlq6QQM1AI', 'LvP6kMWtFT', 'MPI6p8NxjY', 'ItA6mGtmNF', 'CV46L7Zxoq', 'may6WSQ0OZ'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, LEBdxRTMrnSpatktya.cs	High entropy of concatenated method names: 'dPjlLHl2tc', 'v6oldqAcd7', 'qrulTdRZZp', 'oPKlODne83', 'q4ilXOhCx4', 'X8ilnAm2id', 'ub4lQH9dkc', 'FnGlkQYrUW', 'F1MlC5RW1n', 'Vnslp1ahfU'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, o1OyUpUpCrJm2V3hUW.cs	High entropy of concatenated method names: 'CZDSAo8vEb', 'yVaSJhIpX4', 'NbqSxEnSoi', 'qGGSFmwqS4', 'rtlSIwRkyL', 'hAHSsLgY7f', 'WL7S040oIt', 'RY3SoMECZR', 'ie3S3oNTbk', 'HTPSamPsiY'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, T2S5hSBrc8XPGFgEnTS.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'wIMZTAYXRG', 'S6YZOxM0vT', 'RAbZt4T0ag', 'sV9Z4IwrT5', 'WNkZqbImeN', 'WdQZN7id9k', 'erbZbwHNQU'
Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.b5d0000.9.raw.unpack, fYfX8Xp3pcvd29DGCX.cs	High entropy of concatenated method names: 'MFYsALOKMv', 'ypisxXb8sH', 'LcrsIcn8XH', 'bwjI2Vf5No', 'k12IzN1e9h', 'h3csGUtdRm', 'ii7sBQIU7C', 'jvWsVS65Xp', 'aaksrv57eN', 'ehis8LY5Jx'

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: 1350000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: 30C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: 2EF0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: 9040000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: 7570000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: A040000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: B040000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: B650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: C650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: D650000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: 1390000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: 2D70000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Memory allocated: 13B0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Window / User API: threadDelayed 3705			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Window / User API: threadDelayed 1565			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 7164	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -16602069666338586s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 6340	Thread sleep count: 3705 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 6340	Thread sleep count: 1565 > 30	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99437s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99219s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99109s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -99000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -98866s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -98750s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -98640s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -98531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -98422s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -98313s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -98188s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -98063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -97938s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -97813s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -97703s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -97594s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -97469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -97359s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -97250s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -97129s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe TID: 1976	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99766	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99656	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99547	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99437	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99328	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99219	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99109	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 99000	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 98866	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 98750	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 98640	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 98531	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 98422	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 98313	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 98188	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 98063	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 97938	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 97813	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 97703	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 97594	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 97469	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 97359	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 97250	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 97129	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Memory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe base: 400000 value starts with: 4D5A

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Process created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected AgentTesla

Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3261785904.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3261785904.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 5860, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 2136, type: MEMORYSTR

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities	Jump to behavior

Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.3261785904.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 5860, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 2136, type: MEMORYSTR

Remote Access Functionality

Yara detected AgentTesla

Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e3f058.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.4e04638.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3261785904.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3261785904.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 5860, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe PID: 2136, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	121 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	111 Process Injection	1 Deobfuscate/Decode Files or Information	1 Input Capture	24 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	1 Credentials in Registry	1 Query Registry	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	111 Security Software Discovery	Distributed Component Object Model	1 Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 Process Discovery	SSH	Keylogging	23 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	141 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	141 Virtualization/Sandbox Evasion	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	111 Process Injection	Proc Filesystem	1 System Network Configuration Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	35%	Virustotal		Browse
SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	100%	Avira	HEUR/AGEN.1310026
SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label	Link
mail.alkuwaiti.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://r3.o.lencr.org0	0%	URL Reputation	safe
http://x1.c.lencr.org/0	0%	URL Reputation	safe
http://x1.i.lencr.org/0	0%	URL Reputation	safe
http://r3.i.lencr.org/0	0%	URL Reputation	safe
http://mail.alkuwaiti.com	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mail.alkuwaiti.com	50.87.219.149	true	false	0%, Virustotal, Browse	unknown
api.ipify.org	104.26.13.205	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://mail.alkuwaiti.com	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://r3.o.lencr.org0	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000001005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3265792695.0000000006789000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.org	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://account.dyn.com/	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp	false		high
https://api.ipify.org/t	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002D71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://x1.c.lencr.org/0	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000001005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3265792695.0000000006789000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://x1.i.lencr.org/0	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000001005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3265792695.0000000006789000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://r3.i.lencr.org/0	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000000FE2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3260615126.0000000001005000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3261100936.0000000001039000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe, 00000003.00000002.3265792695.0000000006789000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
50.87.219.149	mail.alkuwaiti.com	United States		46606	UNIFIEDLAYER-AS-1US	false
104.26.13.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427743
Start date and time:	2024-04-18 03:33:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@3/1@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 164 Number of non-executed functions: 26
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
03:33:56	API Interceptor	27x Sleep call for process: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
50.87.219.149	Ziraat Swift Bildirimi.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.hyperfocusmasterclass.com/gg58/?f0=BXeHzp&3f=5Ix8alVOa82T/DZIfBhrjeSKtZ641IDQQHgZKH1ZvtSurMdm0kyXcXMOnWQHCxpuENZh
50.87.219.149	Ziraat Swift Bildirimi.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.hyperfocusmasterclass.com/gg58/?RZwp=5Ix8alVOa82T/DZIfBhrjeSKtZ641IDQQHgZKH1ZvtSurMdm0kyXcXMOnWQHCxpuENZh&2d6tXz=j8vX
104.26.13.205	SecuriteInfo.com.Trojan.DownLoaderNET.960.9931.28151.exe	Get hash	malicious	PureLog Stealer, Targeted Ransomware	Browse	api.ipify.org/
	Sky-Beta-Setup.exe	Get hash	malicious	Stealit	Browse	api.ipify.org/?format=json
	ArenaWarSetup.exe	Get hash	malicious	Stealit	Browse	api.ipify.org/?format=json
	Sky-Beta Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=json
	E4sbo4F6Sz.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	E4sbo4F6Sz.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	SecuriteInfo.com.Win64.RATX-gen.31127.4101.exe	Get hash	malicious	PureLog Stealer, Targeted Ransomware	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
mail.alkuwaiti.com	Bank slip.exe	Get hash	malicious	AgentTesla	Browse	50.87.219.149
	PO#240.exe	Get hash	malicious	AgentTesla	Browse	50.87.219.149
	Shipping Docs.exe	Get hash	malicious	AgentTesla	Browse	50.87.219.149
	SecuriteInfo.com.W32.MSIL_Kryptik.DWR.gen.Eldorado.6551.17723.exe	Get hash	malicious	AgentTesla	Browse	50.87.219.149
api.ipify.org	invoice & packing list.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	ZG17uv37pi.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	ZG17uv37pi.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	Fizetes,jpg.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	SecuriteInfo.com.FileRepMalware.7644.21541.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	payload.js	Get hash	malicious	Unknown	Browse	104.26.13.205
	payload.js	Get hash	malicious	Unknown	Browse	172.67.74.152
	Payment Advice.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Draft Sales contract.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	Bank slip.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNIFIEDLAYER-AS-1US	invoice & packing list.exe	Get hash	malicious	AgentTesla	Browse	162.241.123.30
	Draft Sales contract.exe	Get hash	malicious	AgentTesla	Browse	162.241.123.30
	Bank slip.exe	Get hash	malicious	AgentTesla	Browse	50.87.219.149
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FQuantexa/IpoXF42991IpoXF42991IpoXF/bWFzc2ltb2JvcnJlbGxpQHF1YW50ZXhhLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	192.185.104.70
	QUOTATION-#170424.exe	Get hash	malicious	AgentTesla	Browse	192.254.225.136
	PURCHASE ORDER LISTS GREEN VALLY CORP.bat	Get hash	malicious	GuLoader	Browse	173.254.31.34
	draft bl_pdf.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	192.185.13.234
	signed documents and BOL.exe	Get hash	malicious	AgentTesla	Browse	162.241.123.30
	DN.exe	Get hash	malicious	AgentTesla	Browse	50.87.253.239
	2llKbb9pR7.exe	Get hash	malicious	LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoader	Browse	198.57.242.153
CLOUDFLARENETUS	SecuriteInfo.com.Win64.CrypterX-gen.2144.26023.exe	Get hash	malicious	Glupteba, PureLog Stealer, zgRAT	Browse	104.21.91.214
	http://ranchpools.com	Get hash	malicious	Unknown	Browse	104.19.178.52
	invoice & packing list.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	http://t.cm.morganstanley.com/r/?id=h1b92d14%2C134cc33c%2C1356be32&p1=www.saiengroup.com%2Fteaz%2F648c482b60b3906833c9304bab170add%2FJBVNhz%2FYW15LmNoZW5AZG91YmxlbGluZS5jb20=	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe	Get hash	malicious	Unknown	Browse	172.67.184.140
	https://windowdefalerts-error0x21906-alert-virus-detected.pages.dev/	Get hash	malicious	TechSupportScam	Browse	172.67.176.240
	https://windowdefalerts-error0x21903-alert-virus-detected.pages.dev/	Get hash	malicious	TechSupportScam	Browse	172.66.44.169
	https://windowdefalerts-error0x21905-alert-virus-detected.pages.dev/	Get hash	malicious	TechSupportScam	Browse	104.21.56.41
	SecuriteInfo.com.Heuristic.HEUR.AGEN.1343277.7061.14046.exe	Get hash	malicious	Unknown	Browse	104.21.75.251
	https://windowdefalerts-error0x21908-alert-virus-detected.pages.dev/	Get hash	malicious	TechSupportScam	Browse	172.66.47.160

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	invoice & packing list.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	ZG17uv37pi.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	ZG17uv37pi.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	http://mitchellind.ubpages.com/mi-ind/	Get hash	malicious	Unknown	Browse	104.26.13.205
	Fizetes,jpg.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	SecuriteInfo.com.FileRepMalware.7644.21541.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Payment Advice.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Draft Sales contract.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Bank slip.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	https://tracker.club-os.com/campaign/click?msgId=f8ea317d963149a518aa35e03e5541f797badf3c&target=splendidanimations.com%2F%40%2FQuantexa/IpoXF42991IpoXF42991IpoXF/bWFzc2ltb2JvcnJlbGxpQHF1YW50ZXhhLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	104.26.13.205

Process:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	2056
Entropy (8bit):	5.342567089024067
Encrypted:	false
SSDEEP:	48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeRHKx1qHKHxvj:iqlYqh3ou0aymsqwtI6eqzqqxwqRb
MD5:	83A6E29FD802325CCCB720870B60C618
SHA1:	4CD8AC6CA2659E4E32D1B27A8A4E77ABF980EE43
SHA-256:	A81A5B984180553C06E7C9CAE0BAF7E195950801F493996F48FA59F1ACC135B2
SHA-512:	69CC81145ACCA3D5C154D3A11396C2AFAEC4135662A82124EA249817BE7066D782DE2C79FE985E23F32F9709C144E2C513C727CFD1A88D677F34EB25E868B560
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.964847684361756
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
File size:	680'448 bytes
MD5:	f4babeed860c7952cb00bae31c4bfa54
SHA1:	c818efd3d709df2baa44767b1332bb2df045f7a8
SHA256:	ef171f71804fe96bf375379c691e1f93b3fe38a3535b24f8f19d104e5eecf7aa
SHA512:	d5f5ab36fc76b4c4bb59acf32c6dc5affaf53062168a74f5695d6e29e901e0f96d3826d819c90f03e7b70cab0d33a4d4f3686a8b5a4749b7545fded848fd3a8b
SSDEEP:	12288:ejIBUOFFIJJzbCU6WQjXgoCxXU7pKa+aGzPPH44FZVEJJM3NrYK:2I1vsJPF6jC5U7pn+VJ5CJAX
TLSH:	ACE4231DAFA4D60FDA3C96F60A2209884331D4D94883E3C9FCC465D65D697CBA8C5BB3
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q f.................>...".......\... ........@.. ....................................@................................

File Icon


Icon Hash:	0f235999b9792317

Static PE Info

General

Entrypoint:	0x4a5c0e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x66205197 [Wed Apr 17 22:47:51 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa5bbc	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa6000	0x2000	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa8000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xa3c14	0xa3e00	be9d2b043baf689464daf30ed9784fb1	False	0.971751942696415	SysEx File -	7.9719974623886785	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xa6000	0x2000	0x2000	6824abcab3fa60d127b85dacfeee666d	False	0.851318359375	data	7.304805145291916	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa8000	0xc	0x200	669e361a14f62b6708eab535dbf63ccb	False	0.044921875	data	0.10191042566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0xa6100	0x1834	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9917688831504197
RT_GROUP_ICON	0xa7944	0x14	data	1.05
RT_VERSION	0xa7968	0x350	data	0.4410377358490566
RT_MANIFEST	0xa7cc8	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 03:34:00.385754108 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:00.385799885 CEST	443	49708	104.26.13.205	192.168.2.5
Apr 18, 2024 03:34:00.385860920 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:00.408349991 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:00.408370018 CEST	443	49708	104.26.13.205	192.168.2.5
Apr 18, 2024 03:34:00.634191036 CEST	443	49708	104.26.13.205	192.168.2.5
Apr 18, 2024 03:34:00.634530067 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:00.637185097 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:00.637212992 CEST	443	49708	104.26.13.205	192.168.2.5
Apr 18, 2024 03:34:00.637643099 CEST	443	49708	104.26.13.205	192.168.2.5
Apr 18, 2024 03:34:00.677774906 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:00.689352989 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:00.732145071 CEST	443	49708	104.26.13.205	192.168.2.5
Apr 18, 2024 03:34:00.938036919 CEST	443	49708	104.26.13.205	192.168.2.5
Apr 18, 2024 03:34:00.938092947 CEST	443	49708	104.26.13.205	192.168.2.5
Apr 18, 2024 03:34:00.938134909 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:00.943905115 CEST	49708	443	192.168.2.5	104.26.13.205
Apr 18, 2024 03:34:01.600583076 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:01.754460096 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:01.754638910 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:02.361319065 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:02.361546040 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:02.515302896 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:02.515696049 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:02.671475887 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:02.671964884 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:02.834177971 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:02.834203005 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:02.834220886 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:02.834249020 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:02.863776922 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:03.018074036 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:03.020659924 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:03.174410105 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:03.175627947 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:03.329879999 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:03.330980062 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:03.524805069 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:03.666218042 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:03.666461945 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:03.820075989 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:03.820122004 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:03.820465088 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:04.014755011 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:04.130382061 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:04.130634069 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:04.286247969 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:04.286273956 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:04.286935091 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:04.286994934 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:04.287017107 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:04.287389994 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:34:04.440582037 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:04.440648079 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:04.441307068 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:34:04.490173101 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:35:41.490461111 CEST	49709	587	192.168.2.5	50.87.219.149
Apr 18, 2024 03:35:41.644318104 CEST	587	49709	50.87.219.149	192.168.2.5
Apr 18, 2024 03:35:41.644943953 CEST	49709	587	192.168.2.5	50.87.219.149

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 18, 2024 03:34:00.265655041 CEST	54611	53	192.168.2.5	1.1.1.1
Apr 18, 2024 03:34:00.370167971 CEST	53	54611	1.1.1.1	192.168.2.5
Apr 18, 2024 03:34:01.470947981 CEST	57769	53	192.168.2.5	1.1.1.1
Apr 18, 2024 03:34:01.599919081 CEST	53	57769	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 18, 2024 03:34:00.265655041 CEST	192.168.2.5	1.1.1.1	0x859b	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Apr 18, 2024 03:34:01.470947981 CEST	192.168.2.5	1.1.1.1	0xa7b2	Standard query (0)	mail.alkuwaiti.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 18, 2024 03:34:00.370167971 CEST	1.1.1.1	192.168.2.5	0x859b	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false
Apr 18, 2024 03:34:00.370167971 CEST	1.1.1.1	192.168.2.5	0x859b	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Apr 18, 2024 03:34:00.370167971 CEST	1.1.1.1	192.168.2.5	0x859b	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Apr 18, 2024 03:34:01.599919081 CEST	1.1.1.1	192.168.2.5	0xa7b2	No error (0)	mail.alkuwaiti.com	50.87.219.149	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

api.ipify.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49708	104.26.13.205	443	2136	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-18 01:34:00 UTC	155	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0 Host: api.ipify.org Connection: Keep-Alive
2024-04-18 01:34:00 UTC	211	IN	HTTP/1.1 200 OK Date: Thu, 18 Apr 2024 01:34:00 GMT Content-Type: text/plain Content-Length: 12 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8760e8f71c8c12e9-ATL
2024-04-18 01:34:00 UTC	12	IN	Data Raw: 38 31 2e 31 38 31 2e 35 37 2e 35 32 Data Ascii: 81.181.57.52

SMTP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP	Commands
Apr 18, 2024 03:34:02.361319065 CEST	587	49709	50.87.219.149	192.168.2.5	220-box2389.bluehost.com ESMTP Exim 4.96.2 #2 Wed, 17 Apr 2024 19:34:02 -0600 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail.
Apr 18, 2024 03:34:02.361546040 CEST	49709	587	192.168.2.5	50.87.219.149	EHLO 849224
Apr 18, 2024 03:34:02.515302896 CEST	587	49709	50.87.219.149	192.168.2.5	250-box2389.bluehost.com Hello 849224 [81.181.57.52] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-PIPECONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP
Apr 18, 2024 03:34:02.515696049 CEST	49709	587	192.168.2.5	50.87.219.149	STARTTLS
Apr 18, 2024 03:34:02.671475887 CEST	587	49709	50.87.219.149	192.168.2.5	220 TLS go ahead

Target ID:	0
Start time:	03:33:56
Start date:	18/04/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"
Imagebase:	0xb50000
File size:	680'448 bytes
MD5 hash:	F4BABEED860C7952CB00BAE31C4BFA54
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2066897818.0000000004E04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	03:33:59
Start date:	18/04/2024
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe"
Imagebase:	0x980000
File size:	680'448 bytes
MD5 hash:	F4BABEED860C7952CB00BAE31C4BFA54
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3261785904.0000000002DF4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3261785904.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3261785904.0000000002DC1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3261785904.0000000002DEC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000003.00000002.3260191325.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	167
Total number of Limit Nodes:	11

Executed Functions

Function 07420EB9 Relevance: 1.6, Strings: 1, Instructions: 346
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

tIh, xrefs: 074212A5

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: tIh
API String ID: 0-443931868
Opcode ID: 6050a9b61092aadc55e2635cba156c9184de305fecf817e8c69e349d7e2d5401
Instruction ID: edc8f7d1a78eca07c15c51dbf23a7c516c8fd34d6cea02adb352c6eb05af84c1
Opcode Fuzzy Hash: 6050a9b61092aadc55e2635cba156c9184de305fecf817e8c69e349d7e2d5401
Instruction Fuzzy Hash: B1E138B0D1521ACFDB04CFA5C5818AEFBB2FF89300B55D566E415AB215C734AA93CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07420EF0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

tIh, xrefs: 074212A5

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: tIh
API String ID: 0-443931868
Opcode ID: 32b2841a2db479c2e2562dca54d5b652ce2eb0a0bb5b6676e4e70c07d6c46763
Instruction ID: 47e67429c38042bdcdd88cfff050bdbb863f42f008506d337adfd83b125f1518
Opcode Fuzzy Hash: 32b2841a2db479c2e2562dca54d5b652ce2eb0a0bb5b6676e4e70c07d6c46763
Instruction Fuzzy Hash: C9D115B0E1521ADFCB04CF99C5818AEFBB2FB89300F51D566E425AB214D734AA53CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05771538 Relevance: .3, Instructions: 270COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2069065255.0000000005770000.00000040.00000800.00020000.00000000.sdmp, Offset: 056D0000, based on PE: true

Associated: 00000000.00000002.2068878545.00000000056D0000.00000004.08000000.00040000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_56d0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd9f68de919465d4eb42fbd6836c1dc4b92016e70db486d095bf695f389652bb
Instruction ID: a37a8ac7e7348636b59dc568933374d8849be67053e69a0806e94e1e889e7b04
Opcode Fuzzy Hash: dd9f68de919465d4eb42fbd6836c1dc4b92016e70db486d095bf695f389652bb
Instruction Fuzzy Hash: 3AA13832A0469E9BDF218B38F804B9EFFE2FF01B90F0A85E9D0A457651C771A544E785

Uniqueness

Uniqueness Score: -1.00%

Function 07423F98 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af13c535904c37f52bd00918e5b3862f448794f17db8afc87cf964405f26b9c
Instruction ID: 80ddf32876f41827d8e4283f35b90babb2559084ca9084dd956cc2973ffacda4
Opcode Fuzzy Hash: 3af13c535904c37f52bd00918e5b3862f448794f17db8afc87cf964405f26b9c
Instruction Fuzzy Hash: 1D9128B0D15259DFCB48CFAAE5809DDFBB2FB89300F60A41AE016B7224D7349956DF14

Uniqueness

Uniqueness Score: -1.00%

Function 07423F89 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49f4aad0dd16dcd27b72ae775a6010397364096ef2d3b5bacc678407c66ab607
Instruction ID: 35f4986f90b4e5f61bc3e0e48d9bd9c4de272ea61ddaa316cf594e1b054a483a
Opcode Fuzzy Hash: 49f4aad0dd16dcd27b72ae775a6010397364096ef2d3b5bacc678407c66ab607
Instruction Fuzzy Hash: F49138B0D15259DFCB48CFA9E5809DDFBB2FB89300F60A42AE016B7224D7349956DF14

Uniqueness

Uniqueness Score: -1.00%

Function 07423C80 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 947a2dc7f1c0608cb6fdc2af16db8d59e1cdbc463292043f7f7143adf0845de1
Instruction ID: 0af3df71c91a3b99de5b564001ebc09080083a7e322c8f3010b8842dede6a2d1
Opcode Fuzzy Hash: 947a2dc7f1c0608cb6fdc2af16db8d59e1cdbc463292043f7f7143adf0845de1
Instruction Fuzzy Hash: 8B8113B5E14229DFCB04CFAAC8409EEFBB1FB89200F50995AE415B7364D738A912DF54

Uniqueness

Uniqueness Score: -1.00%

Function 07423C70 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 35555503353b24c6ffef8e3739de04308fa0dcdff080f7ec3e3bd7765ab6a998
Instruction ID: 715afef48714a5b262dacd720d2781aa5aab6c0251b8f7a9ea2968a5df0c4897
Opcode Fuzzy Hash: 35555503353b24c6ffef8e3739de04308fa0dcdff080f7ec3e3bd7765ab6a998
Instruction Fuzzy Hash: 5981F3B5E14229DFCB04CFAAC8409EEFBB1FB89300F50995AE415A7364D738A912DF54

Uniqueness

Uniqueness Score: -1.00%

Function 07420006 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4c79439018b8a2daa7766e2075c34e66e05cafabdea2fab2e222ce3613161f5
Instruction ID: 61cd4fb76f49cb29bf832ef9c7de4e10c6db08b6090fca64307b5b22cc1faaf0
Opcode Fuzzy Hash: e4c79439018b8a2daa7766e2075c34e66e05cafabdea2fab2e222ce3613161f5
Instruction Fuzzy Hash: 26314171D057948FD71ACF6788502DEBFF3AFCA310F19C0A6D444AB266DA741946CB60

Uniqueness

Uniqueness Score: -1.00%

Function 07420040 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3a700620b6d939d53ae4e019f108f85bc226fe1d4ba82be76af70192e2cbe15
Instruction ID: db0da46acf38107341821f24cea1bbeb161f648efcf24f51fd6baaee7cb49751
Opcode Fuzzy Hash: f3a700620b6d939d53ae4e019f108f85bc226fe1d4ba82be76af70192e2cbe15
Instruction Fuzzy Hash: 5A21EAB1E016188BEB18CF9BD9442DEFBF7AFC8310F14C17AD408A6268DB741A56CB50

Uniqueness

Uniqueness Score: -1.00%

Function 078C37D3 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 459c4f11c2f1c75a3a7b5dd0938fc0a82ec49b9c0573aeccc9a94eb1ca5f1850
Instruction ID: f3e19a8300bce200e7b43849a381bf9baa9fbde8ab0721a82b2284dd872e0b62
Opcode Fuzzy Hash: 459c4f11c2f1c75a3a7b5dd0938fc0a82ec49b9c0573aeccc9a94eb1ca5f1850
Instruction Fuzzy Hash: E1A002C4CBF54CC18040DC2424584F5D53C523B008F50F00C814BF39560E74C003092F

Uniqueness

Uniqueness Score: -1.00%

Function 07425378 Relevance: 2.6, Strings: 2, Instructions: 85
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8aq, xrefs: 0742544B
8aq, xrefs: 0742540B

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 8aq$8aq
API String ID: 0-1589283582
Opcode ID: 34e7562558322816b094e4551682eccb50b13922e6a061f00e12f429505923b6
Instruction ID: 725e2adeb8f9948e279f393c27516de992ac89820fcfe4f3c1fbb1705e6da15f
Opcode Fuzzy Hash: 34e7562558322816b094e4551682eccb50b13922e6a061f00e12f429505923b6
Instruction Fuzzy Hash: B721C370B402158FD700DB7CC845ABEF7E6EF85301FA045ABD109DB395EA74AD128765

Uniqueness

Uniqueness Score: -1.00%

Function 07421530 Relevance: 2.6, Strings: 2, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

3H5, xrefs: 074215C0
3H5, xrefs: 074215CE

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 3H5$3H5
API String ID: 0-2752242361
Opcode ID: c1d52c5de6a4cb988c7caa8f2641973be63d9cca6ee2633a8405aa994525f776
Instruction ID: c1e8683f135603262817840bef56deabf49f78c2580b0d1790a91dcfe16447d0
Opcode Fuzzy Hash: c1d52c5de6a4cb988c7caa8f2641973be63d9cca6ee2633a8405aa994525f776
Instruction Fuzzy Hash: 322136B0D11219DFCB04CFA9C540AAEFBF1FF89300F54C9AAD509A7214E7309A92DB81

Uniqueness

Uniqueness Score: -1.00%

Function 078C1BFC Relevance: 1.7, APIs: 1, Instructions: 246
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 078C1E3E

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: f4a94746b83b2fd384857fd7fd8c87d0b21de849abe9cc7e828d35df3f5aa190
Instruction ID: ff7991a63646eef9b0181e60b04e834e872a6e9384d882a88fe90ddb94fb3a75
Opcode Fuzzy Hash: f4a94746b83b2fd384857fd7fd8c87d0b21de849abe9cc7e828d35df3f5aa190
Instruction Fuzzy Hash: 1FA14AB1D0021ACFEB24DF69C8847EDBBB6BF48314F1481A9E809E7244DB749985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 078C1C08 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 078C1E3E

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 519036cc505f2c9f61864d03513990e06ab5ebe2a360c209668ac88d9398abee
Instruction ID: da905729ec208d41e6315d49f2b5c682b1eb81b5530cc02328d53b12799d30e7
Opcode Fuzzy Hash: 519036cc505f2c9f61864d03513990e06ab5ebe2a360c209668ac88d9398abee
Instruction Fuzzy Hash: 169148B1D0021ECFEB24DF69C8847EDBBB6AF48314F1485A9E809E7244DB749985CF91

Uniqueness

Uniqueness Score: -1.00%

Function 078C1578 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 078C1610

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: bec6ea26f1b5abf632c59be6f56d171f479296face9078b91c921aa1018fae35
Instruction ID: eee39f16dd693b61b6f1632219659e94a5b42ac1688f89376daeab9a6d63f6ea
Opcode Fuzzy Hash: bec6ea26f1b5abf632c59be6f56d171f479296face9078b91c921aa1018fae35
Instruction Fuzzy Hash: 972128B5D003599FCB10DFAAC885BEEBBF5FF48310F10842AE919A7241C7789544CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 078C1580 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 078C1610

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 610795224dac875334d45a19fa376d13af803bbeb2218d617eaa836529132866
Instruction ID: f9bca49051750787750d0135b374e5444f1c3491b47c13c62b060e6027a061ec
Opcode Fuzzy Hash: 610795224dac875334d45a19fa376d13af803bbeb2218d617eaa836529132866
Instruction Fuzzy Hash: 132139B5D003599FCB10DFAAC885BEEBBF5FF48310F108429E919A7241C7789944CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 078C0B70 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078C0BF6

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: a94774c3f0098c9b073ed3a35673bd05d39a160b68d8590ec4dc557046ee3af2
Instruction ID: 0114f6a99558f9bb1a982f1b88a8ecd1a1d6fb0bd5e8bc7124bff403e234c9b4
Opcode Fuzzy Hash: a94774c3f0098c9b073ed3a35673bd05d39a160b68d8590ec4dc557046ee3af2
Instruction Fuzzy Hash: E12159B5D003099FDB10DFAAC4857EEBBF4EF48314F108429D559A7241CB78A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 078C1669 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 078C16F0

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 8125929147e702c319cf70ba61ad5b72186f1cb6a88bf7acf3fff1bc229e5fe6
Instruction ID: 420ac9ca3a3f3d2103e6481b275126776452e4414f1e244d30548dbf9763e676
Opcode Fuzzy Hash: 8125929147e702c319cf70ba61ad5b72186f1cb6a88bf7acf3fff1bc229e5fe6
Instruction Fuzzy Hash: DE2119B5C002599FCB10DFAAC885AEEFBF5FF48310F50842AE519A7240C7389545CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 078C1670 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 078C16F0

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: 5b45d0187c59230cb6aae76139dc7ad4b29619d6cc9d8d54d5d5bea9b8dd5c00
Instruction ID: e0e062f004db149482d446dd2cdc8e2a542b7a0e2d1a446db757c36e7827beba
Opcode Fuzzy Hash: 5b45d0187c59230cb6aae76139dc7ad4b29619d6cc9d8d54d5d5bea9b8dd5c00
Instruction Fuzzy Hash: 2121F5B1C003599FCB10DFAAC885AEEFBF5FF48310F50842AE959A7250C7799945CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 078C0B78 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Wow64SetThreadContext.KERNEL32(?,00000000), ref: 078C0BF6

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 3138af1bd84a7a0ffd7a711bbfcae040eb83cb73d6a5af6790a02936c054bf5c
Instruction ID: 920540a240b7231de0c5e64ad4b0bead7dbbbc2c76291f15cf42fce860f25d73
Opcode Fuzzy Hash: 3138af1bd84a7a0ffd7a711bbfcae040eb83cb73d6a5af6790a02936c054bf5c
Instruction Fuzzy Hash: D32138B1D003098FDB10DFAAC4857EEBBF4EF48314F108429D559A7240CB789945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0139D150 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,0139DE99,00000800,00000000,00000000), ref: 0139E08A

Memory Dump Source

Source File: 00000000.00000002.2065681201.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1390000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: d5b0eb1ac299246357b16bcd1eca386f479b00afab6808b96710ffff004f5355
Instruction ID: 5ea7adece5eefa3cc2f3a59ed2c3e3ba859b2a7bbf4a66e97951a9a420d20ac9
Opcode Fuzzy Hash: d5b0eb1ac299246357b16bcd1eca386f479b00afab6808b96710ffff004f5355
Instruction Fuzzy Hash: 941114B6900308DFDB20DF9AC444BAEFBF4EB48314F10842AE519A7300C379A544CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 078C1082 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 078C10F6

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 60509a9f0d8b1920eb450be0ee48f79f2e4ec7057bca43e6cf9652756ed7150c
Instruction ID: 44580634abc6439abb1e2d8a50a439e8b65cfa3b953ea70d354c94e0faec3861
Opcode Fuzzy Hash: 60509a9f0d8b1920eb450be0ee48f79f2e4ec7057bca43e6cf9652756ed7150c
Instruction Fuzzy Hash: 281147B5C042499FCB10DFAAC844BEEBFF5EF49310F24841AE559A7250C779A554CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 078C1088 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 078C10F6

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: fd9cd4ca482ad07fbbe52ee09f1e214ba3f2f7023dc8c68eaa968ab1002ef721
Instruction ID: 7c277ca33903f4a0befe5e9a609fd6308016f568464ebeae6ecd4099f59e6e71
Opcode Fuzzy Hash: fd9cd4ca482ad07fbbe52ee09f1e214ba3f2f7023dc8c68eaa968ab1002ef721
Instruction Fuzzy Hash: 221137B5C002499FCB10DFAAC845AEEBFF5FF89310F20881AE519A7250C779A544CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 078C0AC0 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 078C0B2A

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: d241cf39e526e018912b65301a2edc8f194aa1a85e7bf4e4bef75386056fd7d3
Instruction ID: 31fa98e2b6462623c525050c934a70c5229fa88cb679fb34906b28bbb3127391
Opcode Fuzzy Hash: d241cf39e526e018912b65301a2edc8f194aa1a85e7bf4e4bef75386056fd7d3
Instruction Fuzzy Hash: EA1158B5C002488FDB20DFAAC8457EEFBF9EF89314F248419D519A7240CB39A545CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 078C0AC8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNEL32 ref: 078C0B2A

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 6c4959ce2a419988ea4bf3c1db3cb847d31e525c80143268bee345ee22663d32
Instruction ID: c1eb186aaa7aa52ddcc91512082da9336924c670ab39e6502e01c816dc28fbf8
Opcode Fuzzy Hash: 6c4959ce2a419988ea4bf3c1db3cb847d31e525c80143268bee345ee22663d32
Instruction Fuzzy Hash: 6A113AB1D002498FCB10DFAAC4457EEFBF5EF88314F208419D519A7240CB79A544CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0139DDB8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0139DE1E

Memory Dump Source

Source File: 00000000.00000002.2065681201.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_1390000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: bec07e0fe8be1d30cb1231b048441d4e206fa50254b7f7530a4c7c3b66688394
Instruction ID: 96d79835da11fa2273e5dde36c64144833db0cf17d9f1d486be53e94a786d659
Opcode Fuzzy Hash: bec07e0fe8be1d30cb1231b048441d4e206fa50254b7f7530a4c7c3b66688394
Instruction Fuzzy Hash: CF11E0B5C002498FDB10DF9AD544ADEFBF5EF88314F10841AD919A7610C379A545CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 074255D0 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

Te]q, xrefs: 07425731

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: 7dd6c60f8a342327d3806b6e20135e37495d80fb01091e9fd81b446ee005e12d
Instruction ID: cbe838e0b409304ac3c8a28d1015cb1dc9c465ec83b64cdf5c1b823947407cc7
Opcode Fuzzy Hash: 7dd6c60f8a342327d3806b6e20135e37495d80fb01091e9fd81b446ee005e12d
Instruction Fuzzy Hash: 9D418F71B002168FCB14DFB998489AFBBF6FFC4620B158969E459DB350DF30AD168790

Uniqueness

Uniqueness Score: -1.00%

Function 0742E4DD Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

.$/F, xrefs: 0742E48F

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: .$/F
API String ID: 0-3545118181
Opcode ID: d8597564aa25460d2bf67ee0349003f8e85b5e09d683ac2d7f6a58ee874f2a32
Instruction ID: b3435d4bdf4a5bb61cddacf1adb5943253ce7553451a921b1e167a12fa3650ce
Opcode Fuzzy Hash: d8597564aa25460d2bf67ee0349003f8e85b5e09d683ac2d7f6a58ee874f2a32
Instruction Fuzzy Hash: 646171B4A00269CFCB10EF68D949AD97BB5FF49301F5085A6E80EA7715DB349D82CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0742B0BF Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

Te]q, xrefs: 0742B1BE

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: c136d4287a907add7368e01a0b5070909c970c0d7703ff6844ca1581846ad5fb
Instruction ID: ed2f85f494d620cef209d32880dddaf68ffd5dee3ad8635cb9d2b94fedc1fbf1
Opcode Fuzzy Hash: c136d4287a907add7368e01a0b5070909c970c0d7703ff6844ca1581846ad5fb
Instruction Fuzzy Hash: BA4105B4E04219CFCB09CFA9C8849EDFBB2FF49300F60846AD815AB261D7316916CF10

Uniqueness

Uniqueness Score: -1.00%

Function 074236D0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

O};5, xrefs: 07423708

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: O};5
API String ID: 0-3558557551
Opcode ID: 0d1bd68701458bffb283b1bb7b4923a0e6d34aeef6947a200a047d80b724cf0a
Instruction ID: 7059df4feeef04d75eddf22e80722676ff5c30ba77cbf4ef2c0563a871adca8a
Opcode Fuzzy Hash: 0d1bd68701458bffb283b1bb7b4923a0e6d34aeef6947a200a047d80b724cf0a
Instruction Fuzzy Hash: 54418FB0A20219EFCB44CF95D5858AEFFF1FB8A200FA0D896D005E7314DB349A22DB14

Uniqueness

Uniqueness Score: -1.00%

Function 074236C0 Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

O};5, xrefs: 07423708

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: O};5
API String ID: 0-3558557551
Opcode ID: 98ad4a2ddee0eb19412b13f874dc080ea8a7e9f011c10d625418e4ab753b2a00
Instruction ID: e3e773ad0f8f70a3b9f3c2c1570cf1864f8e78566b78fdae38acf33967177b69
Opcode Fuzzy Hash: 98ad4a2ddee0eb19412b13f874dc080ea8a7e9f011c10d625418e4ab753b2a00
Instruction Fuzzy Hash: 03418FB4A24619EFCB44CF95D58989DFFF1FB8A200FA0D896D044AB365DB349A21CB14

Uniqueness

Uniqueness Score: -1.00%

Function 0742B120 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

Te]q, xrefs: 0742B1BE

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: 163040fb4a171eda3e984e8cfeae7da397359ee63caea12f00d67842afa009bb
Instruction ID: 97cc604d34b555690af5fd8449f6619d2f15960a89472909e43acd91c23e628d
Opcode Fuzzy Hash: 163040fb4a171eda3e984e8cfeae7da397359ee63caea12f00d67842afa009bb
Instruction Fuzzy Hash: 2E31E2B4E14219CFCB08CFE9C8849EDBBB6FB89300F60952AD419AB355D731A906CF10

Uniqueness

Uniqueness Score: -1.00%

Function 0742E467 Relevance: 1.3, Strings: 1, Instructions: 77COMMON

Download Yara Rule

Strings

.$/F, xrefs: 0742E48F

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: .$/F
API String ID: 0-3545118181
Opcode ID: 077ab4b9a5ba2d4677d02782355febad8b100eafe08b48f7f24e5f1b4d5dc4a2
Instruction ID: b9041d5d3c51bf62b7c6db878eb0ce1f404cbd5f7a0420706ecdfa09e8013f20
Opcode Fuzzy Hash: 077ab4b9a5ba2d4677d02782355febad8b100eafe08b48f7f24e5f1b4d5dc4a2
Instruction Fuzzy Hash: CE314BB4A40268CFCB54EF28E845BA87BB6FF85305F1081A6E84DA7745DB344D86CF40

Uniqueness

Uniqueness Score: -1.00%

Function 07421520 Relevance: 1.3, Strings: 1, Instructions: 64COMMON

Download Yara Rule

Strings

3H5, xrefs: 074215CE

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: 3H5
API String ID: 0-3899204960
Opcode ID: 1fc5ae857107a9062843097470e6eccff84e531651bf24277a9ac024839b1d2d
Instruction ID: 8428e6a79a17916f0cdecb77a5caf53aea62e20620f24e2790911ea884b12418
Opcode Fuzzy Hash: 1fc5ae857107a9062843097470e6eccff84e531651bf24277a9ac024839b1d2d
Instruction Fuzzy Hash: 292123B0E11209DFCB04CFA9C540AAEFBF2BF89300F54C5AAD505A7350E7309A96DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0742C941 Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

r, xrefs: 0742CAD7

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 7e2ac36daf58b7b8c8dbe39488f00dc2af162eaa10e10f69dca43f839cfbd2f0
Instruction ID: 328f776c6d5f5434a42ff4cb41510365cc33d6275c31fb4e372da2a03da7244e
Opcode Fuzzy Hash: 7e2ac36daf58b7b8c8dbe39488f00dc2af162eaa10e10f69dca43f839cfbd2f0
Instruction Fuzzy Hash: CF21F9B0929124DBCB54CF55D1849EDBBBAFB4E301FA0D956E40AA7206CB30A953DF60

Uniqueness

Uniqueness Score: -1.00%

Function 074254F0 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

Te]q, xrefs: 0742555B

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: Te]q
API String ID: 0-52440209
Opcode ID: 2404cb182d6699b689981ed2baa76cd5bd454ffa0c1aeebd3f0ffa7a6102fc68
Instruction ID: 8430b37c66b76b73618fd6ce28fce11513d4b163b4b6b36a6c26d56b379bb546
Opcode Fuzzy Hash: 2404cb182d6699b689981ed2baa76cd5bd454ffa0c1aeebd3f0ffa7a6102fc68
Instruction Fuzzy Hash: CC115171B0121A8BCF04EFB999115EFB6F6AFC4610B5040BAD905EB344EF359D12CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0742E67C Relevance: 1.3, Strings: 1, Instructions: 27COMMON

Download Yara Rule

Strings

~z-, xrefs: 0742E67C

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: ~z-
API String ID: 0-1730302399
Opcode ID: 9c09336cd540612a17490b0c3cfadb50d8ddd4653846737393ba0c8c908be08c
Instruction ID: eb3568f1a1797cc6233fe99060d46f89c756941e09a9cd85dcbb97770da05ce8
Opcode Fuzzy Hash: 9c09336cd540612a17490b0c3cfadb50d8ddd4653846737393ba0c8c908be08c
Instruction Fuzzy Hash: DCF030B0A85118CFC700EFD8E5595DC7BF9EB45304B109A2AD406AB619DB384D0A8B45

Uniqueness

Uniqueness Score: -1.00%

Function 0742C953 Relevance: 1.3, Strings: 1, Instructions: 22COMMON

Download Yara Rule

Strings

r, xrefs: 0742CAD7

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 6299cdd875050d92a3167d2b390e7446748572b52d0af8e00859900b3d9354a9
Instruction ID: 74cfd0a1d9d9772ca6e14c819f549b4721e9a6912a99af6eeee391242d5bba71
Opcode Fuzzy Hash: 6299cdd875050d92a3167d2b390e7446748572b52d0af8e00859900b3d9354a9
Instruction Fuzzy Hash: 50F05AB4902228CFCB50CFA8C684AEDBBF5BB0D201F20455AE805A7301D739AE42CF25

Uniqueness

Uniqueness Score: -1.00%

Function 074239C8 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96f29371f48d45d368a85d2e5b457bb3209ccf0cab96c344276449f741f471b2
Instruction ID: 5dd1ce2d9bffdf3923c89c9fc6b95f59c6fa2173837efe44c6c56fa8dc620afe
Opcode Fuzzy Hash: 96f29371f48d45d368a85d2e5b457bb3209ccf0cab96c344276449f741f471b2
Instruction Fuzzy Hash: E5619EB4E1021ADFCB44CF94D445AEEBBB2FB89300F10892AE405B7354D7749A52CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07425D98 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6718f0c4c91218bbbce4fc1b37813c57075dfd4b49dde271b9cdd16328971dcb
Instruction ID: 86e1a24b9eaf7544603da8895f8d337da6bb29ce8e79877ebc0e3257d953d1b9
Opcode Fuzzy Hash: 6718f0c4c91218bbbce4fc1b37813c57075dfd4b49dde271b9cdd16328971dcb
Instruction Fuzzy Hash: 03613C75A00619DFCB14DFA9C454ADDBBF1FF88310F11815AE809AB360DB71AD92CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07425D87 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a55625d692dcbd5adce152100f08d32a93022a408481a26569e872ce658abc89
Instruction ID: ae9a8e79ee5829b363733e11090ebcce895d0fd3d17a55238dfdb6b01ecccfe3
Opcode Fuzzy Hash: a55625d692dcbd5adce152100f08d32a93022a408481a26569e872ce658abc89
Instruction Fuzzy Hash: DB613A75A00719DFDB14DFA9C458A9DBBF1FF88310F118599E409AB360DB71AD82CB50

Uniqueness

Uniqueness Score: -1.00%

Function 07423568 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e960635096812319741b23a1d316dc2a598740a6be7bdbdf6f5b4172c821402a
Instruction ID: 4ec28ccfd288d8a0d92ede9dfafbd0209627b3904883fa704055706ee07a6996
Opcode Fuzzy Hash: e960635096812319741b23a1d316dc2a598740a6be7bdbdf6f5b4172c821402a
Instruction Fuzzy Hash: 1041BCB89187848FC716CF69D464988BFB0EF8A201F1680D6D484DB3B3DB34A955CB26

Uniqueness

Uniqueness Score: -1.00%

Function 07428660 Relevance: .1, Instructions: 108COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37b373ec3c0dbda4dfe8bea1c43067de74bfee73f027a3e4a9beaf7bd09b1302
Instruction ID: d40d559be8d57d049f3cf8f8bc20744e696a7931223aedc4faa618297da6f2af
Opcode Fuzzy Hash: 37b373ec3c0dbda4dfe8bea1c43067de74bfee73f027a3e4a9beaf7bd09b1302
Instruction Fuzzy Hash: 10419DB0A15165CFC3008F69C844AFEBBE8FB81309F8985B7E519DB692C338C856DB54

Uniqueness

Uniqueness Score: -1.00%

Function 0742384B Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 083a17ff47b5ea436d3d58a31c8fcc593638cbfba48f6cee230baa8ddf2e852f
Instruction ID: 44f0d5a0058e9f22c1e2cc1ae6b956afa9aeed2d0183b0330e5b9a32e628c7a2
Opcode Fuzzy Hash: 083a17ff47b5ea436d3d58a31c8fcc593638cbfba48f6cee230baa8ddf2e852f
Instruction Fuzzy Hash: F6418BB4E0420ADFCB04CF95D8459EEBBB2FF89310F10952AE504AB354DB749A52CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0742B878 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d2059c26c23bb74f6451d2c4519822cf855cfed9f4d106f3966df794c0518b1
Instruction ID: 93d6e43d4eed056b56775c0a6fa12ad786b7f66470f722bd7b5435eef7f6afee
Opcode Fuzzy Hash: 8d2059c26c23bb74f6451d2c4519822cf855cfed9f4d106f3966df794c0518b1
Instruction Fuzzy Hash: 4F314FF0D181198BDB08CF96C5406FEFBF6EB8A301F64D46AD419A3251EB345A52DF50

Uniqueness

Uniqueness Score: -1.00%

Function 0742B9A8 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7addb52f8e267366dcb2ef5c93b5622a9d64aa72f905ee6481f6fb06f3b994e0
Instruction ID: c458751e257bed5be5020d5a703a7672cda639dd8146d490d76b45a4cb727f2b
Opcode Fuzzy Hash: 7addb52f8e267366dcb2ef5c93b5622a9d64aa72f905ee6481f6fb06f3b994e0
Instruction Fuzzy Hash: F03137F4918219CFCB44CFA4C5815FEBBB5FB4A301F60555AD80AA7312EB306A12DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07423858 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 613e266b8a10877d90838f1e494d6d0a43aec1ec6f811c9b062d1a95e6ea6155
Instruction ID: 270e4ff28fdb12aa2b989b9cd73f4518a5e4d54361349eb50c9d9c57875db729
Opcode Fuzzy Hash: 613e266b8a10877d90838f1e494d6d0a43aec1ec6f811c9b062d1a95e6ea6155
Instruction Fuzzy Hash: 6F41ACB0E0420A9FCB04CF95D8459EEBBB2FF89310F10952AE504AB354DB749A52CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 074267A4 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45b598e66de1dbf4579510df3ae1aec0d16b62d66e7ebc4ed085f375a205d9b9
Instruction ID: ff83692fb5c8f321cbd633fad0cfd37a8b76f66148c10aa4a10635827e52817f
Opcode Fuzzy Hash: 45b598e66de1dbf4579510df3ae1aec0d16b62d66e7ebc4ed085f375a205d9b9
Instruction Fuzzy Hash: BF317CB1900219AFCB14DFA9D845ADEBFF9EF49310F50846AE909E7310D735A954CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 07428670 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b957ee7a358c513d975923da1b727ff83afb7e9922d8ea3963f19cebec682ab
Instruction ID: 921c7241d3d9a6c4ac9761d71bf4bc63c5478777337ad8dff2af87aab9041e18
Opcode Fuzzy Hash: 7b957ee7a358c513d975923da1b727ff83afb7e9922d8ea3963f19cebec682ab
Instruction Fuzzy Hash: 0831ADB0A14165CFC3008F69C844ABEBBE8FB80309F8885B7E519DB691C338D892DA54

Uniqueness

Uniqueness Score: -1.00%

Function 0742B869 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 024a9bfe2dc6f360c0ccb02bd87af1894df4e4cd457f5a6e082fc70fcd5726b0
Instruction ID: b3f525515dab108dc4b761e996d2c622bc2eedea369d224800c80c82adfcac0c
Opcode Fuzzy Hash: 024a9bfe2dc6f360c0ccb02bd87af1894df4e4cd457f5a6e082fc70fcd5726b0
Instruction Fuzzy Hash: D3313EF4D192188FDB08CF96C4002FEBBF6EB8A301F54D46AD459A3251EB345A52DF54

Uniqueness

Uniqueness Score: -1.00%

Function 0742E51E Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8be95748ab700f9dd81f2bbe24158480121c3c29a11e3908f4cf4c779e087f6c
Instruction ID: f2b51350e3a60a089830cc46f096537b04eda5fbf917dcdf8a8a35e970ef59b0
Opcode Fuzzy Hash: 8be95748ab700f9dd81f2bbe24158480121c3c29a11e3908f4cf4c779e087f6c
Instruction Fuzzy Hash: 4D416CB4A40268CFCB14EF68E949A99BBB6FF45304F0185A6E809A7755DB349D86CF00

Uniqueness

Uniqueness Score: -1.00%

Function 0742E652 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfe80824c4f9cbeb6b864286d26aa12147b4ca1978913c48d7c375e22c2df4b1
Instruction ID: ec65267316f3a5508696efec098f68513c7b973e7866702a0e94a25c2015b7f7
Opcode Fuzzy Hash: cfe80824c4f9cbeb6b864286d26aa12147b4ca1978913c48d7c375e22c2df4b1
Instruction Fuzzy Hash: 3E318CB4911169CFCB10DF68D4489AEBFF5FB09301F818566E80AAB311DB34AD42DF60

Uniqueness

Uniqueness Score: -1.00%

Function 010ED06C Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2065214708.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10ed000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32a52435ae3fe37c63bf21608d1db9c4f3076555feb06abc10123dd5b68e815f
Instruction ID: b0c72c843ff81518784e49f3fd75e28548a20dbd9ecf881051088fba67fe3192
Opcode Fuzzy Hash: 32a52435ae3fe37c63bf21608d1db9c4f3076555feb06abc10123dd5b68e815f
Instruction Fuzzy Hash: 24213671104200EFCB15DF94D9C8F1ABFE5FB88314F2481A9E9490B256C33AC416CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 07428570 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9e2baa1e33966e8b6211778403f9b5803fda3dae8440042b231c9d276bd226
Instruction ID: 2138e15326b33ddb467999d0c83eb158be6636a6233c8217dbcc10a4ea7667d1
Opcode Fuzzy Hash: df9e2baa1e33966e8b6211778403f9b5803fda3dae8440042b231c9d276bd226
Instruction Fuzzy Hash: 3D216870740229DFD7284A1D8808B6F76AFEBC1B00FE5886BE4064B395CE70D893D759

Uniqueness

Uniqueness Score: -1.00%

Function 010FD01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2065262178.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10fd000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c5b323d411f8d201df6ca14721c132982a98803163931e06f071bf00d60a895
Instruction ID: 979bc18b57ffab6a32bfdc1b75e2856d780ea7e6196960c74b835f86ddc050d7
Opcode Fuzzy Hash: 7c5b323d411f8d201df6ca14721c132982a98803163931e06f071bf00d60a895
Instruction Fuzzy Hash: 10212571504200DFDB15DF68D581B16BFA5FB84314F20C5ADEA894B756C33AD407CB61

Uniqueness

Uniqueness Score: -1.00%

Function 010FD2F0 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2065262178.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10fd000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b357615f605f4101269f06689c7dcc50ace8db348df8ea686bdd44a6a6075181
Instruction ID: 40f21df4496761e2b898ad20483cf504c468b8447681facfcac18955de99418c
Opcode Fuzzy Hash: b357615f605f4101269f06689c7dcc50ace8db348df8ea686bdd44a6a6075181
Instruction Fuzzy Hash: 8221F2B1604204DFDB05DFA8D9C1B2ABBA5FB84314F20C5ADDB894B656C37AD406CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0742F4A8 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da86e784d8dc2577b4e0ee891d38eb0a127728b3609d6f09ff4723008a40c8fa
Instruction ID: b06ade3f202c7632c471f5a69ee5c3ca3bcffe7c5028658d2a67fe2015612077
Opcode Fuzzy Hash: da86e784d8dc2577b4e0ee891d38eb0a127728b3609d6f09ff4723008a40c8fa
Instruction Fuzzy Hash: 931106B0B002259FDB149E79A8046FB7AF6FF84720F95452EE806C7341DA30DA979BD0

Uniqueness

Uniqueness Score: -1.00%

Function 0742CCF1 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 061e3bd55e7e9747356cd136135c6072c0bf7e30d7c2cc62398cc30da68b62d6
Instruction ID: 5fd9893bb8891867842837286f1ebb4ca98c2f5bc205988e7feb6b4a8e0d262c
Opcode Fuzzy Hash: 061e3bd55e7e9747356cd136135c6072c0bf7e30d7c2cc62398cc30da68b62d6
Instruction Fuzzy Hash: 3A11DCF092C258DBCB00CF65D4804FEBFB8AB4B200F40A6ABD4195B212D7305A13EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0742A74E Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f4d0fc00fc39de7251452df9cedfd8cacc13f1a7ce9cf0092ffc4d9ff1a8c6c
Instruction ID: 706b1aecdaaf499c67ee373f65e09e377776c115e8e2ead70ada45b60194fd48
Opcode Fuzzy Hash: 5f4d0fc00fc39de7251452df9cedfd8cacc13f1a7ce9cf0092ffc4d9ff1a8c6c
Instruction Fuzzy Hash: C72178B0A06225CFD710CB19CA84BDAFBB6BF46305F95D596DC0897212C7309986DF11

Uniqueness

Uniqueness Score: -1.00%

Function 07428562 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 684f012e7229e96e008fa0c48169108c70c09cc9530de442a91312e16c4f4309
Instruction ID: b34c34e9ec7d33e9be602ed61c76b77e86980fe9c98df094597d73effc5488e7
Opcode Fuzzy Hash: 684f012e7229e96e008fa0c48169108c70c09cc9530de442a91312e16c4f4309
Instruction Fuzzy Hash: 96115BB0705221DFE7244A19CC05BAE376BDBC2B11F9A84A7E4059F3A1C674D893D719

Uniqueness

Uniqueness Score: -1.00%

Function 07425774 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6397986a0d4e9b750c313ee2547ae61193194743b0dc59838130335c1cbe295
Instruction ID: b4f9b44719748691160eff5b9af0e29fa2bbe70c3adc86200de1ece676f776b7
Opcode Fuzzy Hash: c6397986a0d4e9b750c313ee2547ae61193194743b0dc59838130335c1cbe295
Instruction Fuzzy Hash: 8521C0B0D01268DFDB20DF9AC588BDEBFF5AB08714F64845AE408BB240C7B55895CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07425780 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45be943a5f28687512d99fb8f2d14b86c9ad257b2e78b2cef3989bad975f29de
Instruction ID: e9f523299da59f2056e8cf0401d1de4df3d629e8fe8bc9a710ed6c0bff7b704b
Opcode Fuzzy Hash: 45be943a5f28687512d99fb8f2d14b86c9ad257b2e78b2cef3989bad975f29de
Instruction Fuzzy Hash: 6F21DFB0D01268DFDB20DF9AC588BDEBFF5AB48314F64845AE408BB240C7B55895CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0742AC5F Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f89ce3e63d0347e573e3f8018c8ba3dc04e16ceed2301465c308cb24a50acf2b
Instruction ID: 72524c368870c17cb82d00ef23d7bb5d79b53e6af4ed24a3bc1ffdf0aef0b573
Opcode Fuzzy Hash: f89ce3e63d0347e573e3f8018c8ba3dc04e16ceed2301465c308cb24a50acf2b
Instruction Fuzzy Hash: 8821F8B4A01229CFDB10DF98C544A8EFBF1EF09316F85D196D8099B312C7309996DF51

Uniqueness

Uniqueness Score: -1.00%

Function 074235F8 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d412b72386979f851ef4b52c2d79cd738dc45e57ce1310c2910a6e58a624e0ec
Instruction ID: 8ce332539dbfcb15541e80ec3763a6043438baeb1b8f8d15efea486a71177ddf
Opcode Fuzzy Hash: d412b72386979f851ef4b52c2d79cd738dc45e57ce1310c2910a6e58a624e0ec
Instruction Fuzzy Hash: 9D21A2B4A10908DFC714CF5AE099999BFF1FF88310F5281D5E8889B366DB31E9A1CB15

Uniqueness

Uniqueness Score: -1.00%

Function 0742AC14 Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d8432c5d8fbcc823594d40bbbece25b9af30de53366f8dc68c01c225ddda3a6
Instruction ID: 15ad3ab8e1257248e3d6e998caea416606ef5bd34eb3818b2cc9c93f632e2e4a
Opcode Fuzzy Hash: 2d8432c5d8fbcc823594d40bbbece25b9af30de53366f8dc68c01c225ddda3a6
Instruction Fuzzy Hash: 5A21F8B4A02229CFC710DF98C284A9EFBF2BF49316F95D596D8095B202C730E996CF55

Uniqueness

Uniqueness Score: -1.00%

Function 0742E5D8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4eb6376b493404a44fc5ceb0eb7dca75b081478c109343a67c9088960ded22e
Instruction ID: b698579d6ef78ebcae6bcddb6a8f93edc4de2f384a8d86b1c9d95dc5046e5f8b
Opcode Fuzzy Hash: e4eb6376b493404a44fc5ceb0eb7dca75b081478c109343a67c9088960ded22e
Instruction Fuzzy Hash: 57213EB0A40258CFCB54EF28E946B997BB6FF85301F1081A6E84DA7719DB344D86CF01

Uniqueness

Uniqueness Score: -1.00%

Function 0742B9B8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d80e17f1780dcadfb93573c61ce9c7fc1a49ba823341687af5786d4717c111e
Instruction ID: 0a6eccce5cb5f4d9f72adb01c4ea525d4c134429851b3912f102ad0946169028
Opcode Fuzzy Hash: 3d80e17f1780dcadfb93573c61ce9c7fc1a49ba823341687af5786d4717c111e
Instruction Fuzzy Hash: 9821C5F4E14219CFCB80CFA9C1819EEBBF5EB49300F609456D809A7711E770AA52DF61

Uniqueness

Uniqueness Score: -1.00%

Function 010ED067 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2065214708.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10ed000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
Instruction ID: 5a3548218dd4d391bd979e90493a3567f948dca096b18cef0edd49c163f0bd52
Opcode Fuzzy Hash: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
Instruction Fuzzy Hash: F521A276504284DFDB06CF54D9C4B16BFB2FB88314F24C6E9D9490B256C33AD416DB91

Uniqueness

Uniqueness Score: -1.00%

Function 0742BAA0 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7633ad87f91a0b2dc3dc701ce3c8e7e1cad23dc34ccacf985881a61012f5d589
Instruction ID: c61a70ce28c9d24247565ce91b76df7ed245f0070a755e64fcad8895dead481a
Opcode Fuzzy Hash: 7633ad87f91a0b2dc3dc701ce3c8e7e1cad23dc34ccacf985881a61012f5d589
Instruction Fuzzy Hash: 951158F09082199FCB05CF99C5809EDBFF9EB4A320F509A96D4589B316E7709A53DB80

Uniqueness

Uniqueness Score: -1.00%

Function 074255C0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7930928a3cf0f1deb8baf3039dd501b68fb3f96a44ce5217511e8badeb285801
Instruction ID: f68d08b949acc9b1526e274ac8fb939b20acde2129bb9c2df588192c6cf3f0cb
Opcode Fuzzy Hash: 7930928a3cf0f1deb8baf3039dd501b68fb3f96a44ce5217511e8badeb285801
Instruction Fuzzy Hash: 8E11C2B5B002564F8B21DB7998488BFBBF6EFC8260715496AE46DE7340EF30AD05C760

Uniqueness

Uniqueness Score: -1.00%

Function 0742CD61 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbcfdc53af6ed63dcd8cb3917a40b5689569eacf6faf3ed4c9873868ce7db002
Instruction ID: 681c6dda1eba85b752bab83862b8951b6c402f61a2d46c1fab1d6f25ff8823b3
Opcode Fuzzy Hash: cbcfdc53af6ed63dcd8cb3917a40b5689569eacf6faf3ed4c9873868ce7db002
Instruction Fuzzy Hash: 3C11E1B5928108EFC700DFA4D9849EEBFF9EF4A300F148496E8099B312D6319E12EB50

Uniqueness

Uniqueness Score: -1.00%

Function 074267B4 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d9b051a6cdd35d6d6608d6f34ec3139040ac91832c5ab5e48f55fc4ea7ed6ec
Instruction ID: 73d2c41d18f8e45dad14a5881e5d07c7af6101f7df60be4b8034c9bda8e5cbc3
Opcode Fuzzy Hash: 6d9b051a6cdd35d6d6608d6f34ec3139040ac91832c5ab5e48f55fc4ea7ed6ec
Instruction Fuzzy Hash: 812103B5D002599FCB10DF9AD884ADEBBF4FB49310F50881AEA19A7310C379A955CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0742BEB0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe74d3e04bb192a9d98a1ac443a3791fe76ea718dbf46cdd3cca741890622809
Instruction ID: 0c9d9c6a98a767c60f36291b2f585fb21412f29d7ba9bc5999131f39839f943e
Opcode Fuzzy Hash: fe74d3e04bb192a9d98a1ac443a3791fe76ea718dbf46cdd3cca741890622809
Instruction Fuzzy Hash: 2D21E7B1D146588BEB18CFABC8557DEFFB6AF89300F04C06AD5086B254DB791946CF90

Uniqueness

Uniqueness Score: -1.00%

Function 010FD2EB Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2065262178.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10fd000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: 144f5005dc5ac2c43c660d58ba07b957dd708e9990ecafe78a01fe8a1fc49c83
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: 6211DD75504280CFDB02CF58D5C4B15BFB2FB84314F24C6AEDA894B656C33AD40ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 010FD017 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2065262178.00000000010FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 010FD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10fd000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: a307fca5768906321e53a098932bdbba624da7378b95e9cc8c2871d83360fe43
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: D211D075504280CFDB16CF54D5C4B15FFA2FB84314F24C6AEE9494B656C33AD40ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 0742CF70 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8403d343fed5d9c9d626534c0202b728c9c2e1153a02f2be61d3336f124bf65b
Instruction ID: c1c4ce1fb1ee032716665fcad1bd0395447b195f9a87a5910ae39f2c996c9f53
Opcode Fuzzy Hash: 8403d343fed5d9c9d626534c0202b728c9c2e1153a02f2be61d3336f124bf65b
Instruction Fuzzy Hash: D11121B0E14114DBD704CF59C490AEDFBB9FF49300F55D5A6D80997391D730AA92DB50

Uniqueness

Uniqueness Score: -1.00%

Function 0742BEC0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d596b197075789053df86d10b95675c29cfd074c6db1717c7c35ea663f33af6
Instruction ID: 7bba04b1c918facb11e109b71ff7822041e3458dd0af1a4d8feb603d4286272f
Opcode Fuzzy Hash: 5d596b197075789053df86d10b95675c29cfd074c6db1717c7c35ea663f33af6
Instruction Fuzzy Hash: 3B1190B1D106189BEB18CFABC8457DEFAB6AF88300F04C46AD50966254DBB51946CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0742BAB0 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92455d3c4cb4964282cef6a69141cb6fcf1f398605a641cb453bb1936334f8ff
Instruction ID: a9b4fc969e442c3b1b0de676888a226baec00cdbadb0d3cbac1beea48a75cd4a
Opcode Fuzzy Hash: 92455d3c4cb4964282cef6a69141cb6fcf1f398605a641cb453bb1936334f8ff
Instruction Fuzzy Hash: 8D1106B0D18219DFCB44DFA9C5409EDBBF9EB49310F4099969418A7315E770AA52DF40

Uniqueness

Uniqueness Score: -1.00%

Function 010ED92D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2065214708.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10ed000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f8c024577f80d69b062d748b3c18d057c722309558fafc899d65a1264427786
Instruction ID: 59aea4ec1aacfa61be3cabf3731eb1de1ba4e03c3a3ece8ef226d4b772173488
Opcode Fuzzy Hash: 7f8c024577f80d69b062d748b3c18d057c722309558fafc899d65a1264427786
Instruction Fuzzy Hash: 0A01A7711043449EE7118E6BCD88B6BBFD9EF86324F18C46AED994A286C2799840C771

Uniqueness

Uniqueness Score: -1.00%

Function 0742CD70 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2ce7f67b05fded09d86d155381ee7d3048c5b309e5fc78a2f0311f8cbf32f5d
Instruction ID: fbc7e50bee3981119008c3c3cbfd9391be25fa1623af380c44306af381cd150b
Opcode Fuzzy Hash: c2ce7f67b05fded09d86d155381ee7d3048c5b309e5fc78a2f0311f8cbf32f5d
Instruction Fuzzy Hash: 07012874A24108EFCB04DFA8C584AADBFF5AF49300F54D495E8089B311DA31EE12EF50

Uniqueness

Uniqueness Score: -1.00%

Function 0742B7E8 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c2ad4ac26bc77938c1106a786929f491d6bbd672dbcbe3463ab0e7d0702b10d
Instruction ID: edb42cd9eca3dd35c5e58b93f0dafbe83f12a6170fb2e3c62a7b5502eed8109f
Opcode Fuzzy Hash: 3c2ad4ac26bc77938c1106a786929f491d6bbd672dbcbe3463ab0e7d0702b10d
Instruction Fuzzy Hash: C7F0FFF012A258DFC716CBB0D4022E93F34DB02211F40858EE80843242DE365A63DB62

Uniqueness

Uniqueness Score: -1.00%

Function 07421619 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27cc8dfc3454d3aa8d64fe3a22b3d3c460679f4a619333bff3cdb06df24ba5ac
Instruction ID: 9e4bb15193604de61961574f01fad6f6b09d5e80934b262eed10e30e41512892
Opcode Fuzzy Hash: 27cc8dfc3454d3aa8d64fe3a22b3d3c460679f4a619333bff3cdb06df24ba5ac
Instruction Fuzzy Hash: 5401D675A00208AFC704DFA9C585A9DBFF1EB88210F05C1A5E808DB361DB35E941DF41

Uniqueness

Uniqueness Score: -1.00%

Function 0742CD00 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0cc017ed27f15ccb309b0443e18e9cc369ada44bbe251843019b511486f0dae
Instruction ID: efd060f4e68da2aad739e9aa16c9b5bf49c935867aad9f851064953c4ed99de6
Opcode Fuzzy Hash: a0cc017ed27f15ccb309b0443e18e9cc369ada44bbe251843019b511486f0dae
Instruction Fuzzy Hash: 9FF0C8B0928218DBDB04CF55D5809EDBFB8AF4A300F80D5A6D4195B212DB709E17EFB0

Uniqueness

Uniqueness Score: -1.00%

Function 010ED92C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2065214708.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10ed000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2752f82ef363c587a6913c441559c963d8d47e59fd4697458a151159b4c13608
Instruction ID: 3f63e92cf53b7e13e68c5c221328e5084d026498c4b894f4be1418b56799f2e2
Opcode Fuzzy Hash: 2752f82ef363c587a6913c441559c963d8d47e59fd4697458a151159b4c13608
Instruction Fuzzy Hash: 79F062714043449EE7118A1ACD88BA6FFE8EF86624F18C55AED884B286C2799844CB71

Uniqueness

Uniqueness Score: -1.00%

Function 07425B35 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77d6ee344b29cbb2c663413d80331a66cb218f2df09be0989f52981895f41a7e
Instruction ID: bd8f7c32e5ba4a352b9efed5d8834906935534a0bbbdd69a476042bb0e2efee7
Opcode Fuzzy Hash: 77d6ee344b29cbb2c663413d80331a66cb218f2df09be0989f52981895f41a7e
Instruction Fuzzy Hash: 5601ECB0C00229DFDB14DF5AC4483EEBEF5FF44360F548566E828AA290D7744AA5DF91

Uniqueness

Uniqueness Score: -1.00%

Function 07425BD1 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 194ba0d5c98c70c4d32b26589ee73b219cd52906aeb39fb310771db0538fb434
Instruction ID: 4454a29d1343c3ced405267d9ca48d91838a4ddf15dc6399d58e45d00ea4e333
Opcode Fuzzy Hash: 194ba0d5c98c70c4d32b26589ee73b219cd52906aeb39fb310771db0538fb434
Instruction Fuzzy Hash: 7DF01271B042156F93049B6ADC88E6BBBEEFBC96647518579E508D7320DA319C05C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 07421628 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 054ad3a172b00dcf28d018e86595e9e65c391bdc90babcc3bc1b1de740570649
Instruction ID: d43b81eef4aacef13bec7b2155b7fc4893fedcc774a9f0c3469966d54e31e516
Opcode Fuzzy Hash: 054ad3a172b00dcf28d018e86595e9e65c391bdc90babcc3bc1b1de740570649
Instruction Fuzzy Hash: 3B01AF74A01208AFCB04DFA9C589A9DBFF1AF88200F05C1A9E8089B361DB31E951DF41

Uniqueness

Uniqueness Score: -1.00%

Function 07425B40 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d721bd7d4d43a797ddc4e447150738ea3f96f6e58c1ad9e1b44b5494a383f971
Instruction ID: d2826247a645027430b1baccf39b08b937cde6ef0075530cbed80d86cba26cc3
Opcode Fuzzy Hash: d721bd7d4d43a797ddc4e447150738ea3f96f6e58c1ad9e1b44b5494a383f971
Instruction Fuzzy Hash: E801FFB0C00229DFDB14DF5AC4043EEBEF1FF44360F548566E824AA290D7744A51DF90

Uniqueness

Uniqueness Score: -1.00%

Function 07427028 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 982f7300c25244738ef9ce31cefe7ff1597054ff2c49dddb55033a81aa3bb893
Instruction ID: fade740c6c34c92581e6a94183179019b00b9a47dae5094453c50d6f95096a6e
Opcode Fuzzy Hash: 982f7300c25244738ef9ce31cefe7ff1597054ff2c49dddb55033a81aa3bb893
Instruction Fuzzy Hash: BEF0E2B3600004AFEB04DFA8DC01F9E7BBADF98210F04816AE104E3360E231D9109B40

Uniqueness

Uniqueness Score: -1.00%

Function 07425BE0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 392783bfb4f61e259a1accdebc72ec6cdf1610a68e34f85011ea12bb7bdbe64a
Instruction ID: 912040e4a199f1d18728e1009df7cdf8b92c7ad2e14e4f9c6d7eb110d6acf078
Opcode Fuzzy Hash: 392783bfb4f61e259a1accdebc72ec6cdf1610a68e34f85011ea12bb7bdbe64a
Instruction Fuzzy Hash: 37E039727001286F93089AAED884C6BBBEEFBCC660361807AE508CB310DA319C01C6A0

Uniqueness

Uniqueness Score: -1.00%

Function 0742B827 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7c66b1281e7c99af65ca941a1f29d901b713e1775db143d463e6ad1b0be771
Instruction ID: 5ffc50d9d0fadd357b772ae0f99110f159d2f0ac82087cb506a41509271d7894
Opcode Fuzzy Hash: 3d7c66b1281e7c99af65ca941a1f29d901b713e1775db143d463e6ad1b0be771
Instruction Fuzzy Hash: EEE092B08093089FDB118FA0A4450E97F74EB02242F5142EAE48553252DA369A56DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0742F448 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f481d70b357d6b48f5008a2b177dfbbd32b5d4989feae9b106040d2be733ef9d
Instruction ID: 2c5dd81017f7136b58d3f08c7779a1ed06c532323f2b1bbeda22218301d2641b
Opcode Fuzzy Hash: f481d70b357d6b48f5008a2b177dfbbd32b5d4989feae9b106040d2be733ef9d
Instruction Fuzzy Hash: 37F06D70904248EFCB02EFA8D44878DBFB1AB48310F00C1DAA84897291C6795A54DF01

Uniqueness

Uniqueness Score: -1.00%

Function 0742B020 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 262a409fe632462983afbd90e7789a8b9b7fcbbe6df114f61267f072aa5650e7
Instruction ID: 484ef68d8297881970da9a6872d7def6a9ce8af7ca5c79b3d7a92eccca539b9a
Opcode Fuzzy Hash: 262a409fe632462983afbd90e7789a8b9b7fcbbe6df114f61267f072aa5650e7
Instruction Fuzzy Hash: 1AE01AB08192489FD752EBF8A5066DC7FB0DB09212F1041E6DC45D3352EAB45BA6CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0742F458 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca188a07723e067792c4cb5f95670a02c75d13edd46b0788dcda904bdfa13fb4
Instruction ID: 273cd881da0388f84658b1ac3eb02f05ed0950164779a122b1a6c358ee9b1e72
Opcode Fuzzy Hash: ca188a07723e067792c4cb5f95670a02c75d13edd46b0788dcda904bdfa13fb4
Instruction Fuzzy Hash: ACF03974D0020CEFCB41EFA9D8096CDBBB1EB88311F50C0AAA81893350DA756A65DF51

Uniqueness

Uniqueness Score: -1.00%

Function 0742CF28 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f200544d772e0a6a42dcc4fd1c22afec704752c11e09cbae6780b57ad356a5f2
Instruction ID: 1f27c56ca4f555bb15be9e14bc17d754a1795d7a334fd775710c0922cc30c019
Opcode Fuzzy Hash: f200544d772e0a6a42dcc4fd1c22afec704752c11e09cbae6780b57ad356a5f2
Instruction Fuzzy Hash: 8EE08C7101A344DFC327CB7898195EA7F3AEB03202F0640DAE004972A2DA775A54DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 07420C7E Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8841afd1727af7c5f5b89f2452ea83a52689a7e385dd2a569b40975873b82562
Instruction ID: d7c4d96c13f2db0b9db7e2420423415930a806f906bbe194b85a23d10d5f5cb0
Opcode Fuzzy Hash: 8841afd1727af7c5f5b89f2452ea83a52689a7e385dd2a569b40975873b82562
Instruction Fuzzy Hash: BEF0FA74916328CFCBA5DF64D984AD9BBB1FB19305F5006DAE809A7210DB30AE92CF10

Uniqueness

Uniqueness Score: -1.00%

Function 07420CF7 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dba16c30e5a9068c77a8bc89ae334d919c0d5efae4841ada03cde22bff6c3925
Instruction ID: dd4ae6cf18d128f3fe06c0a68291e56112457d933c3d1f6c5beb4770b46602c7
Opcode Fuzzy Hash: dba16c30e5a9068c77a8bc89ae334d919c0d5efae4841ada03cde22bff6c3925
Instruction Fuzzy Hash: 46E06578A252188FDB60CF88C58088DBBF1FF89310F65D091E415AB229CB30FA81CF20

Uniqueness

Uniqueness Score: -1.00%

Function 0742EAA2 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd3019bb087f7de214ca370564770844a2c720c7a55bd2d3c4b99eb4a4d9a58e
Instruction ID: 7c8cc2f2f8881523cf318851b466d66038f518878fb7a76ab6376a4c908af0ff
Opcode Fuzzy Hash: fd3019bb087f7de214ca370564770844a2c720c7a55bd2d3c4b99eb4a4d9a58e
Instruction Fuzzy Hash: 0BF0A0B0A00394CFDB10EF28E845B99B7B6FF44301F024296A80DA3714DB344E45CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0742063C Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03e47b0ffaac800c5dcdbe6b06f8341e9899e9352aa4ec11bfe5b5df938a62e4
Instruction ID: edcedbb0ee516bfed0056a2df2f29d921f3697d5c97a39b6d8466bb19663c7e7
Opcode Fuzzy Hash: 03e47b0ffaac800c5dcdbe6b06f8341e9899e9352aa4ec11bfe5b5df938a62e4
Instruction Fuzzy Hash: E7E046B0526354CFC728CBA1D0458987FB2FF4A341BA0149AE002EB634CB35E893CE21

Uniqueness

Uniqueness Score: -1.00%

Function 0742E6A3 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68431bfe2130c9c5e105e5876d5010181b101384883dec1bd1be095390583798
Instruction ID: 2a4529141d09edfb0fbc28e7a75ac220be4334e49c0782e8a31fb56c21e907c7
Opcode Fuzzy Hash: 68431bfe2130c9c5e105e5876d5010181b101384883dec1bd1be095390583798
Instruction Fuzzy Hash: ECE01A74E0025C8FCB00DF94D849A9CBBF5FB45314F10422AD819AB788DB346C06CF44

Uniqueness

Uniqueness Score: -1.00%

Function 0742B030 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938e00f32951afd876997dba214f913536b10f6fd9440d92dc0763c47bd97804
Instruction ID: 24226cd78c21f0679760bffcbf0cfa1f333df8591c231461249fd2279886c15f
Opcode Fuzzy Hash: 938e00f32951afd876997dba214f913536b10f6fd9440d92dc0763c47bd97804
Instruction Fuzzy Hash: FEE012B0D11208DFCB50EFB8D54669DBFF4EB08301F5040A9D80493340EA756A50DF51

Uniqueness

Uniqueness Score: -1.00%

Function 074205C4 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7f49d29deccd933a49140aaaaeb6a785c7d1ab66a5f1d487ab98c1fe04d9171
Instruction ID: a63749086ba49fe2990a518b281021354e53389de293f960e69a444682fc97be
Opcode Fuzzy Hash: b7f49d29deccd933a49140aaaaeb6a785c7d1ab66a5f1d487ab98c1fe04d9171
Instruction Fuzzy Hash: 37E0C270922314CFCB64DFA1C449589BB70FF45340B1010AAE816DF27CC7369982CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0742ADB5 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26eb705e44a3a23df94372ccd4f648713177c593c387bffc9c55ba00018324e7
Instruction ID: 6138955ef36b363eb5c1bf48ca7b88472f893ead52bbe02f9fb03d02ac431423
Opcode Fuzzy Hash: 26eb705e44a3a23df94372ccd4f648713177c593c387bffc9c55ba00018324e7
Instruction Fuzzy Hash: F4D095B1E16068CEC700EAE4D1843EC7BF4EF46304F105496CC01D5300C17488474A00

Uniqueness

Uniqueness Score: -1.00%

Function 0742B838 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84a88b6f062bbea34d32e79103e54ff7c14df8434d21cdd4518bdb6ada3bec11
Instruction ID: 8f260ef7c15708b13091ded0d46c70670ec71c5e69c02515d201826c8e669f5e
Opcode Fuzzy Hash: 84a88b6f062bbea34d32e79103e54ff7c14df8434d21cdd4518bdb6ada3bec11
Instruction Fuzzy Hash: AED017B0911208EBCB14DFB4E50659DBFB4EB45302F5081ADE80823340DB766A91EFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0742A618 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 04cc9a1df9fb62de9ed3d082f23e592efe4124730b3486c02e222747c508efe4
Instruction ID: 9616369c902ecd15d4260cda30efc48f334ef3135175ca68fac197d7ef26b1b0
Opcode Fuzzy Hash: 04cc9a1df9fb62de9ed3d082f23e592efe4124730b3486c02e222747c508efe4
Instruction Fuzzy Hash: 22D0A7714192414FC3217B78A80E260BF747B02205F444196FC8892152DFE95865CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 0742CF38 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9698d8c5321b56735485ecb21f80191e29af8f55c9836c96185cbcf26b50f0de
Instruction ID: 53e0e4d2eed4e1cae464ac53349f3f2db9927315baa7553773a2a15ea23d06e1
Opcode Fuzzy Hash: 9698d8c5321b56735485ecb21f80191e29af8f55c9836c96185cbcf26b50f0de
Instruction Fuzzy Hash: E8D0A9B0412208DFC725CBB8D40669E7B3AEB02302F4000A8E40803280CF72AA50DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 0742C011 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a30e6be98ad7f0196a1ed517a15351955d953088228f4ffb9c4845f40c92859
Instruction ID: d2102075d6bbb3819d24e8c6ea3317f4057508cb3aec6656351d8bad0b6872f5
Opcode Fuzzy Hash: 4a30e6be98ad7f0196a1ed517a15351955d953088228f4ffb9c4845f40c92859
Instruction Fuzzy Hash: E3D09E70114221CFC3248B60C5949A8BB7ABF0B306F4158DAE80A57251CF31E942CF30

Uniqueness

Uniqueness Score: -1.00%

Function 0742A628 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06c115806ddf10faab8676bb9302a5a60c80f53124c23d1a21ce51600faa8a4c
Instruction ID: 3e678141c4760e32c7a18a934aa954c790cdc4af6155358d42b7c034ebfca301
Opcode Fuzzy Hash: 06c115806ddf10faab8676bb9302a5a60c80f53124c23d1a21ce51600faa8a4c
Instruction Fuzzy Hash: 41C08C710212048BD2207BA8E80E3647A686B01202F804010B84882450CFE664A2CE66

Uniqueness

Uniqueness Score: -1.00%

Function 07427001 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f887d46ec5918daf77704e5996732a2848b8f066061d7a552d5aba18b89c95d4
Instruction ID: 99868642e5325ce9941d492e8e7508195a764aac3f8755dcad68dcaeb35e5667
Opcode Fuzzy Hash: f887d46ec5918daf77704e5996732a2848b8f066061d7a552d5aba18b89c95d4
Instruction Fuzzy Hash: 91B092F6220511DAE608AA22D40A78529509BF2304FA6802A6A0541944CD66A07A9A27

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 07428100 Relevance: 5.3, Strings: 4, Instructions: 259COMMON

Download Yara Rule

Strings

[V~*, xrefs: 07428265
[V~*, xrefs: 0742826C
T+-q, xrefs: 0742843A
]\`, xrefs: 07428382

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$[V~*$]\`
API String ID: 0-1849991408
Opcode ID: f4b59c6be64cc1c79db16f817c3ed15982ebd60d8b13e664b12bcceb931d4e85
Instruction ID: 16edde2e0f2736447cdc4ad589056c964b245dbb491ff0c515997919759ac0e1
Opcode Fuzzy Hash: f4b59c6be64cc1c79db16f817c3ed15982ebd60d8b13e664b12bcceb931d4e85
Instruction Fuzzy Hash: 4AB106B0E15229DBDB04CFAAD9808EEFBF6BF89300F54D52AD415AB258D3309942CF54

Uniqueness

Uniqueness Score: -1.00%

Function 074280F0 Relevance: 4.0, Strings: 3, Instructions: 254COMMON

Download Yara Rule

Strings

[V~*, xrefs: 0742826C
T+-q, xrefs: 0742843A
]\`, xrefs: 07428382

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$]\`
API String ID: 0-3978741314
Opcode ID: 71b4636060a2933ef4920bbb84431900ee9428b73715b819d5086fc9695d3c6e
Instruction ID: ac230f5bc23f805cb1ee9bac371e06b71a7ce22bc39fb72847c2c31dbace32c5
Opcode Fuzzy Hash: 71b4636060a2933ef4920bbb84431900ee9428b73715b819d5086fc9695d3c6e
Instruction Fuzzy Hash: 4FB108B4E15219DBDB04CFAAD9804EEFBF6BF89300F54D52AD415AB258D3309942CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07428177 Relevance: 4.0, Strings: 3, Instructions: 213COMMON

Download Yara Rule

Strings

[V~*, xrefs: 0742826C
T+-q, xrefs: 0742843A
]\`, xrefs: 07428382

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$]\`
API String ID: 0-3978741314
Opcode ID: f70c26172bb8254cfaf666d50b37d3c69a1852ad12f8e88c65316aed97f37920
Instruction ID: 5fc5ced66f744e92e51c2907e81ec11bd0c377de5bf80119dd54092d7963d034
Opcode Fuzzy Hash: f70c26172bb8254cfaf666d50b37d3c69a1852ad12f8e88c65316aed97f37920
Instruction Fuzzy Hash: BD9107B4E25229DF8B04CFA9D9808EEFBB6BF89300F54D916D415A7258D3309952CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0742F020 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873b659a22c5947e56eff706b4855ffe71036d8197ffbd581c1d3ba9b95ab1d1
Instruction ID: 943f629f512570c0cd92d1f6795b7e8b614c8feb547b03eb3f5c6ed7a0a95199
Opcode Fuzzy Hash: 873b659a22c5947e56eff706b4855ffe71036d8197ffbd581c1d3ba9b95ab1d1
Instruction Fuzzy Hash: BDE1E6B4E001198BCB14CFA9C5809AEFBB2BF89305F64816AD814AB355D735AD46CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0742EBE8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11d76b91324a7844505b8ae63be5c9601e9051d0fc743bb744ef76cc6c6a367e
Instruction ID: 69d29380c6da6ff2a9ca7037117232a715f3b6cd96e6f020173bd2f142fb9ffb
Opcode Fuzzy Hash: 11d76b91324a7844505b8ae63be5c9601e9051d0fc743bb744ef76cc6c6a367e
Instruction Fuzzy Hash: 51E10AB4E001298FCB14CFA9C5849AEBBF2FF49305F64816AD814AB355D735AD46CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 078C0C50 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7c99a6efd4bc30b6a144e8957cff60ebccb5644b42d7d43d6f1d4aa6d3c6a8b
Instruction ID: d29e2ed6e1f6bd896b2c3f0632ddeb03a99be24d687e1cbcf6958e15c7d2d35a
Opcode Fuzzy Hash: f7c99a6efd4bc30b6a144e8957cff60ebccb5644b42d7d43d6f1d4aa6d3c6a8b
Instruction Fuzzy Hash: 8EE1E9B4E002198FDB14CFA9C5809AEBBF2FF49305F248169D814A7356D735AD45CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 078C02A0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c8edd794d62f0ea886fdd58853abc6f4287288a7dfb809ae6ea277919796db1
Instruction ID: c894555338fa13b5ecfad135ebe26c23a35f441a3851e895743516896d9ef74b
Opcode Fuzzy Hash: 2c8edd794d62f0ea886fdd58853abc6f4287288a7dfb809ae6ea277919796db1
Instruction Fuzzy Hash: D7E1E9B4E00219CFCB14CFA9C5809AEBBF2FF89305F248169D854AB356D734A945CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 078C1148 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070920536.00000000078C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 078C0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_78c0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4565852f599f93ed06e7015ee87ea47ed9679c01114feda4cf848158bf5928a
Instruction ID: e2429bf48d5343a3753ed20c42e58dae0d7ffe730ffd3f78b7a59fbc20f6ecb5
Opcode Fuzzy Hash: d4565852f599f93ed06e7015ee87ea47ed9679c01114feda4cf848158bf5928a
Instruction Fuzzy Hash: 75E1E5B4E001198FCB14DFA9C5849AEBBF2FF89305F248169D858AB356D734AD45CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07426148 Relevance: .3, Instructions: 266COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 719d9ce066cadebca36135efd4053325c9c2eb555a057b8093383756e25bf303
Instruction ID: 8c21604d747309c07524fdf53a26c142257f7bc21ee94f7b10cf54c6633027a5
Opcode Fuzzy Hash: 719d9ce066cadebca36135efd4053325c9c2eb555a057b8093383756e25bf303
Instruction Fuzzy Hash: D9D1E831C1075A8ACB11EFA4D994A9DF7B1FF95300F1097AAE4497B210EB706AC9CF91

Uniqueness

Uniqueness Score: -1.00%

Function 07426158 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a7aef258ab95990891b93f8fe391278117f26bf21ec04f218c4b6334cec111f
Instruction ID: db4f9aeb5762b8ccaac30c16752f7464b70bf2c83584a5787679e885ab7beaef
Opcode Fuzzy Hash: 7a7aef258ab95990891b93f8fe391278117f26bf21ec04f218c4b6334cec111f
Instruction Fuzzy Hash: 8DD1E831C1075A8ACB11EFA4D994A9DF7B1FF95300F1097AAE4493B210EF746AC9CB91

Uniqueness

Uniqueness Score: -1.00%

Function 07421DE0 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 010adc37da35eaf81f0300d07aa48ff46a66439721d25e9c683bcc7aa97e0d61
Instruction ID: 1a8f22d1158c9c0ba7723caaf920755b893aa449a7b3d9fedb18e119a1a32aa8
Opcode Fuzzy Hash: 010adc37da35eaf81f0300d07aa48ff46a66439721d25e9c683bcc7aa97e0d61
Instruction Fuzzy Hash: D781EFB4E10219DFCB44CFA9C98499EFBF2FF89210F14955AE415AB320D730AA52CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07421DD9 Relevance: .2, Instructions: 178COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 315ecdaae9f4267274b788a26bbca19f2ee29df1df69c56899ef4cf2bb3a3796
Instruction ID: 2e41453e1d5897c857889ef9e13cf360de37dab33b1313f4e634b6528195e96b
Opcode Fuzzy Hash: 315ecdaae9f4267274b788a26bbca19f2ee29df1df69c56899ef4cf2bb3a3796
Instruction Fuzzy Hash: 6F81E074E10219DFCB44CFA9C98499EFBF2FF89210F54956AE415AB320D730AA52CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07423240 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3602e6fb5d3e218eb4c0ec97a3408787d6d39ee57eb77f4ccf4cf1cf242dbd8
Instruction ID: f634c1adbc22b176151c78bb37ae73bec1b736596cf65d107c84b3f3b9b2ab0b
Opcode Fuzzy Hash: c3602e6fb5d3e218eb4c0ec97a3408787d6d39ee57eb77f4ccf4cf1cf242dbd8
Instruction Fuzzy Hash: E77105B0921605EFC750CF90E15A198BFB1FB89300F619899C089D7145DF3C9673DB28

Uniqueness

Uniqueness Score: -1.00%

Function 07422C98 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d51afa2f026bc1139d5ecca91a3e302287165cf1d4c915d1b072143e7c46ff1
Instruction ID: 530822797018e5264636ce9a3e6da6b5715ed38fe552173783e1e5c3f02af260
Opcode Fuzzy Hash: 8d51afa2f026bc1139d5ecca91a3e302287165cf1d4c915d1b072143e7c46ff1
Instruction Fuzzy Hash: 256147B1E1421ADFCB04DFAAC9815EEFBB2BF89300F55841AD425A7310D374AA52DF91

Uniqueness

Uniqueness Score: -1.00%

Function 07422C89 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2758863cad84c7fa616dc2eccb5e9cb996902e82ecadabaeca04f232b4df36c
Instruction ID: d036152716217abe6bcdbcb21712239e5326e3cb36fbc46f579d8b29ad921527
Opcode Fuzzy Hash: e2758863cad84c7fa616dc2eccb5e9cb996902e82ecadabaeca04f232b4df36c
Instruction Fuzzy Hash: AE5138B1E1421ADFCB04DFAAC9815EEFBB2BF89300F54C41AD425A7210D774AA52DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0742EBD0 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf50204b2b2a50997d07d945fbae8d57e7b33d255a1ca4c1e3a966724157bc85
Instruction ID: 6d88e86381b7a558b2de76c398b1a7f75c8006c3fb84015674fe907fe67ff7e6
Opcode Fuzzy Hash: cf50204b2b2a50997d07d945fbae8d57e7b33d255a1ca4c1e3a966724157bc85
Instruction Fuzzy Hash: 28511DB4D012298FDB14CFA9C5445AEBBF2EF89304F24C16AD818A7316D7359E46CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07424E40 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cdc295b695675073c65cf2647b8c43c899729b2644a87605777488a50e54b9e
Instruction ID: ba0fd3f580c810e03f7e05a3c20aca94d0de229aaaf292424b323679bf9487ef
Opcode Fuzzy Hash: 5cdc295b695675073c65cf2647b8c43c899729b2644a87605777488a50e54b9e
Instruction Fuzzy Hash: 7A5136B0E1525ADBDB04CFAAD4415EEFBF2EF89310F20982AE401A3354DB345A528F94

Uniqueness

Uniqueness Score: -1.00%

Function 0742F010 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 234fe14e305157c3dd4c1ce246d0eb73709f3533e7f26dc88dcf31ff4a721806
Instruction ID: a2cba4238f5462c8457e02daaed9073eea354dacdbe4903943225bb638a37982
Opcode Fuzzy Hash: 234fe14e305157c3dd4c1ce246d0eb73709f3533e7f26dc88dcf31ff4a721806
Instruction Fuzzy Hash: BD51FAB4E002198BDB14CFA9C5805AEFBF2FF89305F64816AD818A7316D7359D46CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 07423008 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d6a41a2321261818db23d52ce5595d44ea21b5246803728b1a636cc5cf1a03
Instruction ID: b75600008353e16861800b9d96b0e834eb7e3541437f2c79958826cf5781f54e
Opcode Fuzzy Hash: 18d6a41a2321261818db23d52ce5595d44ea21b5246803728b1a636cc5cf1a03
Instruction Fuzzy Hash: CC41D4B0E1521ADBCB08CFAAC4815EEFBB2BF89300F54D56AC415B7205D7389A528F64

Uniqueness

Uniqueness Score: -1.00%

Function 07422FF8 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2070763012.0000000007420000.00000040.00000800.00020000.00000000.sdmp, Offset: 07420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7420000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef47e27a745822cbe74b227f1ece16ef31fa5e262d01382afef6041c55f4907d
Instruction ID: a53e1b4f2e46ae76e2a70d2fce93608bbd5a3a0f753548e98a8a58d58148a896
Opcode Fuzzy Hash: ef47e27a745822cbe74b227f1ece16ef31fa5e262d01382afef6041c55f4907d
Instruction Fuzzy Hash: C141E4B0E1521ADFDB08CFAAC4815EEFBB2BF88300F54D46AD415A7214D7389A528F64

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exePID: 2136, Parent PID: 5860COMMON

Execution Graph

Execution Coverage:	10.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	182
Total number of Limit Nodes:	19

Executed Functions

Function 069F3048 Relevance: 8.0, Strings: 6, Instructions: 545
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 069F3747
$]q, xrefs: 069F3777
$]q, xrefs: 069F3753
$]q, xrefs: 069F376B
$]q, xrefs: 069F372A
$]q, xrefs: 069F371E

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-3723351465
Opcode ID: 32eb0ecc11062cd19dfb3ae66dc33571b2d4a9b52eba5cc0671b93d787ca11ec
Instruction ID: 9f2549070b7d6257112fb7bcb544b11739d6d2a36ad0524d048afcd331304645
Opcode Fuzzy Hash: 32eb0ecc11062cd19dfb3ae66dc33571b2d4a9b52eba5cc0671b93d787ca11ec
Instruction Fuzzy Hash: 24323F31E1061ACFCB15EF78C89459DB7B6BFC9300F61C66AD509A7264EB34E985CB80

Uniqueness

Uniqueness Score: -1.00%

Function 069F7D78 Relevance: 3.0, Strings: 2, Instructions: 478
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 069F80E7
$]q, xrefs: 069F80DB

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: 673fda93dcbcc4c538e86b9a797fc221b8517ebe3117935f7e10099cf77c758e
Instruction ID: d764ebc1e4694da959501c82c0fde0916612cdfbc96e2f980fe595d79129971d
Opcode Fuzzy Hash: 673fda93dcbcc4c538e86b9a797fc221b8517ebe3117935f7e10099cf77c758e
Instruction Fuzzy Hash: 1D02DC31B102058FCB94DF68DA90AAEB7B6FF84304F658929E505DB794DB75EC42CB80

Uniqueness

Uniqueness Score: -1.00%

Function 069F5598 Relevance: 1.8, Strings: 1, Instructions: 597
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$, xrefs: 069F5970

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: f140ffc51c65658dc1ba17613349797f960057c7d9d6fd58d0b017766695b762
Instruction ID: a12277acc8b2d5e1c26ac7deee79e14a308ea2f12a137bbedb5f8e8e5bdb49b2
Opcode Fuzzy Hash: f140ffc51c65658dc1ba17613349797f960057c7d9d6fd58d0b017766695b762
Instruction Fuzzy Hash: 3D22E231E102058FDF64DFA4C4806AEBBB6EF95320F228469E65AEB744DB35DC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 069F65E8 Relevance: .8, Instructions: 820COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d20a57f7cbd29decd7ea563be82a066f1174b7f76ffb86582acac23e892f2596
Instruction ID: a744501862c553c36d67f3e11731c880c04e4668998954367cc469da3615e3d2
Opcode Fuzzy Hash: d20a57f7cbd29decd7ea563be82a066f1174b7f76ffb86582acac23e892f2596
Instruction Fuzzy Hash: AE62DF30B103058FDB54DB68D580AADB7F6EF84304F268469E60AEB794DB35ED46CB80

Uniqueness

Uniqueness Score: -1.00%

Function 069FC198 Relevance: .6, Instructions: 649COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e92b4716c868972f5b3f60625ff676be0f6eca9e709d6c3f89c6bc71a055965
Instruction ID: 1fd812fcdb56e83b08de3e2fd07fc2e21189a3ad7e46e5b40cd3c3f791ed94ac
Opcode Fuzzy Hash: 4e92b4716c868972f5b3f60625ff676be0f6eca9e709d6c3f89c6bc71a055965
Instruction Fuzzy Hash: AD32D131B10209CFDB54DB68E980AAEB7B6FB88310F21C529E505E7795DB35EC42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 069FB230 Relevance: .6, Instructions: 573COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0b5398d9f1eb9d92f90e3173f7529b8ba80c6cb88295671911d5decdea19761
Instruction ID: 995af98441f15283b32df00215c334020789665b964d890cbc1884482ef8f20f
Opcode Fuzzy Hash: a0b5398d9f1eb9d92f90e3173f7529b8ba80c6cb88295671911d5decdea19761
Instruction Fuzzy Hash: 86228F30E201098FDF64CF69D9807ADB7BAEB85310F358426E549DB799CA34DC82CB91

Uniqueness

Uniqueness Score: -1.00%

Function 069FACD8 Relevance: 10.4, Strings: 8, Instructions: 395
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 069FAE87
$]q, xrefs: 069FAEA4
$]q, xrefs: 069FAEB0
$]q, xrefs: 069FAE58
$]q, xrefs: 069FAE4C
$]q, xrefs: 069FAE05
$]q, xrefs: 069FAE7B
$]q, xrefs: 069FADF9

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-1273862796
Opcode ID: 3411968568850194b1efd3b268de6404f9edd98197c0a89406914373c52a6f1e
Instruction ID: bd9d305b6dfd037e64850d446426e8e3282324422ca28507a6b76d965ddbc045
Opcode Fuzzy Hash: 3411968568850194b1efd3b268de6404f9edd98197c0a89406914373c52a6f1e
Instruction Fuzzy Hash: 90E17231F202098FDF68DF68D9806AEB7B6EF85304F21852AD509AB754DB34DC46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 069FB658 Relevance: 8.0, Strings: 6, Instructions: 473
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 069FBBBF
$]q, xrefs: 069FBB8B
$]q, xrefs: 069FBBF3
$]q, xrefs: 069FBBCB
$]q, xrefs: 069FBBFF
$]q, xrefs: 069FBB97

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-3723351465
Opcode ID: 94f6e3c615a352e7305cd6e98d33cc0d5605098e18d52eccfd23c45b4fec0810
Instruction ID: 26c5b13f2499ac3952a835e3c70f2d69437157e2380656c879f4a3abbf9f3a40
Opcode Fuzzy Hash: 94f6e3c615a352e7305cd6e98d33cc0d5605098e18d52eccfd23c45b4fec0810
Instruction Fuzzy Hash: E8027D30E202098FDF64CF68D5806ADB7B9EF85314F228926D505EBB59DB34DC86CB91

Uniqueness

Uniqueness Score: -1.00%

Function 069F9150 Relevance: 5.2, Strings: 4, Instructions: 230
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 069F9197
$]q, xrefs: 069F91D2
$]q, xrefs: 069F91A3
$]q, xrefs: 069F91DE

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q
API String ID: 0-858218434
Opcode ID: f90247e3e5fa8e3f61bc3209f328d3aadeb895cf074c4373f69dafe008accdbc
Instruction ID: 518b2d523f24764d37bf1f520d76677079c53d9b2720023d28768678a5472ddd
Opcode Fuzzy Hash: f90247e3e5fa8e3f61bc3209f328d3aadeb895cf074c4373f69dafe008accdbc
Instruction Fuzzy Hash: 05917C31B1021A8FDB54DF69D850BAEB7F6AF85204F108469D909EB384EF70DD468B92

Uniqueness

Uniqueness Score: -1.00%

Function 069FCF58 Relevance: 4.6, Strings: 3, Instructions: 802
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 069FD353
$]q, xrefs: 069FD34B
$]q, xrefs: 069FD35F

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q
API String ID: 0-182748909
Opcode ID: b764acb1eae3e1a575de871e9b9b80468614d8cb2e49324fe2bbd67b17435038
Instruction ID: 99d8d388343d693373906cc9026f4e320ae0acc7b9b5176cde164500b951c5e4
Opcode Fuzzy Hash: b764acb1eae3e1a575de871e9b9b80468614d8cb2e49324fe2bbd67b17435038
Instruction Fuzzy Hash: C6628031A1020A8FCB55EF68D590A5DB7F6FF84344B21C928D0099F769EB75ED4ACB80

Uniqueness

Uniqueness Score: -1.00%

Function 069F4B58 Relevance: 3.9, Strings: 3, Instructions: 186
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

\Obq, xrefs: 069F4D0F
fbq, xrefs: 069F5265
XPbq, xrefs: 069F4C85

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: fbq$XPbq$\Obq
API String ID: 0-4057264190
Opcode ID: 2618884124dac85c3d3639a7250014af5b66eab5ad8abe91512b8b34b214f4af
Instruction ID: 8f7481a96ae2e017f128edce5f981f9fe46a8d68cfee25ca81a28844c95e24be
Opcode Fuzzy Hash: 2618884124dac85c3d3639a7250014af5b66eab5ad8abe91512b8b34b214f4af
Instruction Fuzzy Hash: F661B030F002089FEB549FA5C8547AEBBF6FF88700F21842AE506AB395DB758C058B91

Uniqueness

Uniqueness Score: -1.00%

Function 069F9141 Relevance: 2.7, Strings: 2, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$]q, xrefs: 069F9197
$]q, xrefs: 069F91D2

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q
API String ID: 0-127220927
Opcode ID: 495b9b8e637c96772b258b80f3796230e62e82c95301e23cfd9803b48cde2144
Instruction ID: a563735012c487a689aa856abc151cf19c18f50e000ad9865d80ddf6bbc3012e
Opcode Fuzzy Hash: 495b9b8e637c96772b258b80f3796230e62e82c95301e23cfd9803b48cde2144
Instruction Fuzzy Hash: 2A515D31B111069FDB54DB78D890BAEB7F6EBC8614F108469D909DB398EE31DC06CB92

Uniqueness

Uniqueness Score: -1.00%

Function 069EB228 Relevance: 1.7, APIs: 1, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: b7b52ae01b9dd37baf1007e6a26b0a5ce7b3a35986686e4b4381e16b657a1a06
Instruction ID: 80a57f0023e8b13bbf1c4870bf2bc0ad12b3388635724367700bf968f99a8f70
Opcode Fuzzy Hash: b7b52ae01b9dd37baf1007e6a26b0a5ce7b3a35986686e4b4381e16b657a1a06
Instruction Fuzzy Hash: 0E717470A00B058FD7A5DF6AD54575ABBF5FF88300F108A2AE48AC7B54DB35E805CB90

Uniqueness

Uniqueness Score: -1.00%

Function 069ED7B0 Relevance: 1.7, APIs: 1, Instructions: 151COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 069ED922

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: e6acf7738ceb97ba5a03b529a8e164c62e2f70fd93263113d969439333b43a51
Instruction ID: b84e9ec17dacaf99882e930f143557324e6847202fde0941fec852985e802397
Opcode Fuzzy Hash: e6acf7738ceb97ba5a03b529a8e164c62e2f70fd93263113d969439333b43a51
Instruction Fuzzy Hash: FB51E0B1C00249AFDF16CF99C984ADDBFB5BF49300F24816AE818AB220D7319945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0139EB40 Relevance: 1.6, APIs: 1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3261466779.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1390000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6b99dd42eed288b796a195de7b79be7a39f88e9c9573b7276aad82f5e56a026
Instruction ID: 2eb9b640a4d7f408480159d18e9401d84718280dee4d8336918eb7103f3f0965
Opcode Fuzzy Hash: a6b99dd42eed288b796a195de7b79be7a39f88e9c9573b7276aad82f5e56a026
Instruction Fuzzy Hash: CE412471D043999FCB14DF69D8042DEBFF5AF89310F04856AD908A7281EB389881CBE0

Uniqueness

Uniqueness Score: -1.00%

Function 069ED810 Relevance: 1.6, APIs: 1, Instructions: 113COMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 069ED922

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: 83c41bd261c0974e33b2185e9bd7f425cc7c6a4bb8773be63cb801307a27f499
Instruction ID: 5f5faa0f715d3bfdc4158f9970381c774d6113faf01e5d84926786c80b0dede0
Opcode Fuzzy Hash: 83c41bd261c0974e33b2185e9bd7f425cc7c6a4bb8773be63cb801307a27f499
Instruction Fuzzy Hash: FC41CFB1D00309EFDB15CF9AC884ADEBBB5BF48310F24852AE819AB210D775A945CF90

Uniqueness

Uniqueness Score: -1.00%

Function 069ECD6C Relevance: 1.6, APIs: 1, Instructions: 97COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 069EFE91

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: f64de76cab5f708b600177c297e8e9adf884afd65b65fa80142a4fbf0baf1c88
Instruction ID: daaeb8ca88879808b4d56eddf4b4ebb50e9fad9a47c91a993b5bf0ad73837741
Opcode Fuzzy Hash: f64de76cab5f708b600177c297e8e9adf884afd65b65fa80142a4fbf0baf1c88
Instruction Fuzzy Hash: 754127B4900709CFDB55CF99C448AAABBF5FF88314F24C859E519AB721D335A840CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 069E3048 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 069E30D7

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: c2e266110afff50c1804398d9ca8cd61301cc7d77d15fee27dbeadd6297191c6
Instruction ID: 4a947f345b6353d687768be597b84f13fc85c346362667664c805bf6cde16487
Opcode Fuzzy Hash: c2e266110afff50c1804398d9ca8cd61301cc7d77d15fee27dbeadd6297191c6
Instruction Fuzzy Hash: 5821E7B5D002089FDB10CF9AD584ADEFBF9FB48310F14841AE915A7210D375A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069E3050 Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 069E30D7

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 3d00ae61b4dca5c280555ea24416aab87f916413d713a9768d391af30e1a156e
Instruction ID: 6c485b6efc53a32bab60af3d7c37d61273039453338943720fc486e9cf1b5485
Opcode Fuzzy Hash: 3d00ae61b4dca5c280555ea24416aab87f916413d713a9768d391af30e1a156e
Instruction Fuzzy Hash: CB21C4B5D002489FDB10CF9AD984AEEFBF9FB48310F14841AE919A3350D379A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069EB679 Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 069EB6EA

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 3e918ac95a8af9c0905a7628559919e267e427db6d5e1033d4832c897eb30ffe
Instruction ID: 281953b7fe405e402b2bed460924fe92d3ec5cef20326b275a143fca6a3cf677
Opcode Fuzzy Hash: 3e918ac95a8af9c0905a7628559919e267e427db6d5e1033d4832c897eb30ffe
Instruction Fuzzy Hash: 591126B6C003499FDB10CF9AD944AEEFBF8EB88720F10841AD519A7610C379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 0139EC28 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNELBASE ref: 0139EC8F

Memory Dump Source

Source File: 00000003.00000002.3261466779.0000000001390000.00000040.00000800.00020000.00000000.sdmp, Offset: 01390000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_1390000_SecuriteInfo.jbxd

Similarity

API ID: GlobalMemoryStatus
String ID:
API String ID: 1890195054-0
Opcode ID: 53ddb361329bcdaec97638cc5ff29da174f6fad77e803b413bd75bb50e521a36
Instruction ID: 32d06c3eec32aea5e83f3a84e479cd18085b906537618abfbc3a646f7e8eaa71
Opcode Fuzzy Hash: 53ddb361329bcdaec97638cc5ff29da174f6fad77e803b413bd75bb50e521a36
Instruction Fuzzy Hash: D5111FB1C006599BDB10DF9AC544AAEFBF4EF48320F11812AD818A7240D378A944CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069EB680 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(00000000,?,?), ref: 069EB6EA

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: b9746c524c454400ff2c3fc588441ea04b3ddd594c98c38ce108ddf2eca20769
Instruction ID: 52c43fd64c8697debd62ffad578a4cb994feed38e6bdc92f3719116b7cc7cabb
Opcode Fuzzy Hash: b9746c524c454400ff2c3fc588441ea04b3ddd594c98c38ce108ddf2eca20769
Instruction Fuzzy Hash: 7D11F3B6C003098FDB10CF9AD944AEEFBF9EB48720F10842AD519A7610C379A545CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 069EA17C Relevance: 1.6, APIs: 1, Instructions: 50COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,069EB244), ref: 069EB47E

Memory Dump Source

Source File: 00000003.00000002.3266096719.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69e0000_SecuriteInfo.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 58bddcaedfe10dfd5c42d7d38b72cf2e1966597646a7af6a33fbc4a835984407
Instruction ID: 025f71b20caa75b695d027ea70025d62c770892c6147a954d7e0e2d93a7bad18
Opcode Fuzzy Hash: 58bddcaedfe10dfd5c42d7d38b72cf2e1966597646a7af6a33fbc4a835984407
Instruction Fuzzy Hash: 7E1132B2C003498FCB10DF9AC544AAEFBF8EB48314F10842AD419A7614D379A544CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 069F4B48 Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

XPbq, xrefs: 069F4C85

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: XPbq
API String ID: 0-864591470
Opcode ID: 19d82477b6651eef4e41ee7c4f067ff2d52d9ad256ac40ca978c30e22ba9997a
Instruction ID: 87744e721e84c2ed55de2002112da4d7b864d872b238816e70f94b77f24738ba
Opcode Fuzzy Hash: 19d82477b6651eef4e41ee7c4f067ff2d52d9ad256ac40ca978c30e22ba9997a
Instruction Fuzzy Hash: B641A030F102089FDB559FA5C854B9EBBF6FF88700F21842AE506AB795DB758C06DB90

Uniqueness

Uniqueness Score: -1.00%

Function 069FDAC5 Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

PH]q, xrefs: 069FDC21

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: PH]q
API String ID: 0-3168235125
Opcode ID: bfdd204db55ab220833c6f7116ccd48e683ef3b098b040bd0e8b6469867a2804
Instruction ID: f785d380b3243c45d802f2d91a7073ccc17771240dc2a2290c84eb71468124e5
Opcode Fuzzy Hash: bfdd204db55ab220833c6f7116ccd48e683ef3b098b040bd0e8b6469867a2804
Instruction Fuzzy Hash: A6410230E1030ADFDB64DF64D45069EBBBAFF85300F21492AE505EB644EB75D94ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 069F21D8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

PH]q, xrefs: 069F2313

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: PH]q
API String ID: 0-3168235125
Opcode ID: cd9211fb337ed3a950b7ee09695b3df0f8028fcd055d2e1e794d1298776e9286
Instruction ID: 6611c983c317672513bf7b4184ba3b6108e89e7fc48fe3669bea84e51aa211d0
Opcode Fuzzy Hash: cd9211fb337ed3a950b7ee09695b3df0f8028fcd055d2e1e794d1298776e9286
Instruction Fuzzy Hash: C531D230B202019FDB589BB4D85476E77E6BF89604F218438E546DB388DF3ADE06CB95

Uniqueness

Uniqueness Score: -1.00%

Function 069F2350 Relevance: 1.0, Instructions: 1003COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 788d604f58cc8827cef2fdebbae732a4f573d945e486bd73c750dc0e962a68ef
Instruction ID: 5b734824808668d84a353cc41fbba00fbe32ceafad5181cb8eed7cd7cc46372a
Opcode Fuzzy Hash: 788d604f58cc8827cef2fdebbae732a4f573d945e486bd73c750dc0e962a68ef
Instruction Fuzzy Hash: D2927734E102048FCB64DBA8C584B9DB7F6FB45314F6684A9E509EB7A5DB34ED81CB80

Uniqueness

Uniqueness Score: -1.00%

Function 069F61E0 Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f101b5e2534a62af539280c3b07d07f86ccf4437c3f590c9c952e599b6f05b8
Instruction ID: ba15fdabf79f6f7538e8be3f95e69c44407735d5dd4503e3f6220e961a8a5b6b
Opcode Fuzzy Hash: 5f101b5e2534a62af539280c3b07d07f86ccf4437c3f590c9c952e599b6f05b8
Instruction Fuzzy Hash: FA61DF71F101114FDB54AB6EC88099FBADBAFD4220B254439D90EDB364DEAADD0387D2

Uniqueness

Uniqueness Score: -1.00%

Function 069F4288 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73a510a63de57a921bce4b5dd2bda9e960cbde4d985bee5c9e6c55480511922e
Instruction ID: 4e369f555a0a75c3f74c2d55ff21005045f7329ab58b7baf724e52f76a09b598
Opcode Fuzzy Hash: 73a510a63de57a921bce4b5dd2bda9e960cbde4d985bee5c9e6c55480511922e
Instruction Fuzzy Hash: CD817E31B102068FDF44DFA8C4546AEB7F7AF89704F218429D50AEB795EB34DC468B82

Uniqueness

Uniqueness Score: -1.00%

Function 069F45A8 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1431f57dec640ceda4d8b661b86e306e9cd0b96cd180a53b3e83aaf3e5334f8
Instruction ID: 2c66f34e3f75937dc3de774757bb2d00464fc01c93dbeee52197a9f8cd0c4ad1
Opcode Fuzzy Hash: a1431f57dec640ceda4d8b661b86e306e9cd0b96cd180a53b3e83aaf3e5334f8
Instruction Fuzzy Hash: A3915E30E102198FDF60DF68C890B9EB7B5FF85300F208599D549AB295DB74AA85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 069F45C0 Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4867932404bbe5d0e08d5f31fe21b4bd10cd94156c4de7312a2ba9a10126347a
Instruction ID: 46dcf8818b8a9bdbc9d6588f7921408c87f43d31e0d447d38dab36c5c59945cc
Opcode Fuzzy Hash: 4867932404bbe5d0e08d5f31fe21b4bd10cd94156c4de7312a2ba9a10126347a
Instruction Fuzzy Hash: EF914D30E102198BDF60DF68C890B9EB7B5FF89304F208599D50DAB355EB70AA85CF91

Uniqueness

Uniqueness Score: -1.00%

Function 069FEB18 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7cb1f1e5aa489c566b8590f1c41deeb7772bba263ae20603b63e3c5a48115ce
Instruction ID: 50905fce8a080b3872bd2b4322834fecbd3e53489045db853172b3efe4b19069
Opcode Fuzzy Hash: c7cb1f1e5aa489c566b8590f1c41deeb7772bba263ae20603b63e3c5a48115ce
Instruction Fuzzy Hash: 6F714E30A102099FDB54DFA9D990A9EBBF6FF84300F258429E105EB765DB34ED46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 069FEB28 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2994f7ed2becb0314c99f84c77d78aeb564b72d47c8108e339061a7e137442b2
Instruction ID: 87bd39d9ab2f1c73a2ba42186f6010d6c2d898b7e184712fc66dbcd37ced4f3c
Opcode Fuzzy Hash: 2994f7ed2becb0314c99f84c77d78aeb564b72d47c8108e339061a7e137442b2
Instruction Fuzzy Hash: 86715C30A102099FDB54DFA9D990A9EBBF6FF84300F258429E109EB765DB34ED46CB50

Uniqueness

Uniqueness Score: -1.00%

Function 069FFC91 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b399ffec0aca97ef36b7bab37e576e72feef81a5b41dfd55498b7cd01dbb831d
Instruction ID: 4df71fd24f651a0df066b34bc000c82f9ed03cb070c76cf1687973b7656b67d7
Opcode Fuzzy Hash: b399ffec0aca97ef36b7bab37e576e72feef81a5b41dfd55498b7cd01dbb831d
Instruction Fuzzy Hash: D3510631E101059FCF64EB78E8946ADBBB6FF84315F21486AE20AE7750DB359845CB81

Uniqueness

Uniqueness Score: -1.00%

Function 069FFA40 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d71c2db41d68ee61f49648d41fa232b191a2b5661ada63729d1c9a98ef3e089
Instruction ID: 4023383500c96b4a1f66bf511b481b6e2c58828620fdc1751b982a939dfbb9e4
Opcode Fuzzy Hash: 2d71c2db41d68ee61f49648d41fa232b191a2b5661ada63729d1c9a98ef3e089
Instruction Fuzzy Hash: 1651F971B202158FEF60676CE9A072E265EDB89710F314925E90ED3BD5DA3CCC4583A2

Uniqueness

Uniqueness Score: -1.00%

Function 069FFA50 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 286c7955f02ad7f1686159d9eb4d0a06ef9be165f1bd00def4b876239d335261
Instruction ID: 88f67f6b83d03eca6ff768eb8ac973c06424654921b5b6c52effca6a7782b494
Opcode Fuzzy Hash: 286c7955f02ad7f1686159d9eb4d0a06ef9be165f1bd00def4b876239d335261
Instruction Fuzzy Hash: 3751D871B202158FEF64676CD8A472F265EDB89710F304929EA0EC37D9DA78CC458392

Uniqueness

Uniqueness Score: -1.00%

Function 069F5408 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15c7b5ac05561af462ef4ca96f77c00108e512430643caafe26c3ff8c89402dc
Instruction ID: 4f48c4e993a9a2a1510bb81c7563702265acc828bc069c48db8cc854b2b6309a
Opcode Fuzzy Hash: 15c7b5ac05561af462ef4ca96f77c00108e512430643caafe26c3ff8c89402dc
Instruction Fuzzy Hash: 55419371E106098FCF70CFA9D8C0AAFFBB6EB94310F22492AD215D7A50D730E9558B91

Uniqueness

Uniqueness Score: -1.00%

Function 069F5588 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 583d7ca7d7667050a7a7982a8fb08c0ff90660e984e5ccedea0be0a17464e2b7
Instruction ID: 0828bc1a3d0bd9fee76ef76b66283894ae7d28f67f9cf199eece70e92af2be4f
Opcode Fuzzy Hash: 583d7ca7d7667050a7a7982a8fb08c0ff90660e984e5ccedea0be0a17464e2b7
Instruction Fuzzy Hash: D831C675F142058FDB608F69C4C066EFBB5EB55310F27887AE269DBA41C635E840CB90

Uniqueness

Uniqueness Score: -1.00%

Function 069F2088 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b9c7873e9ac0f4ea87b8cb6eb7bce69d701e774d384a1b6fb9f4f69c3f80aa1
Instruction ID: e9bf346e62c8f5194ee5324d3baedaa5e6ebd849217ccdd707156ce691e4747f
Opcode Fuzzy Hash: 5b9c7873e9ac0f4ea87b8cb6eb7bce69d701e774d384a1b6fb9f4f69c3f80aa1
Instruction Fuzzy Hash: A431B031F142099FCB18CFA4D8A469EB7B6AF89300F10C519EA06E7740DB71AE42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 069F2098 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 746093beb4a6f9db6daf32d072633c13a65177b1e61e42c7da66a14c8c746a71
Instruction ID: 2d920e6b5a11388ded6c102204547a02173796a3d21de81a3ba550fe311530ec
Opcode Fuzzy Hash: 746093beb4a6f9db6daf32d072633c13a65177b1e61e42c7da66a14c8c746a71
Instruction Fuzzy Hash: F7318031F142099BCB58CFA4D89469EB7F6EF89300F218529EA06E7750DB71AD42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 069F3A88 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 794a57e2c8fb4fde9499e59317f1c6e7ffabdb67b12ce283c7933a0e3f2ba5df
Instruction ID: ab549889f69704278eed2a12ddbee72ca51137c4068193b7c72e88f3a5c08265
Opcode Fuzzy Hash: 794a57e2c8fb4fde9499e59317f1c6e7ffabdb67b12ce283c7933a0e3f2ba5df
Instruction Fuzzy Hash: BA219A76F11215AFDB41DFA8D880AEEBBF5AB48310F118425E909E7354E734D9028BE1

Uniqueness

Uniqueness Score: -1.00%

Function 069F3A98 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79183b11596295750edb4839ce4359f60b945038e88cfd0f9fca5285f3e64f96
Instruction ID: 79e330541897273e907fe19364f41b8a65b06355ac42a39a879e42f072d8e474
Opcode Fuzzy Hash: 79183b11596295750edb4839ce4359f60b945038e88cfd0f9fca5285f3e64f96
Instruction Fuzzy Hash: 2421A976F116159FDB50DFA9D880AAEBBF5EB48710F218429EA09E7380E734D8018BD1

Uniqueness

Uniqueness Score: -1.00%

Function 0107D044 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3261249853.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_107d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f79ca39565cd2f4546b39beeada5b5798bd49182d4808ff0e47131a64d070c33
Instruction ID: 21611e260fd16aad922e6b67581222d89238b0fb735d2318087812823d49ad18
Opcode Fuzzy Hash: f79ca39565cd2f4546b39beeada5b5798bd49182d4808ff0e47131a64d070c33
Instruction Fuzzy Hash: CF212571904204EFCB16CF68D9C4B26BBA5FF84314F20C5ADE9890B252C73AD446CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 069F3BA8 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b96c6f75bce53402b5ec119b301e84bf2aeef332aae745006946ff7ab6f42813
Instruction ID: fafb7f6f55dd482654b7f93799d846f8b85f5d0165e898d14ba79a2c8a02d723
Opcode Fuzzy Hash: b96c6f75bce53402b5ec119b301e84bf2aeef332aae745006946ff7ab6f42813
Instruction Fuzzy Hash: 4111E132B101284FDF95D778C8146AE73EAABC8310F128539D60AE7344DE69CC028BD1

Uniqueness

Uniqueness Score: -1.00%

Function 069F41EA Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05c3cb390f2fccfa07b109b520c26a7d67903bd56592648e13c92e2dc9159069
Instruction ID: 119e62a82b8ba5efb2621d30e48d5e3b3a777278fd1b68cc62c95512569e0ed3
Opcode Fuzzy Hash: 05c3cb390f2fccfa07b109b520c26a7d67903bd56592648e13c92e2dc9159069
Instruction Fuzzy Hash: 4D012831B141601FDB2192ADA844B6FA7DBCBC6711F25843AF10ACB7A6DA55CD074391

Uniqueness

Uniqueness Score: -1.00%

Function 069FA308 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 874537fc10a86587fa4e6dcfe8ef6040d7de74466806da0923caddf27a9bad9f
Instruction ID: 8d31b2517d63bf9ea053ca865303c1e3211e43cd902838b9f41bac9385eab6be
Opcode Fuzzy Hash: 874537fc10a86587fa4e6dcfe8ef6040d7de74466806da0923caddf27a9bad9f
Instruction Fuzzy Hash: 41012831B142105FCB61A62DEC50B1F3BEADBCA710F214429F10ECB395DA24DC0283D1

Uniqueness

Uniqueness Score: -1.00%

Function 069F3B97 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1518fafafb6869be4a97794705fb95a49dfcfa8a6565707960df722698cdce3d
Instruction ID: dd9b503940186dce9ad36941aff8b55556a4c8148412493d88ca082d2cf676be
Opcode Fuzzy Hash: 1518fafafb6869be4a97794705fb95a49dfcfa8a6565707960df722698cdce3d
Instruction Fuzzy Hash: EF016832B200240BCF52D279DC246EF36ABDBC4310F160439EA0AD7380EB25CC0683D1

Uniqueness

Uniqueness Score: -1.00%

Function 069F3861 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d31e261256e3bebb54d91ea65da7c5e59cfcd24c4953f306a7bb0b7e4387e7a1
Instruction ID: e2a10e8de15ba3d807c73b38831a227a04965942966900d94340d3e550759267
Opcode Fuzzy Hash: d31e261256e3bebb54d91ea65da7c5e59cfcd24c4953f306a7bb0b7e4387e7a1
Instruction Fuzzy Hash: 0321C0B5D01219AFCB10DF9AD984ADEFBB8FB48310F10812AE518A7200C3796554CFE5

Uniqueness

Uniqueness Score: -1.00%

Function 0107D03F Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3261249853.000000000107D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0107D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_107d000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction ID: 6db1765e52c1871ebcd60cad4b7a5d0ad9fdf57f7042def622ad44ca08660e2d
Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
Instruction Fuzzy Hash: 4111D075904244DFDB12CF54D5C4B15BFA1FF44314F24C6A9E9894B252C33AD44ACFA2

Uniqueness

Uniqueness Score: -1.00%

Function 069F3868 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb492dbb7bfbe7972d3bf2f16a852dab65bbfa568c4b58247f21d1e4404e88ca
Instruction ID: c2f4a75a331ab4f16b4c3d2df4ca92046038c5e1a8b025b4ed8ce679040f9e4d
Opcode Fuzzy Hash: cb492dbb7bfbe7972d3bf2f16a852dab65bbfa568c4b58247f21d1e4404e88ca
Instruction Fuzzy Hash: 9A11D3B1D012199FCB00DF9AD884ADEFBB8FF48310F10812AE518A7200C3796544CFE5

Uniqueness

Uniqueness Score: -1.00%

Function 069FED99 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b13b4f29d9b545f85811a03a092a9396b5f5de6012b10d8670b1e301bbe497e1
Instruction ID: da2229393457c705c5d4b9ac51f980c92c01b6cea73ac5399a6a59edd70682ef
Opcode Fuzzy Hash: b13b4f29d9b545f85811a03a092a9396b5f5de6012b10d8670b1e301bbe497e1
Instruction Fuzzy Hash: 6201F735F200105BDB61DB6CE494B3E67DADBC9610F25883AE20AC7751EA65DD428381

Uniqueness

Uniqueness Score: -1.00%

Function 069F41F8 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b26190b54592f13a7b8ccab8d8453ff22a5790a87ea073289cba3c86192ec081
Instruction ID: 5cdfe762b5530ade776cd7d0eeba601d5b9d5e4c76fa1cdd4fcc75bb5c64e59b
Opcode Fuzzy Hash: b26190b54592f13a7b8ccab8d8453ff22a5790a87ea073289cba3c86192ec081
Instruction Fuzzy Hash: 3301AD31B201100BDB6496AEE44476BB3DECBC9B20F218439E20AC7756DA66DD034392

Uniqueness

Uniqueness Score: -1.00%

Function 069FEDA8 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a91ca3ba76fc2726c1c46824ea17052486d9d593a980d49b3f4f5c3b91894c7
Instruction ID: e9d2e54d4bc812bf6a0f0a367a2c2c8a788da6f74c28cdbc4fe8bdbbd35f4c5a
Opcode Fuzzy Hash: 4a91ca3ba76fc2726c1c46824ea17052486d9d593a980d49b3f4f5c3b91894c7
Instruction Fuzzy Hash: B9018135B200101BDB65DA6DE45473E66DADBC9714F21843AE20AC7791EEA5DC424381

Uniqueness

Uniqueness Score: -1.00%

Function 069FA318 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 043a9ec9af2fdf9d1bd42b68a0e3fbd21d771469d19469bb1a328999ec198d1d
Instruction ID: 3d4d8c9c867bf2b00223ff1edfe984de171f41dc4f34164fb66826d2d1e5d16f
Opcode Fuzzy Hash: 043a9ec9af2fdf9d1bd42b68a0e3fbd21d771469d19469bb1a328999ec198d1d
Instruction Fuzzy Hash: 4F01A431B101104FCB65EB6DE850B2E73EAEB8A714F618438E60EC7754EA65EC0287C1

Uniqueness

Uniqueness Score: -1.00%

Function 069F6469 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 343c4d71836eb52e69182ce63c89160bd3bcc2678569fb4ddd3e932c84438aa9
Instruction ID: 53a6a6ab61ce7c911ad8bef950eecfbf2c21040a70a85d9222bdc74aac660bcd
Opcode Fuzzy Hash: 343c4d71836eb52e69182ce63c89160bd3bcc2678569fb4ddd3e932c84438aa9
Instruction Fuzzy Hash: 52E06D71E392086BDB60EF659D1965A7A5EDB82214F2248A1D904CB542E276D901C3D1

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 069F7698 Relevance: 13.0, Strings: 10, Instructions: 468COMMON

Download Yara Rule

Strings

$]q, xrefs: 069F7BF0
$]q, xrefs: 069F7B51
$]q, xrefs: 069F7BFA
$]q, xrefs: 069F7BE4
$]q, xrefs: 069F7794
$]q, xrefs: 069F77C5
$]q, xrefs: 069F77B9
$]q, xrefs: 069F7788
$]q, xrefs: 069F7C06
$]q, xrefs: 069F7B45

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-2843079600
Opcode ID: a84b65c63dd1938ccf6ab46d0e21f9cd92c5fc5ec063b2b826ce20eeeea0a7c7
Instruction ID: a1cfdae4f398da8ea24cf7479cbf7147549bfb699e337e779a63451c4b9a4681
Opcode Fuzzy Hash: a84b65c63dd1938ccf6ab46d0e21f9cd92c5fc5ec063b2b826ce20eeeea0a7c7
Instruction Fuzzy Hash: 2A124E30E112198FDB68DFA8D990A9DB7F6BF88304F218969D509AB754DB34DD41CF80

Uniqueness

Uniqueness Score: -1.00%

Function 069FA940 Relevance: 10.2, Strings: 8, Instructions: 229COMMON

Download Yara Rule

Strings

$]q, xrefs: 069FAAFE
$]q, xrefs: 069FAABC
$]q, xrefs: 069FAA36
$]q, xrefs: 069FAA91
$]q, xrefs: 069FAA42
$]q, xrefs: 069FAA9D
$]q, xrefs: 069FAAC8
$]q, xrefs: 069FAAF2

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-1273862796
Opcode ID: d1630cc9d023ca0ce1e08954394bb242930cf992ded69c7a5bd30ebf66ec59c4
Instruction ID: 4f3fec4d6510ff93fc6778236986167e41dcc4d7a1d0a3aa4a6a4c09931ce1ba
Opcode Fuzzy Hash: d1630cc9d023ca0ce1e08954394bb242930cf992ded69c7a5bd30ebf66ec59c4
Instruction Fuzzy Hash: 9A919030A20209DFDF68DF68DA80B6E77FAAF84310F218929E549A7754DB34DD45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 069F7098 Relevance: 9.2, Strings: 7, Instructions: 405COMMON

Download Yara Rule

Strings

$]q, xrefs: 069F73D4
$]q, xrefs: 069F7534
.5uq, xrefs: 069F70F3
$]q, xrefs: 069F737A
$]q, xrefs: 069F75AC
$]q, xrefs: 069F73E0
$]q, xrefs: 069F75A0

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: .5uq$$]q$$]q$$]q$$]q$$]q$$]q
API String ID: 0-981061697
Opcode ID: 65dbfeb7c212ec0e65c708e49f3ecb2f8639c56ce7dbf4d1dff0da581a0b5dff
Instruction ID: a8f65ddb4f8a8d3cbcd94233a37399880711a4a517a7e08756df08b7a243ae79
Opcode Fuzzy Hash: 65dbfeb7c212ec0e65c708e49f3ecb2f8639c56ce7dbf4d1dff0da581a0b5dff
Instruction Fuzzy Hash: E2F16030B11205CFDB59EFA8E590A6EB7B6FF84304F618568E4059B768DB35EC42CB81

Uniqueness

Uniqueness Score: -1.00%

Function 069F83D0 Relevance: 5.3, Strings: 4, Instructions: 282COMMON

Download Yara Rule

Strings

$]q, xrefs: 069F862A
$]q, xrefs: 069F8636
$]q, xrefs: 069F869B
$]q, xrefs: 069F868F

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q
API String ID: 0-858218434
Opcode ID: 44dcee644ff2f79cab79d89ffa01d1862235bc57e0ae0e5bc7881dba9cbd5a72
Instruction ID: 37464a7a995cf07620e7c6df91973297014d1729349bb815aa47439846551e88
Opcode Fuzzy Hash: 44dcee644ff2f79cab79d89ffa01d1862235bc57e0ae0e5bc7881dba9cbd5a72
Instruction Fuzzy Hash: 8CB16F30B21209CFDB98DFA8DA9465EB7B6FF84304F258429D5059B755DB34DC82CB80

Uniqueness

Uniqueness Score: -1.00%

Function 069F87E8 Relevance: 5.2, Strings: 4, Instructions: 168COMMON

Download Yara Rule

Strings

LR]q, xrefs: 069F88DB
$]q, xrefs: 069F8873
$]q, xrefs: 069F8867
LR]q, xrefs: 069F892A

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: LR]q$LR]q$$]q$$]q
API String ID: 0-3527005858
Opcode ID: a12e7a366f54c1994904a112f159eb2ce639665a6e4946a7de7b483bf975e71a
Instruction ID: 17ce82450ac12376e8732daaa92c030df90da003cd7b58ebda8be6226025ff21
Opcode Fuzzy Hash: a12e7a366f54c1994904a112f159eb2ce639665a6e4946a7de7b483bf975e71a
Instruction Fuzzy Hash: A751C431B202019FDB98DF28DA40A6E77FAFF84304F118968E5169B765DB30EC45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 069FACD3 Relevance: 5.2, Strings: 4, Instructions: 157COMMON

Download Yara Rule

Strings

$]q, xrefs: 069FAEA4
$]q, xrefs: 069FAE4C
$]q, xrefs: 069FAE7B
$]q, xrefs: 069FADF9

Memory Dump Source

Source File: 00000003.00000002.3266142327.00000000069F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_69f0000_SecuriteInfo.jbxd

Similarity

API ID:
String ID: $]q$$]q$$]q$$]q
API String ID: 0-858218434
Opcode ID: ba461041e223c83c92e91ae76622b25a314d21d9180d16061a4d013dfafdfe42
Instruction ID: f68718c3fa23a04b2b7a82e295c274884da9171cb8c6a6d7ca760603c25e7761
Opcode Fuzzy Hash: ba461041e223c83c92e91ae76622b25a314d21d9180d16061a4d013dfafdfe42
Instruction Fuzzy Hash: DA517230E20205CFDF69DB68E58066DB7BAEF84311F25892AD909DB754DB34DC41CB91

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.3610.30636.exe

Function 07420EB9 Relevance: 1.6, Strings: 1, Instructions: 346
COMMON

Function 07425378 Relevance: 2.6, Strings: 2, Instructions: 85
COMMON

Function 07421530 Relevance: 2.6, Strings: 2, Instructions: 63
COMMON

Function 078C1BFC Relevance: 1.7, APIs: 1, Instructions: 246
processCOMMON

Function 078C1C08 Relevance: 1.7, APIs: 1, Instructions: 243
processCOMMON

Function 078C1578 Relevance: 1.6, APIs: 1, Instructions: 72
injectionCOMMON

Function 078C1580 Relevance: 1.6, APIs: 1, Instructions: 69
injectionCOMMON

Function 078C0B70 Relevance: 1.6, APIs: 1, Instructions: 68
threadCOMMON

Function 078C1669 Relevance: 1.6, APIs: 1, Instructions: 65
COMMON

Function 078C1670 Relevance: 1.6, APIs: 1, Instructions: 63
COMMON

Function 078C0B78 Relevance: 1.6, APIs: 1, Instructions: 63
threadCOMMON

Function 0139D150 Relevance: 1.6, APIs: 1, Instructions: 55
libraryCOMMON

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre