Edit tour
Windows
Analysis Report
Ship Docs_ CI_BL_HBL_.exe
Overview
General Information
| Sample name: | Ship Docs_ CI_BL_HBL_.exe |
| Analysis ID: | 1430205 |
| MD5: | 6902d6b5857bdcde15b9af8aaf50b407 |
| SHA1: | 48acd39a0fd4b11c37e5b06d6d831d1825279f0f |
| SHA256: | 4cf20ea54fb348cc2573628cf6d751faa35d3adf5317970068d28185c5a285c9 |
| Tags: | exe |
| Infos: |   |
 | |
Detection
AgentTesla
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Binary is likely a compiled AutoIt script file
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to log keystrokes (.Net Source)
Installs a global keyboard hook
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
Ship Docs_ CI_BL_HBL_.exe (PID: 6576 cmdline: "C:\Users\ user\Deskt op\Ship Do cs_ CI_BL_ HBL_.exe" MD5: 6902D6B5857BDCDE15B9AF8AAF50B407) 
RegSvcs.exe (PID: 6600 cmdline: "C:\Users\ user\Deskt op\Ship Do cs_ CI_BL_ HBL_.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Agent Tesla, AgentTesla | A .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel. |
{"Exfil Mode": "SMTP", "Port": "587", "Host": "mail.myhydropowered.com", "Username": "antenna@myhydropowered.com", "Password": "jnKkQ2DFtjsDqGZ"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| Click to see the 8 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_GenericDownloader_1 | Yara detected Generic Downloader | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID | Detects executables referencing Windows vault credential objects. Observed in infostealers | ditekSHen |
| |
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 6 entries | ||||
System Summary |   |
|---|
| Source: | Author: frack113: | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Joe Sandbox ML: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_00FE4696 | |
| Source: | Code function: | 0_2_00FEC9C7 | |
| Source: | Code function: | 0_2_00FEC93C | |
| Source: | Code function: | 0_2_00FEF200 | |
| Source: | Code function: | 0_2_00FEF35D | |
| Source: | Code function: | 0_2_00FEF65E | |
| Source: | Code function: | 0_2_00FE3A2B | |
| Source: | Code function: | 0_2_00FE3D4E | |
| Source: | Code function: | 0_2_00FEBF27 | |
Networking | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_00FF25E2 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | .Net Code: | ||
| Source: | Windows user hook set: | Jump to behavior | ||
| Source: | Code function: | 0_2_00FF425A | |
| Source: | Code function: | 0_2_00FF4458 | |
| Source: | Code function: | 0_2_00FF425A | |
| Source: | Code function: | 0_2_00FE0219 | |
| Source: | Code function: | 0_2_0100CDAC | |
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_00F83B4C | |
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | memstr_2026984c-0 | |
| Source: | String found in binary or memory: | memstr_0b0b9658-f | |
| Source: | String found in binary or memory: | memstr_e4da1ade-e | |
| Source: | String found in binary or memory: | memstr_77867309-a | |
| Source: | Code function: | 0_2_00FE40B1 | |
| Source: | Code function: | 0_2_00FD8858 | |
| Source: | Code function: | 0_2_00FE545F | |
| Source: | Code function: | 0_2_00F8E800 | |
| Source: | Code function: | 0_2_00FADBB5 | |
| Source: | Code function: | 0_2_00F8E060 | |
| Source: | Code function: | 0_2_0100804A | |
| Source: | Code function: | 0_2_00F94140 | |
| Source: | Code function: | 0_2_00FA2405 | |
| Source: | Code function: | 0_2_00FB6522 | |
| Source: | Code function: | 0_2_00FB267E | |
| Source: | Code function: | 0_2_01000665 | |
| Source: | Code function: | 0_2_00F96843 | |
| Source: | Code function: | 0_2_00FA283A | |
| Source: | Code function: | 0_2_00FB89DF | |
| Source: | Code function: | 0_2_00FB6A94 | |
| Source: | Code function: | 0_2_00F98A0E | |
| Source: | Code function: | 0_2_01000AE2 | |
| Source: | Code function: | 0_2_00FE8B13 | |
| Source: | Code function: | 0_2_00FDEB07 | |
| Source: | Code function: | 0_2_00FACD61 | |
| Source: | Code function: | 0_2_00FB7006 | |
| Source: | Code function: | 0_2_00F93190 | |
| Source: | Code function: | 0_2_00F9710E | |
| Source: | Code function: | 0_2_00F81287 | |
| Source: | Code function: | 0_2_00FA33C7 | |
| Source: | Code function: | 0_2_00FAF419 | |
| Source: | Code function: | 0_2_00FA16C4 | |
| Source: | Code function: | 0_2_00F95680 | |
| Source: | Code function: | 0_2_00FA78D3 | |
| Source: | Code function: | 0_2_00F958C0 | |
| Source: | Code function: | 0_2_00FA1BB8 | |
| Source: | Code function: | 0_2_00FB9D05 | |
| Source: | Code function: | 0_2_00F8FE40 | |
| Source: | Code function: | 0_2_00FABFE6 | |
| Source: | Code function: | 0_2_00FA1FD0 | |
| Source: | Code function: | 0_2_00EC3650 | |
| Source: | Code function: | 1_2_00AB41F0 | |
| Source: | Code function: | 1_2_00AB4AC0 | |
| Source: | Code function: | 1_2_00AB3EA8 | |
| Source: | Code function: | 1_2_0603076B | |
| Source: | Code function: | 1_2_0603B548 | |
| Source: | Code function: | 1_2_060333F0 | |
| Source: | Code function: | 1_2_06036818 | |
| Source: | Code function: | 1_2_06038960 | |
| Source: | Code function: | 1_2_0603E9E8 | |
| Source: | Code function: | 1_2_0603AE68 | |
| Source: | Code function: | 1_2_06035AE2 | |
| Source: | Code function: | 1_2_060390AB | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Cryptographic APIs: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00FEA2D5 | |
| Source: | Code function: | 0_2_00FD8713 | |
| Source: | Code function: | 0_2_00FD8CC3 | |
| Source: | Code function: | 0_2_00FEB59E | |
| Source: | Code function: | 0_2_00FFF121 | |
| Source: | Code function: | 0_2_00FF86D0 | |
| Source: | Code function: | 0_2_00F84FE9 | |
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00FFC304 | |
| Source: | Code function: | 0_2_00FE871B | |
| Source: | Code function: | 0_2_00FAE951 | |
| Source: | Code function: | 0_2_00FAEA6A | |
| Source: | Code function: | 0_2_00FA8B98 | |
| Source: | Code function: | 0_2_00FAEC45 | |
| Source: | Code function: | 0_2_00FAED2E | |
| Source: | Code function: | 1_2_00AB0CC2 | |
| Source: | Code function: | 1_2_00AB0C3A | |
| Source: | Code function: | 0_2_00F84A35 | |
| Source: | Code function: | 0_2_010055FD | |
| Source: | Code function: | 0_2_00FA33C7 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | HTTP traffic detected: | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Evasive API call chain: | graph_0-98648 | ||
| Source: | API coverage: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_00FE4696 | |
| Source: | Code function: | 0_2_00FEC9C7 | |
| Source: | Code function: | 0_2_00FEC93C | |
| Source: | Code function: | 0_2_00FEF200 | |
| Source: | Code function: | 0_2_00FEF35D | |
| Source: | Code function: | 0_2_00FEF65E | |
| Source: | Code function: | 0_2_00FE3A2B | |
| Source: | Code function: | 0_2_00FE3D4E | |
| Source: | Code function: | 0_2_00FEBF27 | |
| Source: | Code function: | 0_2_00F84AFE | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-97659 | ||
| Source: | API call chain: | graph_0-97848 | ||
Anti Debugging | |
|---|
| Source: | Code function: | 1_2_00AB7ED0 | |
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_00FF41FD | |
| Source: | Code function: | 0_2_00F83B4C | |
| Source: | Code function: | 0_2_00FB5CCC | |
| Source: | Code function: | 0_2_00FFC304 | |
| Source: | Code function: | 0_2_00EC34E0 | |
| Source: | Code function: | 0_2_00EC3540 | |
| Source: | Code function: | 0_2_00EC1ED0 | |
| Source: | Code function: | 0_2_00FD81F7 | |
| Source: | Code function: | 0_2_00FAA395 | |
| Source: | Code function: | 0_2_00FAA364 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Code function: | 0_2_00FD8C93 | |
| Source: | Code function: | 0_2_00F83B4C | |
| Source: | Code function: | 0_2_00F84A35 | |
| Source: | Code function: | 0_2_00FE4EF5 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00FD81F7 | |
| Source: | Code function: | 0_2_00FE4C03 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00FA886B | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00FB50D7 | |
| Source: | Code function: | 0_2_00FC2230 | |
| Source: | Code function: | 0_2_00FB418A | |
| Source: | Code function: | 0_2_00F84AFE | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_00FF6596 | |
| Source: | Code function: | 0_2_00FF6A5A | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | 2 Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Exploitation for Privilege Escalation | 11 Disable or Modify Tools | 2 OS Credential Dumping | 2 System Time Discovery | Remote Services | 11 Archive Collected Data | 2 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | 2 Native API | 2 Valid Accounts | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 221 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 2 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 2 Valid Accounts | 2 Obfuscated Files or Information | 1 Credentials in Registry | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 21 Access Token Manipulation | 1 DLL Side-Loading | NTDS | 38 System Information Discovery | Distributed Component Object Model | 221 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | 212 Process Injection | 2 Valid Accounts | LSA Secrets | 451 Security Software Discovery | SSH | 3 Clipboard Data | 23 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 131 Virtualization/Sandbox Evasion | Cached Domain Credentials | 131 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 21 Access Token Manipulation | DCSync | 2 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 212 Process Injection | Proc Filesystem | 11 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
| Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | HTML Smuggling | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
| IP Addresses | Compromise Infrastructure | Supply Chain Compromise | PowerShell | Cron | Cron | Dynamic API Resolution | Network Sniffing | 1 System Network Configuration Discovery | Shared Webroot | Local Data Staging | File Transfer Protocols | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | External Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 21% | Virustotal | Browse | ||
| 21% | ReversingLabs | Win32.Trojan.Strab | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 5% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 5% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| mail.myhydropowered.com | 131.226.2.60 | true | true |
| unknown |
| api.ipify.org | 104.26.13.205 | true | false | high | |
| ip-api.com | 208.95.112.1 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 208.95.112.1 | ip-api.com | United States | 53334 | TUT-ASUS | false | |
| 104.26.13.205 | api.ipify.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 131.226.2.60 | mail.myhydropowered.com | United States | 16797 | UNASSIGNED | true |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1430205 |
| Start date and time: | 2024-04-23 10:14:06 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 8m 43s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 7 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Ship Docs_ CI_BL_HBL_.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/4@3/3 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 10:14:55 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 208.95.112.1 | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| 104.26.13.205 | Get hash | malicious | PureLog Stealer, Targeted Ransomware | Browse |
| |
| Get hash | malicious | Stealit | Browse |
| ||
| Get hash | malicious | Stealit | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Targeted Ransomware | Browse |
| ||
| 131.226.2.60 | Get hash | malicious | AgentTesla, GuLoader | Browse | ||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ip-api.com | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| api.ipify.org | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| mail.myhydropowered.com | Get hash | malicious | AgentTesla, GuLoader | Browse |
| |
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Remcos | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| TUT-ASUS | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| UNASSIGNED | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
| Get hash | malicious | Gafgyt, Mirai | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
|
⊘No context
| Process: | C:\Users\user\Desktop\Ship Docs_ CI_BL_HBL_.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 147946 |
| Entropy (8bit): | 7.90028433812621 |
| Encrypted: | false |
| SSDEEP: | 3072:ecIb4sw8Ut5EbFSOuZ7W5bfIKR820OsHkEhU02rEOpjCtIQLJHh:OXFUtLwC2pjOIQLJHh |
| MD5: | F16A434672D61311DBCB22282DB21ACF |
| SHA1: | 8841E8931AC83A9017AF6F629F6BEF05CEF6229C |
| SHA-256: | A4B57F1820B9458C9DAB0AC665C85FA92C7F7A3F7A7C03135FB1997BCBE4A714 |
| SHA-512: | 1AAC778E36561A432BF5F538903486183AF03AD6E6E8FA26D3EE04124DD12E15DA5BBFFB8D0664A2E122AE4FE2E68E8CD3447DB240671E4ACB51DDD7C0D11C44 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Ship Docs_ CI_BL_HBL_.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9870 |
| Entropy (8bit): | 7.599104754585102 |
| Encrypted: | false |
| SSDEEP: | 192:C+cKwsF7SQU2a5C/x9x7PKe+MCJAUqLrTCVOLVa:h7wsF7SQUI7PKe+zpqXTCVOLQ |
| MD5: | 6B3A99E7DECE4DCF5432F2F3B6182C02 |
| SHA1: | D16C41168D815013650EFCCBB7210965FC79EB74 |
| SHA-256: | B723D4B1DA299B4DB151C7F394EA9972A7E3BBAEF6741DF6C82E03635DFFE95A |
| SHA-512: | 6C0F928576560A27544D6A1D1107AF8CB8D06419EBB3BC60004E1DE96BCC186A7DB49CA90166C4E7B2C2FAFDA014D9BF627193C6476D56C16E27D24140E69BB5 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Ship Docs_ CI_BL_HBL_.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28720 |
| Entropy (8bit): | 3.5944300830265745 |
| Encrypted: | false |
| SSDEEP: | 768:wiTZ+2QoioGRk6ZklputwjpjBkCiw2RuJ3nXKUrvzjsNbBE+Ii6m34vfF3if6gy8:wiTZ+2QoioGRk6ZklputwjpjBkCiw2RJ |
| MD5: | 2932EA311C40745C8C322DB4CA4C8DC2 |
| SHA1: | D0EDB2A4B5D550DAA68504E76EA0D76A6C1F525B |
| SHA-256: | C7BD4A6EF67FA983620F273BD6914594BF72AFD183CDA04BC32E9807B37D70DB |
| SHA-512: | A1ABBBAC8C893AD6DA7E333C8C0D9C9C9C383358B1BDB05DA821F1EEA701918976B165EF373E43F8000526AB63B68D98399C9C814CF4718A36F46B595FF60725 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Ship Docs_ CI_BL_HBL_.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 243200 |
| Entropy (8bit): | 6.544012199447945 |
| Encrypted: | false |
| SSDEEP: | 6144:KgaYD1hdH9/pzLUX20fvk77iBP2AUWreniJvI3QhQALjZUoQa5V4g5ZKV0I78ZAg:F1hdH9/psX20fvk77KPIWrnJvI36QA3v |
| MD5: | 2D6EFFFCD0A59B7582BA7DA5892179C1 |
| SHA1: | 8CCA792B41B046590309E03D1E06D106FC1D3C09 |
| SHA-256: | 8C31F41F2FC53753F56C616D3083AEC076C8B4237EE41598F1C503F55EEFF854 |
| SHA-512: | C60E07EA1066FCB64610026D0C796A17E1635A5648B0CCC048EE414E244AE232FD1EC3E2DFFD3DEACF6DB8A268D3539CA884890A4C81913E68632A8B6EF59407 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 6.934705332372938 |
| TrID: |
|
| File name: | Ship Docs_ CI_BL_HBL_.exe |
| File size: | 1'036'800 bytes |
| MD5: | 6902d6b5857bdcde15b9af8aaf50b407 |
| SHA1: | 48acd39a0fd4b11c37e5b06d6d831d1825279f0f |
| SHA256: | 4cf20ea54fb348cc2573628cf6d751faa35d3adf5317970068d28185c5a285c9 |
| SHA512: | 9cc8c63db4ebd12fe35cec61d586445d64b184e111ac258b04159c202f05bdb010f83101b5f2ae645b9b96e4f2d694542ae58a7db594a060b2629330fde5decc |
| SSDEEP: | 24576:CAHnh+eWsN3skA4RV1Hom2KXMmHarkCe0UbtW5:Fh+ZkldoPK8Yarhmm |
| TLSH: | 15259C0273D1D036FFAB92739B6AB2015ABD79254133852F13981DB9BD701B2273E663 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........s..R...R...R....C..P.....;.S..._@#.a..._@......_@..g...[j..[...[jo.w...R...r.............#.S..._@'.S...R.k.S.....".S...RichR.. |
 | |
| Icon Hash: | aaf3e3e3938382a0 |
| Entrypoint: | 0x42800a |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x66273027 [Tue Apr 23 03:51:03 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 1 |
| File Version Major: | 5 |
| File Version Minor: | 1 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 1 |
| Import Hash: | afcdf79be1557326c854b6e20cb900a7 |
| Instruction |
|---|
| call 00007F932C8EE26Dh |
| jmp 00007F932C8E1024h |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| int3 |
| push edi |
| push esi |
| mov esi, dword ptr [esp+10h] |
| mov ecx, dword ptr [esp+14h] |
| mov edi, dword ptr [esp+0Ch] |
| mov eax, ecx |
| mov edx, ecx |
| add eax, esi |
| cmp edi, esi |
| jbe 00007F932C8E11AAh |
| cmp edi, eax |
| jc 00007F932C8E150Eh |
| bt dword ptr [004C41FCh], 01h |
| jnc 00007F932C8E11A9h |
| rep movsb |
| jmp 00007F932C8E14BCh |
| cmp ecx, 00000080h |
| jc 00007F932C8E1374h |
| mov eax, edi |
| xor eax, esi |
| test eax, 0000000Fh |
| jne 00007F932C8E11B0h |
| bt dword ptr [004BF324h], 01h |
| jc 00007F932C8E1680h |
| bt dword ptr [004C41FCh], 00000000h |
| jnc 00007F932C8E134Dh |
| test edi, 00000003h |
| jne 00007F932C8E135Eh |
| test esi, 00000003h |
| jne 00007F932C8E133Dh |
| bt edi, 02h |
| jnc 00007F932C8E11AFh |
| mov eax, dword ptr [esi] |
| sub ecx, 04h |
| lea esi, dword ptr [esi+04h] |
| mov dword ptr [edi], eax |
| lea edi, dword ptr [edi+04h] |
| bt edi, 03h |
| jnc 00007F932C8E11B3h |
| movq xmm1, qword ptr [esi] |
| sub ecx, 08h |
| lea esi, dword ptr [esi+08h] |
| movq qword ptr [edi], xmm1 |
| lea edi, dword ptr [edi+08h] |
| test esi, 00000007h |
| je 00007F932C8E1205h |
| bt esi, 03h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xbc0cc | 0x17c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc8000 | 0x32aec | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xfb000 | 0x7134 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x92bc0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xa4b50 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8f000 | 0x884 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x8dfdd | 0x8e000 | 310e36668512d53489c005622bb1b4a9 | False | 0.5735602580325704 | data | 6.675248351711057 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8f000 | 0x2fd8e | 0x2fe00 | 748cf1ab2605ce1fd72d53d912abb68f | False | 0.32828818537859006 | data | 5.763244005758284 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xbf000 | 0x8f74 | 0x5200 | aae9601d920f07080bdfadf43dfeff12 | False | 0.1017530487804878 | data | 1.1963819235530628 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0xc8000 | 0x32aec | 0x32c00 | 1e39a95faeff58f877358bb9bed2aff5 | False | 0.8701123768472906 | data | 7.750350731278561 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0xfb000 | 0x7134 | 0x7200 | f04128ad0f87f42830e4a6cdbc38c719 | False | 0.7617530153508771 | data | 6.783955557128661 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0xc85a8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.7466216216216216 |
| RT_ICON | 0xc86d0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors | English | Great Britain | 0.3277027027027027 |
| RT_ICON | 0xc87f8 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | English | Great Britain | 0.3885135135135135 |
| RT_ICON | 0xc8920 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 0 | English | Great Britain | 0.3333333333333333 |
| RT_ICON | 0xc8c08 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 0 | English | Great Britain | 0.5 |
| RT_ICON | 0xc8d30 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | English | Great Britain | 0.2835820895522388 |
| RT_ICON | 0xc9bd8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | English | Great Britain | 0.37906137184115524 |
| RT_ICON | 0xca480 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | English | Great Britain | 0.23699421965317918 |
| RT_ICON | 0xca9e8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | Great Britain | 0.13858921161825727 |
| RT_ICON | 0xccf90 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | Great Britain | 0.25070356472795496 |
| RT_ICON | 0xce038 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | Great Britain | 0.3173758865248227 |
| RT_MENU | 0xce4a0 | 0x50 | data | English | Great Britain | 0.9 |
| RT_STRING | 0xce4f0 | 0x594 | data | English | Great Britain | 0.3333333333333333 |
| RT_STRING | 0xcea84 | 0x68a | data | English | Great Britain | 0.2747909199522103 |
| RT_STRING | 0xcf110 | 0x490 | data | English | Great Britain | 0.3715753424657534 |
| RT_STRING | 0xcf5a0 | 0x5fc | data | English | Great Britain | 0.3087467362924282 |
| RT_STRING | 0xcfb9c | 0x65c | data | English | Great Britain | 0.34336609336609336 |
| RT_STRING | 0xd01f8 | 0x466 | data | English | Great Britain | 0.3605683836589698 |
| RT_STRING | 0xd0660 | 0x158 | Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0 | English | Great Britain | 0.502906976744186 |
| RT_RCDATA | 0xd07b8 | 0x29d84 | data | 1.0003559009545147 | ||
| RT_GROUP_ICON | 0xfa53c | 0x76 | data | English | Great Britain | 0.6610169491525424 |
| RT_GROUP_ICON | 0xfa5b4 | 0x14 | data | English | Great Britain | 1.25 |
| RT_GROUP_ICON | 0xfa5c8 | 0x14 | data | English | Great Britain | 1.15 |
| RT_GROUP_ICON | 0xfa5dc | 0x14 | data | English | Great Britain | 1.25 |
| RT_VERSION | 0xfa5f0 | 0x10c | data | English | Great Britain | 0.5932835820895522 |
| RT_MANIFEST | 0xfa6fc | 0x3ef | ASCII text, with CRLF line terminators | English | Great Britain | 0.5074478649453823 |
| DLL | Import |
|---|---|
| WSOCK32.dll | WSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect |
| VERSION.dll | GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW |
| WINMM.dll | timeGetTime, waveOutSetVolume, mciSendStringW |
| COMCTL32.dll | ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create |
| MPR.dll | WNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W |
| WININET.dll | InternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW |
| PSAPI.DLL | GetProcessMemoryInfo |
| IPHLPAPI.DLL | IcmpCreateFile, IcmpCloseHandle, IcmpSendEcho |
| USERENV.dll | DestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW |
| UxTheme.dll | IsThemeActive |
| KERNEL32.dll | DuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA |
| USER32.dll | AdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW |
| GDI32.dll | StrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath |
| COMDLG32.dll | GetOpenFileNameW, GetSaveFileNameW |
| ADVAPI32.dll | GetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW |
| SHELL32.dll | DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish |
| ole32.dll | CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity |
| OLEAUT32.dll | LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | Great Britain |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 23, 2024 10:14:55.657406092 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:55.657447100 CEST | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Apr 23, 2024 10:14:55.657531977 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:55.675019026 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:55.675036907 CEST | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Apr 23, 2024 10:14:55.908538103 CEST | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Apr 23, 2024 10:14:55.908699036 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:55.911886930 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:55.911906004 CEST | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Apr 23, 2024 10:14:55.912411928 CEST | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Apr 23, 2024 10:14:55.954858065 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:55.964992046 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:56.012114048 CEST | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Apr 23, 2024 10:14:56.199364901 CEST | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Apr 23, 2024 10:14:56.199505091 CEST | 443 | 49730 | 104.26.13.205 | 192.168.2.4 |
| Apr 23, 2024 10:14:56.199771881 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:56.229422092 CEST | 49730 | 443 | 192.168.2.4 | 104.26.13.205 |
| Apr 23, 2024 10:14:56.342142105 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Apr 23, 2024 10:14:56.458482027 CEST | 80 | 49731 | 208.95.112.1 | 192.168.2.4 |
| Apr 23, 2024 10:14:56.458725929 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Apr 23, 2024 10:14:56.458827972 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Apr 23, 2024 10:14:56.577374935 CEST | 80 | 49731 | 208.95.112.1 | 192.168.2.4 |
| Apr 23, 2024 10:14:56.626703024 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Apr 23, 2024 10:14:57.095056057 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Apr 23, 2024 10:14:57.211493015 CEST | 80 | 49731 | 208.95.112.1 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.211594105 CEST | 49731 | 80 | 192.168.2.4 | 208.95.112.1 |
| Apr 23, 2024 10:14:57.255294085 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:57.375114918 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.375225067 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:57.635200024 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.635468006 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:57.755332947 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.755359888 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.755593061 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:57.875395060 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.875422001 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.875916958 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:57.995692015 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.997101068 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.997145891 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.997164965 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.997200966 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.027627945 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.147663116 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:58.150826931 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.270859003 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:58.272005081 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.392038107 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:58.392535925 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.512911081 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:58.513235092 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.633353949 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:58.643183947 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.764132023 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:58.764372110 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.884521961 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:58.885426044 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.885514021 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.885514021 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:58.885514021 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:14:59.005388975 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:59.009530067 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:14:59.064230919 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:37.126604080 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:37.246879101 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:37.247381926 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:37.249905109 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:37.249979019 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:37.369952917 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:37.370177984 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:49.914360046 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:50.034446955 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.034732103 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:50.294544935 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.294764996 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:50.414814949 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.414832115 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.415069103 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:50.535114050 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.535130978 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.535662889 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:50.655714035 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.655925989 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.657404900 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:50.670633078 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:50.790719986 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.790746927 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.791218996 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:50.911343098 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:50.911621094 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.031779051 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.032059908 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.152143002 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.152322054 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.273581028 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.273895025 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.394125938 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.395723104 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.395912886 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.395984888 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.396035910 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.397424936 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.515887022 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.515943050 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.517560005 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.517654896 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.640721083 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.640856028 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.761303902 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.761327982 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.761419058 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:51.881700993 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.881720066 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.886652946 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:51.938858032 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.089382887 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.209547997 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.209578037 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.209621906 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.211405039 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.214799881 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.337795019 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.337877035 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.600476980 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.600703955 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.721813917 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.721829891 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.722070932 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.843395948 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.843533039 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.843873978 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.963773012 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.964088917 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:57.964853048 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:57.965162039 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.085052013 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.085067987 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.085256100 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.205343962 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.205926895 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.326246977 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.326452017 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.446695089 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.447205067 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.567795992 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.568399906 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.688519001 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.688895941 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.688896894 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.689062119 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.689095020 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.690716028 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.808953047 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.808969975 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.809139967 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.810899973 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.811430931 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.929445982 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.931668997 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:58.931745052 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:58.933115959 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:59.052062035 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:59.052175045 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:59.053354979 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:59.053440094 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:16:59.053519964 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:59.172357082 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:59.173432112 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:59.178788900 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:16:59.220087051 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.044019938 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.164159060 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.165307999 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.165436029 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.166557074 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.166567087 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.287051916 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.291109085 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.452563047 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.452702999 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.573880911 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.573904037 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.574126959 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.694173098 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.694380999 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.694777012 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.815676928 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.815953016 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.817136049 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.817136049 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:00.937247038 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.937263012 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:00.937452078 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.057559967 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.057864904 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.179452896 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.179727077 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.299891949 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.300048113 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.421149015 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.421336889 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.541596889 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.541996002 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.542114973 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.542222977 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.542222977 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.543884039 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.662134886 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.662158012 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.662197113 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.662236929 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.664009094 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.664119005 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.783437014 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.783497095 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.785044909 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.785119057 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.785615921 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.785707951 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.903784990 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.903852940 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:01.905244112 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.905853033 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:01.905864954 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:02.024012089 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:02.028558969 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:02.079616070 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:23.913958073 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.034248114 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.034337044 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.034411907 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.035049915 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.036173105 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.155980110 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.156058073 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.288780928 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.288960934 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.408869028 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.408912897 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.409136057 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.528994083 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.529032946 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.529402971 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.649246931 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.649492025 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.650568008 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.650568008 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.770426989 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.770447016 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.770664930 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:24.890407085 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:24.890775919 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:25.010732889 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:25.010976076 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:25.130985022 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:25.131174088 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:25.220711946 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:25.251715899 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:25.251790047 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:25.302289009 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:25.340887070 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 |
| Apr 23, 2024 10:17:25.340933084 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:26.315277100 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:28.329919100 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:32.329395056 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:35.975544930 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:36.985605955 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:39.002033949 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:40.329384089 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:43.001234055 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:46.440706968 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:47.460486889 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:49.469970942 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:51.001209974 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:53.469990969 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:57.002351046 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:17:58.001199961 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:00.001207113 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:01.469939947 CEST | 49744 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:04.001647949 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:07.480562925 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:08.485539913 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:10.504558086 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:12.016872883 CEST | 49745 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:14.501238108 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:18.018635035 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:19.033142090 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:21.035098076 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:22.519130945 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:25.048006058 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:28.517714024 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:29.532361031 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:31.547988892 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:33.048059940 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:35.563694954 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:39.048728943 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:40.065639973 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:42.079221010 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:43.563613892 CEST | 49746 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:46.081521988 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:49.580486059 CEST | 49748 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:50.594866037 CEST | 49748 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:52.594908953 CEST | 49748 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:54.079185963 CEST | 49747 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:18:56.594881058 CEST | 49748 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:19:00.080193996 CEST | 49749 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:19:01.079173088 CEST | 49749 | 587 | 192.168.2.4 | 131.226.2.60 |
| Apr 23, 2024 10:19:03.079186916 CEST | 49749 | 587 | 192.168.2.4 | 131.226.2.60 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 23, 2024 10:14:55.535900116 CEST | 50079 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 23, 2024 10:14:55.640722036 CEST | 53 | 50079 | 1.1.1.1 | 192.168.2.4 |
| Apr 23, 2024 10:14:56.236350060 CEST | 62740 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 23, 2024 10:14:56.341161013 CEST | 53 | 62740 | 1.1.1.1 | 192.168.2.4 |
| Apr 23, 2024 10:14:57.096049070 CEST | 61275 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 23, 2024 10:14:57.248893976 CEST | 53 | 61275 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Checksum | Code | Type |
|---|---|---|---|---|---|
| Apr 23, 2024 10:17:25.424313068 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:26.437304020 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:28.451765060 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:32.451273918 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:36.097404957 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:37.107408047 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:39.124114990 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:40.451246023 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:43.123092890 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:46.562863111 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:47.582416058 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:49.591912985 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:51.123277903 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:53.592086077 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:57.124361992 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:17:58.123826981 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:00.123250008 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:01.591933012 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:04.123554945 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:07.603430033 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:08.607639074 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:10.628448009 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:12.138900995 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:14.623322964 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:18.140573978 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:19.155770063 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:21.157052040 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:22.641298056 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:25.170039892 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:28.642997026 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:29.654243946 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:31.669783115 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:33.169972897 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:35.685575962 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:39.170350075 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:40.187479019 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:42.201061964 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:43.685503960 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:46.203435898 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:49.700409889 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:50.714812994 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:52.715064049 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:54.201340914 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:18:56.714999914 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:19:00.200566053 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:19:01.198990107 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Apr 23, 2024 10:19:03.199173927 CEST | 131.226.2.60 | 192.168.2.4 | 45ee | (Port unreachable) | Destination Unreachable |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 23, 2024 10:14:55.535900116 CEST | 192.168.2.4 | 1.1.1.1 | 0xcea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 23, 2024 10:14:56.236350060 CEST | 192.168.2.4 | 1.1.1.1 | 0x50e0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 23, 2024 10:14:57.096049070 CEST | 192.168.2.4 | 1.1.1.1 | 0x406c | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 23, 2024 10:14:55.640722036 CEST | 1.1.1.1 | 192.168.2.4 | 0xcea | No error (0) | 104.26.13.205 | A (IP address) | IN (0x0001) | false | ||
| Apr 23, 2024 10:14:55.640722036 CEST | 1.1.1.1 | 192.168.2.4 | 0xcea | No error (0) | 172.67.74.152 | A (IP address) | IN (0x0001) | false | ||
| Apr 23, 2024 10:14:55.640722036 CEST | 1.1.1.1 | 192.168.2.4 | 0xcea | No error (0) | 104.26.12.205 | A (IP address) | IN (0x0001) | false | ||
| Apr 23, 2024 10:14:56.341161013 CEST | 1.1.1.1 | 192.168.2.4 | 0x50e0 | No error (0) | 208.95.112.1 | A (IP address) | IN (0x0001) | false | ||
| Apr 23, 2024 10:14:57.248893976 CEST | 1.1.1.1 | 192.168.2.4 | 0x406c | No error (0) | 131.226.2.60 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49731 | 208.95.112.1 | 80 | 6600 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Apr 23, 2024 10:14:56.458827972 CEST | 80 | OUT | |
| Apr 23, 2024 10:14:56.577374935 CEST | 174 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 104.26.13.205 | 443 | 6600 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-04-23 08:14:55 UTC | 155 | OUT | |
| 2024-04-23 08:14:56 UTC | 211 | IN | |
| 2024-04-23 08:14:56 UTC | 14 | IN |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
|---|---|---|---|---|---|
| Apr 23, 2024 10:14:57.635200024 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Apr 23, 2024 10:14:57.635468006 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 910646 |
| Apr 23, 2024 10:14:57.755359888 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Apr 23, 2024 10:14:57.755593061 CEST | 49732 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Apr 23, 2024 10:14:57.875422001 CEST | 587 | 49732 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
| Apr 23, 2024 10:16:50.294544935 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Apr 23, 2024 10:16:50.294764996 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 910646 |
| Apr 23, 2024 10:16:50.414832115 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Apr 23, 2024 10:16:50.415069103 CEST | 49740 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Apr 23, 2024 10:16:50.535130978 CEST | 587 | 49740 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
| Apr 23, 2024 10:16:57.600476980 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Apr 23, 2024 10:16:57.600703955 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 910646 |
| Apr 23, 2024 10:16:57.721829891 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Apr 23, 2024 10:16:57.722070932 CEST | 49741 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Apr 23, 2024 10:16:57.843533039 CEST | 587 | 49741 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
| Apr 23, 2024 10:17:00.452563047 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Apr 23, 2024 10:17:00.452702999 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 910646 |
| Apr 23, 2024 10:17:00.573904037 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Apr 23, 2024 10:17:00.574126959 CEST | 49742 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Apr 23, 2024 10:17:00.694380999 CEST | 587 | 49742 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
| Apr 23, 2024 10:17:24.288780928 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 | 220 ns1.myhydropowered.com ESMTP Postfix (Ubuntu) |
| Apr 23, 2024 10:17:24.288960934 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 | EHLO 910646 |
| Apr 23, 2024 10:17:24.408912897 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 | 250-ns1.myhydropowered.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250-SMTPUTF8 250 CHUNKING |
| Apr 23, 2024 10:17:24.409136057 CEST | 49743 | 587 | 192.168.2.4 | 131.226.2.60 | STARTTLS |
| Apr 23, 2024 10:17:24.529032946 CEST | 587 | 49743 | 131.226.2.60 | 192.168.2.4 | 220 2.0.0 Ready to start TLS |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 10:14:53 |
| Start date: | 23/04/2024 |
| Path: | C:\Users\user\Desktop\Ship Docs_ CI_BL_HBL_.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xf80000 |
| File size: | 1'036'800 bytes |
| MD5 hash: | 6902D6B5857BDCDE15B9AF8AAF50B407 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 10:14:54 |
| Start date: | 23/04/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x90000 |
| File size: | 45'984 bytes |
| MD5 hash: | 9D352BC46709F0CB5EC974633A0C3C94 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | high |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 3.9% |
| Dynamic/Decrypted Code Coverage: | 1.3% |
| Signature Coverage: | 5.8% |
| Total number of Nodes: | 2000 |
| Total number of Limit Nodes: | 154 |
Graph
Function 00F83B4C Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84AFE Relevance: 10.7, APIs: 7, Instructions: 223COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE4696 Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8E800 Relevance: 2.4, Strings: 1, Instructions: 1102COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F90B30 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE93DF Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F83015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 73windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F83041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F871EB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F83A58 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F83633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC2630 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC2410 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 140fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8410D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F835B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA493A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FFCDF1 Relevance: 4.9, APIs: 3, Instructions: 392COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8F8CF Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F843DB Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA594C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE8F97 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8492E Relevance: 3.1, APIs: 2, Instructions: 59COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F85DF9 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F92123 Relevance: 1.7, APIs: 1, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F85C4E Relevance: 1.6, APIs: 1, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FC00D6 Relevance: 1.6, APIs: 1, Instructions: 88COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F85B19 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84F3D Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FC01AF Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F85D20 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F85BDA Relevance: 1.5, APIs: 1, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA4A93 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84FAA Relevance: 1.5, APIs: 1, Instructions: 28COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA09D5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE9129 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F85DAE Relevance: 1.5, APIs: 1, Instructions: 16COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA548B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FED2E6 Relevance: 1.4, APIs: 1, Instructions: 198COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA0E48 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC22FC Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00EC2300 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100CDAC Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 637windowkeyboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100804A Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 571windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84A35 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEC9C7 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEF200 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01000AE2 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEF35D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F96843 Relevance: 18.4, Strings: 14, Instructions: 883COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF86D0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF4458 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE3A2B Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEF65E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F958C0 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE545F Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF6596 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F95680 Relevance: 8.0, APIs: 5, Instructions: 516COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F81287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 010055FD Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FFC304 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F93190 Relevance: 6.6, APIs: 4, Instructions: 587COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE40B1 Relevance: 6.1, APIs: 4, Instructions: 65fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDEB07 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB59E Relevance: 4.6, APIs: 3, Instructions: 73COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8CC3 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE4C03 Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8E060 Relevance: 3.5, APIs: 2, Instructions: 539COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEC93C Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEA2D5 Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8713 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAF419 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FB267E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE8B13 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE4EF5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8C93 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FC2230 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FAA364 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F98A0E Relevance: .6, Instructions: 608COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA2405 Relevance: .3, Instructions: 345COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA283A Relevance: .3, Instructions: 341COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA1BB8 Relevance: .3, Instructions: 323COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF7B1B Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 010037F3 Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100A849 Relevance: 49.8, APIs: 33, Instructions: 274COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F82C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF77BE Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01008C44 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01004B16 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F827D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01004069 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 283windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF52F0 Relevance: 27.1, APIs: 18, Instructions: 124COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDAA64 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100A428 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100C8EE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01004619 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100BAB8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEA45A Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100C49C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF762D Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE48F3 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE5217 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FED7F8 Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDC72A Relevance: 18.2, APIs: 12, Instructions: 174COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F821A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 010073C1 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100772A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA7040 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF5A45 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD9471 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD955C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD9645 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF8BC0 Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F8FBBD Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F82E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100C27C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF8F5B Relevance: 13.9, APIs: 9, Instructions: 438COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 010088B4 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD9B50 Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01006FEF Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE3226 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE4534 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F82A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE7368 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01006442 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDC072 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F81424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF6E8A Relevance: 10.7, APIs: 7, Instructions: 212COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE589F Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE38AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01007500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100653C Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDE0B5 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100783C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA41C9 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA429E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE675A Relevance: 9.2, APIs: 6, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01005A20 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDF3DD Relevance: 9.2, APIs: 6, Instructions: 159COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE26F9 Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F81765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100B958 Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF73B1 Relevance: 9.1, APIs: 6, Instructions: 97COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8D5B Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8AF9 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100C19A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE74D2 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8E74 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE2F86 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDDA5D Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE2C42 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD9372 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF1B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01006656 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE703E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE710C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDA52F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FFEE69 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEE7DC Relevance: 7.6, APIs: 5, Instructions: 135COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100A2C5 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6920 Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDB6AF Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100B405 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD97E9 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F812F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDC161 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE4D35 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD874A Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE54E6 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD7652 Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD85F1 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8652 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F813B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01007648 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01006F1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100797D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84C95 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84D94 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84D61 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01001072 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF93F5 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD76C5 Relevance: 6.3, APIs: 4, Instructions: 333COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FFE33E Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF83A8 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD7A78 Relevance: 6.2, APIs: 4, Instructions: 231COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD6DF3 Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE97E5 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01009A63 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF672D Relevance: 6.1, APIs: 4, Instructions: 116COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEBA5F Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01008AC0 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100ADF1 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01005175 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100C788 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FA0BD0 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8B9E Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF1A5B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FDE1AF Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF667C Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD9023 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F81290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE1652 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100B57F Relevance: 6.0, APIs: 4, Instructions: 47COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100B8EF Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE6E7C Relevance: 6.0, APIs: 4, Instructions: 33COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0100C00C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F82218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD8C5A Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FC2187 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FC219B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FEB217 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00F92AB7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF2882 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE2D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01006943 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01006B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FE2E9E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF24CA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FF80A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD92E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD91DF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD9264 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00FD81BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 01005BEB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |