Windows
Analysis Report
97NT8DO3JB.exe
Overview
General Information
Sample name: | 97NT8DO3JB.exerenamed because original name is a hash value |
Original sample name: | 3415aaebe725006cfa66320863c1bb8a.exe |
Analysis ID: | 1428958 |
MD5: | 3415aaebe725006cfa66320863c1bb8a |
SHA1: | 37cb513d1f01f9ec819b62ca8ff1b591ae4c8669 |
SHA256: | ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c |
Tags: | 32exeGCleanertrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 97NT8DO3JB.exe (PID: 6640 cmdline:
"C:\Users\ user\Deskt op\97NT8DO 3JB.exe" MD5: 3415AAEBE725006CFA66320863C1BB8A) - WerFault.exe (PID: 6856 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 640 -s 744 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 3484 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 640 -s 764 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7040 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 640 -s 780 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 3264 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 640 -s 772 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6404 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 640 -s 904 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 6844 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 640 -s 912 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 7092 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 640 -s 137 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - cmd.exe (PID: 2516 cmdline:
"C:\Window s\System32 \cmd.exe" /c taskkil l /im "97N T8DO3JB.ex e" /f & er ase "C:\Us ers\user\D esktop\97N T8DO3JB.ex e" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7056 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - taskkill.exe (PID: 1720 cmdline:
taskkill / im "97NT8D O3JB.exe" /f MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD) - WerFault.exe (PID: 7148 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 640 -s 133 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) - SIHClient.exe (PID: 2516 cmdline:
C:\Windows \System32\ sihclient. exe /cv mY xTU7XVgUSO C2w2/zVglw .0.2 MD5: 8BE47315BF30475EEECE8E39599E9273)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
GCleaner | No Attribution |
{"C2 addresses": ["185.172.128.90"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
JoeSecurity_GCleaner | Yara detected GCleaner | Joe Security | ||
Click to see the 1 entries |
Timestamp: | 04/19/24-22:35:59.183264 |
SID: | 2856233 |
Source Port: | 49730 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Joe Sandbox ML: |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: |
Source: | IPs: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | File created: | ||
Source: | File created: |
Source: | Code function: | 0_2_00404710 | |
Source: | Code function: | 0_2_00409860 | |
Source: | Code function: | 0_2_00413C49 | |
Source: | Code function: | 0_2_00413464 | |
Source: | Code function: | 0_2_00421D42 | |
Source: | Code function: | 0_2_03679AC7 | |
Source: | Code function: | 0_2_03674977 | |
Source: | Code function: | 0_2_036836CB |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_01B2F826 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 0_2_00404710 | |
Source: | Command line argument: | 0_2_03674977 | |
Source: | Command line argument: | 0_2_03674977 | |
Source: | Command line argument: | 0_2_03674977 |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | ||
Source: | File read: | ||
Source: | File read: | ||
Source: | File read: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_0041004B | |
Source: | Code function: | 0_2_00408591 | |
Source: | Code function: | 0_2_01B32924 | |
Source: | Code function: | 0_2_01B328C8 | |
Source: | Code function: | 0_2_01B3530A | |
Source: | Code function: | 0_2_01B31A1F | |
Source: | Code function: | 0_2_01B33E5B | |
Source: | Code function: | 0_2_01B305B9 | |
Source: | Code function: | 0_2_01B3460A | |
Source: | Code function: | 0_2_01B33E5B | |
Source: | Code function: | 0_2_01B3460A | |
Source: | Code function: | 0_2_01B305DD | |
Source: | Code function: | 0_2_01B32800 | |
Source: | Code function: | 0_2_01B32FDE | |
Source: | Code function: | 0_2_01B31F32 | |
Source: | Code function: | 0_2_01B33708 | |
Source: | Code function: | 0_2_01B33E5B | |
Source: | Code function: | 0_2_01B33E5B | |
Source: | Code function: | 0_2_01B3460A | |
Source: | Code function: | 0_2_01B33E5B | |
Source: | Code function: | 0_2_01B33E5B | |
Source: | Code function: | 0_2_03684217 | |
Source: | Code function: | 0_2_036802B2 | |
Source: | Code function: | 0_2_0368480E | |
Source: | Code function: | 0_2_0368C709 | |
Source: | Code function: | 0_2_036787F8 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | API coverage: |
Source: | Thread sleep time: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_0040C17B |
Source: | Code function: | 0_2_00411192 | |
Source: | Code function: | 0_2_0040C681 | |
Source: | Code function: | 0_2_01B2F103 | |
Source: | Code function: | 0_2_036813F9 | |
Source: | Code function: | 0_2_0367092B | |
Source: | Code function: | 0_2_0367C8E8 | |
Source: | Code function: | 0_2_03670D90 |
Source: | Code function: | 0_2_00416A7C |
Source: | Process token adjusted: |
Source: | Code function: | 0_2_00408809 | |
Source: | Code function: | 0_2_0040C17B | |
Source: | Code function: | 0_2_00407C96 | |
Source: | Code function: | 0_2_00408675 | |
Source: | Code function: | 0_2_0367C3E2 | |
Source: | Code function: | 0_2_03678A70 | |
Source: | Code function: | 0_2_036788DC | |
Source: | Code function: | 0_2_03677EFD |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Process created: |
Source: | Code function: | 0_2_00408873 |
Source: | Code function: | 0_2_0041897A | |
Source: | Code function: | 0_2_0041892F | |
Source: | Code function: | 0_2_00418A15 | |
Source: | Code function: | 0_2_00418AA0 | |
Source: | Code function: | 0_2_004112A2 | |
Source: | Code function: | 0_2_00418CF3 | |
Source: | Code function: | 0_2_00418E19 | |
Source: | Code function: | 0_2_00418F1F | |
Source: | Code function: | 0_2_004117C4 | |
Source: | Code function: | 0_2_00418FEE | |
Source: | Code function: | 0_2_03688BE1 | |
Source: | Code function: | 0_2_03688B96 | |
Source: | Code function: | 0_2_03689255 | |
Source: | Code function: | 0_2_03681A2B | |
Source: | Code function: | 0_2_03689186 | |
Source: | Code function: | 0_2_03689080 | |
Source: | Code function: | 0_2_03688F5A | |
Source: | Code function: | 0_2_03681509 | |
Source: | Code function: | 0_2_03688D07 | |
Source: | Code function: | 0_2_03688C7C |
Source: | Code function: | 0_2_0040CA21 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 21 Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 51 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Virtualization/Sandbox Evasion | Security Account Manager | 3 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | 11 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 2 Obfuscated Files or Information | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | 43 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1361904 | ||
100% | Joe Sandbox ML |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.172.128.90 | unknown | Russian Federation | 50916 | NADYMSS-ASRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428958 |
Start date and time: | 2024-04-19 22:35:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 97NT8DO3JB.exerenamed because original name is a hash value |
Original Sample Name: | 3415aaebe725006cfa66320863c1bb8a.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@15/39@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.85.23.86, 20.189.173.20, 13.85.23.206, 20.3.187.198
- Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtCreateKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: 97NT8DO3JB.exe
Time | Type | Description |
---|---|---|
22:36:13 | API Interceptor | |
22:36:14 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
185.172.128.90 | Get hash | malicious | GCleaner | Browse |
| |
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | GCleaner, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | GCleaner | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
NADYMSS-ASRU | Get hash | malicious | GCleaner | Browse |
| |
Get hash | malicious | GCleaner | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | Amadey, PureLog Stealer, RedLine, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Glupteba, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_1630c49f-2354-49a2-9ab8-dc030df3b2ee\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9348969705804512 |
Encrypted: | false |
SSDEEP: | 96:/VWQ+sJhq7oA7RT6tQXIDcQnc6rCcEhcw3rD+HbHg/8BRTf3o8Fa99Oy4H9nFED/:NR+/X056r4jlQjzuiFyZ24IO8qaZ |
MD5: | 035D76EAD663BDE83E4CEDA1AD113D56 |
SHA1: | 5CDF35C30769BA1E2410B1FF6E1B1413EBE6A3A1 |
SHA-256: | 86937FBACADFFAB5A88B77FED8493CB774CA2C6E0B52DD86C78FD4CD63FC159D |
SHA-512: | 795A9A945A85A0A135CEC6304D33CAE72ABEC9B1C3322D43476CFDF2C5D40F15D28EF0FF63AC929471F6B4C12F89E70C8AEBDC81F99B8C84CD7DD74D9CE57CC2 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_3a48af57-569b-4ab4-b9ea-256268bf1ad0\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.838076749570067 |
Encrypted: | false |
SSDEEP: | 96:rZbUsJhq7oA7RT6tQXIDcQnc6rCcEhcw3rD+HbHg/8BRTf3o8Fa99Oy4H9nFEDKI:VbU/X056r4jlGzuiFyZ24IO8qaZ |
MD5: | C2C80305F024831DA86240EA4ACA1226 |
SHA1: | 00C393BF8B9B15165E378BBC5D1BDD5C82865F84 |
SHA-256: | 2F780FA577C9C6645FE124641FCE0DEBFF91C1F3B3DC708E3410B288FBB6987A |
SHA-512: | 145D841D72547375CE605C927C34BA79FA24AA85667F98591EF940C87CE572C802DEA2312DB58474405EB6D891A9A7FFAC0C75ED9962CC46C621EFCB4A567290 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_5c38cd1d-3bce-4550-bdcf-bb046d0ffe19\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.837800102979353 |
Encrypted: | false |
SSDEEP: | 96:MSwqsJhq7oA7RT6tQXIDcQnc6rCcEhcw3rD+HbHg/8BRTf3o8Fa99Oy4H9nFEDKI:Aq/X056r4jlGzuiFyZ24IO8qaZ |
MD5: | 600C06EF771DBEBF3ED0C34EAB3E6770 |
SHA1: | 5932D3C9F1F69A22D1A922BBF047D7E0ADD33AE3 |
SHA-256: | 6E8513ADC1590662798AAFFC70C67159269B458AE5F3789EA8217EC5D5944469 |
SHA-512: | 53F2F98A9005B64D1D42342DF7BCEFFE53886EB4259A61B7B0D4519AC77A45CD765FED3A6F0A5C9B4BD2F4B7CB95863E41A9025149D3859F43081A64AC97B800 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_8fd0dd96-51df-4555-aa5e-8b9425c46166\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8533329825053435 |
Encrypted: | false |
SSDEEP: | 96:WnJsJhq7oA7RT6tQXIDcQnc6rCcEhcw3rD+HbHg/8BRTf3o8Fa99Oy4H9nFEDKVQ:GJ/X056r4jlszuiFyZ24IO8qaZ |
MD5: | 5E20AFC5000113B238A8E5223EAC480E |
SHA1: | 9ACA9B44AE204A6F69E03CF2A10A687CA48951DE |
SHA-256: | BA773C1A4EFBA5EA4B5045FA17B360C1ED7ECA82CE841C86549F45047FECB91A |
SHA-512: | 9905407E2DB101015832CACFFE08089E15AE97B0573AEC97ADE389CC5CC6884464E5EC9A0E40B2665F6B82A4929B0089D3528388E83CE27E70AC1A5C9646E252 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_acc9e967-ff41-4224-90bc-0f98e5eb772f\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8536184171996241 |
Encrypted: | false |
SSDEEP: | 96:6Zp6sJhq7oA7RT6tQXIDcQnc6rCcEhcw3rD+HbHg/8BRTf3o8Fa99Oy4H9nFEDKW:ip6/X056r4jlszuiFyZ24IO8qaZ |
MD5: | 135A69AB7E22A4E0AB9C3C9CD94DC7AC |
SHA1: | 2004A6ED569F7C8AA204BF8B7FD909880C37C7AF |
SHA-256: | E4F4DFC13AE1A3587A2ABF86779B4D04C44EDA0945C81846EA24FEFE421AAA36 |
SHA-512: | B010F968FE868A08FDC14C6648215D9CD1A829D05ADB6BFE56863EA1F8A89BD7D91C6C7047F50535595A9A0AF2791FEED71E807BE37EF8FD20A4FB3F42519ABD |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_cdb61ca0-0229-40fc-b9c9-8fe9029a2de5\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8379341897745287 |
Encrypted: | false |
SSDEEP: | 96:h0rThWsJhq7oA7RT6tQXIDcQnc6rCcEhcw3rD+HbHg/8BRTf3o8Fa99Oy4H9nFE7:inhW/X056r4jlGzuiFyZ24IO8qaZ |
MD5: | F9A5C4E8681FB2C6AF4A0329EA1A04DD |
SHA1: | 8F881ACADA39921F103DEBC0435D3B3334AD7834 |
SHA-256: | F911D2D4FB66FA54031FDBFB6805ACB001EB0117FA564504CA9D3C3322F49A6C |
SHA-512: | 5286FC98761BD588E07953A27B5D0988B786B91F8E2B04AF46BFA706D3ADA37519B9DBC84470174A7404AA15510743680F58C6CDF354377E559F033BB63A271A |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_504654aafbb45967f4acb4ca8e5b93132f2f_1bd0a4a3_ef6f7bd1-c393-4e57-b46f-a509222f2e19\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8379608512476548 |
Encrypted: | false |
SSDEEP: | 96:xL3DJsJhq7oA7RT6tQXIDcQnc6rCcEhcw3rD+HbHg/8BRTf3o8Fa99Oy4H9nFEDn:JJ/X056r4jlGzuiFyZ24IO8qaZ |
MD5: | 64A14072E6166B21D50E4B0B3BB0A464 |
SHA1: | F6F7B68EC27E9DE4B852E84CB8C9E4788CDB5865 |
SHA-256: | 5602771EF574D5577CD5AE3D641500C544395C0E5B7283AB3D08AA55547FB84D |
SHA-512: | 0D868E410712A47010D22A4CE059C1FA757BD4DB3E396488CA90166E45FD21A0DCA6B4950C444FD93FE441F81847A32041DC62BE156DE5298739DF3535D07E7A |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_97NT8DO3JB.exe_6be156e7f6408b6a57b6e7c3a2ce735a1cd81ea8_1bd0a4a3_0ed49d18-13ae-42ea-852a-2af280a287d7\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.9993532650240066 |
Encrypted: | false |
SSDEEP: | 192:K35Wx/2O0QC+g5VLjlQQedzuiFyZ24IO83aZ:Dx/21QC+g5VLjwzuiFyY4IO83a |
MD5: | 2126C7EA78C422FFC343731ED386C7E8 |
SHA1: | 1189A10E8E9CF6AB1ED9C5983F7A7078D6128E33 |
SHA-256: | 279A99D6EF2175E276C6EC697E271AB5666F7903D6DD3DB1763EFEE8DFA11A1F |
SHA-512: | 83761C8BF26C70F9627F27D5027D7E7590FE7D23A044C52F5D21F7C55E45973A048E9C08B4553AC6137CF1A86E0AC1BC181BD3C3AD08886689B5FB50B4DA61B1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 63042 |
Entropy (8bit): | 2.179482889297243 |
Encrypted: | false |
SSDEEP: | 384:SLYhd/Gz1rs5xNfYCht64fb8sZiXwZGv9tNX7Eb8t85:SUfuzZANf6kb1iXwZGv9teX |
MD5: | BEAB51F5B069DA9179DA894B48E3A1B8 |
SHA1: | CBC1BEC6B7FA4D27B128202685FD72EED40D62DD |
SHA-256: | 9B6D53B13D9BA5FC89DB6F5018782FA7299B60A903E0C92A947A206A533C0763 |
SHA-512: | AEDB37AFCE4E513E403E82FABFCB52FAF551D5B36EC6FBD607E4C9EC19A6061D2696A2DC7C349CBA23045AAB87E9C70E792673179BD513DB8D0DF79B7F23096D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8422 |
Entropy (8bit): | 3.701296333134444 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJR/6I7+De6Y9cSUl7gmfb9pB089bvvsfQTFm:R6lXJZ6I776YGSUl7gmfbDvUfQs |
MD5: | EB2A47F8A5E5B9201D7CE2223AA8B0EE |
SHA1: | 678A8118200B565A4A42F8B8C35802DDDEDDCC29 |
SHA-256: | F66A7A0CF55D73B4B7F914E598C6EAE2065883C12BF7EACEF27EAB9A7E126607 |
SHA-512: | 7F6054F7A4CCDB1AD38590095FAB1329C60EE3A18A6FCF389BE8B6A38028D40A280ED6B16C740415BD2BC59D35F097162AC93AD8FEE8387FED18C8D0F2EE4095 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.497921325789048 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg77aI9TiZWpW8VYgYm8M4JmvgJF3+q8vZgEMdtd:uIjf6I7Uo7VcJ7KDMdtd |
MD5: | 256B8567313590FD979799CF3377AFEC |
SHA1: | 8026512D359A1FC8F7B5F80CBE73F4AF0F73DD9D |
SHA-256: | 01657161DDA39B5C9F0FAC12CA9E4A518E79CD183162908C80A580792382A5FB |
SHA-512: | DAD11881042BF9983B6B208D50E15C761B6C1AB3100B60E60A3E2568325F853976ECB20D42EC6F8251EC3CAF4E073C0CA3F834B2EF34DD1237242B1290DD49BB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 62934 |
Entropy (8bit): | 2.205692407842432 |
Encrypted: | false |
SSDEEP: | 384:sYhd/tzm9wfYCgs1mlt64fb8sZiLwZGv9tN+rbBt5k:Xf1z2wUZ6kb1iLwZGv9tke |
MD5: | 4A6E46C3546CCEB0AC2F4DD3835756BF |
SHA1: | F2E947E81861A280D618A954E160E31ED4261C6F |
SHA-256: | A7537F381951042E64B8DABA3B9FB6EF5C657174218AEC69EA0FF9E015CFE900 |
SHA-512: | 8404EEA536ACA64A4DFEC3EE094324870429B2F89F7265F2C62493C8845A0AF694F1DEBF3F12FF38F1BAD5394E3B291AC8EE8CC81B2457BD67D381251271F326 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8422 |
Entropy (8bit): | 3.700517173587705 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJR36I7F6Y9OSUJLgmfb9pBv89bvvsfd7Fm:R6lXJB6I7F6Y0SUJLgmfbyvUfd0 |
MD5: | 13BBD71994F9E5B86A45AC9DA241A4EF |
SHA1: | 56F1BFE2062D7B4708BB8FF29CFDE94708135123 |
SHA-256: | 9BEC0009356E05A7114E9D394A1C1F521C6BFF0E8F56F50979CA161B32FC4866 |
SHA-512: | 738139030134F4DD80AB660CEC77C867F07A0A4F120FFDF970A14807138A5C2FCDA1CFF169BA4AC88CDF1F896F1F2F2CEB9547D647883D9E7104AD372ED7AAA6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.495967764947495 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg77aI9TiZWpW8VYVHYm8M4JmvgJFGm+q8vZgEMdtd:uIjf6I7Uo7VNJ6mKDMdtd |
MD5: | 3302B3AEF809A491F8347AFB2520634B |
SHA1: | 46011092EEDB373C03B0EACE8912DB8EF3CBE9E5 |
SHA-256: | 9861BC4C0885BEF7611F0B72212E03C9652E5E21B0DA604801230F7273EA6262 |
SHA-512: | CD7296D9BAE64A1331E005063747872F9F319983245E7E9566F1FA1247D5959A2F7C3F9B754266E05371E2E6549C7731CE8BD0AA574F987C0C28FFCEA0D03592 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72626 |
Entropy (8bit): | 1.96689297268973 |
Encrypted: | false |
SSDEEP: | 384:9IgeBSTusIz6m7hCNsaiHsZiLwZGv9tNdqbTzFAFhi:9BewT9Iz6iOpiLwZGv9tSVAFh |
MD5: | A0C9BA418A370AFFB5182CECB8EE926A |
SHA1: | 74DFD3858333E0E51E64DA563B94E67308439627 |
SHA-256: | 66C08C1028934D700CE252D8FC72AA93D257F19F90AE65EDA72CFF7AE65663AF |
SHA-512: | ADF897061731E64412A19FB52835789551C4BC6559BC526CB13EC72501F7ED3D887D61F22DD1FFE7DA1B9BC607622C2529C98659240CDDC2AADA1A5D2F9D3D8A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8424 |
Entropy (8bit): | 3.7002567570843024 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJRt6IYiY6Y9qSU1SaMgmfb9pBRC89bmvsfHCm:R6lXJb6IYV6YgSUspgmfbr7mUfz |
MD5: | C8EC941A965240067D2C85C6BBE715EC |
SHA1: | 4D971AD7950508F5A5A9B9A13356AD5604376EB9 |
SHA-256: | B6B0829197BCD252F352FB1DBADD4311B7A1E18976C7BA48B266CDCDF688BF52 |
SHA-512: | DE43D4815999BB5F4D4EE3C14D52AA5497FEE698B07EAA6425DC6918F1B6C75FCC797E929B6B1C0C1D76F95652E6085366E21538CCBCF0BAE8F7E472589CE501 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.498803148095946 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg77aI9TiZWpW8VY9Ym8M4JmvgJF5+q8vZgEMdtd:uIjf6I7Uo7VpJdKDMdtd |
MD5: | D0E59A761018F4F7825E019B0131B5F5 |
SHA1: | E2FB86731AF2512AD95A4C4A5B53601109FBFB85 |
SHA-256: | E9C45C745EB17BEB8B98E823A4F6BD6C947CF629F8E5AA842E82B98D4DC80FFE |
SHA-512: | 9842A82C55A3789896F2D9ADB8073E766869E4E106F9F0FAFE70DB3AB19E83D1DC2A27A6D84BA3592A53BE054496DC2061B4B68F6E1987DF8A94F521B34B4728 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72182 |
Entropy (8bit): | 1.977518764563967 |
Encrypted: | false |
SSDEEP: | 384:7geBSTC2pzWn73sC8CL7sZiLwZGv9tNdJbg2Qbi:MewTC2pzW73wiLwZGv9tREu |
MD5: | CC820A1056EE9DF22DC2B2D9EEBDED2C |
SHA1: | DBD61611195136A09BBDADDFADCE44CB0FE9B377 |
SHA-256: | 2376300C9D58A1A96E122B56FEF4AE0C16966C58FEC8067DDB63B86EEE288921 |
SHA-512: | 803708667B69F4088876ADB31B123DCDCEECD0001C4438ECD09F2F33E42C4AB2CEDE400A59243522B1E19130B709AC9EEBBFF96EC1034C4CFA06F3A2C14D074C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8424 |
Entropy (8bit): | 3.69953998339207 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJRz6IYAgY6Y9flSU+Cagmfb9pBa89b9vsfJfm:R6lXJF6IYi6YllSUFagmfbR9UfM |
MD5: | 2209485B54F925EE1D2FEDB7F7BFE9CF |
SHA1: | B411E629E1171B59AD9CEBC3D76E46E70529C6F3 |
SHA-256: | E26EF78D10D74175C57DFA8ECD20A459FF1931A2A2C8B24B8D93E87208572587 |
SHA-512: | EFD97C1387CB9A1813FE63166BBA644C0D4DC747BDF7C9F44BE941AD48972D68858F7ECD0C3B438262FF1DE7FE4C611EBFF17A5A691DADC8DBC633F22ADCA044 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.496981466706677 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg77aI9TiZWpW8VY8Ym8M4JmvgJFu7G+q8vZgEMdtd:uIjf6I7Uo7VEJrKDMdtd |
MD5: | EF7B059815C212FAF89444FE7EC3DF55 |
SHA1: | E9114C1FCE841B41651EA040A37051AA596BFE67 |
SHA-256: | ABD9BBD3FC46D7B0F65BF3AA436A186B4380269F5804D2ED783C61BF59CF2ACB |
SHA-512: | 9881BD5A8D0F7C554F726530C7152D130417761C161E3BBB60EB62E356C2CA8476C0E16CC2F27D79D537F011421C3E735955598358792765A4D9D5628BB7CB8A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 79226 |
Entropy (8bit): | 1.9443747809616283 |
Encrypted: | false |
SSDEEP: | 384:LiJozf1Az78LsGUTMCoCxLwZGv9tNdkbHeDdZiUnK:cif1Az7uMT1LwZGv9tIAwA |
MD5: | 4414C3FB3227B3739C7D344A51582862 |
SHA1: | 0F80C0F2914E6D80A88D3C0E054F490564E2029A |
SHA-256: | A3F5CF042FB94D7FCFA315E9218A81457899C1AF8CE5FD1BBD3D12DCBE41395F |
SHA-512: | D8105F4608F188060429D36245639B19550D9D9DED0C216FE003FBC32014857253EC9BEC60439A5DA18936D67278BA2F48C712275C8CD57D8D75AB44EED10E42 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8424 |
Entropy (8bit): | 3.702545806150804 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJRo6I7f6Y93SU+Ougmfb9pBM89b9vsf0yfm:R6lXJe6I7f6Y9SUxugmfbL9Uf2 |
MD5: | DF6525B60E45DF0290330CAC3EACAD8D |
SHA1: | 2F6761E0A543A46263A0C3458A743DADFFA0E419 |
SHA-256: | 2045D00BE9805BF895557F433487616326080C6CE9791AAFF4D27F3A0E72CC68 |
SHA-512: | 68F1EBD9C37D43008B93E4762BDABD2DAAAE5B7A8B78AC716C7013B5F2442485D3BF997629934B12C9DB7759E6870E791BB4E6DE39274735379256274592A790 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.499719271758813 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg77aI9TiZWpW8VYxYm8M4JmvgJF9+q8vZgEMdtd:uIjf6I7Uo7VBJ5KDMdtd |
MD5: | 213886DE21F1EC080C52E83C618F477E |
SHA1: | 528CEACF927C20389EBB39A07911512055BE0C75 |
SHA-256: | 9AC4E0182D16DB44C21EAA9C3C1F3388EAA15F697576BADE5C9AF7EB5D0F5016 |
SHA-512: | 27621368E820CE95D44CF631B51E785B4EB6A6337A4591611F0FEFF9543A739437EC5FB696C59D33F115F3C17851C3BD6D38A93F4BE13E107A421A52A561F21D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 87836 |
Entropy (8bit): | 1.9479653214456283 |
Encrypted: | false |
SSDEEP: | 384:UUf9u7DMz+A8lOqo0AMCD4sQQXxLwZGv9tNd2bJaf3mZqzGEG:pu3MzHqlAc2LwZGv9te4fmE |
MD5: | 766F5A9227BC924B351B63FCF39CA8B5 |
SHA1: | DA5E563C2DD1B9A68F60E01403BBE7A8CBA9B3B3 |
SHA-256: | 50708A508A8EC486A9D0291EAC6B8136D3EA07A922CA16B096D2DACA65971EF4 |
SHA-512: | 8A4CAC019D44DF93D308A2F99208FB5FBFFAAE604448F98462E69190BBD00A4A83945E3B6CD123F4D2F31195679331E40A3DEA24A40FF08686F1AE44AD057EEC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8424 |
Entropy (8bit): | 3.7025389537116156 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJRH6IFM6Y90SU+Ougmfb9pBa89b0vsfBcm:R6lXJx6IFM6Y+SUxugmfbR0Ufv |
MD5: | 74119FC89F5CF4F9C7076EBE7A33EDA1 |
SHA1: | 7F255AD8666B9950AD800EF628182CA7B74769B0 |
SHA-256: | E723C1D859EC51920CCAEA3A01C0BC505F136979E6BA3800DEE01C839D2E3E61 |
SHA-512: | 363E81EC78C1617C39ED657D2F46B6DEACDB19B5741B3594F36E4D2EA6651E808117EA4BBE56F01FF8C642172AE309D150B537FBC63C2A51617F1811292A73BC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.499065197313322 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg77aI9TiZWpW8VYqYm8M4JmvgJFUq+q8vZgEMdtd:uIjf6I7Uo7V+JQqKDMdtd |
MD5: | 1A1C42B06A908575B726E0021E569ECE |
SHA1: | 6EC5E78F2A5FF5DDD0F4F2E0CA2C9CAD84D0A767 |
SHA-256: | 214FCA09C032E57142F943CF956AC73D0104EEF3107DC2F9530BA3E057D560C7 |
SHA-512: | 9FBFC9A78E75DEE7BB346FE6DC78E47526C78AC29AD26E9AF7EF94FAF47B13C1EDBA17462334537ADA62206EA772584BBBB39050460CFC1643BB5030393CB804 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 102806 |
Entropy (8bit): | 2.132224330218717 |
Encrypted: | false |
SSDEEP: | 768:ZIP6mFztlAqiUyY8m4G2kLwwmv9t6Ezw:CrAqbyY8m4GQFkEzw |
MD5: | 866AA522636C818AE2CB2A8FADBFEC51 |
SHA1: | B363CCE45DF8333639C746DF74567367AB35F07E |
SHA-256: | E80417E8FED8F3250B3CCF873A6BDF4C054F01FA9BB7A96D65D92E006CD3E0C9 |
SHA-512: | 01AB821DB34152BAA4B0C6599BC6C15EABBAD0202F646D880C0CEBA212E1A6F8EF0A9582631DA4BEA18724F7BE096A2408EB27DA7CF6D403D3351E21D4156E0F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8424 |
Entropy (8bit): | 3.7021033342648515 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJRE606Y9nSU+Oigmfb9pBRC89b6vsfROem:R6lXJy606YtSUxigmfbr76UfE |
MD5: | 8258AE798D1586299A1298CB94E4F7C9 |
SHA1: | 272DD6187908911BFCC19788B002A32852BF033D |
SHA-256: | A6C5CEFAC42357DF0F5942738A59FD6A3F7F978E6A367E9DD4AB909852DEAC8C |
SHA-512: | AFAA51F0F258E23505D0E65856EDFC982FD048FE8D21B4B2694E83C03EC7303B228E5D1680B78F8AF374E16F8E46B7314CA32CBB8011E13D5F03658FCF0B51AF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 4.5004787617362885 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg77aI9TiZWpW8VYaYm8M4JmvgJFI+q8vZgEMdtd:uIjf6I7Uo7V+J8KDMdtd |
MD5: | 5FF5BCD084A3719B3F7A1098557FE819 |
SHA1: | 011DE3515A49FA48FD0DEB2910CF6518418B3A5E |
SHA-256: | FF6ED739F72C3924592296909C3854D45C9299BE2B73EE0268ACD2F9CFF00FD2 |
SHA-512: | 41A5B31BABF0655EDF15697DE708417AFC54D40B9113B72CEC4E780E733A2965DDA32AE45726BADB6AF43D775A7F317A74B85AD0775AA1AF3B59BAC3BA5258EC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46270 |
Entropy (8bit): | 2.6218383726358687 |
Encrypted: | false |
SSDEEP: | 384:G+BM+xMz8T/Y05wwyn9tNQ/O5hMWS//Iaa0Xx:frxMz8bY05wwyn9t2QObB |
MD5: | CFE0803A8C5F3877AC6FD7B40E03B761 |
SHA1: | A3A72B5DB1CC68445A77BED8FDAB0F57F902F7F3 |
SHA-256: | 3FEED9E58276EAE0B79F4134F1D15E379DE04F60817EE8EB54BCC358048D463E |
SHA-512: | 41CCEE30656FBBA292B86612E3C6221DD886AD88897C6F59EBDCA1CB1320B05E1AF4440BDAFA96917D16A706A3395AF57F226968611C13891C53C13BC6E21365 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8322 |
Entropy (8bit): | 3.6958134490654766 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJRA6fm56Y94SU7ZrgmfbRTpDT89bNvsfrSvm:R6lXJ26+56YiSUNrgmfbRSNUff |
MD5: | 097F312D665C6EC0C6A49928A8A62E08 |
SHA1: | 96EF7170D07771DAA1222BE161F643FE4E37E767 |
SHA-256: | 7BCDA41F119B2C0A58EE471F8F0E8DE1ECA517EB7E8B018F40E23B532BDED9E3 |
SHA-512: | B1CC74A4B207173E2231DD7531D925CFEB8814FC0919D8766B444EB2EC4D4858BF061F49FE284499739286EA301033C884BAE2BE71E7366F3704C16A4AC5E6D6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4579 |
Entropy (8bit): | 4.4801595545485595 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zs8Jg77aI9TiZWpW8VY+Ym8M4JmvgZ5FD+q8Ns12Mdtd:uIjf6I7Uo7VOJBsMdtd |
MD5: | 820B0BFABB1F4E6F1D86247DF76C4449 |
SHA1: | 8D6D3EE9200E2529E905C068085D5277E266D879 |
SHA-256: | 1562B6959781E5F776E2DF754070CD9F30F3845C84AD5E9C4407EAE5A1D4BE3B |
SHA-512: | CC447E0E2C0DA99DA88F42FFCE7EB3D27533133B41CCF01B976017E3B16143FFB8D5BC884AD33A024601C39542A1ED3ED2A05AD404FD25AEFCC394C20A0E4B2E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\97NT8DO3JB.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:V:V |
MD5: | CFCD208495D565EF66E7DFF9F98764DA |
SHA1: | B6589FC6AB0DC82CF12099D1C2D40AB994E8410C |
SHA-256: | 5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9 |
SHA-512: | 31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\SIHClient.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 3.1738926569439885 |
Encrypted: | false |
SSDEEP: | 96:Fh1IbH45Dw75+ywGsrWdoxDYx2g9Ic3kZrBYcbIaSJlcBE6JLTGwU06Ux:Fhk45Dm5jDvoZ+JacWB7bHimE6E26Ux |
MD5: | 578555AAFDA6FBE2C76A31EF4C5D03E3 |
SHA1: | 336A957671E9FE1297776E8E8EC3942DB56397B9 |
SHA-256: | 65E0F9E24053567A949F627DA34164DB1F2C13034A85DAC4DE2FBBFBA5BA603F |
SHA-512: | 7B416966BA04FEE3A6BAC7C53D0FC6ABE60037B1A8F1FE12B8E8601D34E0BFCE58D0D6DC98F52B35E862E05854B47B84A32C0896C4A12CE500D9EE93BF9E8F38 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\SIHClient.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17126 |
Entropy (8bit): | 7.3117215578334935 |
Encrypted: | false |
SSDEEP: | 192:D5X8WyNHDHFzqDHt8AxL5TKG+tJSdqnajapCNjFZYECUqY7oX9qhnJSdqnaja2Sl:qDlsHq4ThPdlmY9CUiqOdlm2W |
MD5: | 1B6460EE0273E97C251F7A67F49ACDB4 |
SHA1: | 4A3FDFBB1865C3DAED996BDB5C634AA5164ABBB8 |
SHA-256: | 3158032BAC1A6D278CCC2B7D91E2FBC9F01BEABF9C75D500A7F161E69F2C5F4A |
SHA-512: | 3D256D8AC917C6733BAB7CC4537A17D37810EFD690BCA0FA361CF44583476121C9BCCCD9C53994AE05E9F9DFF94FFAD1BB30C0F7AFF6DF68F73411703E3DF88A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\SIHClient.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24490 |
Entropy (8bit): | 7.629144636744632 |
Encrypted: | false |
SSDEEP: | 384:iarwQcY8StpA7IQ6GCq30XPSIleI7lzCuqvfiSIleIx:iartHA7PCFP66Tqvfi6c |
MD5: | ACD24F781C0C8F48A0BD86A0E9F2A154 |
SHA1: | 93B2F4FBF96D15BE0766181AFACDB9FD9DD1B323 |
SHA-256: | 5C0A296B3574D170D69C90B092611646FE8991B8D103D412499DBE7BFDCCCC49 |
SHA-512: | 7B1D821CF1210947344FCF0F9C4927B42271669015DEA1C179B2BEAD9025941138C139C22C068CBD7219B853C80FA01A04E26790D8D76A38FB8BEBE20E0A2A4A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\SIHClient.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 17395 |
Entropy (8bit): | 7.297808060361236 |
Encrypted: | false |
SSDEEP: | 192:Y++BFO7SCP3yalzqDHt8Axz5GIqMvus/qnajBMWj6AkKFZYECUqY7S8Zuo1nqnaC:lCksHqzj0l9P6AnCUTZZl9lRo |
MD5: | E97660B7AB6838D0D96B5C6BB4328753 |
SHA1: | AA104E62A8166E23D89C4769EC382EF345299D28 |
SHA-256: | 2BA13EB8A2705B01E54067B2A4FFC17CA2EB376EE3F3BA8D9C5FACE8C5AC1279 |
SHA-512: | E867FE411239AD8EB66342C9522D48DBC9BB872210CD14B4C734661C4966AEC8CF022C510284B70736049E1F98C4EDA18651C7F7A3B7F6E1DEF782F4F89E8FB2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\SIHClient.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25457 |
Entropy (8bit): | 7.655665945183416 |
Encrypted: | false |
SSDEEP: | 384:i9eD3oXHzqAAteICxU2L/l/dVCmMMx2GCq3fQkclmIO+WccCuqvXolUjx2:3AhAteHq2L/l/dkMxjCgF+WcmqvS |
MD5: | 9D27F0ECE5019003D4415EB80973B81A |
SHA1: | 39C19D8842C0201FD203F6D1EA79CEBD2E880970 |
SHA-256: | 331D51A091FFA84C2959F2A5971EEC6EC976F00B84473E4861D72CBED4C97203 |
SHA-512: | 8DF4CBDF4248743F50DFB41B0E6CC94C61227505288B23742EA0E9C86A8FA71D2AA84621D094D867C91BA4B551256E7FDD28ADE5ABA6C23F68CD80A4768922E1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465449364410048 |
Encrypted: | false |
SSDEEP: | 6144:GIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNcdwBCswSbH:rXD94+WlLZMM6YFHW+H |
MD5: | 5DED8E3757584F70B5129008A82946B0 |
SHA1: | 51E5EA1BD45BC384BB7B8327FAB71BB42EF3A424 |
SHA-256: | 89871949A5FA33A366FC2FA35CC1255D844D58852A13C2E2B47B5AF035E5EF37 |
SHA-512: | 8C465C1E58144EB9BE00E63F494A47AADA825042A2CD94C4F3476AD8416EA7EA24CB1DCB9A77277E6981435E2D38F2B75CA8E2610755178938C2B99CCD118234 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.51095950250924 |
TrID: |
|
File name: | 97NT8DO3JB.exe |
File size: | 388'096 bytes |
MD5: | 3415aaebe725006cfa66320863c1bb8a |
SHA1: | 37cb513d1f01f9ec819b62ca8ff1b591ae4c8669 |
SHA256: | ee36bc6d088eefecf233a4592027abfe4934fdd240afd39dc654da60e49b710c |
SHA512: | 537dcf54adfef9facb47eb7b57e37aa8d530abe07c9097466ba4acb3e2723d6349973e1c9aea0ce54ac0dffd72de4c4c3e43f2dee8897b5adfc14ec8b2e96385 |
SSDEEP: | 6144:/M2FZoaWs0RraGCf9yqWK+a6m9V5wHCIvGSp:/M2j+s0RrJwW1a6m76tGS |
TLSH: | B0845A03B2E2BC61E52247325F6DBAEC372EF8614EA56B5F2358AE1F05701B1D613721 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............G...G...G...G...G..:G...G..;G:..G..HG...G...G...GOL>G...G...G...GOL.G...GRich...G........................PE..L......e... |
Icon Hash: | 410545494945410d |
Entrypoint: | 0x40692b |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x650DA5AC [Fri Sep 22 14:33:16 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 7b633a270c7c42fd79f7a13bab792dbe |
Instruction |
---|
call 00007FA7C8F0E199h |
jmp 00007FA7C8F03BF5h |
push 00000014h |
push 00424C40h |
call 00007FA7C8F0B0A4h |
call 00007FA7C8F05FE3h |
movzx esi, ax |
push 00000002h |
call 00007FA7C8F0E12Ch |
pop ecx |
mov eax, 00005A4Dh |
cmp word ptr [00400000h], ax |
je 00007FA7C8F03BF6h |
xor ebx, ebx |
jmp 00007FA7C8F03C25h |
mov eax, dword ptr [0040003Ch] |
cmp dword ptr [eax+00400000h], 00004550h |
jne 00007FA7C8F03BDDh |
mov ecx, 0000010Bh |
cmp word ptr [eax+00400018h], cx |
jne 00007FA7C8F03BCFh |
xor ebx, ebx |
cmp dword ptr [eax+00400074h], 0Eh |
jbe 00007FA7C8F03BFBh |
cmp dword ptr [eax+004000E8h], ebx |
setne bl |
mov dword ptr [ebp-1Ch], ebx |
call 00007FA7C8F0A97Ah |
test eax, eax |
jne 00007FA7C8F03BFAh |
push 0000001Ch |
call 00007FA7C8F03CD1h |
pop ecx |
call 00007FA7C8F0A16Eh |
test eax, eax |
jne 00007FA7C8F03BFAh |
push 00000010h |
call 00007FA7C8F03CC0h |
pop ecx |
call 00007FA7C8F0E1A5h |
and dword ptr [ebp-04h], 00000000h |
call 00007FA7C8F0D34Bh |
test eax, eax |
jns 00007FA7C8F03BFAh |
push 0000001Bh |
call 00007FA7C8F03CA6h |
pop ecx |
call dword ptr [0041B0E0h] |
mov dword ptr [01A10A44h], eax |
call 00007FA7C8F0E1C0h |
mov dword ptr [004488ECh], eax |
call 00007FA7C8F0DB63h |
test eax, eax |
jns 00007FA7C8F03BFAh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x251f4 | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1611000 | 0x17d78 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1b230 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x23cd8 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x23c90 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1b000 | 0x1ac | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1951a | 0x19600 | ea6bda6eaffcd71e3cb3b840f7f54cf4 | False | 0.5763739224137931 | data | 6.682046055999516 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x1b000 | 0xabf4 | 0xac00 | 0d1b4c63d26089c531a5da1016d15edb | False | 0.43518350290697677 | data | 5.094850793149334 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x26000 | 0x15eaa48 | 0x22800 | be618370f12683f44e27b8c45c4e9934 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x1611000 | 0x17d78 | 0x17e00 | df4394e1b46f5be823c978195c4f3ac0 | False | 0.3162017342931937 | data | 4.1099711857255254 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x1623a90 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.26439232409381663 | ||
RT_CURSOR | 0x1624938 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.3686823104693141 | ||
RT_CURSOR | 0x16251e0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.49060693641618497 | ||
RT_CURSOR | 0x1625778 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4375 | ||
RT_CURSOR | 0x16258a8 | 0xb0 | Device independent bitmap graphic, 16 x 32 x 1, image size 0 | 0.44886363636363635 | ||
RT_CURSOR | 0x1625980 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.27238805970149255 | ||
RT_CURSOR | 0x1626828 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.375 | ||
RT_CURSOR | 0x16270d0 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5057803468208093 | ||
RT_ICON | 0x1611880 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.4118663594470046 |
RT_ICON | 0x1611f48 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.1671161825726141 |
RT_ICON | 0x16144f0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.21808510638297873 |
RT_ICON | 0x1614988 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.4118663594470046 |
RT_ICON | 0x1615050 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.1671161825726141 |
RT_ICON | 0x16175f8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.21808510638297873 |
RT_ICON | 0x1617a90 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.3694029850746269 |
RT_ICON | 0x1618938 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.45712996389891697 |
RT_ICON | 0x16191e0 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Romanian | Romania | 0.45910138248847926 |
RT_ICON | 0x16198a8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.44942196531791906 |
RT_ICON | 0x1619e10 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.266597510373444 |
RT_ICON | 0x161c3b8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.30558161350844276 |
RT_ICON | 0x161d460 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.35904255319148937 |
RT_ICON | 0x161d930 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Romanian | Romania | 0.5676972281449894 |
RT_ICON | 0x161e7d8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Romanian | Romania | 0.5464801444043321 |
RT_ICON | 0x161f080 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Romanian | Romania | 0.6184971098265896 |
RT_ICON | 0x161f5e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Romanian | Romania | 0.462448132780083 |
RT_ICON | 0x1621b90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | Romanian | Romania | 0.48686679174484054 |
RT_ICON | 0x1622c38 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Romanian | Romania | 0.4954918032786885 |
RT_ICON | 0x16235c0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Romanian | Romania | 0.44769503546099293 |
RT_STRING | 0x1627848 | 0x3f0 | data | Romanian | Romania | 0.46726190476190477 |
RT_STRING | 0x1627c38 | 0x48a | data | Romanian | Romania | 0.45008605851979344 |
RT_STRING | 0x16280c8 | 0x13e | data | Romanian | Romania | 0.5283018867924528 |
RT_STRING | 0x1628208 | 0x35e | data | Romanian | Romania | 0.46867749419953597 |
RT_STRING | 0x1628568 | 0x55e | data | Romanian | Romania | 0.44250363901018924 |
RT_STRING | 0x1628ac8 | 0x2ac | data | Romanian | Romania | 0.4722222222222222 |
RT_GROUP_CURSOR | 0x1625748 | 0x30 | data | 0.9375 | ||
RT_GROUP_CURSOR | 0x1625958 | 0x22 | data | 1.0588235294117647 | ||
RT_GROUP_CURSOR | 0x1627638 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x1623a28 | 0x68 | data | Romanian | Romania | 0.7115384615384616 |
RT_GROUP_ICON | 0x1614958 | 0x30 | data | Romanian | Romania | 0.9375 |
RT_GROUP_ICON | 0x161d8c8 | 0x68 | data | Romanian | Romania | 0.7115384615384616 |
RT_GROUP_ICON | 0x1617a60 | 0x30 | data | Romanian | Romania | 1.0 |
RT_VERSION | 0x1627668 | 0x1e0 | data | 0.5604166666666667 |
DLL | Import |
---|---|
KERNEL32.dll | GetLocaleInfoA, LocalCompact, LoadLibraryExW, ReadConsoleOutputAttribute, AddConsoleAliasW, CreateHardLinkA, GetTickCount, CreateRemoteThread, GetWindowsDirectoryA, GetVolumeInformationA, LoadLibraryW, ReadConsoleInputA, CopyFileW, ReadProcessMemory, WriteConsoleW, GetModuleFileNameW, GetCompressedFileSizeA, GetTempPathW, SetThreadLocale, GetNumaProcessorNode, SetLastError, FindVolumeMountPointClose, CreateTimerQueueTimer, SetStdHandle, SetFileAttributesA, WriteConsoleA, LocalAlloc, SetCalendarInfoW, GetExitCodeThread, AddAtomW, RemoveDirectoryW, GlobalFindAtomW, GetOEMCP, VirtualProtect, AddConsoleAliasA, CreateFileW, GetComputerNameA, FindFirstChangeNotificationW, GetLastError, GetSystemDefaultLangID, OutputDebugStringW, FlushFileBuffers, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapFree, IsProcessorFeaturePresent, GetCommandLineA, GetCPInfo, RaiseException, RtlUnwind, HeapAlloc, UnhandledExceptionFilter, SetUnhandledExceptionFilter, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetProcAddress, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, IsValidCodePage, GetACP, GetCurrentThreadId, IsDebuggerPresent, GetProcessHeap, ExitProcess, GetModuleHandleExW, HeapSize, GetStdHandle, GetFileType, CloseHandle, GetModuleFileNameA, WriteFile, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, ReadFile, SetFilePointerEx, GetConsoleCP, GetConsoleMode |
USER32.dll | GetMenuItemID |
GDI32.dll | GetCharacterPlacementW |
ADVAPI32.dll | DeregisterEventSource |
WINHTTP.dll | WinHttpConnect |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Romanian | Romania |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/19/24-22:35:59.183264 | TCP | 2856233 | ETPRO TROJAN Win32/Unknown Loader Related Activity (GET) | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 22:35:58.980036974 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Apr 19, 2024 22:35:59.182888985 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Apr 19, 2024 22:35:59.183034897 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Apr 19, 2024 22:35:59.183264017 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Apr 19, 2024 22:35:59.386101961 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Apr 19, 2024 22:36:00.628887892 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Apr 19, 2024 22:36:00.629064083 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Apr 19, 2024 22:36:06.866122961 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Apr 19, 2024 22:36:06.866159916 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Apr 19, 2024 22:36:06.866333008 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Apr 19, 2024 22:36:06.866333008 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Apr 19, 2024 22:36:06.910639048 CEST | 80 | 49730 | 185.172.128.90 | 192.168.2.4 |
Apr 19, 2024 22:36:06.910850048 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
Apr 19, 2024 22:36:15.832154036 CEST | 49730 | 80 | 192.168.2.4 | 185.172.128.90 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 185.172.128.90 | 80 | 6640 | C:\Users\user\Desktop\97NT8DO3JB.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 19, 2024 22:35:59.183264017 CEST | 411 | OUT | |
Apr 19, 2024 22:36:00.628887892 CEST | 204 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 22:35:53 |
Start date: | 19/04/2024 |
Path: | C:\Users\user\Desktop\97NT8DO3JB.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 388'096 bytes |
MD5 hash: | 3415AAEBE725006CFA66320863C1BB8A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 22:35:53 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 22:35:54 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 22:35:55 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 22:35:55 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 22:35:56 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 22:35:56 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 15 |
Start time: | 22:35:59 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 16 |
Start time: | 22:36:00 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 236'544 bytes |
MD5 hash: | D0FCE3AFA6AA1D58CE9FA336CC2B675B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 17 |
Start time: | 22:36:00 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 19 |
Start time: | 22:36:00 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\taskkill.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2d0000 |
File size: | 74'240 bytes |
MD5 hash: | CA313FD7E6C2A778FFD21CFB5C1C56CD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Target ID: | 20 |
Start time: | 22:36:00 |
Start date: | 19/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x620000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 22 |
Start time: | 22:36:12 |
Start date: | 19/04/2024 |
Path: | C:\Windows\System32\SIHClient.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7007e0000 |
File size: | 380'720 bytes |
MD5 hash: | 8BE47315BF30475EEECE8E39599E9273 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Has exited: | true |
Execution Graph
Execution Coverage: | 2.5% |
Dynamic/Decrypted Code Coverage: | 7.2% |
Signature Coverage: | 12.3% |
Total number of Nodes: | 390 |
Total number of Limit Nodes: | 6 |
Graph
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01B2F826 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D70 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 311networkCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403180 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403280 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03670E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01B2F4E5 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418FEE Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03689080 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418E19 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036788DC Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408675 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03688D07 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418AA0 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040CA21 Relevance: 3.0, APIs: 2, Instructions: 34timeCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408873 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03688F5A Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418CF3 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03689186 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418F1F Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03681509 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004112A2 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03678A70 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408809 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03679AC7 Relevance: 1.3, Strings: 1, Instructions: 76COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416A7C Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421D42 Relevance: 1.2, Instructions: 1240COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C49 Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409860 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01B2F103 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03670D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036813F9 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411192 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367D2D7 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D070 Relevance: 22.9, APIs: 15, Instructions: 357COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407F24 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041701E Relevance: 18.4, APIs: 12, Instructions: 373COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367B189 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF22 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03680E8F Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410C28 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036876A4 Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041743D Relevance: 13.7, APIs: 9, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03671FD7 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 311networkCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0368690E Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004166A7 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407A99 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041146B Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03677D00 Relevance: 9.2, APIs: 6, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03675FD7 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D70 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BD87 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C6C3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A8A9 Relevance: 7.7, APIs: 5, Instructions: 244COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004121BC Relevance: 7.7, APIs: 5, Instructions: 199COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03672E87 Relevance: 7.7, APIs: 5, Instructions: 162COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036857E8 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415581 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 036733E7 Relevance: 6.1, APIs: 4, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408094 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367EAAE Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E847 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0367B533 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B2CC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |