Edit tour
Windows
Analysis Report
SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe
Overview
General Information
| Sample name: | SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
| Analysis ID: | 1431820 |
| MD5: | 0d8bedda7d9b963de975685cf2b2a5eb |
| SHA1: | cbbffe900a09e8a3bbb1a1bf16e7aeb8ebde72a1 |
| SHA256: | 519f0b16537fa4a2bc228cdfce2b85c12225e2071d7789c8cc9bb8f7b85796ca |
| Tags: | exe |
| Infos: |  |
 | |
Detection
| Score: | 16 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 0% |
Signatures
Yara detected BatToExe compiled binary
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Classification
Analysis Advice
| Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox |
| Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
| Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
| Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
| Sample searches for specific file, try point organization specific fake files to the analysis machine |
- System is w10x64
SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe (PID: 6284 cmdline: "C:\Users\ user\Deskt op\Securit eInfo.com. W32.ABRisk .NJSZ-2550 .30267.882 3.exe" MD5: 0D8BEDDA7D9B963DE975685CF2B2A5EB) - SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp (PID: 6548 cmdline:
"C:\Users\ user\AppDa ta\Local\T emp\is-6FO PC.tmp\Sec uriteInfo. com.W32.AB Risk.NJSZ- 2550.30267 .8823.tmp" /SL5="$20 438,409228 7,121344,C :\Users\us er\Desktop \SecuriteI nfo.com.W3 2.ABRisk.N JSZ-2550.3 0267.8823. exe" MD5: 90FC739C83CD19766ACB562C66A7D0E2) 
Bat_To_Exe_Converter.exe (PID: 6128 cmdline: "C:\Progra m Files\Ba t To Exe C onverter\B at_To_Exe_ Converter. exe" MD5: E3D6B93E861FEEFA47CCEEAE03E99094)
- cleanup
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
| JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
| JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
| JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security | ||
| JoeSecurity_BatToExe | Yara detected BatToExe compiled binary | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
| Source: | Code function: | 5_2_00000001400A2380 | |
| Source: | Code function: | 5_2_000000014009AF20 | |
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Window detected: | ||
| Source: | Window detected: | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 5_2_000000014004BD20 | |
| Source: | Code function: | 5_2_000000014004C040 | |
| Source: | Code function: | 5_2_000000014004C434 | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 5_2_0000000140060084 | |
| Source: | Code function: | 5_2_0000000140397EB4 | |
| Source: | Code function: | 5_2_000000014005FFD0 | |
| Source: | Code function: | 5_2_00007FFDFF1E8224 | |
| Source: | Code function: | 5_2_0000000140060084 | |
| Source: | Code function: | 5_2_000000014005DC08 | |
| Source: | Code function: | 5_2_00007FFDFF1E59F8 | |
| Source: | Code function: | 5_2_000000014005D068 | |
| Source: | Code function: | 5_2_0000000140059267 | |
| Source: | Code function: | 5_2_000000014005A27C | |
| Source: | Code function: | 5_2_0000000140057E94 | |
| Source: | Code function: | 5_2_0000000140054030 | |
| Source: | Code function: | 5_2_000000014005E0CC | |
| Source: | Code function: | 5_2_0000000140055520 | |
| Source: | Code function: | 5_2_00000001400526C8 | |
| Source: | Code function: | 5_2_0000000140055744 | |
| Source: | Code function: | 5_2_0000000140397D84 | |
| Source: | Code function: | 5_2_0000000140001000 | |
| Source: | Code function: | 5_2_000000014005D138 | |
| Source: | Code function: | 5_2_00000001400451E8 | |
| Source: | Code function: | 5_2_0000000140042388 | |
| Source: | Code function: | 5_2_0000000140084030 | |
| Source: | Code function: | 5_2_00000001400CC040 | |
| Source: | Code function: | 5_2_0000000140085050 | |
| Source: | Code function: | 5_2_00000001400570C4 | |
| Source: | Code function: | 5_2_000000014006012C | |
| Source: | Code function: | 5_2_000000014008015E | |
| Source: | Code function: | 5_2_0000000140064258 | |
| Source: | Code function: | 5_2_00000001400CA2F0 | |
| Source: | Code function: | 5_2_00000001400803D5 | |
| Source: | Code function: | 5_2_000000014005F444 | |
| Source: | Code function: | 5_2_000000014007D4D0 | |
| Source: | Code function: | 5_2_00000001400CB5C0 | |
| Source: | Code function: | 5_2_00000001400D75F0 | |
| Source: | Code function: | 5_2_00000001400766A0 | |
| Source: | Code function: | 5_2_00000001400526C8 | |
| Source: | Code function: | 5_2_000000014005B6CC | |
| Source: | Code function: | 5_2_00000001400576E8 | |
| Source: | Code function: | 5_2_00000001400856F0 | |
| Source: | Code function: | 5_2_00000001400447C0 | |
| Source: | Code function: | 5_2_000000014004788C | |
| Source: | Code function: | 5_2_00000001400F9930 | |
| Source: | Code function: | 5_2_0000000140079950 | |
| Source: | Code function: | 5_2_0000000140084980 | |
| Source: | Code function: | 5_2_0000000140065A20 | |
| Source: | Code function: | 5_2_0000000140079A30 | |
| Source: | Code function: | 5_2_000000014007FACD | |
| Source: | Code function: | 5_2_00000001400FBAF0 | |
| Source: | Code function: | 5_2_00000001400D6B50 | |
| Source: | Code function: | 5_2_00000001400C9C20 | |
| Source: | Code function: | 5_2_000000014007FC65 | |
| Source: | Code function: | 5_2_0000000140083CA0 | |
| Source: | Code function: | 5_2_0000000140083CB0 | |
| Source: | Code function: | 5_2_000000014006BCB0 | |
| Source: | Code function: | 5_2_0000000140075E00 | |
| Source: | Code function: | 5_2_0000000140073E60 | |
| Source: | Code function: | 5_2_000000014009AF20 | |
| Source: | Code function: | 5_2_000000014004EF58 | |
| Source: | Code function: | 5_2_0000000140047FC8 | |
| Source: | Code function: | 5_2_000000014006DFD4 | |
| Source: | Code function: | 5_2_00007FFDFF1E59F8 | |
| Source: | Code function: | 5_2_00007FFDFF1CE214 | |
| Source: | Code function: | 5_2_00007FFDFF21FF9C | |
| Source: | Code function: | 5_2_00007FFDFF1D3FBC | |
| Source: | Code function: | 5_2_00007FFDFF22AFA4 | |
| Source: | Code function: | 5_2_00007FFDFF224020 | |
| Source: | Code function: | 5_2_00007FFDFF20EE70 | |
| Source: | Code function: | 5_2_00007FFDFF1F9EC0 | |
| Source: | Code function: | 5_2_00007FFDFF1DCF48 | |
| Source: | Code function: | 5_2_00007FFDFF1EADD4 | |
| Source: | Code function: | 5_2_00007FFDFF22BDE4 | |
| Source: | Code function: | 5_2_00007FFDFF1F4E54 | |
| Source: | Code function: | 5_2_00007FFDFF235E38 | |
| Source: | Code function: | 5_2_00007FFDFF21DC84 | |
| Source: | Code function: | 5_2_00007FFDFF21CC88 | |
| Source: | Code function: | 5_2_00007FFDFF215B94 | |
| Source: | Code function: | 5_2_00007FFDFF1F1B94 | |
| Source: | Code function: | 5_2_00007FFDFF22EB70 | |
| Source: | Code function: | 5_2_00007FFDFF1CCB70 | |
| Source: | Code function: | 5_2_00007FFDFF1FDBB4 | |
| Source: | Code function: | 5_2_00007FFDFF1DFA80 | |
| Source: | Code function: | 5_2_00007FFDFF1EDAA0 | |
| Source: | Code function: | 5_2_00007FFDFF20FAEC | |
| Source: | Code function: | 5_2_00007FFDFF211B58 | |
| Source: | Code function: | 5_2_00007FFDFF203B54 | |
| Source: | Code function: | 5_2_00007FFDFF20CB48 | |
| Source: | Code function: | 5_2_00007FFDFF1C6B24 | |
| Source: | Code function: | 5_2_00007FFDFF1FF9C8 | |
| Source: | Code function: | 5_2_00007FFDFF20BA2C | |
| Source: | Code function: | 5_2_00007FFDFF1FE87C | |
| Source: | Code function: | 5_2_00007FFDFF21B8C0 | |
| Source: | Code function: | 5_2_00007FFDFF1EE8F0 | |
| Source: | Code function: | 5_2_00007FFDFF1DF8F0 | |
| Source: | Code function: | 5_2_00007FFDFF1F0920 | |
| Source: | Code function: | 5_2_00007FFDFF21993C | |
| Source: | Code function: | 5_2_00007FFDFF20979C | |
| Source: | Code function: | 5_2_00007FFDFF1F5794 | |
| Source: | Code function: | 5_2_00007FFDFF22A768 | |
| Source: | Code function: | 5_2_00007FFDFF21D7DC | |
| Source: | Code function: | 5_2_00007FFDFF1EB7F8 | |
| Source: | Code function: | 5_2_00007FFDFF22970C | |
| Source: | Code function: | 5_2_00007FFDFF2026E0 | |
| Source: | Code function: | 5_2_00007FFDFF2226E8 | |
| Source: | Code function: | 5_2_00007FFDFF1F4740 | |
| Source: | Code function: | 5_2_00007FFDFF1EF720 | |
| Source: | Code function: | 5_2_00007FFDFF20D590 | |
| Source: | Code function: | 5_2_00007FFDFF214598 | |
| Source: | Code function: | 5_2_00007FFDFF1F2598 | |
| Source: | Code function: | 5_2_00007FFDFF1FB64C | |
| Source: | Code function: | 5_2_00007FFDFF21A644 | |
| Source: | Code function: | 5_2_00007FFDFF22764C | |
| Source: | Code function: | 5_2_00007FFDFF23163C | |
| Source: | Code function: | 5_2_00007FFDFF1FC49C | |
| Source: | Code function: | 5_2_00007FFDFF210460 | |
| Source: | Code function: | 5_2_00007FFDFF1E4504 | |
| Source: | Code function: | 5_2_00007FFDFF21E3C0 | |
| Source: | Code function: | 5_2_00007FFDFF2323AC | |
| Source: | Code function: | 5_2_00007FFDFF228438 | |
| Source: | Code function: | 5_2_00007FFDFF1CB260 | |
| Source: | Code function: | 5_2_00007FFDFF1FF318 | |
| Source: | Code function: | 5_2_00007FFDFF22530C | |
| Source: | Code function: | 5_2_00007FFDFF2152EC | |
| Source: | Code function: | 5_2_00007FFDFF1ED1C8 | |
| Source: | Code function: | 5_2_00007FFDFF1F8200 | |
| Source: | Code function: | 5_2_00007FFDFF1F71F0 | |
| Source: | Code function: | 5_2_00007FFDFF235234 | |
| Source: | Code function: | 5_2_00007FFDFF20A234 | |
| Source: | Code function: | 5_2_00007FFDFF1FD098 | |
| Source: | Code function: | 5_2_00007FFDFF1F10D0 | |
| Source: | Code function: | 5_2_00007FFDFF23111C | |
| Source: | Code function: | 5_2_00007FFDFF2010E8 | |
| Source: | Code function: | 5_2_00007FFDFF209144 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 5_2_0000000140014D9A | |
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | Key value created or modified: | Jump to behavior | ||
| Source: | Window found: | Jump to behavior | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Window detected: | ||
| Source: | Window detected: | ||
| Source: | Window detected: | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Directory created: | Jump to behavior | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation |   |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 5_2_000000014004C1BC | |
| Source: | Code function: | 5_2_0000000140075192 | |
| Source: | Code function: | 5_2_0000000140075391 | |
| Source: | Code function: | 5_2_000000014007538D | |
| Source: | Code function: | 5_2_00000001400746EB | |
| Source: | Code function: | 5_2_00000001400746F8 | |
| Source: | Code function: | 5_2_0000000140074F00 | |
| Source: | Code function: | 5_2_0000000140074F04 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 5_2_000000014005C6A8 | |
| Source: | Code function: | 5_2_000000014005C6A8 | |
| Source: | Code function: | 5_2_000000014005CE70 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Evasive API call chain: | graph_5-103273 | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Code function: | 5_2_000000014004BD20 | |
| Source: | Code function: | 5_2_000000014004C040 | |
| Source: | Code function: | 5_2_000000014004C434 | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_5-103407 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 5_2_00007FFDFF22DB70 | |
| Source: | Code function: | 5_2_000000014004C1BC | |
| Source: | Code function: | 5_2_00000001400471B0 | |
| Source: | Code function: | 5_2_00007FFDFF22DB70 | |
| Source: | Code function: | 5_2_00007FFDFF22F270 | |
| Source: | Code function: | 5_2_00007FFDFF23212C | |
| Source: | Code function: | 5_2_00007FFDFF23605C | |
| Source: | Code function: | 5_2_00007FFDFF1E5434 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 5_2_000000014005F8E4 | |
| Source: | Code function: | 5_2_00000001400439C8 | |
| Source: | Code function: | 5_2_000000014039813C | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 Windows Service | 1 Windows Service | 3 Masquerading | 1 Input Capture | 1 System Time Discovery | Remote Services | 1 Input Capture | 2 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 2 Native API | 1 Registry Run Keys / Startup Folder | 1 Process Injection | 1 Process Injection | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | 11 Archive Collected Data | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | Steganography | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | 1 DLL Side-Loading | 21 Obfuscated Files or Information | NTDS | 11 Application Window Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Software Packing | LSA Secrets | 2 System Owner/User Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 3 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 33 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 3% | ReversingLabs | |||
| 4% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 1% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 1% | Virustotal | Browse | ||
| 5% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 5% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 3% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse | ||
| 4% | ReversingLabs | |||
| 3% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 2% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
⊘No contacted domains info
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|
| IP |
|---|
| 127.0.0.1 |
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1431820 |
| Start date and time: | 2024-04-25 20:39:06 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 35s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 8 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
| Detection: | CLEAN |
| Classification: | clean16.evad.winEXE@5/33@0/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
⊘No simulations
⊘No context
⊘No context
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp | Get hash | malicious | Unknown | Browse | ||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2105856 |
| Entropy (8bit): | 7.972220715342655 |
| Encrypted: | false |
| SSDEEP: | 49152:NOPSa4ZImzdAxZmKLEb+T+VY07d7AidLAbbtwSjugk:NraitzdAfBEa0AiLAbbO0ugk |
| MD5: | E3D6B93E861FEEFA47CCEEAE03E99094 |
| SHA1: | 94AC369EA396C6A4C23DDCFB41CFDFE81CE0B3DA |
| SHA-256: | 55DF60E09826469E543C090198AC6A12E1269047A88ED698E25E6E62D83FF4C7 |
| SHA-512: | 2C00287925DCB22B4BABD7C49E9035CCB92B895F123791EF361FF495B08D74FE1E9ADD54C1FCABD4DE3CD396FAAFECCBAE0C750913D911DBA6531F51AB126402 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2105856 |
| Entropy (8bit): | 7.972220715342655 |
| Encrypted: | false |
| SSDEEP: | 49152:NOPSa4ZImzdAxZmKLEb+T+VY07d7AidLAbbtwSjugk:NraitzdAfBEa0AiLAbbO0ugk |
| MD5: | E3D6B93E861FEEFA47CCEEAE03E99094 |
| SHA1: | 94AC369EA396C6A4C23DDCFB41CFDFE81CE0B3DA |
| SHA-256: | 55DF60E09826469E543C090198AC6A12E1269047A88ED698E25E6E62D83FF4C7 |
| SHA-512: | 2C00287925DCB22B4BABD7C49E9035CCB92B895F123791EF361FF495B08D74FE1E9ADD54C1FCABD4DE3CD396FAAFECCBAE0C750913D911DBA6531F51AB126402 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1202385 |
| Entropy (8bit): | 6.3676423528784865 |
| Encrypted: | false |
| SSDEEP: | 24576:JtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxyt1:3qTytRFk6ek1L2 |
| MD5: | 628B00C12FAC5A7E788FDFD8A02244D1 |
| SHA1: | 7C318E92F2AE8E77FBF3669C65D56E4691648CE3 |
| SHA-256: | BBD0534581D5EF17243748536FD95C31031600017C97F1645E83E44F1A7B2E62 |
| SHA-512: | 3061987D15DAF427824771DBEAA56692C51817EB814B52309EF061606892CB1A71DE7A4895CE33C6D38A313DC990ACEDED237F90D2202802BD02472E25A5EE49 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4039 |
| Entropy (8bit): | 3.5882877667893496 |
| Encrypted: | false |
| SSDEEP: | 96:3fCpbcuJlEDA4MZAe2L2ICDcCJC6lCDUCph7Cph4HHhqe:3WbP4DSmpckHp |
| MD5: | 80AEC56BA3D0709D35D42B8B38D9BF3F |
| SHA1: | 8CB6A748FCDED66A2B0EB1F2253CB131214E031F |
| SHA-256: | D273D2462493CFB5DAF9145E53B8D3321964946E42DC02041DA537281B77C4F9 |
| SHA-512: | BCDC2B857C1ABC2639C80E89D77EC27ED62B75927648392EFA0FC267E8A4937B26577EE359C92B5C7ED02B95F389F899A528E40B5CD0B2E83177F6743208893F |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1202385 |
| Entropy (8bit): | 6.3676423528784865 |
| Encrypted: | false |
| SSDEEP: | 24576:JtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxyt1:3qTytRFk6ek1L2 |
| MD5: | 628B00C12FAC5A7E788FDFD8A02244D1 |
| SHA1: | 7C318E92F2AE8E77FBF3669C65D56E4691648CE3 |
| SHA-256: | BBD0534581D5EF17243748536FD95C31031600017C97F1645E83E44F1A7B2E62 |
| SHA-512: | 3061987D15DAF427824771DBEAA56692C51817EB814B52309EF061606892CB1A71DE7A4895CE33C6D38A313DC990ACEDED237F90D2202802BD02472E25A5EE49 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter\Bat To Exe Converter.lnk
Download File
| Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1015 |
| Entropy (8bit): | 4.534697656204505 |
| Encrypted: | false |
| SSDEEP: | 24:8mnRldygJ/IWjVrUADhhMdFWQxdFWtr/Bm:8mndhRjDhhMddd2F |
| MD5: | F42E62654AEAE9ABAC3C82E5B18D3119 |
| SHA1: | B528E3F69F7B4E0B24B4F050EBCB67831665FA4C |
| SHA-256: | C899E33D85FACA785819143235C0EAF3297BA07267CA2B3D7ABF9621B95C9007 |
| SHA-512: | 31A9822B6A9D5E50BC5AC21A57AEB57EA4A6EF0DACD104EEE8BAE7FEBA941047E3E4A9CE8B53C2DB5E43439D5DEC071A47D90FEFCBD23BA59DD01B8679D0A25D |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bat To Exe Converter\Uninstall Bat To Exe Converter.lnk
Download File
| Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 955 |
| Entropy (8bit): | 4.5891660457182555 |
| Encrypted: | false |
| SSDEEP: | 24:8mmAbdygJ/IWkDhIQA/h4dFWNgdFWtrTBm:8mm0dhQDh4/h4dOgd2Z |
| MD5: | 991F6FE2A628D3996237065EE5FA004D |
| SHA1: | 76E30774608496332AA507ED634E6A95BB50C3CE |
| SHA-256: | FA6E32B7F0DDE54847C6BAD806960E2B410E17BC5B8F57B95DEAB2FA2AD8B767 |
| SHA-512: | FFAB602FFF593244C2AF667761D1456DF4E5B6DA2A6C5B056D54AAF09A35C17ACA449C3133BFFBE333811B5A916100BE70574D8691E62FC56FD95F28260BC010 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp 
Download File
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1179648 |
| Entropy (8bit): | 6.395287124443116 |
| Encrypted: | false |
| SSDEEP: | 24576:RtdAm9DUi/CR3wCkCiRgoG7hBaHkbEXXeG/jFt5lTxyt:PqTytRFk6ek1L |
| MD5: | 90FC739C83CD19766ACB562C66A7D0E2 |
| SHA1: | 451F385A53D5FED15E7649E7891E05F231EF549A |
| SHA-256: | 821BD11693BF4B4B2B9F3C196036E1F4902ABD95FB26873EA6C43E123B8C9431 |
| SHA-512: | 4CB11AD48B7585EF1B70FAC9E3C25610B2F64A16358CD51E32ADCB0B17A6AB1C934AEB10ADAA8E9DDF69B2E2F1D18FE2E87B49B39F89B05EA13AA3205E41296C |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6144 |
| Entropy (8bit): | 4.720366600008286 |
| Encrypted: | false |
| SSDEEP: | 96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0 |
| MD5: | E4211D6D009757C078A9FAC7FF4F03D4 |
| SHA1: | 019CD56BA687D39D12D4B13991C9A42EA6BA03DA |
| SHA-256: | 388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95 |
| SHA-512: | 17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 93B885ADFE0DA089CDF634904FD59F71 |
| SHA1: | 5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F |
| SHA-256: | 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D |
| SHA-512: | B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | 93B885ADFE0DA089CDF634904FD59F71 |
| SHA1: | 5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F |
| SHA-256: | 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D |
| SHA-512: | B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47104 |
| Entropy (8bit): | 6.38249525851103 |
| Encrypted: | false |
| SSDEEP: | 768:kWyGCFzNhPlIpVnwuDbU0xy576WK73T3aFfVbBiRchq/rgIQs1GAXw1WInr7llh0:kDFpgpBd80OK7D0VbBiyADg9s1JXw4Iz |
| MD5: | CAFC4EEC8A4F05B8DFEE4067FB5B9076 |
| SHA1: | 38F4C66246636E187FE4BF2AA8CB1D9B2502A14C |
| SHA-256: | 1FA554D18490CB5E56D624CD97069F42E63800688136C6CF3C521E4EF6E83E28 |
| SHA-512: | 3C3E7C874E6B182AEF812A1B593C3B1A3EA6EFD5AE99792B88009CB6E6E0CEE13C46FC26A1DBB7D73899A2ED01F73779C06D85246FD23EDC6BF04FE41E0E133B |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 54784 |
| Entropy (8bit): | 6.505164558362332 |
| Encrypted: | false |
| SSDEEP: | 1536:ob9eNDMeUu2rpfT+Rpog93zAecGMWEPwv+iRS6:oENDILpg7nYpiV |
| MD5: | F69B0E5F35B5DAE1B11B950CFF157FB3 |
| SHA1: | F582F77D036C362F1EC5A0AB11707143CB0C9220 |
| SHA-256: | ED010C50A7CEB43B9666E7FBCA13D8377D30B79203207BAD77004A890ADEEA17 |
| SHA-512: | F0AC0B51A80D20148D069A231D50A581E6580EA45ADC2D15C15182C9551363E204E119DAAC544C37AC6D9E93B75AB73E90E9947E7BF3CF86707A5C5645E2750C |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 568320 |
| Entropy (8bit): | 6.362114578604268 |
| Encrypted: | false |
| SSDEEP: | 6144:FuyRri/YTtF1LbOtbvMMhLxodmpjSIZ/KfmGE178z0srIW4w23Y8D9xbDUV7R0Kq:FucNtFJCxvBLxodojSIZKmX5sr/h4Ik |
| MD5: | 0239B5B3A757CE3367335E873B9D9DDA |
| SHA1: | 11A2EA37F1AAA80C547B07DEE5B7D1B727809376 |
| SHA-256: | 2B04DB2CAA0064A89DCB8137077F12DE5D2B72389CEEED1227CE7C80C5C7023A |
| SHA-512: | 859013A987E49991E55EE826EF1CE3593163AB37ED19F0DB1587D729CBAD1897EA09401556AE0DF2B840972DC4909BF479047A42B1DB387136CD68659BD515BB |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 20381 |
| Entropy (8bit): | 5.87618803287666 |
| Encrypted: | false |
| SSDEEP: | 192:3cVkQ/kDkglpmDHrjhxqIUexuvMc7PwiloGn2NgjaJ+poKuHTrUDuoOHLO5Fpib0:3c6Qc3mDfUDvMcv/nA8akoKukDwZPs |
| MD5: | D4FC8C71A167383B2CEA62137B12F63D |
| SHA1: | A065B7A9479C0FCE752DFB1120C58310661EB4AB |
| SHA-256: | 2786F9B9CDF8A73396405CE59CB6D00FAD9D51E5136183999D14A5CB9F5D80FB |
| SHA-512: | D60F2841DC6C873D6B26A0A2D019878AFDEBB52426C05F57C40C54181352A98FA4E628202313D718274C96767D5D3095FEFEFBEBD307DE61EE3B7F0A08666989 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6427 |
| Entropy (8bit): | 5.413103855303524 |
| Encrypted: | false |
| SSDEEP: | 192:QVvN9zpYcnuWDOCarYMDX3XmAlROa4xjbz:U9zQCKYgX3XMxjbz |
| MD5: | 2125B2D9BFDA91CECA3ED41F4C861B4C |
| SHA1: | B0D6F35D8A60659FF40F1759B6207C81D99AC0F9 |
| SHA-256: | 876D4162596D4EFA962D5E214A3A801EAE4C8BFD36439D20880D5098F602321B |
| SHA-512: | 2A009AA887643FE268D9130347A5940B7EEF134BF3DE16E2D43337CA41F5B71E5BECAC02BFD96BC0A36AFB202BF51D6CD70477F0CC77E5D6DC8E02A6290BF415 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5502 |
| Entropy (8bit): | 5.481178089670343 |
| Encrypted: | false |
| SSDEEP: | 96:e3g+6RnucNWIoSrE7eC5irlf8d4QscFKY+cdT5sHKoNNYps6O0Xq5Y+LbaE9QfJF:8g+knPw0os0KYtsqoNNU3XqY+3l9mJI8 |
| MD5: | CFC7FC230EA20DC8E11BB17389FA57B2 |
| SHA1: | 23431C831BCC90F5678C9F9987359C69C57CD269 |
| SHA-256: | 63D5C6772D8998FBD0331092E96151CA31662A6A7AC7B11AF4F5E2FD30ED77F4 |
| SHA-512: | 5A10F9995AD54506E21D8E084B91C95417F9DC1BF55AD00F9B127803385E9A727DEFB38B22A89CF5AFDA9AED6932EC912FC56B82BB884AA318C4C606F627C682 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4512 |
| Entropy (8bit): | 5.888205681855047 |
| Encrypted: | false |
| SSDEEP: | 96:4bkF2b86BVTbzxtcM/jFnGHAhf7Y/H1paCNexJs375lyEc8EV1Zw6:CkF2b86Bh1TCA9Y/VrNck/yEEVzw6 |
| MD5: | 8AB06A4B804350D0A232E65B82E992E1 |
| SHA1: | B1C11CF302C18A2334EAA09DDA4C0EBAA54C2D77 |
| SHA-256: | 5A5FBE8998D1AA2C6CB7E16FA50861910C806AC3DF99E2026E8B577175B36133 |
| SHA-512: | 4B9F8324F5DA953AE18B8BB073CC8414BCBB9584E1AA5B6D80214EB00AC8BB8AA8B86EA94F901098AB03A924B0EEB49A3451D09408B563E2259892478468BB06 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4515 |
| Entropy (8bit): | 5.895445604698382 |
| Encrypted: | false |
| SSDEEP: | 96:aK7D0+JkfAcpBka45aGJz1XLLXQOYR1h7mKSFOZVfAfNX8EiVCc6:aK7D0+ydV34LXQOYPWOjfAVMEnc6 |
| MD5: | 4CCFE9DC8CDFE91117D59B8599419D26 |
| SHA1: | AED9EFB0FE4715F3E0D7C72B996A1D148FA8D447 |
| SHA-256: | B59693AB5279FEB735B9A10943BDBAE71C9CB363B1AA83E40F422142B39FF360 |
| SHA-512: | E62FE04027297C3DD99F854211E2966D2E206B39CC9F37AB221F1C13591343795D73AA4883EA9F42F542878DACDB965815B92ED234D20E126FC323C411EEA6FE |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6387 |
| Entropy (8bit): | 4.150753889633663 |
| Encrypted: | false |
| SSDEEP: | 192:X0w8lfNd5Zm/PzBNOTS4/J2gK/kycQfhuc:x8l1x+z2TS4/Jy/kgEc |
| MD5: | ACEF3CF2CD28076E5313A02F6984F754 |
| SHA1: | E24231ADA7DD357F7C1CA78A7A88700782B50E37 |
| SHA-256: | 4564DAC8FD1DE4C66D9506C516198A079CF6C98B9EC4F8A7527C27F44800CC22 |
| SHA-512: | 901CE97986BC2476433D8F6CABCE99ABCBA16CBA41F68F5CC1645133D43E6AB67D20E3F1C7DB08BDC18EC1A957CA371AAACB5468970C7A34574444D61E6F04EA |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6966 |
| Entropy (8bit): | 4.4351898698934304 |
| Encrypted: | false |
| SSDEEP: | 96:IEWliR8xl/tuuAvoyUNH0q+tzXiLFSzfwqiowiXUbVlNH7ZUEY4Uf2hqoC5SFbyo:PWU4cuAINH0tSLgHiIUH9ZUJ/f2M2bF |
| MD5: | 101A8B4AE341C9D9ACD37626BA3909F5 |
| SHA1: | 8716D647EA6AA120E6B00975DDBDF076570264AD |
| SHA-256: | F12BF0E1FF2327107B92DE4D69234D0364B530B34761E01CCB021805C3ABE562 |
| SHA-512: | CF10C1956FBA214F85EA621EBCC3C334A90AB93D38F4641DB7B1735687CD70A57DD406F81B2B36E6461E62A06A2A490F5AE5C6418140010CEBE78AD9413A8F5A |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8389 |
| Entropy (8bit): | 4.556656309616615 |
| Encrypted: | false |
| SSDEEP: | 192:5INqmux7tQeD1XDot3rbFCKnBifxAltB3AESl:4qnZ0t75LBKW7vSl |
| MD5: | E85F3E236272739458070F2AD0FD8AEA |
| SHA1: | 45C44551DA97FCCB2DA948DF4BE51EF4DE472348 |
| SHA-256: | EFA8B1029530AA46FF21F704F6EFE59A69FE59D6B96E2370EDC32FAB62A2FD29 |
| SHA-512: | FCE0B86A5EB75C8286A755A928ED6529934438BD0BB53EC3BED2173CFB5F0BD263FEC649BA93C687C68017063ED207B0AA0530421183F7AD5C29F115E38E5BD6 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 9499 |
| Entropy (8bit): | 4.5624224565941 |
| Encrypted: | false |
| SSDEEP: | 192:PGGg/NtyFIKAwDKQCHFoVuYMaqz5Gy70sdLHG18REYcYnyVm2PQJv3XhnTe2Xmpb:eV//E9DVCHFokYMaq8y708HG189Oozzm |
| MD5: | CE7919F5607F6852962AFEE414CF143C |
| SHA1: | 1CD289D7C4FA9E8951F48F4338546067E7652B95 |
| SHA-256: | CDA6F61CB33194B48B9764BC9E1D704197454DA7967BB7B6F0F87122D033E767 |
| SHA-512: | 1255BB23A24E77D9F66FD7B2BBDDA0ADA8FD8825F16ECC128174E89C671180B87E497583137CB59CD7D6D7981A9A982D8D584A67E4B72E532BF4E4033FBCFAF9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5389 |
| Entropy (8bit): | 5.3452303894979805 |
| Encrypted: | false |
| SSDEEP: | 96:IE8xfLofbXyG/soMrKcpfsbziUR9G7hPGeHHlgKh5YkTNzLnBBNp:P8uNsacpfsizh7HlgaYONz7BBT |
| MD5: | 126DC042974C8979DB72CCC7F253E6AA |
| SHA1: | B78663D76A0E26919249C502ED10D5E66C90B81B |
| SHA-256: | 515607FF950FCB9729E2DEBB947F6C869BBB58189BB73CC7EFCCB9308D6936ED |
| SHA-512: | 80F49EAC959F36066BAC27B24A2DA706F79CE6D311E1365E30EB7B3D58D8DB249C83F3C8A82A094F327C6329D281410454DD60CB0DAF6A4F0239FE8B4D82A1DF |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5571 |
| Entropy (8bit): | 4.915928421056274 |
| Encrypted: | false |
| SSDEEP: | 96:IE0Yraa656WKAeNoIdgNhQA+BgTdA4UK+/14/BDFiLJSjLxGFvU0XJ4M:P0aaRkWOrgPH+qdAd2/aJwdGiqJ4M |
| MD5: | 0B1FBD5CE0A704C773B535E9F7F954F6 |
| SHA1: | 309EB1BD7EF5CB72439CBE4D10E387F86C4017BF |
| SHA-256: | AE6EDA1EFC2F611498B9B94FD297FAE3CD46E85D38891D598A78E7D844DBFF6A |
| SHA-512: | BD383E6201241C5AFEE8FABF1DE60D2617F0288CFE79CB871BB49F691CD9935571D183E3D95286F034FD9D5D5F7F352E0D7B93DF87B3293E2A06B82EF95B5B06 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5771 |
| Entropy (8bit): | 5.013595303578687 |
| Encrypted: | false |
| SSDEEP: | 96:oE9xcPtw2yK82RyFKDXWie0S4CvUqXFM+KChY+Xu0uNlboguRLAu0AcHClE7RJn5:oE9xItw2v82RCKDr5NCZFM+9hY+Xu0kt |
| MD5: | BEF8EC23F8162F30BCDB19B9E63BEF90 |
| SHA1: | 10D47362FD769EC15B783735CA1BCA4BC93E668A |
| SHA-256: | 85407106B34A3C4451CEA55786DF36D2408BC579A4211C02D12AB3650C96A86E |
| SHA-512: | 07F76EA30827CCEEE2C5E75483E00194C1C1F9EE968CE2D709D8AC32B4C9750164951C77342B517C6367965F21380DFB9760A8842BBA64064CD5E2D04D798A8E |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5446 |
| Entropy (8bit): | 4.848999465904957 |
| Encrypted: | false |
| SSDEEP: | 96:oEQRR1C6cEuOOr5rTSrkMmvBYuZE+4NbZlqQm0jefR7Sb3tlZ+Llch5yy//P:oEqR1C6TudnSbsBYuZItlqQDPDYLlchH |
| MD5: | 6B078E7A6849C8954A5001A044BC90FD |
| SHA1: | 57C318CFB473A8E3A4675CAC70732A2FE6AB7B76 |
| SHA-256: | 9F93BE553F9256EC0D71BD44CAA1990B82D7EEFEB6AC5075A96E8C4BC9D41C06 |
| SHA-512: | A07A8E705AE8A43D1756F39839CC22C5A481A0871388277B73A72EC914CFAD6638B88F02492459F7DC9FB8BB8CCF62A8D4184D6482894DFA400AB0F259E998E4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5731 |
| Entropy (8bit): | 5.235127210855445 |
| Encrypted: | false |
| SSDEEP: | 96:ybIE7gYC2n60xiJaJJzVaAbPtqUpjujJEPLnie7eFUFhxjflsZJL8ueSuJvc3VIZ:ybrPHoJaJp82wUpj2weFSGZJwRSuJvce |
| MD5: | 0427E675DAE96193FBBD2575B25E4ADD |
| SHA1: | 7FC54DD5AEC429F431CAA39A8A7132AA7B2ADEA3 |
| SHA-256: | A9EC95138C89144FAD7304CCDFA22E30F4552F42EC5F87EFBEC17E6B45227886 |
| SHA-512: | 82AA697BE9D38BC64F43A872238D738D7559891D42EE548053FF20FF456F72F1F6A2DCCEC85423CA527E98801E35F3ABC358F3F80A19BB03A091B2F2147A5E2D |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5136 |
| Entropy (8bit): | 4.907104375023733 |
| Encrypted: | false |
| SSDEEP: | 96:IERQmH0jdNW2QzGyub7sNCC1xvtOCxk5ul9bKEHimSpyusIvLwAp+eGHXdl:PRQmUBNW1Gb77C1bOCxk5y9bK2i0u7U/ |
| MD5: | 30E8FFB0E32E27F754610A3CB6B2E932 |
| SHA1: | 189656584C97E3149D7BA2EB1B86D774BFC682A2 |
| SHA-256: | 3C0405BD3D1AF87EF1675E067020C07A754C2C62662D8F32009A6265C3F48D55 |
| SHA-512: | 4C859CB74CDF473946B4436DBB93972FDBE1E764947F5BA09893D013DA1253E36D5FD27E50B81ACB13B849525F84FE21B7BF5BCF53195BB3FEFB315D53903B70 |
| Malicious: | false |
| Preview: |
C:\Users\user\AppData\Roaming\Bat To Exe Converter\lng\Portugu s Brasileiro (Portuguese Brazilian).lng
Download File
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5639 |
| Entropy (8bit): | 5.014841388257068 |
| Encrypted: | false |
| SSDEEP: | 96:o/7/tlDAyNWMiJolH81z04S+yomJnt/tfLFriPfqw7wI0ABtD6UwNl:oj/7DAyNXiqlCz0hzPJNyPlMIZD6/Nl |
| MD5: | 71F0183E192E34D375F0735210E97C4A |
| SHA1: | B60E72378FEF5227D9B3EA8F30DD29D4C9BE097B |
| SHA-256: | 130764E3A2E43B78EE632C0372BC5630BD62ABF74AA825865FE5B4C14F4D7A27 |
| SHA-512: | 19914BFEA9F4EE3ECD46835F0C276A477A6F1B440FB9F33F9B8DF0E063B1CF0703495C27336FED1F101315690C43110B9E47DAC0F688D41EEA59F3415468D756 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5431 |
| Entropy (8bit): | 5.3468775375546045 |
| Encrypted: | false |
| SSDEEP: | 96:IEL64APn65uLf7qs40IJS9n9utccdB/OOhfJnvLdB08GhiAD3mPtj+hNC1hbq364:PL6R65yfer1S99utccdB2OhfJnvLP0xJ |
| MD5: | F19CD4F6CCE52F99B6C62802E0D690C4 |
| SHA1: | 6D719B72AC137021B9F8809575161B878BC6359A |
| SHA-256: | 9442A4ED768B0F65D4A8DD5C1E91C9E7EDBEA4235C8C8E5C6AB44A54F93297A1 |
| SHA-512: | 50A95D4017737A9DA59414048308D10BBD892789DCAB7D56C75547E216A730847337B476F1B01DECEA1BE64E90C82343C2FA82BD653C73BAD9BAE645D826E802 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5270 |
| Entropy (8bit): | 5.202682622645692 |
| Encrypted: | false |
| SSDEEP: | 96:oEy4jacW4p0ots/3xQf9PdwSzP9b1SwLAp6hmKe/MLP9boFKOgxAVEGoA:oEy4Rpvsx49Pdxf0p9K8GPVigxx9A |
| MD5: | 6D8188689F086C305793941E56B51EF9 |
| SHA1: | 2E4A5E74B0B9D61C4FF6E25B21A659BE1CADD9F3 |
| SHA-256: | 51F36AA59CBE22FD5A470D75DC77B1831D88643F3687A7C8717C46A105567354 |
| SHA-512: | BCAC0CE5722972AAFB7323017196770995AF0FE623BB6CD4D78122046310648E0D65D45B3E6411504621BD140EBE368086A0A246EF19433B1DEC6C239D4474E9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 364544 |
| Entropy (8bit): | 7.995709475150595 |
| Encrypted: | true |
| SSDEEP: | 6144:PhoGv9lnheLRaK5KOdHW/Znp2BPCx/5yR9fXG785NrtjKWvn0MGHJKZkHDoS:Jr9lnheLtk6Hy1gPCpi9fWOhKqJoJKZu |
| MD5: | 0A493C3B30C4F095B68171621CA94FDE |
| SHA1: | 747159A347C12D394E9576167C234D7DB3D9AB0A |
| SHA-256: | CE0CDAA2E2D12763C7C7B0DECC483020786EB28F25904ED63C06512A83938B69 |
| SHA-512: | 9C67511BDE3EEDFA0482BF28CDD5564E12CB3C770982AD26EAAA39F2C1F07E90D0F017C7155881F6AF9394C75B3C8A9B9D625124CEAA64EDC52F44A1A1955BFD |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| File type: | |
| Entropy (8bit): | 7.991378162587342 |
| TrID: |
|
| File name: | SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
| File size: | 4'482'593 bytes |
| MD5: | 0d8bedda7d9b963de975685cf2b2a5eb |
| SHA1: | cbbffe900a09e8a3bbb1a1bf16e7aeb8ebde72a1 |
| SHA256: | 519f0b16537fa4a2bc228cdfce2b85c12225e2071d7789c8cc9bb8f7b85796ca |
| SHA512: | 9d8eb3433e88fb47b15d624b493af69a9697eeeee7ccfef71daf04181bcc5ba45b2f9cc801679c0234399fdf80f4a85f20858038c41c11132b515fb76cf22612 |
| SSDEEP: | 98304:/xQvu6zDf/mV8jYMG2eHlLrTvIpfCnIpMpCEORglqLxjX:/Gv9AMGnHlLrTvIquMiWqLxj |
| TLSH: | 0A263303B3CB0836F036BE35CDA949646DA3356815F5B06E4EB3DA4F4A3D6C49877292 |
| File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
 | |
| Icon Hash: | 2d2e3797b32b2b99 |
| Entrypoint: | 0x4117dc |
| Entrypoint Section: | .itext |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x57051F88 [Wed Apr 6 14:39:04 2016 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 20dd26497880c05caed9305b3c8b9109 |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| add esp, FFFFFFA4h |
| push ebx |
| push esi |
| push edi |
| xor eax, eax |
| mov dword ptr [ebp-3Ch], eax |
| mov dword ptr [ebp-40h], eax |
| mov dword ptr [ebp-5Ch], eax |
| mov dword ptr [ebp-30h], eax |
| mov dword ptr [ebp-38h], eax |
| mov dword ptr [ebp-34h], eax |
| mov dword ptr [ebp-2Ch], eax |
| mov dword ptr [ebp-28h], eax |
| mov dword ptr [ebp-14h], eax |
| mov eax, 00410144h |
| call 00007F7B9924EBBDh |
| xor eax, eax |
| push ebp |
| push 00411EBEh |
| push dword ptr fs:[eax] |
| mov dword ptr fs:[eax], esp |
| xor edx, edx |
| push ebp |
| push 00411E7Ah |
| push dword ptr fs:[edx] |
| mov dword ptr fs:[edx], esp |
| mov eax, dword ptr [00415B48h] |
| call 00007F7B99257303h |
| call 00007F7B99256E52h |
| cmp byte ptr [00412ADCh], 00000000h |
| je 00007F7B99259DFEh |
| call 00007F7B99257418h |
| xor eax, eax |
| call 00007F7B9924CC55h |
| lea edx, dword ptr [ebp-14h] |
| xor eax, eax |
| call 00007F7B99253E9Bh |
| mov edx, dword ptr [ebp-14h] |
| mov eax, 00418658h |
| call 00007F7B9924D22Ah |
| push 00000002h |
| push 00000000h |
| push 00000001h |
| mov ecx, dword ptr [00418658h] |
| mov dl, 01h |
| mov eax, dword ptr [0040C04Ch] |
| call 00007F7B992547B2h |
| mov dword ptr [0041865Ch], eax |
| xor edx, edx |
| push ebp |
| push 00411E26h |
| push dword ptr fs:[edx] |
| mov dword ptr fs:[edx], esp |
| call 00007F7B99257376h |
| mov dword ptr [00418664h], eax |
| mov eax, dword ptr [00418664h] |
| cmp dword ptr [eax+0Ch], 01h |
| jne 00007F7B99259E3Ah |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x19000 | 0xe04 | .idata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1c000 | 0xb200 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x1b000 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x19304 | 0x214 | .idata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xf244 | 0xf400 | a33e9ff7181115027d121cd377c28c8f | False | 0.5481717469262295 | data | 6.3752135040515485 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .itext | 0x11000 | 0xf64 | 0x1000 | caec456c18277b579a94c9508daf36ec | False | 0.55859375 | data | 5.732200666157372 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .data | 0x12000 | 0xc88 | 0xe00 | 746954890499546d73dce0e994642192 | False | 0.2533482142857143 | data | 2.2967209087898324 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .bss | 0x13000 | 0x56bc | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .idata | 0x19000 | 0xe04 | 0x1000 | e9b9c0328fd9628ad4d6ab8283dcb20e | False | 0.321533203125 | data | 4.597812557707959 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .tls | 0x1a000 | 0x8 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rdata | 0x1b000 | 0x18 | 0x200 | 3dffc444ccc131c9dcee18db49ee6403 | False | 0.05078125 | data | 0.2044881574398449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x1c000 | 0xb200 | 0xb200 | 77556010789c981e280edab6f31467ef | False | 0.17841467696629212 | data | 4.142803017471795 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x1c41c | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192 | Dutch | Netherlands | 0.5675675675675675 |
| RT_ICON | 0x1c544 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | Dutch | Netherlands | 0.4486994219653179 |
| RT_ICON | 0x1caac | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | Dutch | Netherlands | 0.4637096774193548 |
| RT_ICON | 0x1cd94 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | Dutch | Netherlands | 0.3935018050541516 |
| RT_STRING | 0x1d63c | 0x68 | data | 0.6538461538461539 | ||
| RT_STRING | 0x1d6a4 | 0xd4 | data | 0.5283018867924528 | ||
| RT_STRING | 0x1d778 | 0xa4 | data | 0.6524390243902439 | ||
| RT_STRING | 0x1d81c | 0x2ac | data | 0.45614035087719296 | ||
| RT_STRING | 0x1dac8 | 0x34c | data | 0.4218009478672986 | ||
| RT_STRING | 0x1de14 | 0x294 | data | 0.4106060606060606 | ||
| RT_RCDATA | 0x1e0a8 | 0x82e8 | data | English | United States | 0.11261637622344235 |
| RT_RCDATA | 0x26390 | 0x10 | data | 1.5 | ||
| RT_RCDATA | 0x263a0 | 0x150 | data | 0.8392857142857143 | ||
| RT_RCDATA | 0x264f0 | 0x2c | data | 1.1590909090909092 | ||
| RT_GROUP_ICON | 0x2651c | 0x3e | data | English | United States | 0.8387096774193549 |
| RT_VERSION | 0x2655c | 0x4f4 | data | English | United States | 0.2823343848580442 |
| RT_MANIFEST | 0x26a50 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
| DLL | Import |
|---|---|
| oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
| advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
| user32.dll | GetKeyboardType, LoadStringW, MessageBoxA, CharNextW |
| kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle |
| kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW |
| user32.dll | CreateWindowExW, TranslateMessage, SetWindowLongW, PeekMessageW, MsgWaitForMultipleObjects, MessageBoxW, LoadStringW, GetSystemMetrics, ExitWindowsEx, DispatchMessageW, DestroyWindow, CharUpperBuffW, CallWindowProcW |
| kernel32.dll | WriteFile, WideCharToMultiByte, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, SizeofResource, SignalObjectAndWait, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, RemoveDirectoryW, ReadFile, MultiByteToWideChar, LockResource, LoadResource, LoadLibraryW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetThreadLocale, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeProcess, GetEnvironmentVariableW, GetDiskFreeSpaceW, GetCurrentProcess, GetCommandLineW, GetCPInfo, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, EnumCalendarInfoW, DeleteFileW, CreateProcessW, CreateFileW, CreateEventW, CreateDirectoryW, CloseHandle |
| advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey, OpenProcessToken, LookupPrivilegeValueW |
| comctl32.dll | InitCommonControls |
| kernel32.dll | Sleep |
| advapi32.dll | AdjustTokenPrivileges |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Dutch | Netherlands |  |
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 20:39:56 |
| Start date: | 25/04/2024 |
| Path: | C:\Users\user\Desktop\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 4'482'593 bytes |
| MD5 hash: | 0D8BEDDA7D9B963DE975685CF2B2A5EB |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 1 |
| Start time: | 20:39:56 |
| Start date: | 25/04/2024 |
| Path: | C:\Users\user\AppData\Local\Temp\is-6FOPC.tmp\SecuriteInfo.com.W32.ABRisk.NJSZ-2550.30267.8823.tmp |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'179'648 bytes |
| MD5 hash: | 90FC739C83CD19766ACB562C66A7D0E2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | Borland Delphi |
| Antivirus matches: |
|
| Reputation: | moderate |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 20:40:31 |
| Start date: | 25/04/2024 |
| Path: | C:\Program Files\Bat To Exe Converter\Bat_To_Exe_Converter.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x140000000 |
| File size: | 2'105'856 bytes |
| MD5 hash: | E3D6B93E861FEEFA47CCEEAE03E99094 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |
Execution Graph
| Execution Coverage: | 6.8% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 17% |
| Total number of Nodes: | 1602 |
| Total number of Limit Nodes: | 76 |
Graph
Function 0000000140001000 Relevance: 247.3, APIs: 13, Strings: 127, Instructions: 2274commemoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140059267 Relevance: 54.4, APIs: 27, Strings: 4, Instructions: 186nativewindowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D138 Relevance: 51.2, APIs: 25, Strings: 4, Instructions: 445memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1E59F8 Relevance: 37.0, APIs: 24, Instructions: 1011keyboardwindowtimeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400451E8 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 301memoryfileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042388 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 155windowCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004C1BC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 107libraryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004BD20 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 100memoryfileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005A27C Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76nativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400439C8 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D068 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58nativeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400471B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005AA9C Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 107memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042CA0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 116memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400500A4 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 109COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005BFC8 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 237memoryregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140059660 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 157memoryregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140109050 Relevance: 19.6, APIs: 13, Instructions: 81memoryregistrythreadCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004EB70 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 179memoryregistryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140051B00 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 167COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004B5EC Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 58libraryloadernetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006AF58 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 58libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042EF0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 77memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005D8F4 Relevance: 17.5, APIs: 7, Strings: 3, Instructions: 49libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005803C Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 132registryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400523B4 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140056944 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 191COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001401097A0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 90memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140058A24 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 122libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005DF94 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 57registryclipboardCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004BA80 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 46libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400EECB0 Relevance: 12.3, APIs: 8, Instructions: 271networksleepCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004FC48 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 118COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F7DC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 111COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005826C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004B14C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65memorythreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004F3E4 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 60COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004CA50 Relevance: 9.2, APIs: 6, Instructions: 151filememoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2306C8 Relevance: 9.1, APIs: 6, Instructions: 122COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140066A00 Relevance: 9.1, APIs: 6, Instructions: 103memoryfileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140048C24 Relevance: 9.1, APIs: 6, Instructions: 61memorywindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004D980 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1E51D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48registryclipboardcomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005A3E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005621C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140042BC0 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140023F58 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 546COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400EAC80 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 219COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400530A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140048B20 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 18COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014006BA0C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004B91C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0000000140051490 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 92COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005109C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014005049C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004CCA0 Relevance: 4.6, APIs: 3, Instructions: 75filememoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400DDA90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 183COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400CEC20 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 000000014004CDF0 Relevance: 3.1, APIs: 2, Instructions: 59memoryfileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF236340 Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00000001400EF3F0 Relevance: 3.0, APIs: 2, Instructions: 13sleepnetworkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF232A14 Relevance: 2.5, APIs: 2, Instructions: 30sleepCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Yara matches |
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF22E0DC Relevance: 1.3, APIs: 1, Instructions: 54COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF232A80 Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DFA80 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 179windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF23163C Relevance: 20.0, APIs: 10, Strings: 1, Instructions: 714COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DF8F0 Relevance: 16.6, APIs: 11, Instructions: 104windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DCF48 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 343COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF22DB70 Relevance: 12.1, APIs: 8, Instructions: 67COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF23605C Relevance: 1.5, APIs: 1, Instructions: 20COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1D3FBC Relevance: .6, Instructions: 596COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF20979C Relevance: .5, Instructions: 549COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF20CB48 Relevance: .4, Instructions: 359COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1EADD4 Relevance: .3, Instructions: 311COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF21A644 Relevance: .3, Instructions: 263COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF22EB70 Relevance: .1, Instructions: 138COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2349F0 Relevance: 53.8, APIs: 43, Instructions: 94COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF234E20 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 130libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DED40 Relevance: 21.2, APIs: 14, Instructions: 191windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DF7CC Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 74windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1E8D90 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 131COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1D5900 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2308E8 Relevance: 13.8, APIs: 11, Instructions: 90COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2346F8 Relevance: 13.7, APIs: 9, Instructions: 173COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DC9D8 Relevance: 13.6, APIs: 9, Instructions: 56windowCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF235994 Relevance: 12.1, APIs: 8, Instructions: 89COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF233698 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 199COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF2368AC Relevance: 9.1, APIs: 6, Instructions: 58COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF230D6C Relevance: 9.0, APIs: 6, Instructions: 37threadCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DAEC8 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 135libraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1DE5F8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 41COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF234C24 Relevance: 8.8, APIs: 7, Instructions: 36COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF1E7704 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF232C04 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFDFF236758 Relevance: 6.0, APIs: 4, Instructions: 36COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |