Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 7420 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 8C9287EF35644CC0B67A4B8000D38CE8) - RegAsm.exe (PID: 7440 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) - RegAsm.exe (PID: 7448 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
{"C2 url": "5.42.65.50:33080", "Bot Id": "LogsDiller Cloud (TG: @logsdillabot)", "Authorization Header": "3a050df92d0cf082b2cdaf87863616be"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine_1 | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 3 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security |
Timestamp: | 04/20/24-15:04:11.563452 |
SID: | 2043231 |
Source Port: | 49731 |
Destination Port: | 33080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-15:04:04.964162 |
SID: | 2046056 |
Source Port: | 33080 |
Destination Port: | 49731 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-15:03:59.655939 |
SID: | 2043234 |
Source Port: | 33080 |
Destination Port: | 49731 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/20/24-15:03:59.440586 |
SID: | 2046045 |
Source Port: | 49731 |
Destination Port: | 33080 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_00AE5B4B | |
Source: | Code function: | 0_2_00AE602F |
Source: | Code function: | 2_2_076C1728 | |
Source: | Code function: | 2_2_076C1738 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Code function: | 0_2_00A98318 | |
Source: | Code function: | 0_2_00AC487A | |
Source: | Code function: | 0_2_00AC4C94 | |
Source: | Code function: | 0_2_00AC50C0 | |
Source: | Code function: | 0_2_00AD125D | |
Source: | Code function: | 0_2_00AF13FF | |
Source: | Code function: | 0_2_00AC54DA | |
Source: | Code function: | 0_2_00AD125D | |
Source: | Code function: | 0_2_00AE18BA | |
Source: | Code function: | 0_2_00AC594B | |
Source: | Code function: | 0_2_00AC5DCF | |
Source: | Code function: | 0_2_00AAE170 | |
Source: | Code function: | 0_2_00AC6240 | |
Source: | Code function: | 0_2_00AE2482 | |
Source: | Code function: | 0_2_00AC667E | |
Source: | Code function: | 0_2_00AAE7E0 | |
Source: | Code function: | 0_2_00AEA967 | |
Source: | Code function: | 0_2_00AC6ACF | |
Source: | Code function: | 0_2_00AAAB4B | |
Source: | Code function: | 0_2_00AAED20 | |
Source: | Code function: | 0_2_00AC6F0D | |
Source: | Code function: | 0_2_00AC7436 | |
Source: | Code function: | 0_2_00A7364B | |
Source: | Code function: | 0_2_00A7364B | |
Source: | Code function: | 0_2_00A7364B | |
Source: | Code function: | 0_2_00AAB8E0 | |
Source: | Code function: | 0_2_00AC7972 | |
Source: | Code function: | 2_2_010225D8 | |
Source: | Code function: | 2_2_0102DC74 | |
Source: | Code function: | 2_2_064667D8 | |
Source: | Code function: | 2_2_0646A3E8 | |
Source: | Code function: | 2_2_0646A3D8 | |
Source: | Code function: | 2_2_06466FE8 | |
Source: | Code function: | 2_2_06466FF8 | |
Source: | Code function: | 2_2_076C2540 | |
Source: | Code function: | 2_2_076CB470 | |
Source: | Code function: | 2_2_076C1728 | |
Source: | Code function: | 2_2_076C1738 | |
Source: | Code function: | 2_2_076C0040 | |
Source: | Code function: | 2_2_076C0007 | |
Source: | Code function: | 2_2_076C7FC8 | |
Source: | Code function: | 2_2_076C7FB8 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | File opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00A8FB13 | |
Source: | Code function: | 2_2_0646E070 | |
Source: | Code function: | 2_2_0646ED01 | |
Source: | Code function: | 2_2_06463B53 | |
Source: | Code function: | 2_2_064649AD |
Persistence and Installation Behavior |
---|
Source: | Registry value created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 0_2_00AE5B4B | |
Source: | Code function: | 0_2_00AE602F |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00AA0955 |
Source: | Code function: | 0_2_00AE889B | |
Source: | Code function: | 0_2_00AD542B | |
Source: | Code function: | 0_2_00AE85E7 | |
Source: | Code function: | 0_2_00AE868D | |
Source: | Code function: | 0_2_00AE86FE | |
Source: | Code function: | 0_2_00AE863A | |
Source: | Code function: | 0_2_00AE87F1 | |
Source: | Code function: | 0_2_00AE88D8 | |
Source: | Code function: | 0_2_00AE8846 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_00AA0955 | |
Source: | Code function: | 0_2_00A8F7BA | |
Source: | Code function: | 0_2_00A8FB66 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_00B631C5 |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00A8F337 |
Source: | Code function: | 0_2_00A64B3D | |
Source: | Code function: | 0_2_00A8DC1F | |
Source: | Code function: | 0_2_00AD9F1F | |
Source: | Code function: | 0_2_00ADA10E | |
Source: | Code function: | 0_2_00ADAC69 | |
Source: | Code function: | 0_2_00AEB05F | |
Source: | Code function: | 0_2_00AEB3A8 | |
Source: | Code function: | 0_2_00AEB4EB | |
Source: | Code function: | 0_2_00AEB42A | |
Source: | Code function: | 0_2_00AEB598 | |
Source: | Code function: | 0_2_00AEB87F | |
Source: | Code function: | 0_2_00AEB9F2 | |
Source: | Code function: | 0_2_00AEBB39 | |
Source: | Code function: | 0_2_00AEBC3B |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00ADACB7 |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 221 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 231 Security Software Discovery | Remote Desktop Protocol | 3 Data from Local System | 1 Non-Standard Port | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 241 Virtualization/Sandbox Evasion | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 1 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | 241 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 Install Root Certificate | DCSync | 134 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
12% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
5.42.65.50 | unknown | Russian Federation | 39493 | RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1429065 |
Start date and time: | 2024-04-20 15:03:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@5/5@0/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
15:04:05 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
5.42.65.50 | Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse | ||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse | |||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | RedLine, Xmrig | Browse | |||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, RedLine, SmokeLoader | Browse | |||
Get hash | malicious | LummaC, Babuk, Djvu, LummaC Stealer, RedLine, SmokeLoader | Browse | |||
Get hash | malicious | RedLine | Browse | |||
Get hash | malicious | RedLine | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU | Get hash | malicious | Glupteba, Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| |
Get hash | malicious | Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer, SmokeLoader | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro Stealer | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | RedLine | Browse |
| ||
Get hash | malicious | Glupteba, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | RedLine, Xmrig | Browse |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2104 |
Entropy (8bit): | 3.4550275285410286 |
Encrypted: | false |
SSDEEP: | 48:8SJdATkoGRYrnvPdAKRkdAGdAKRFdAKR/U:8S8t |
MD5: | 1EB90AB9B4449F54AFF9FA0DF2FD1BC1 |
SHA1: | 89D15E9A91B60A8E7D8BBE08034D18DC9E7E004C |
SHA-256: | 2F1632E87BF01CBC5ADF3A5B016F918EC518FB0D90C53E087345D534A3A7FA53 |
SHA-512: | A408619B05A1CAE071749733A21F016E1A76624E502560296C7117D75B93C0E8DA26885A0E084618B3E4C4CCE586353CA77A742931908B7DFAA2E89F39D6AF76 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3274 |
Entropy (8bit): | 5.3318368586986695 |
Encrypted: | false |
SSDEEP: | 96:Pq5qHwCYqh3oPtI6eqzxP0aymRLKTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0at9KTqdqlqY |
MD5: | 0B2E58EF6402AD69025B36C36D16B67F |
SHA1: | 5ECC642327EF5E6A54B7918A4BD7B46A512BF926 |
SHA-256: | 4B0FB8EECEAD6C835CED9E06F47D9021C2BCDB196F2D60A96FEE09391752C2D7 |
SHA-512: | 1464106CEC5E264F8CEA7B7FF03C887DA5192A976FBC9369FC60A480A7B9DB0ED1956EFCE6FFAD2E40A790BD51FD27BB037256964BC7B4B2DA6D4D5C6B267FA1 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2662 |
Entropy (8bit): | 7.8230547059446645 |
Encrypted: | false |
SSDEEP: | 48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g |
MD5: | 1420D30F964EAC2C85B2CCFE968EEBCE |
SHA1: | BDF9A6876578A3E38079C4F8CF5D6C79687AD750 |
SHA-256: | F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9 |
SHA-512: | 6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2662 |
Entropy (8bit): | 7.8230547059446645 |
Encrypted: | false |
SSDEEP: | 48:qJdHasMPAUha1DgSVVi59ca13MfyKjWwUmq9W2UgniDhiRhkjp9g:bhhEgSVVi59defyfW2sDgAj3g |
MD5: | 1420D30F964EAC2C85B2CCFE968EEBCE |
SHA1: | BDF9A6876578A3E38079C4F8CF5D6C79687AD750 |
SHA-256: | F3327793E3FD1F3F9A93F58D033ED89CE832443E2695BECA9F2B04ADBA049ED9 |
SHA-512: | 6FCB6CE148E1E246D6805502D4914595957061946751656567A5013D96033DD1769A22A87C45821E7542CDE533450E41182CEE898CD2CCF911C91BC4822371A8 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1002\76b53b3ec448f7ccdda2063b15d2bfc3_9e146be9-c76a-4720-bcdb-53011b87bd06
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2251 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | 0158FE9CEAD91D1B027B795984737614 |
SHA1: | B41A11F909A7BDF1115088790A5680AC4E23031B |
SHA-256: | 513257326E783A862909A2A0F0941D6FF899C403E104FBD1DBC10443C41D9F9A |
SHA-512: | C48A55CC7A92CEFCEFE5FB2382CCD8EF651FC8E0885E88A256CD2F5D83B824B7D910F755180B29ECCB54D9361D6AF82F9CC741BD7E6752122949B657DA973676 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.532778836893702 |
TrID: |
|
File name: | file.exe |
File size: | 1'231'984 bytes |
MD5: | 8c9287ef35644cc0b67a4b8000d38ce8 |
SHA1: | b741efa13f0878097bc056b2e3fc431aea4b6c42 |
SHA256: | 43588266a8cdbb63c3e1660da5ebea1a27e05d73d7d23d2bb9f65a78b913a5ee |
SHA512: | 1f96f848c443bb25981c545f9ece15499761b4b15f920f686694425a1579b16fe52c45b0975417a4ed117a413babbf9d883b43e378d74e26885f6d710619e400 |
SSDEEP: | 24576:6OPhASFRmJ211Nx7KPZ4o5tt9H7By/FfXnAe:3RmJ211Nxm9ttxYtfXb |
TLSH: | C445BF2179C09036EDF720BB83ECBA3582ADE0B4471516CB46D957EED7206C27F32696 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........]...3...3...3.h.0...3.h.6...3.h.7...3.y77...3.y70...3.h.2...3...2...3.y76...3.H46...3.H4....3.H41...3.Rich..3.........PE..L.. |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x4011d1 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6623B012 [Sat Apr 20 12:07:46 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 6c2d283aa2105be58188e49b58a6bdd2 |
Signature Valid: | false |
Signature Issuer: | CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 332CDC164B1324C3FF3F64E228C5FFFC |
Thumbprint SHA-1: | CBFB3D25134A5FF6FCF2924D5B4BE16194EA7E13 |
Thumbprint SHA-256: | 531855F05B9D55E4F6DDEBC443706382DDB9ACBD2B8AB24004822BE204420943 |
Serial: | 0C9838F673F9B1CCE395CFAB2B6684E4 |
Instruction |
---|
jmp 00007F14A096CAB5h |
jmp 00007F14A09924A6h |
jmp 00007F14A096BCA0h |
jmp 00007F14A0975040h |
jmp 00007F14A095E64Bh |
jmp 00007F14A09485BCh |
jmp 00007F14A09CF3F1h |
jmp 00007F14A095EC2Ah |
jmp 00007F14A0993224h |
jmp 00007F14A09D42FBh |
jmp 00007F14A094397Ah |
jmp 00007F14A096DBF0h |
jmp 00007F14A097DB72h |
jmp 00007F14A0956D24h |
jmp 00007F14A093F0F9h |
jmp 00007F14A098141Eh |
jmp 00007F14A0945D15h |
jmp 00007F14A0942135h |
jmp 00007F14A09BEE5Fh |
jmp 00007F14A093EBB5h |
jmp 00007F14A098D9C7h |
jmp 00007F14A09AA34Fh |
jmp 00007F14A095B107h |
jmp 00007F14A099B9B0h |
jmp 00007F14A0967439h |
jmp 00007F14A0975C0Ah |
jmp 00007F14A093F541h |
jmp 00007F14A09A615Eh |
jmp 00007F14A09CCE93h |
jmp 00007F14A0954ADDh |
jmp 00007F14A096F56Ch |
jmp 00007F14A09813E4h |
jmp 00007F14A09C9E9Ch |
jmp 00007F14A09B9081h |
jmp 00007F14A09B61F3h |
jmp 00007F14A0957271h |
jmp 00007F14A0975B27h |
jmp 00007F14A099B1A9h |
jmp 00007F14A099B190h |
jmp 00007F14A096BF07h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x12720c | 0x3c | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x129000 | 0x595 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x12a600 | 0x2670 | .reloc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x12a000 | 0x4808 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xbec50 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xbeb68 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x127000 | 0x20c | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb0798 | 0xb0800 | 19efa83520bd6ccd3bf3d92a4f21cc9b | False | 0.3321875553293201 | data | 5.835443104186529 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xb2000 | 0x14e9c | 0x15000 | d3413eef6fcb1cc41bef9d65a2e0f636 | False | 0.2858770461309524 | data | 3.7084116853071434 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xc7000 | 0x5f680 | 0x5dc00 | b8a85c26af0806426d453667cf5426a6 | False | 0.8165625 | data | 7.23588970318615 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x127000 | 0xce4 | 0xe00 | 8ee9df913274ae100ec918b2c126eba5 | False | 0.33677455357142855 | data | 4.42212868650532 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.00cfg | 0x128000 | 0x10e | 0x200 | 538eede3a8efee153c6ea7cecee5ea41 | False | 0.03515625 | data | 0.11055713125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x129000 | 0x595 | 0x600 | 8a9aacc4887f3beadcec6fd4f314e42a | False | 0.4283854166666667 | data | 3.9897698335735554 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x12a000 | 0x5646 | 0x5800 | c308cfc7798fd1a0caebf16c8d141d0d | False | 0.6223366477272727 | data | 5.9611654923460415 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x1290a0 | 0x378 | data | English | United States | 0.44144144144144143 |
RT_MANIFEST | 0x129418 | 0x17d | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.5931758530183727 |
DLL | Import |
---|---|
ADVAPI32.dll | RegDisablePredefinedCache |
KERNEL32.dll | CloseHandle, WaitForSingleObjectEx, CreateRemoteThread, VirtualProtect, FormatMessageA, LocalFree, GetLocaleInfoEx, EncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetStringTypeW, CompareStringEx, GetCPInfo, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetModuleHandleW, GetCurrentProcess, TerminateProcess, CreateFileW, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, GetCurrentThread, HeapAlloc, HeapFree, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, SetConsoleCtrlHandler, HeapReAlloc, GetTimeZoneInformation, OutputDebugStringW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, GetProcessHeap, HeapSize, WriteConsoleW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/20/24-15:04:11.563452 | TCP | 2043231 | ET TROJAN Redline Stealer TCP CnC Activity | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
04/20/24-15:04:04.964162 | TCP | 2046056 | ET TROJAN Redline Stealer/MetaStealer Family Activity (Response) | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
04/20/24-15:03:59.655939 | TCP | 2043234 | ET MALWARE Redline Stealer TCP CnC - Id1Response | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
04/20/24-15:03:59.440586 | TCP | 2046045 | ET TROJAN [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 20, 2024 15:03:58.950584888 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:03:59.167695045 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:03:59.167952061 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:03:59.180680037 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:03:59.396526098 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:03:59.440586090 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:03:59.655939102 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:03:59.698187113 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:04.732913017 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:04.964162111 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:04.964231014 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:04.964272022 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:04.964306116 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:04.964359999 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:04.964401960 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:04.964421988 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:05.010684013 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:05.119478941 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:05.334227085 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:05.385665894 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:05.397818089 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:05.613471031 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:05.626375914 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:05.840847015 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:05.845269918 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:06.059618950 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:06.104458094 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:06.139611006 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:06.354031086 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:06.357702971 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:06.572127104 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:06.620062113 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:07.066831112 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:07.280838013 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:07.286334991 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:07.290503979 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:07.505637884 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:07.557698965 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:07.575463057 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:07.790245056 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:07.796119928 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:08.009833097 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.009884119 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.011508942 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.055650949 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:08.153351068 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:08.367500067 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.416959047 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:08.439097881 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:08.652765989 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.652821064 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.652858019 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.653021097 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.654563904 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.657007933 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:08.871433973 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:08.876187086 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:09.090897083 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:09.092283964 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:09.306667089 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:09.312310934 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:09.527163029 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:09.529098034 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:09.743834972 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:09.792053938 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:09.829449892 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.043582916 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.044970036 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.045202017 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.045399904 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.046330929 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.259284973 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.259705067 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.259762049 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.260067940 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.260294914 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.260443926 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.260519028 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.260649920 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.260667086 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.260703087 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.261060953 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.261581898 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.261701107 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.261715889 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.475969076 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.476063013 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.476358891 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.476547003 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.477123022 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.477276087 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.477533102 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.477607965 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.477797985 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.477988005 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.479392052 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.479535103 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.690428019 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.690493107 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.690530062 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.690562010 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.691112041 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.691194057 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.691278934 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.691643953 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.691677094 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.692050934 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.692497015 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.692645073 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.692909002 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.693020105 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.693128109 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.693308115 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.693608999 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.693808079 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.694001913 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.694154024 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.694525957 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.694678068 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.694905996 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.695019007 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.908221006 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.908749104 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.909018993 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.909419060 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.909478903 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.909517050 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.910056114 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.910089016 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.910211086 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.910602093 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.910823107 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.910893917 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.911010027 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.911051989 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.911324978 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.911699057 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.911731005 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.912189007 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.912347078 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.912663937 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.913017035 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:10.913229942 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:10.913342953 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:11.124777079 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.124804974 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.124815941 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.125102997 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.125308990 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.125597000 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.125708103 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.125969887 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.126071930 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.126336098 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.126611948 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.126646042 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.126921892 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:11.127093077 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:11.127248049 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.127281904 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.127482891 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.127902985 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.127934933 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.128006935 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.128159046 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.128355980 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.128509998 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.128741980 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.128941059 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:11.340730906 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.340758085 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.341160059 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.341417074 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.341454029 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.341648102 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.341788054 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.342081070 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.342219114 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.342423916 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.342549086 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.342566013 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.342752934 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.343184948 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.343549967 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.343694925 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.344024897 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.344140053 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.344333887 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.345691919 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.348372936 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:11.562602043 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.563452005 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Apr 20, 2024 15:04:11.781709909 CEST | 33080 | 49731 | 5.42.65.50 | 192.168.2.4 |
Apr 20, 2024 15:04:11.819173098 CEST | 49731 | 33080 | 192.168.2.4 | 5.42.65.50 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:03:56 |
Start date: | 20/04/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa50000 |
File size: | 1'231'984 bytes |
MD5 hash: | 8C9287EF35644CC0B67A4B8000D38CE8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 15:03:56 |
Start date: | 20/04/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x410000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:03:56 |
Start date: | 20/04/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x740000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.4% |
Dynamic/Decrypted Code Coverage: | 16.7% |
Signature Coverage: | 25.9% |
Total number of Nodes: | 54 |
Total number of Limit Nodes: | 3 |
Graph
Function 00B631C5 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE889B Relevance: .0, Instructions: 22COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AD542B Relevance: .0, Instructions: 12COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6192E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74registrymemorythreadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AD5392 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ADA688 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AEBC3B Relevance: 7.7, APIs: 5, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF13FF Relevance: 7.4, Strings: 4, Instructions: 2437COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE602F Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A8F7BA Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A64B3D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AEB598 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA0955 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A98318 Relevance: 2.5, Strings: 1, Instructions: 1201COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE5B4B Relevance: 1.8, APIs: 1, Instructions: 280COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE18BA Relevance: 1.8, APIs: 1, Instructions: 274COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A8F337 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC7436 Relevance: 1.6, Strings: 1, Instructions: 392COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC6F0D Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC7972 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC594B Relevance: 1.6, Strings: 1, Instructions: 348COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC54DA Relevance: 1.6, Strings: 1, Instructions: 344COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC5DCF Relevance: 1.6, Strings: 1, Instructions: 344COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AEB87F Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC667E Relevance: 1.6, Strings: 1, Instructions: 326COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC6240 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC6ACF Relevance: 1.6, Strings: 1, Instructions: 322COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AD125D Relevance: 1.6, Instructions: 1571COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC4C94 Relevance: 1.6, Strings: 1, Instructions: 318COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC487A Relevance: 1.6, Strings: 1, Instructions: 314COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AC50C0 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AEB42A Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AEBB39 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AEB4EB Relevance: 1.5, APIs: 1, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AD9F1F Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A8DC1F Relevance: 1.5, APIs: 1, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AEB3A8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ADAC69 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ADA10E Relevance: 1.5, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ADACB7 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AEA967 Relevance: .6, Instructions: 558COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAAB4B Relevance: .5, Instructions: 481COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAE170 Relevance: .4, Instructions: 449COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAED20 Relevance: .4, Instructions: 386COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE2482 Relevance: .3, Instructions: 337COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAE7E0 Relevance: .3, Instructions: 259COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAB8E0 Relevance: .2, Instructions: 158COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE88D8 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE868D Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE87F1 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE8846 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE85E7 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE863A Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE86FE Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A8E2F8 Relevance: 9.2, APIs: 6, Instructions: 225COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A6AA5A Relevance: 9.2, APIs: 6, Instructions: 175COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AD5455 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ADA7BE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ADEAC7 Relevance: 7.8, APIs: 5, Instructions: 298COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA025A Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ADC0D8 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AE79C8 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00ADF31D Relevance: 6.1, APIs: 4, Instructions: 54COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF654D Relevance: 6.0, APIs: 4, Instructions: 32COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF6669 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph
Execution Coverage: | 6.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 58 |
Total number of Limit Nodes: | 9 |
Graph
Function 064667D8 Relevance: .4, Instructions: 420COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646A3D8 Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646A3E8 Relevance: .3, Instructions: 289COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06440D80 Relevance: 20.6, Strings: 16, Instructions: 622COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06441530 Relevance: 17.0, Strings: 12, Instructions: 1958COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06440598 Relevance: 1.7, Strings: 1, Instructions: 462COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102AE30 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06463F50 Relevance: 1.6, Strings: 1, Instructions: 399COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01025935 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01024248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102C9A0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102D2F9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102B2A0 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102A870 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 076C90D8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0102B020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 076CA68A Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064659C8 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06463DE0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064684C8 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646B358 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646B368 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064400D8 Relevance: .7, Instructions: 676COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06442070 Relevance: .6, Instructions: 570COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06440610 Relevance: .5, Instructions: 453COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06443CD2 Relevance: .4, Instructions: 412COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06440688 Relevance: .4, Instructions: 389COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06440700 Relevance: .4, Instructions: 353COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064400B8 Relevance: .3, Instructions: 340COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06464AFF Relevance: .3, Instructions: 297COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064445B4 Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064445D0 Relevance: .2, Instructions: 194COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06467D58 Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06467D4C Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06465579 Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06465588 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064687A0 Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06441514 Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468796 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0644360B Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06444562 Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064437BB Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468A98 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D2D3D8 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D2D4C4 Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468F42 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D3D01C Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06441068 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468A8C Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D3D005 Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06466E72 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646BC5F Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468C58 Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D2D3D3 Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D2D4BF Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646C499 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468350 Relevance: .0, Instructions: 50COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646BC70 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D2DB09 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646E8B0 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646C4A8 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06465508 Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646C170 Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646ADE9 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468F50 Relevance: .0, Instructions: 37COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00D2DB08 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 064667C8 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646ACB8 Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646C110 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06466EA0 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468341 Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06468FC0 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646ADF8 Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646C180 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646CC38 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06465698 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646B500 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646C120 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646CE88 Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646E8F8 Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646E280 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646E1FF Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646AC80 Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646B510 Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646E210 Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646F8EA Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 06463721 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646DFD1 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 076C1728 Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 076C1738 Relevance: .3, Instructions: 257COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646E2C7 Relevance: 46.6, Strings: 37, Instructions: 391COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646E2D8 Relevance: 46.6, Strings: 37, Instructions: 383COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646CC7F Relevance: 16.4, Strings: 13, Instructions: 152COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646CC90 Relevance: 16.4, Strings: 13, Instructions: 143COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646CED1 Relevance: 10.1, Strings: 8, Instructions: 106COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646CEE0 Relevance: 10.1, Strings: 8, Instructions: 93COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646C968 Relevance: 8.8, Strings: 7, Instructions: 89COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646C978 Relevance: 8.8, Strings: 7, Instructions: 83COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646ED10 Relevance: 7.9, Strings: 6, Instructions: 381COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646D538 Relevance: 7.6, Strings: 6, Instructions: 84COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0646D548 Relevance: 7.6, Strings: 6, Instructions: 73COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |