Edit tour
Windows
Analysis Report
asbpKOngY0.exe
Overview
General Information
| Sample name: | asbpKOngY0.exerenamed because original name is a hash value |
| Original sample name: | ecd47621cce65ec0aee0e8599a308a3b.exe |
| Analysis ID: | 1429918 |
| MD5: | ecd47621cce65ec0aee0e8599a308a3b |
| SHA1: | 963eec3932fef349eb0bc576692bf86c231f0be1 |
| SHA256: | b870238bf1f561fcbb6b3daf07cec73de2f3d27a942727d33ad0754ca75c85d9 |
| Tags: | 32exetrojan |
| Infos: |  |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Machine Learning detection for sample
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
asbpKOngY0.exe (PID: 4040 cmdline: "C:\Users\ user\Deskt op\asbpKOn gY0.exe" MD5: ECD47621CCE65EC0AEE0E8599A308A3B) 
WerFault.exe (PID: 6928 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 4 040 -s 148 8 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["demonstationfukewko.shop", "liabilitynighstjsko.shop", "alcojoldwograpciw.shop", "incredibleextedwj.shop", "shortsvelventysjo.shop", "shatterbreathepsw.shop", "tolerateilusidjukl.shop", "productivelookewr.shop", "strollheavengwu.shop"], "Build id": "P6Mk0M--superstar"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
| Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Code function: | 0_2_00415999 | |
Compliance | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00422458 | |
| Source: | Code function: | 0_2_0041C540 | |
| Source: | Code function: | 0_2_004357CA | |
| Source: | Code function: | 0_2_004359E2 | |
| Source: | Code function: | 0_2_00414C49 | |
| Source: | Code function: | 0_2_00433D10 | |
| Source: | Code function: | 0_2_00433D10 | |
| Source: | Code function: | 0_2_00424087 | |
| Source: | Code function: | 0_2_00424084 | |
| Source: | Code function: | 0_2_0040D140 | |
| Source: | Code function: | 0_2_00403260 | |
| Source: | Code function: | 0_2_00423943 | |
| Source: | Code function: | 0_2_0041F234 | |
| Source: | Code function: | 0_2_004142F0 | |
| Source: | Code function: | 0_2_0041E451 | |
| Source: | Code function: | 0_2_0041A420 | |
| Source: | Code function: | 0_2_0041A420 | |
| Source: | Code function: | 0_2_00414596 | |
| Source: | Code function: | 0_2_0041F640 | |
| Source: | Code function: | 0_2_004146E6 | |
| Source: | Code function: | 0_2_0042271D | |
| Source: | Code function: | 0_2_004137C9 | |
| Source: | Code function: | 0_2_0041F828 | |
| Source: | Code function: | 0_2_0041A8C0 | |
| Source: | Code function: | 0_2_0042F890 | |
| Source: | Code function: | 0_2_0042594F | |
| Source: | Code function: | 0_2_004259CD | |
| Source: | Code function: | 0_2_004259D2 | |
| Source: | Code function: | 0_2_00411A44 | |
| Source: | Code function: | 0_2_0040FA49 | |
| Source: | Code function: | 0_2_00431A70 | |
| Source: | Code function: | 0_2_0041CAEC | |
| Source: | Code function: | 0_2_00437C47 | |
| Source: | Code function: | 0_2_00437C45 | |
| Source: | Code function: | 0_2_00413C46 | |
| Source: | Code function: | 0_2_00421CC7 | |
| Source: | Code function: | 0_2_00424CB0 | |
| Source: | Code function: | 0_2_00415D7D | |
| Source: | Code function: | 0_2_00413E4A | |
| Source: | Code function: | 0_2_02FF42EE | |
| Source: | Code function: | 0_2_02FF42EB | |
| Source: | Code function: | 0_2_02FDD3A7 | |
| Source: | Code function: | 0_2_02FED377 | |
| Source: | Code function: | 0_2_02FE40B1 | |
| Source: | Code function: | 0_2_02FF26BF | |
| Source: | Code function: | 0_2_02FEE6B8 | |
| Source: | Code function: | 0_2_02FEA687 | |
| Source: | Code function: | 0_2_02FEA687 | |
| Source: | Code function: | 0_2_02FE47FD | |
| Source: | Code function: | 0_2_02FEC7A7 | |
| Source: | Code function: | 0_2_02FF3BAA | |
| Source: | Code function: | 0_2_02FD34C7 | |
| Source: | Code function: | 0_2_02FEF49B | |
| Source: | Code function: | 0_2_02FE7494 | |
| Source: | Code function: | 0_2_02FE4557 | |
| Source: | Code function: | 0_2_02FFFAF7 | |
| Source: | Code function: | 0_2_02FEFA8F | |
| Source: | Code function: | 0_2_02FE3A30 | |
| Source: | Code function: | 0_2_03005A31 | |
| Source: | Code function: | 0_2_02FF5BB6 | |
| Source: | Code function: | 0_2_02FEAB27 | |
| Source: | Code function: | 0_2_02FEF8A7 | |
| Source: | Code function: | 0_2_02FF2984 | |
| Source: | Code function: | 0_2_02FE494D | |
| Source: | Code function: | 0_2_02FE4EB0 | |
| Source: | Code function: | 0_2_02FE3EAD | |
| Source: | Code function: | 0_2_03003F77 | |
| Source: | Code function: | 0_2_03003F77 | |
| Source: | Code function: | 0_2_02FE5FE4 | |
| Source: | Code function: | 0_2_03007EAC | |
| Source: | Code function: | 0_2_03007EAE | |
| Source: | Code function: | 0_2_02FF1F2E | |
| Source: | Code function: | 0_2_02FF4F17 | |
| Source: | Code function: | 0_2_02FDFCB0 | |
| Source: | Code function: | 0_2_02FE1CAB | |
| Source: | Code function: | 0_2_02FF5C39 | |
| Source: | Code function: | 0_2_02FF5C34 | |
| Source: | Code function: | 0_2_03005C49 | |
| Source: | Code function: | 0_2_03001CD7 | |
Networking | |
|---|
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0042C500 | |
| Source: | Code function: | 0_2_0042C500 | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00432010 | |
| Source: | Code function: | 0_2_004204B7 | |
| Source: | Code function: | 0_2_00404740 | |
| Source: | Code function: | 0_2_00420CA0 | |
| Source: | Code function: | 0_2_00406030 | |
| Source: | Code function: | 0_2_00403260 | |
| Source: | Code function: | 0_2_004052F0 | |
| Source: | Code function: | 0_2_004065F0 | |
| Source: | Code function: | 0_2_004345F0 | |
| Source: | Code function: | 0_2_0040F690 | |
| Source: | Code function: | 0_2_004397D0 | |
| Source: | Code function: | 0_2_0042594F | |
| Source: | Code function: | 0_2_004259D2 | |
| Source: | Code function: | 0_2_00431A70 | |
| Source: | Code function: | 0_2_0041CAEC | |
| Source: | Code function: | 0_2_00439AF0 | |
| Source: | Code function: | 0_2_00407CB0 | |
| Source: | Code function: | 0_2_00403D70 | |
| Source: | Code function: | 0_2_00402E70 | |
| Source: | Code function: | 0_2_02FD6297 | |
| Source: | Code function: | 0_2_02FD1267 | |
| Source: | Code function: | 0_2_02FD30D7 | |
| Source: | Code function: | 0_2_02FD34C7 | |
| Source: | Code function: | 0_2_02FD55DB | |
| Source: | Code function: | 0_2_03009A37 | |
| Source: | Code function: | 0_2_02FF5BB6 | |
| Source: | Code function: | 0_2_02FDF8F7 | |
| Source: | Code function: | 0_2_02FDF824 | |
| Source: | Code function: | 0_2_03004857 | |
| Source: | Code function: | 0_2_02FD49A7 | |
| Source: | Code function: | 0_2_02FD3FD7 | |
| Source: | Code function: | 0_2_02FD7F17 | |
| Source: | Code function: | 0_2_02FF0F07 | |
| Source: | Code function: | 0_2_03009D57 | |
| Source: | Code function: | 0_2_02FF5C39 | |
| Source: | Code function: | 0_2_03001CD7 | |
| Source: | Process created: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_02D18196 | |
| Source: | Code function: | 0_2_00429597 | |
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Data Obfuscation | |
|---|
| Source: | Unpacked PE file: | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_0043FBE8 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | System information queried: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00433CC0 | |
| Source: | Code function: | 0_2_02D17A73 | |
| Source: | Code function: | 0_2_02FD092B | |
| Source: | Code function: | 0_2_02FD0D90 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 31 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 29% | ReversingLabs | |||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| strollheavengwu.shop | 172.67.163.209 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| false | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown | ||
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | unknown | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | unknown | |||
| false | unknown | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | unknown | |||
| false | unknown | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.67.163.209 | strollheavengwu.shop | United States | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1429918 |
| Start date and time: | 2024-04-22 21:43:07 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 6s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | asbpKOngY0.exerenamed because original name is a hash value |
| Original Sample Name: | ecd47621cce65ec0aee0e8599a308a3b.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@2/5@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.22
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: asbpKOngY0.exe
| Time | Type | Description |
|---|---|---|
| 21:43:58 | API Interceptor | |
| 21:44:19 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 172.67.163.209 | Get hash | malicious | LummaC | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| strollheavengwu.shop | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Mars Stealer, Stealc, Vidar | Browse |
| |
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Remcos | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | CredGrabber, Meduza Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader, Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
| ||
| Get hash | malicious | RisePro Stealer | Browse |
|
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_asbpKOngY0.exe_2caf974d11786772f56eeade9062141c51f1e48_347c9851_fbf69d2b-2a12-4891-bf94-e897ad82cb62\Report.wer
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.9925541180212553 |
| Encrypted: | false |
| SSDEEP: | 192:MbW2zPAC08ga28GjxpFPzuiFCZ24IO8X:4W2zPAJ8128GjNzuiFCY4IO8X |
| MD5: | C24B064B163C4CFA0AF60F7394D71EB2 |
| SHA1: | CCB8D9EA37BB41235BABE13476A414259C850F29 |
| SHA-256: | C5ACE603DA20F835836BD88D2E0D2334B318B0E4BCC176159047A1AA772DC418 |
| SHA-512: | 9F963D8247F37685CA4C3B55113DCFE4A9662CD4CA2E225BB6264C18A95A557895FE4142993D4E83BB8967EEF7C3E5303E6AAE1E37A90529EAD60FEBFBD79721 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47222 |
| Entropy (8bit): | 2.6823548341771177 |
| Encrypted: | false |
| SSDEEP: | 192:5ETXXl0tRvyY8S3xvOzBz6u5d7wnqFyy6jZUDgurWKtiq36Yhhh:wwvb8OxmzBGA716jiguawX64h |
| MD5: | 7CDA1E6FDC7C44FD4D8FE7AC3BAC25EB |
| SHA1: | F85E15ED8782B46021F8490DB14AA247F253CF03 |
| SHA-256: | 3C5559D525FCC990F4D738F6A8E0FB19ACABFBA49CC59513928B1BDB2564952C |
| SHA-512: | 19D42FA1381B05EB8F626765BC66F0FFE114DE5DCE3F8A76D454FE8516E37BB30D98CD28295D72066FA7C59175EC5D8BB7D7BF7381DF2F59130FE82951DE7A38 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8334 |
| Entropy (8bit): | 3.6993054899160565 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJF661E6Y9bSUTpPgmflfLcpDT89b6ysfkem:R6lXJo626YRSUTBgmflTF6xfE |
| MD5: | BF26CEA156E0AAD8EDFF60220F62701A |
| SHA1: | 82BFDDF9CF0206D98A2061F3C1F84974C9B73112 |
| SHA-256: | AB18A925588D1A3945EB8E56A6ADAF9686324ECB413844A5EF83AE77C34CDFFC |
| SHA-512: | 198AB0E00EDC0F4EF1448CE61198F6F8414B8DED1469186A02BB6407F62216A9640833964AE52B3E56FD6F1A65A1E6977A6A273349E125503DD52FBC5323A9C8 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4579 |
| Entropy (8bit): | 4.456920435435191 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zsRJg77aI9k3WpW8VYfYm8M4JZ7FbwE+q8e5690f2d:uIjfjI7WG7VbJMEB690f2d |
| MD5: | AED40D43850BBDDCEB141A622260732F |
| SHA1: | A21CF1673800440F2120F69F5FBE2B69FCC31A64 |
| SHA-256: | 9DCE9DC06B5FEB9F6F279AD588C7C1A340719C58D0D079C7F011E019BCA6526F |
| SHA-512: | 10B27ADFB53E3472FC412963BDF4FD82E4317D371333170A64B28638E21328AD502C2036BB459307E1DA21F3C30DE3B53990EFC2E31131458E424BA802278B57 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.465438821663042 |
| Encrypted: | false |
| SSDEEP: | 6144:YIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNndwBCswSbg:NXD94+WlLZMM6YFH1+g |
| MD5: | 163E86167909C94C7A05D3F00708B285 |
| SHA1: | CEC2AED20A961428BD28D3513D410DF60A796EE5 |
| SHA-256: | 5E5EFC1C0D6640B37814C396D2ED2CF1D49F9D8551B68ECF857F05652B3275A3 |
| SHA-512: | 82B70994A6BA5212208D60165A32F993AB8BCC82DD6A66CF396D7B7F5C27B452AC634EB1779B9DA4BE4258134C51AC4B792769A8FD31568429355BB165547646 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.454325854562582 |
| TrID: |
|
| File name: | asbpKOngY0.exe |
| File size: | 370'176 bytes |
| MD5: | ecd47621cce65ec0aee0e8599a308a3b |
| SHA1: | 963eec3932fef349eb0bc576692bf86c231f0be1 |
| SHA256: | b870238bf1f561fcbb6b3daf07cec73de2f3d27a942727d33ad0754ca75c85d9 |
| SHA512: | 957631a35f63593050f5444e8ddadb8890afb952379d0b2394f66d28511301cc17710f54a2552c44c9197acd51889d7785abaa360678db77f436421d45eee083 |
| SSDEEP: | 6144:M75QnQLBPbrut1nY24Pv8VvMpS7eQyfOepzuvYij+J:MNQnQaVYpPv8VmQSGe5 |
| TLSH: | CE74E0113EE99C32D2574570892BCAE05A2FB8A1BE68457B7743177FCE303A1D632726 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................S.......E.......B......)................L.......R.......W.....Rich............................PE..L....Jsd... |
 | |
| Icon Hash: | 67276767c3570667 |
| Entrypoint: | 0x4015b0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x64734A1C [Sun May 28 12:33:32 2023 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d10268a82f0ec0b09c4d5e18431c41e9 |
| Instruction |
|---|
| call 00007FB7B8B43D30h |
| jmp 00007FB7B8B4000Dh |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| mov ecx, dword ptr [esp+04h] |
| test ecx, 00000003h |
| je 00007FB7B8B401B6h |
| mov al, byte ptr [ecx] |
| add ecx, 01h |
| test al, al |
| je 00007FB7B8B401E0h |
| test ecx, 00000003h |
| jne 00007FB7B8B40181h |
| add eax, 00000000h |
| lea esp, dword ptr [esp+00000000h] |
| lea esp, dword ptr [esp+00000000h] |
| mov eax, dword ptr [ecx] |
| mov edx, 7EFEFEFFh |
| add edx, eax |
| xor eax, FFFFFFFFh |
| xor eax, edx |
| add ecx, 04h |
| test eax, 81010100h |
| je 00007FB7B8B4017Ah |
| mov eax, dword ptr [ecx-04h] |
| test al, al |
| je 00007FB7B8B401C4h |
| test ah, ah |
| je 00007FB7B8B401B6h |
| test eax, 00FF0000h |
| je 00007FB7B8B401A5h |
| test eax, FF000000h |
| je 00007FB7B8B40194h |
| jmp 00007FB7B8B4015Fh |
| lea eax, dword ptr [ecx-01h] |
| mov ecx, dword ptr [esp+04h] |
| sub eax, ecx |
| ret |
| lea eax, dword ptr [ecx-02h] |
| mov ecx, dword ptr [esp+04h] |
| sub eax, ecx |
| ret |
| lea eax, dword ptr [ecx-03h] |
| mov ecx, dword ptr [esp+04h] |
| sub eax, ecx |
| ret |
| lea eax, dword ptr [ecx-04h] |
| mov ecx, dword ptr [esp+04h] |
| sub eax, ecx |
| ret |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| sub esp, 20h |
| mov eax, dword ptr [ebp+08h] |
| push esi |
| push edi |
| push 00000008h |
| pop ecx |
| mov esi, 0040C20Ch |
| lea edi, dword ptr [ebp-20h] |
| rep movsd |
| mov dword ptr [ebp-08h], eax |
| mov eax, dword ptr [ebp+0Ch] |
| pop edi |
| mov dword ptr [ebp-04h], eax |
| pop esi |
| test eax, eax |
| je 00007FB7B8B4019Eh |
| test byte ptr [eax], 00000008h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4ac5c | 0x3c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x282f000 | 0xdc88 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xc000 | 0x190 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xa59d | 0xa600 | 90e2a572240093434b52bcdb6ba388ff | False | 0.6182464231927711 | data | 6.5776714979699475 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0xc000 | 0x3f570 | 0x3f600 | 4cc8ecc466beece4744e628a4d5c058a | False | 0.7011102379191322 | data | 6.528218010302684 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x4c000 | 0x27e22c8 | 0x2800 | 8ad6a2a23a06ac7721c08356046be5a2 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x282f000 | 0xdc88 | 0xde00 | c57cab9538aa03ebb2343be184742043 | False | 0.5005630630630631 | data | 5.2776831908606 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| DOTOGACORIKEXECON | 0x283b568 | 0x476 | ASCII text, with very long lines (1142), with no line terminators | Turkish | Turkey | 0.6260945709281961 |
| RT_ICON | 0x282f5b0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Turkish | Turkey | 0.43523454157782515 |
| RT_ICON | 0x2830458 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Turkish | Turkey | 0.569043321299639 |
| RT_ICON | 0x2830d00 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Turkish | Turkey | 0.6336405529953917 |
| RT_ICON | 0x28313c8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Turkish | Turkey | 0.6885838150289018 |
| RT_ICON | 0x2831930 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Turkish | Turkey | 0.5261410788381743 |
| RT_ICON | 0x2833ed8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Turkish | Turkey | 0.5975409836065574 |
| RT_ICON | 0x2834860 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Turkish | Turkey | 0.625886524822695 |
| RT_ICON | 0x2834d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Turkish | Turkey | 0.44429637526652455 |
| RT_ICON | 0x2835bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Turkish | Turkey | 0.5640794223826715 |
| RT_ICON | 0x2836480 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Turkish | Turkey | 0.6065668202764977 |
| RT_ICON | 0x2836b48 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Turkish | Turkey | 0.6690751445086706 |
| RT_ICON | 0x28370b0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Turkish | Turkey | 0.3886929460580913 |
| RT_ICON | 0x2839658 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Turkish | Turkey | 0.41862101313320826 |
| RT_ICON | 0x283a700 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Turkish | Turkey | 0.4430327868852459 |
| RT_ICON | 0x283b088 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Turkish | Turkey | 0.44148936170212766 |
| RT_STRING | 0x283bbe8 | 0x58c | data | 0.44084507042253523 | ||
| RT_STRING | 0x283c178 | 0x86 | data | 0.6417910447761194 | ||
| RT_STRING | 0x283c200 | 0x65a | data | 0.42927429274292744 | ||
| RT_STRING | 0x283c860 | 0x1ea | data | 0.48775510204081635 | ||
| RT_STRING | 0x283ca50 | 0x108 | data | 0.5454545454545454 | ||
| RT_STRING | 0x283cb58 | 0x12a | data | 0.5134228187919463 | ||
| RT_ACCELERATOR | 0x283b9e0 | 0x28 | data | 1.0 | ||
| RT_GROUP_ICON | 0x2834cc8 | 0x68 | data | Turkish | Turkey | 0.7115384615384616 |
| RT_GROUP_ICON | 0x283b4f0 | 0x76 | data | Turkish | Turkey | 0.6779661016949152 |
| RT_VERSION | 0x283ba08 | 0x1e0 | data | 0.5666666666666667 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetLocaleInfoA, GetConsoleAliasExesLengthA, SetFirmwareEnvironmentVariableA, GetComputerNameW, UnlockFile, GetModuleHandleW, GetConsoleAliasesLengthA, GetDateFormatA, SetCommState, GlobalAlloc, LoadLibraryW, IsValidLocale, HeapDestroy, FindNextVolumeW, IsBadWritePtr, GlobalUnfix, EnumCalendarInfoA, GetProcessHeaps, LoadLibraryA, SetCalendarInfoW, SetConsoleDisplayMode, SetCurrentDirectoryW, WaitForMultipleObjects, GetModuleFileNameA, SetConsoleTitleW, FreeEnvironmentStringsW, BuildCommDCBA, VirtualProtect, GetCurrentDirectoryA, FindAtomW, SetFileAttributesW, GetVolumeInformationW, LocalFileTimeToFileTime, GetProcAddress, GetFileSize, GetCommandLineA, GetStartupInfoA, RaiseException, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, GetLastError, HeapFree, EnterCriticalSection, LeaveCriticalSection, Sleep, ExitProcess, WriteFile, GetStdHandle, FreeEnvironmentStringsA, GetEnvironmentStrings, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetFileType, DeleteCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetFilePointer, GetConsoleCP, GetConsoleMode, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, VirtualAlloc, HeapReAlloc, HeapSize, InitializeCriticalSectionAndSpinCount, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, FlushFileBuffers, CreateFileA, CloseHandle |
| ADVAPI32.dll | ReadEventLogA |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Turkish | Turkey |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 22, 2024 21:43:59.438770056 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:43:59.438821077 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:43:59.438944101 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:43:59.442482948 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:43:59.442507982 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:43:59.683053017 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:43:59.683257103 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:43:59.689366102 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:43:59.689388990 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:43:59.689778090 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:43:59.739311934 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:43:59.770998001 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:43:59.771038055 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:43:59.771259069 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.201858997 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.202028990 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.202109098 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.204443932 CEST | 49730 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.204467058 CEST | 443 | 49730 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.210033894 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.210114002 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.210236073 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.211579084 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.211616039 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.433690071 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.433823109 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.437838078 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.437865019 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.438504934 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.440026999 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.440063953 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.440124989 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964030027 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964066029 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964090109 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964118004 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964148998 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964188099 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.964189053 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.964195967 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964271069 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964327097 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.964327097 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.964404106 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964442015 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964459896 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964483976 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964514017 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.964549065 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964576960 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.964579105 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.964633942 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.965414047 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.965464115 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:00.965492010 CEST | 49731 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:00.965504885 CEST | 443 | 49731 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.095587015 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.095657110 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.095757008 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.096044064 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.096075058 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.317071915 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.317282915 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.318902969 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.318933964 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.319155931 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.320260048 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.320449114 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.320488930 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.320569038 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.320580959 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.832132101 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.832232952 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.832387924 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.832622051 CEST | 49732 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.832659006 CEST | 443 | 49732 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.938793898 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.938844919 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:01.938949108 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.939368010 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:01.939384937 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.157304049 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.157421112 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.159120083 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.159138918 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.159385920 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.161006927 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.161138058 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.161164045 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.658265114 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.658371925 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.658452034 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.671809912 CEST | 49733 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.671835899 CEST | 443 | 49733 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.887902975 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.887953997 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:02.888051987 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.888406038 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:02.888423920 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.115166903 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.115281105 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.116949081 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.116976976 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.124077082 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.125710011 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.125863075 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.127123117 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.127218008 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.127237082 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.690485001 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.690613985 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.690706015 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.690826893 CEST | 49734 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.690871000 CEST | 443 | 49734 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.890683889 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.890728951 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:03.890810966 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.891185999 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:03.891202927 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.114028931 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.114118099 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.120371103 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.120394945 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.120604992 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.122473001 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.122698069 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.122736931 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.636348963 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.636445999 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.636512995 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.636702061 CEST | 49735 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.636725903 CEST | 443 | 49735 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.775796890 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.775868893 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:04.775944948 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.776581049 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:04.776607037 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:05.003185034 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:05.003331900 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:05.004673958 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:05.004698992 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:05.007378101 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:05.009021044 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:05.009145975 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:05.009157896 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:05.500557899 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:05.500678062 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:05.500781059 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:05.500935078 CEST | 49736 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:05.500976086 CEST | 443 | 49736 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.131881952 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.131936073 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.132006884 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.132302999 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.132318974 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.351103067 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.351223946 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.352441072 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.352453947 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.352782965 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.353938103 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.354671001 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.354703903 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.354789972 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.354816914 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.354916096 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.354981899 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.355104923 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.355122089 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.355257034 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.355283976 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.355422974 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.355438948 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.355453014 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.355467081 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.355591059 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.355618000 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.396131039 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.396358967 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.396398067 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.396416903 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.444120884 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.444299936 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.444350958 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.488116980 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.488250971 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.536119938 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.563950062 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.564064026 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:06.564088106 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:06.668507099 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:07.909370899 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:07.909507036 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Apr 22, 2024 21:44:07.909673929 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:07.910183907 CEST | 49737 | 443 | 192.168.2.4 | 172.67.163.209 |
| Apr 22, 2024 21:44:07.910208941 CEST | 443 | 49737 | 172.67.163.209 | 192.168.2.4 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 22, 2024 21:43:59.292994976 CEST | 59658 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 22, 2024 21:43:59.431688070 CEST | 53 | 59658 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 22, 2024 21:43:59.292994976 CEST | 192.168.2.4 | 1.1.1.1 | 0x9780 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 22, 2024 21:43:59.431688070 CEST | 1.1.1.1 | 192.168.2.4 | 0x9780 | No error (0) | 172.67.163.209 | A (IP address) | IN (0x0001) | false | ||
| Apr 22, 2024 21:43:59.431688070 CEST | 1.1.1.1 | 192.168.2.4 | 0x9780 | No error (0) | 104.21.15.198 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 172.67.163.209 | 443 | 4040 | C:\Users\user\Desktop\asbpKOngY0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-22 19:43:59 UTC | 267 | OUT | |
| 2024-04-22 19:43:59 UTC | 8 | OUT | |
| 2024-04-22 19:44:00 UTC | 814 | IN | |
| 2024-04-22 19:44:00 UTC | 7 | IN | |
| 2024-04-22 19:44:00 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49731 | 172.67.163.209 | 443 | 4040 | C:\Users\user\Desktop\asbpKOngY0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-22 19:44:00 UTC | 268 | OUT | |
| 2024-04-22 19:44:00 UTC | 58 | OUT | |
| 2024-04-22 19:44:00 UTC | 810 | IN | |
| 2024-04-22 19:44:00 UTC | 559 | IN | |
| 2024-04-22 19:44:00 UTC | 1369 | IN | |
| 2024-04-22 19:44:00 UTC | 1369 | IN | |
| 2024-04-22 19:44:00 UTC | 1369 | IN | |
| 2024-04-22 19:44:00 UTC | 1369 | IN | |
| 2024-04-22 19:44:00 UTC | 1369 | IN | |
| 2024-04-22 19:44:00 UTC | 1369 | IN | |
| 2024-04-22 19:44:00 UTC | 1369 | IN | |
| 2024-04-22 19:44:00 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49732 | 172.67.163.209 | 443 | 4040 | C:\Users\user\Desktop\asbpKOngY0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-22 19:44:01 UTC | 286 | OUT | |
| 2024-04-22 19:44:01 UTC | 15331 | OUT | |
| 2024-04-22 19:44:01 UTC | 2836 | OUT | |
| 2024-04-22 19:44:01 UTC | 808 | IN | |
| 2024-04-22 19:44:01 UTC | 20 | IN | |
| 2024-04-22 19:44:01 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49733 | 172.67.163.209 | 443 | 4040 | C:\Users\user\Desktop\asbpKOngY0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-22 19:44:02 UTC | 285 | OUT | |
| 2024-04-22 19:44:02 UTC | 8788 | OUT | |
| 2024-04-22 19:44:02 UTC | 810 | IN | |
| 2024-04-22 19:44:02 UTC | 20 | IN | |
| 2024-04-22 19:44:02 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49734 | 172.67.163.209 | 443 | 4040 | C:\Users\user\Desktop\asbpKOngY0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-22 19:44:03 UTC | 286 | OUT | |
| 2024-04-22 19:44:03 UTC | 15331 | OUT | |
| 2024-04-22 19:44:03 UTC | 5110 | OUT | |
| 2024-04-22 19:44:03 UTC | 808 | IN | |
| 2024-04-22 19:44:03 UTC | 20 | IN | |
| 2024-04-22 19:44:03 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49735 | 172.67.163.209 | 443 | 4040 | C:\Users\user\Desktop\asbpKOngY0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-22 19:44:04 UTC | 285 | OUT | |
| 2024-04-22 19:44:04 UTC | 7092 | OUT | |
| 2024-04-22 19:44:04 UTC | 816 | IN | |
| 2024-04-22 19:44:04 UTC | 20 | IN | |
| 2024-04-22 19:44:04 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49736 | 172.67.163.209 | 443 | 4040 | C:\Users\user\Desktop\asbpKOngY0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-22 19:44:05 UTC | 285 | OUT | |
| 2024-04-22 19:44:05 UTC | 1421 | OUT | |
| 2024-04-22 19:44:05 UTC | 808 | IN | |
| 2024-04-22 19:44:05 UTC | 20 | IN | |
| 2024-04-22 19:44:05 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49737 | 172.67.163.209 | 443 | 4040 | C:\Users\user\Desktop\asbpKOngY0.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-22 19:44:06 UTC | 287 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:06 UTC | 15331 | OUT | |
| 2024-04-22 19:44:07 UTC | 810 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 21:43:55 |
| Start date: | 22/04/2024 |
| Path: | C:\Users\user\Desktop\asbpKOngY0.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 370'176 bytes |
| MD5 hash: | ECD47621CCE65EC0AEE0E8599A308A3B |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 3 |
| Start time: | 21:44:06 |
| Start date: | 22/04/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7ff70f330000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 8.4% |
| Dynamic/Decrypted Code Coverage: | 8.3% |
| Signature Coverage: | 25.5% |
| Total number of Nodes: | 384 |
| Total number of Limit Nodes: | 17 |
Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00404740 Relevance: 5.5, Strings: 4, Instructions: 501COMMON
Download Yara Rule
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02D18196 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00414C49 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C540 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00433CC0 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004137C9 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004204B7 Relevance: .4, Instructions: 438COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00420CA0 Relevance: .4, Instructions: 371COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00432010 Relevance: .3, Instructions: 300COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00433D10 Relevance: .2, Instructions: 229COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00422458 Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004357CA Relevance: .1, Instructions: 131COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004359E2 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00429597 Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D608 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00417810 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00427F5A Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00427F84 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00436209 Relevance: 1.6, APIs: 1, Instructions: 87libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00435F1F Relevance: 1.6, APIs: 1, Instructions: 68libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00433B50 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004375CD Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00433C2A Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02D17E55 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C500 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153clipboardCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD49A7 Relevance: 5.5, Strings: 4, Instructions: 501COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004052F0 Relevance: 3.4, Strings: 2, Instructions: 851COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD55DB Relevance: 3.3, Strings: 2, Instructions: 809COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF3BAA Relevance: 3.1, Strings: 2, Instructions: 643COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD1267 Relevance: 3.0, Strings: 2, Instructions: 518COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00439AF0 Relevance: 2.8, Strings: 2, Instructions: 310COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03009D57 Relevance: 2.8, Strings: 2, Instructions: 310COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413E4A Relevance: 2.6, Strings: 2, Instructions: 146COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE40B1 Relevance: 2.6, Strings: 2, Instructions: 146COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE4EB0 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF42EB Relevance: 1.9, Strings: 1, Instructions: 676COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF42EE Relevance: 1.9, Strings: 1, Instructions: 650COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FEC7A7 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A8C0 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FEAB27 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A420 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FEA687 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004065F0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C46 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE3EAD Relevance: 1.4, Strings: 1, Instructions: 106COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F234 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FEF49B Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE3A30 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042271D Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF2984 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E451 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FEE6B8 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407CB0 Relevance: .9, Instructions: 863COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD7F17 Relevance: .9, Instructions: 863COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403260 Relevance: .7, Instructions: 739COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD34C7 Relevance: .7, Instructions: 739COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004345F0 Relevance: .7, Instructions: 654COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03004857 Relevance: .7, Instructions: 654COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00403D70 Relevance: .6, Instructions: 606COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD3FD7 Relevance: .6, Instructions: 606COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406030 Relevance: .5, Instructions: 506COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD6297 Relevance: .5, Instructions: 506COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042594F Relevance: .4, Instructions: 439COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF5BB6 Relevance: .4, Instructions: 439COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004259D2 Relevance: .4, Instructions: 438COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF5C39 Relevance: .4, Instructions: 438COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004259CD Relevance: .4, Instructions: 388COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF5C34 Relevance: .4, Instructions: 388COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF0F07 Relevance: .4, Instructions: 371COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004397D0 Relevance: .3, Instructions: 294COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03009A37 Relevance: .3, Instructions: 294COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FDF824 Relevance: .2, Instructions: 231COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03003F77 Relevance: .2, Instructions: 229COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00431A70 Relevance: .2, Instructions: 186COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03001CD7 Relevance: .2, Instructions: 186COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF26BF Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004142F0 Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE4557 Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F690 Relevance: .1, Instructions: 136COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00415D7D Relevance: .1, Instructions: 136COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FDF8F7 Relevance: .1, Instructions: 136COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE5FE4 Relevance: .1, Instructions: 136COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004146E6 Relevance: .1, Instructions: 131COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03005A31 Relevance: .1, Instructions: 131COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE494D Relevance: .1, Instructions: 131COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E70 Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD30D7 Relevance: .1, Instructions: 112COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F828 Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FEFA8F Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F640 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FEF8A7 Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03005C49 Relevance: .1, Instructions: 76COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00424CB0 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF4F17 Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F890 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FFFAF7 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FED377 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02D17A73 Relevance: .1, Instructions: 61COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00411A44 Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE1CAB Relevance: .1, Instructions: 52COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00421CC7 Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FF1F2E Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FD0D90 Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FA49 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FDFCB0 Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D140 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FDD3A7 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE7494 Relevance: .0, Instructions: 14COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00414596 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00437C47 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00437C45 Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FE47FD Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03007EAC Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 03007EAE Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02FFC767 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153clipboardCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |