Windows
Analysis Report
VoGtelkHSn.exe
Overview
General Information
Sample name: | VoGtelkHSn.exerenamed because original name is a hash value |
Original sample name: | 7f26737f63fcd5b7e2695f438e341075.exe |
Analysis ID: | 1431970 |
MD5: | 7f26737f63fcd5b7e2695f438e341075 |
SHA1: | 325092e21e3089979756be19047c44bc4d036dc6 |
SHA256: | ba7b9fc2750021800299ae2473acdcc6f5bf93e391bebe5da3cd7959904980ff |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- VoGtelkHSn.exe (PID: 5444 cmdline:
"C:\Users\ user\Deskt op\VoGtelk HSn.exe" MD5: 7F26737F63FCD5B7E2695F438E341075) - WerFault.exe (PID: 3712 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 444 -s 161 2 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["demonstationfukewko.shop", "liabilitynighstjsko.shop", "alcojoldwograpciw.shop", "incredibleextedwj.shop", "shortsvelventysjo.shop", "shatterbreathepsw.shop", "tolerateilusidjukl.shop", "productivelookewr.shop", "strollheavengwu.shop"], "Build id": "P6Mk0M--superstar"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_RedLineStealer_ed346e4c | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp: | 04/26/24-05:44:01.105350 |
SID: | 2052230 |
Source Port: | 49706 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:44:03.319178 |
SID: | 2052230 |
Source Port: | 49708 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:43:59.940120 |
SID: | 2052230 |
Source Port: | 49705 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:44:05.638317 |
SID: | 2052230 |
Source Port: | 49710 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:43:58.725101 |
SID: | 2052229 |
Source Port: | 57412 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:44:04.568308 |
SID: | 2052230 |
Source Port: | 49709 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:43:58.891180 |
SID: | 2052230 |
Source Port: | 49704 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:44:07.287198 |
SID: | 2052230 |
Source Port: | 49711 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/26/24-05:44:02.110134 |
SID: | 2052230 |
Source Port: | 49707 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_00415999 |
Compliance |
---|
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00422458 | |
Source: | Code function: | 0_2_0041C540 | |
Source: | Code function: | 0_2_004357CA | |
Source: | Code function: | 0_2_004359E2 | |
Source: | Code function: | 0_2_00414C49 | |
Source: | Code function: | 0_2_00433D10 | |
Source: | Code function: | 0_2_00433D10 | |
Source: | Code function: | 0_2_00424087 | |
Source: | Code function: | 0_2_00424084 | |
Source: | Code function: | 0_2_0040D140 | |
Source: | Code function: | 0_2_00403260 | |
Source: | Code function: | 0_2_00423943 | |
Source: | Code function: | 0_2_0041F234 | |
Source: | Code function: | 0_2_004142F0 | |
Source: | Code function: | 0_2_004103EF | |
Source: | Code function: | 0_2_0041E451 | |
Source: | Code function: | 0_2_0041A420 | |
Source: | Code function: | 0_2_0041A420 | |
Source: | Code function: | 0_2_00414596 | |
Source: | Code function: | 0_2_0041F640 | |
Source: | Code function: | 0_2_004146E6 | |
Source: | Code function: | 0_2_0042271D | |
Source: | Code function: | 0_2_004137C9 | |
Source: | Code function: | 0_2_0041F828 | |
Source: | Code function: | 0_2_0041A8C0 | |
Source: | Code function: | 0_2_0042F890 | |
Source: | Code function: | 0_2_0042594F | |
Source: | Code function: | 0_2_004259CD | |
Source: | Code function: | 0_2_004259D2 | |
Source: | Code function: | 0_2_00411A44 | |
Source: | Code function: | 0_2_0040FA49 | |
Source: | Code function: | 0_2_00431A70 | |
Source: | Code function: | 0_2_00437C47 | |
Source: | Code function: | 0_2_00437C45 | |
Source: | Code function: | 0_2_00413C46 | |
Source: | Code function: | 0_2_00421CC7 | |
Source: | Code function: | 0_2_00424CB0 | |
Source: | Code function: | 0_2_00415D7D | |
Source: | Code function: | 0_2_00413E4A | |
Source: | Code function: | 0_2_02ED42EE | |
Source: | Code function: | 0_2_02ED42EB | |
Source: | Code function: | 0_2_02EBD3A7 | |
Source: | Code function: | 0_2_02ECD377 | |
Source: | Code function: | 0_2_02EC40B1 | |
Source: | Code function: | 0_2_02ED26BF | |
Source: | Code function: | 0_2_02ECE6B8 | |
Source: | Code function: | 0_2_02ECA687 | |
Source: | Code function: | 0_2_02ECA687 | |
Source: | Code function: | 0_2_02EC0656 | |
Source: | Code function: | 0_2_02EC47FD | |
Source: | Code function: | 0_2_02ECC7A7 | |
Source: | Code function: | 0_2_02EB34C7 | |
Source: | Code function: | 0_2_02ED3BAA | |
Source: | Code function: | 0_2_02ECF49B | |
Source: | Code function: | 0_2_02EC7494 | |
Source: | Code function: | 0_2_02EC4557 | |
Source: | Code function: | 0_2_02EDFAF7 | |
Source: | Code function: | 0_2_02ECFA8F | |
Source: | Code function: | 0_2_02EC3A30 | |
Source: | Code function: | 0_2_02EE5A31 | |
Source: | Code function: | 0_2_02ED5BB6 | |
Source: | Code function: | 0_2_02ECAB27 | |
Source: | Code function: | 0_2_02ECF8A7 | |
Source: | Code function: | 0_2_02ED2984 | |
Source: | Code function: | 0_2_02EC494D | |
Source: | Code function: | 0_2_02EE7EAE | |
Source: | Code function: | 0_2_02EC3EAD | |
Source: | Code function: | 0_2_02EE7EAC | |
Source: | Code function: | 0_2_02EC4EB0 | |
Source: | Code function: | 0_2_02EC5FE4 | |
Source: | Code function: | 0_2_02EE3F77 | |
Source: | Code function: | 0_2_02EE3F77 | |
Source: | Code function: | 0_2_02ED1F2E | |
Source: | Code function: | 0_2_02ED4F17 | |
Source: | Code function: | 0_2_02EE1CD7 | |
Source: | Code function: | 0_2_02EC1CAB | |
Source: | Code function: | 0_2_02EBFCB0 | |
Source: | Code function: | 0_2_02EE5C49 | |
Source: | Code function: | 0_2_02ED5C39 | |
Source: | Code function: | 0_2_02ED5C34 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0042C500 |
Source: | Code function: | 0_2_0042C500 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00432010 | |
Source: | Code function: | 0_2_004204B7 | |
Source: | Code function: | 0_2_00404740 | |
Source: | Code function: | 0_2_00420CA0 | |
Source: | Code function: | 0_2_00406030 | |
Source: | Code function: | 0_2_0041D1C1 | |
Source: | Code function: | 0_2_00403260 | |
Source: | Code function: | 0_2_004052F0 | |
Source: | Code function: | 0_2_004065F0 | |
Source: | Code function: | 0_2_004345F0 | |
Source: | Code function: | 0_2_0040F690 | |
Source: | Code function: | 0_2_004397D0 | |
Source: | Code function: | 0_2_0042594F | |
Source: | Code function: | 0_2_004259D2 | |
Source: | Code function: | 0_2_00431A70 | |
Source: | Code function: | 0_2_00439AF0 | |
Source: | Code function: | 0_2_00407CB0 | |
Source: | Code function: | 0_2_00402E70 | |
Source: | Code function: | 0_2_02EB6297 | |
Source: | Code function: | 0_2_02EB1267 | |
Source: | Code function: | 0_2_02EB30D7 | |
Source: | Code function: | 0_2_02EB34C7 | |
Source: | Code function: | 0_2_02EB5557 | |
Source: | Code function: | 0_2_02EE9A37 | |
Source: | Code function: | 0_2_02ED5BB6 | |
Source: | Code function: | 0_2_02EBF8F7 | |
Source: | Code function: | 0_2_02EE4857 | |
Source: | Code function: | 0_2_02EB6857 | |
Source: | Code function: | 0_2_02EBF824 | |
Source: | Code function: | 0_2_02EB49A7 | |
Source: | Code function: | 0_2_02ED0F07 | |
Source: | Code function: | 0_2_02EB7F17 | |
Source: | Code function: | 0_2_02EE1CD7 | |
Source: | Code function: | 0_2_02ED5C39 | |
Source: | Code function: | 0_2_02EE9D57 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_02BF817E |
Source: | Code function: | 0_2_00429597 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_0043FBE8 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_00433CC0 |
Source: | Code function: | 0_2_02BF7A5B | |
Source: | Code function: | 0_2_02EB092B | |
Source: | Code function: | 0_2_02EB0D90 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 12 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 131 Security Software Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 31 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 2 Software Packing | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Win32.Trojan.Generic | ||
41% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
16% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
17% | Virustotal | Browse | ||
14% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
14% | Virustotal | Browse | ||
10% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
17% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
18% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
12% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
16% | Virustotal | Browse | ||
17% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
strollheavengwu.shop | 172.67.163.209 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.163.209 | strollheavengwu.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1431970 |
Start date and time: | 2024-04-26 05:43:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 9 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | VoGtelkHSn.exerenamed because original name is a hash value |
Original Sample Name: | 7f26737f63fcd5b7e2695f438e341075.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@2/5@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 104.208.16.94
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com, onedsblobprdcus16.centralus.cloudapp.azure.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
05:43:58 | API Interceptor | |
05:44:24 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.163.209 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
strollheavengwu.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | BitRAT, HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer, RisePro Stealer, zgRAT | Browse |
| ||
Get hash | malicious | DBatLoader | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_VoGtelkHSn.exe_f761c59d348b96dd452ab7afe8f633ac68302a8_1ce72faa_daaeda3a-c187-4474-9194-c28c6a83adde\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.998775519341568 |
Encrypted: | false |
SSDEEP: | 96:3/BgRX5QcsohqPx1yLFS3QXIDcQGc6GcEdcw30+HbHg/opAnQPxVg7TFOy4UOnx0:vBOX5QcEK0YCnBjxpF7zuiF1Z24IO8u |
MD5: | EA60AE721C7CE19A750C25290AD839E5 |
SHA1: | 0637A75E125A5BA94B5E48B72379A32B269257CA |
SHA-256: | B80B02D091A5CE32A22CEDC620E4342A5382766C7A003D19886D2A9CE257B724 |
SHA-512: | A9C37E4B82E6A48D2AFE08DC14E38E9767638EA39478A1DD61CEB4D4A8B87FB03AAA08ED49EFDDFFC717A40841AAFBB861866DDD8F852398CD9AD1366DAE88B3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 51510 |
Entropy (8bit): | 2.6590032344629932 |
Encrypted: | false |
SSDEEP: | 192:eUXKMaHW9y1UKkOzBF1L2jjOFPu52U+0el1lwOXjlsxvqVmawSnQDOsU:wW9aUozBF1ujOrT061SxiUavaOt |
MD5: | 7717D53B95EAE50DABA784ED32B00C95 |
SHA1: | 61312DE246042A94E06FC9D5CA2FDC00F138240B |
SHA-256: | B4A06B54226AB2211394B6CCE010A3CF803FE9AE7EFE84A3124B18530B1F0902 |
SHA-512: | FA9FA0002F235799A3BE160638C0EDAFFF7AE76BEF071BB1217F9FA660DF3F7B5EC176C5A33E496590C593CD10E8B7C463AFA5423021D044A44645EA14611A8F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8418 |
Entropy (8bit): | 3.6933921698117222 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJVm646YEIxSU9gAgmf0JmnprD89b8dsfS0m:R6lXJk646YE+SU9gAgmf0JmO8WfA |
MD5: | F16111425CE937370526EA573700C098 |
SHA1: | 743D5F01420B80C08D76823B7A99173F4EBA3445 |
SHA-256: | 5C592973511E455D38AAFF2C4BDCF83BD45A539DCDBBD304AE6F9E4395CBD2D7 |
SHA-512: | 4CC4D9FBAB2D45E8486FB5BC3937D2317D3170C7307925157E2EB04E325A8F9E78494FD83213E8D06D3BD0484CF04FA6B234F6E283922539280DCC99E4E64079 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4686 |
Entropy (8bit): | 4.45171786614404 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsgJg77aI9Ej/WpW8VYNYm8M4J1g/g/V6FZH+q8vig/Vr7gt0Egtkd:uIjfmI7iu7V9J1QU8HKiUr720E2kd |
MD5: | 0935857C49968C5292CD450075F11520 |
SHA1: | 0B722BA984576D92636218AE726EA721B0C977D0 |
SHA-256: | C4308C9C40A54039FCCFB4A17BA864E6B81247FBF769158DA71B040608009E5D |
SHA-512: | 72EB89AD83606AC03882BEE5373EE5CB33EBE73BC5BAC0F956B494500A6674D7ADB12244E4CEF4F6BD47752F850A7D336FA8E356CA800838294CD8B7411D373A |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.421574982233092 |
Encrypted: | false |
SSDEEP: | 6144:OSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNq0uhiTw:tvloTMW+EZMM6DFyE03w |
MD5: | 40255993A9FE77FD67F158EC1A5954AD |
SHA1: | 9C6C08BD7B3C1248096DF284F93528D66E61EA31 |
SHA-256: | 4836037D7979DACD103D486B6BCC7ADF28302BB85709934253143515E3862B9F |
SHA-512: | 676AE9B0A3BEEBCA7F6DC3C641DADF3D29355DF84CEB19FBE03394BC046768185423615968E91A1D2166A1C79D039DAB78A4BEE3C68912623EB3A5AAD694E916 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.491780087323678 |
TrID: |
|
File name: | VoGtelkHSn.exe |
File size: | 351'232 bytes |
MD5: | 7f26737f63fcd5b7e2695f438e341075 |
SHA1: | 325092e21e3089979756be19047c44bc4d036dc6 |
SHA256: | ba7b9fc2750021800299ae2473acdcc6f5bf93e391bebe5da3cd7959904980ff |
SHA512: | 8e169fdebec064a2a4cdda391dbb189f460e4e931597892ce2c44178cc93ea3a0f38d49761a770a5454cef6a1b626e99b4fbc89ad9f9a722af21320965d87a48 |
SSDEEP: | 6144:yYqGf1ePFElQITCi9mqJeioCyRcjm8GRSpEfJnusH10i:yY3+FEl6QboCGcK3txFV |
TLSH: | 8474F021B6A1F032D467D8740A38C7E05F7F7DB22BB490477394267E1EB26D19A26723 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#/4.gNZ.gNZ.gNZ.y...vNZ.y....NZ.y...KNZ.@.!.bNZ.gN[..NZ.y...fNZ.y...fNZ.y...fNZ.RichgNZ.................PE..L...S.bc........... |
Icon Hash: | 67276767c3571667 |
Entrypoint: | 0x401872 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6362D753 [Wed Nov 2 20:47:15 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | ecaec964738e0d632998678ce4e20365 |
Instruction |
---|
call 00007FC21483BE47h |
jmp 00007FC21483659Dh |
int3 |
int3 |
int3 |
int3 |
mov ecx, dword ptr [esp+04h] |
test ecx, 00000003h |
je 00007FC214836746h |
mov al, byte ptr [ecx] |
add ecx, 01h |
test al, al |
je 00007FC214836770h |
test ecx, 00000003h |
jne 00007FC214836711h |
add eax, 00000000h |
lea esp, dword ptr [esp+00000000h] |
lea esp, dword ptr [esp+00000000h] |
mov eax, dword ptr [ecx] |
mov edx, 7EFEFEFFh |
add edx, eax |
xor eax, FFFFFFFFh |
xor eax, edx |
add ecx, 04h |
test eax, 81010100h |
je 00007FC21483670Ah |
mov eax, dword ptr [ecx-04h] |
test al, al |
je 00007FC214836754h |
test ah, ah |
je 00007FC214836746h |
test eax, 00FF0000h |
je 00007FC214836735h |
test eax, FF000000h |
je 00007FC214836724h |
jmp 00007FC2148366EFh |
lea eax, dword ptr [ecx-01h] |
mov ecx, dword ptr [esp+04h] |
sub eax, ecx |
ret |
lea eax, dword ptr [ecx-02h] |
mov ecx, dword ptr [esp+04h] |
sub eax, ecx |
ret |
lea eax, dword ptr [ecx-03h] |
mov ecx, dword ptr [esp+04h] |
sub eax, ecx |
ret |
lea eax, dword ptr [ecx-04h] |
mov ecx, dword ptr [esp+04h] |
sub eax, ecx |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 0040E1ECh |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007FC21483672Eh |
test byte ptr [eax], 00000008h |
je 00007FC214836729h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4ce9c | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x270c000 | 0x70a8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xe000 | 0x170 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xc253 | 0xc400 | 42af5d93e5de7f8a55c75634750a7537 | False | 0.6040935905612245 | data | 6.532660619634673 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xe000 | 0x3f6e8 | 0x3f800 | d20e7bf0ffb86ede75b94e96b83dcaa3 | False | 0.7010065514271654 | data | 6.528847670085214 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x4e000 | 0x26bd448 | 0x2a00 | 085860a21bd1c3f20e0080516c22fd1a | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x270c000 | 0x70a8 | 0x7200 | 541c61aa88f1e9635dd9d264fdac7aa7 | False | 0.5160704495614035 | data | 5.167904163827637 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x2711bc8 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.4276315789473684 | ||
RT_ICON | 0x270c420 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | Turkish | Turkey | 0.43150319829424305 |
RT_ICON | 0x270d2c8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | Turkish | Turkey | 0.5672382671480144 |
RT_ICON | 0x270db70 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 0 | Turkish | Turkey | 0.6261520737327189 |
RT_ICON | 0x270e238 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | Turkish | Turkey | 0.6784682080924855 |
RT_ICON | 0x270e7a0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | Turkish | Turkey | 0.5152489626556016 |
RT_ICON | 0x2710d48 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 0 | Turkish | Turkey | 0.5864754098360656 |
RT_ICON | 0x27116d0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | Turkish | Turkey | 0.6152482269503546 |
RT_STRING | 0x2711ef0 | 0xa2 | data | 0.5864197530864198 | ||
RT_STRING | 0x2711f98 | 0x662 | data | 0.4339045287637699 | ||
RT_STRING | 0x2712600 | 0x1ce | data | 0.474025974025974 | ||
RT_STRING | 0x27127d0 | 0x694 | data | 0.42636579572446553 | ||
RT_STRING | 0x2712e68 | 0x16c | data | 0.5137362637362637 | ||
RT_STRING | 0x2712fd8 | 0xcc | data | 0.5637254901960784 | ||
RT_ACCELERATOR | 0x2711ba0 | 0x28 | data | 1.0 | ||
RT_GROUP_CURSOR | 0x2711cf8 | 0x14 | data | 1.15 | ||
RT_GROUP_ICON | 0x2711b38 | 0x68 | data | Turkish | Turkey | 0.7115384615384616 |
RT_VERSION | 0x2711d10 | 0x1e0 | data | 0.575 |
DLL | Import |
---|---|
KERNEL32.dll | GetModuleHandleW, GetProcessHeap, GetDateFormatA, SetCommState, GlobalAlloc, GetVolumeInformationA, IsBadCodePtr, HeapDestroy, GetModuleFileNameW, SetConsoleTitleA, GlobalUnfix, EnumCalendarInfoW, GetProcAddress, SetFirmwareEnvironmentVariableW, LoadLibraryA, GetFileType, SetConsoleDisplayMode, FreeEnvironmentStringsW, BuildCommDCBA, VirtualProtect, GetCurrentDirectoryA, FindAtomW, FileTimeToLocalFileTime, SetFileAttributesW, SetCurrentDirectoryA, GetLocaleInfoA, GetLastError, HeapReAlloc, HeapAlloc, GetCommandLineA, GetStartupInfoA, RaiseException, RtlUnwind, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapFree, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapCreate, VirtualFree, VirtualAlloc, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, MultiByteToWideChar, InitializeCriticalSectionAndSpinCount, HeapSize, GetConsoleCP, GetConsoleMode, FlushFileBuffers, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, ReadFile, SetFilePointer, CloseHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA |
ADVAPI32.dll | ReadEventLogW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Turkish | Turkey |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/26/24-05:44:01.105350 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
04/26/24-05:44:03.319178 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
04/26/24-05:43:59.940120 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
04/26/24-05:44:05.638317 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
04/26/24-05:43:58.725101 | UDP | 2052229 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (strollheavengwu .shop) | 57412 | 53 | 192.168.2.5 | 1.1.1.1 |
04/26/24-05:44:04.568308 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
04/26/24-05:43:58.891180 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
04/26/24-05:44:07.287198 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
04/26/24-05:44:02.110134 | TCP | 2052230 | ET TROJAN Observed Lumma Stealer Related Domain (strollheavengwu .shop in TLS SNI) | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 05:43:58.889981985 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:58.890038013 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:58.890126944 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:58.891180038 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:58.891199112 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.207051039 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.207191944 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.216829062 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.216849089 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.217192888 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.263021946 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.264970064 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.264992952 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.265080929 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.931391001 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.931526899 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.931588888 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.933892965 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.933914900 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.933932066 CEST | 49704 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.933938026 CEST | 443 | 49704 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.939722061 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.939765930 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:43:59.939831018 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.940119982 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:43:59.940136909 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.255330086 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.255424023 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.256745100 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.256766081 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.257170916 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.258244991 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.258299112 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.258346081 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.955645084 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.955864906 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.955944061 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.955967903 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.955997944 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.956053019 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.956087112 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.956254959 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.956311941 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.956338882 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.956517935 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.956573009 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.956588030 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.957062006 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.957120895 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.957134008 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.957252979 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.957314014 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.957326889 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.957448006 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.957515001 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.957590103 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.957590103 CEST | 49705 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:00.957623005 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:00.957643986 CEST | 443 | 49705 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.104851007 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:01.104896069 CEST | 443 | 49706 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.104981899 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:01.105350018 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:01.105365992 CEST | 443 | 49706 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.417582035 CEST | 443 | 49706 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.417789936 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:01.419116020 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:01.419123888 CEST | 443 | 49706 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.419447899 CEST | 443 | 49706 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.420758963 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:01.420916080 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:01.420962095 CEST | 443 | 49706 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.951178074 CEST | 443 | 49706 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.951455116 CEST | 443 | 49706 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:01.951508999 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:01.951554060 CEST | 49706 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.109661102 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.109688044 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:02.109772921 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.110133886 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.110147953 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:02.418365002 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:02.418454885 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.420334101 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.420341969 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:02.420672894 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:02.422275066 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.422369003 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.422418118 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:02.422483921 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:02.422496080 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.124844074 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.124954939 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.125013113 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.125149965 CEST | 49707 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.125169992 CEST | 443 | 49707 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.318712950 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.318744898 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.318948984 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.319178104 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.319191933 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.628565073 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.628669977 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.629968882 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.629976988 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.630789042 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.632325888 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.632477999 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.632512093 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:03.632586956 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:03.632596016 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:04.345459938 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:04.345751047 CEST | 443 | 49708 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:04.345763922 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.345807076 CEST | 49708 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.567754030 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.567831993 CEST | 443 | 49709 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:04.567944050 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.568308115 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.568341017 CEST | 443 | 49709 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:04.892745018 CEST | 443 | 49709 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:04.892913103 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.894273996 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.894304991 CEST | 443 | 49709 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:04.895374060 CEST | 443 | 49709 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:04.896698952 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.896805048 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:04.896837950 CEST | 443 | 49709 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:05.570768118 CEST | 443 | 49709 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:05.571094036 CEST | 443 | 49709 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:05.571197987 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.571197987 CEST | 49709 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.637646914 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.637691975 CEST | 443 | 49710 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:05.637800932 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.638317108 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.638336897 CEST | 443 | 49710 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:05.952519894 CEST | 443 | 49710 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:05.952616930 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.954346895 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.954359055 CEST | 443 | 49710 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:05.955374002 CEST | 443 | 49710 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:05.956712008 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.956815004 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:05.956820965 CEST | 443 | 49710 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:06.613959074 CEST | 443 | 49710 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:06.614239931 CEST | 443 | 49710 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:06.614278078 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:06.614332914 CEST | 49710 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.286608934 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.286693096 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.286782026 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.287198067 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.287229061 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.597851992 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.597965956 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.599329948 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.599370003 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.599701881 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.600987911 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.601772070 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.601814985 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.601950884 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.601993084 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.602148056 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.602189064 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.602351904 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.602399111 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.602590084 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.602664948 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.602876902 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.602926970 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.602946997 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.602988958 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.603107929 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.603148937 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.603200912 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.603231907 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.603316069 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.644161940 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.644383907 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.644496918 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.644548893 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.644589901 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.644670963 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.644721985 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:07.644737005 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:07.644746065 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:09.631021023 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:09.631257057 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Apr 26, 2024 05:44:09.631341934 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:09.631417036 CEST | 49711 | 443 | 192.168.2.5 | 172.67.163.209 |
Apr 26, 2024 05:44:09.631454945 CEST | 443 | 49711 | 172.67.163.209 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 26, 2024 05:43:58.725100994 CEST | 57412 | 53 | 192.168.2.5 | 1.1.1.1 |
Apr 26, 2024 05:43:58.881438971 CEST | 53 | 57412 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 26, 2024 05:43:58.725100994 CEST | 192.168.2.5 | 1.1.1.1 | 0xef4c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 26, 2024 05:43:58.881438971 CEST | 1.1.1.1 | 192.168.2.5 | 0xef4c | No error (0) | 172.67.163.209 | A (IP address) | IN (0x0001) | false | ||
Apr 26, 2024 05:43:58.881438971 CEST | 1.1.1.1 | 192.168.2.5 | 0xef4c | No error (0) | 104.21.15.198 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 172.67.163.209 | 443 | 5444 | C:\Users\user\Desktop\VoGtelkHSn.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:43:59 UTC | 267 | OUT | |
2024-04-26 03:43:59 UTC | 8 | OUT | |
2024-04-26 03:43:59 UTC | 808 | IN | |
2024-04-26 03:43:59 UTC | 7 | IN | |
2024-04-26 03:43:59 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49705 | 172.67.163.209 | 443 | 5444 | C:\Users\user\Desktop\VoGtelkHSn.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:00 UTC | 268 | OUT | |
2024-04-26 03:44:00 UTC | 58 | OUT | |
2024-04-26 03:44:00 UTC | 812 | IN | |
2024-04-26 03:44:00 UTC | 557 | IN | |
2024-04-26 03:44:00 UTC | 742 | IN | |
2024-04-26 03:44:00 UTC | 1369 | IN | |
2024-04-26 03:44:00 UTC | 1369 | IN | |
2024-04-26 03:44:00 UTC | 1369 | IN | |
2024-04-26 03:44:00 UTC | 1369 | IN | |
2024-04-26 03:44:00 UTC | 1369 | IN | |
2024-04-26 03:44:00 UTC | 1369 | IN | |
2024-04-26 03:44:00 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49706 | 172.67.163.209 | 443 | 5444 | C:\Users\user\Desktop\VoGtelkHSn.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:01 UTC | 286 | OUT | |
2024-04-26 03:44:01 UTC | 12839 | OUT | |
2024-04-26 03:44:01 UTC | 804 | IN | |
2024-04-26 03:44:01 UTC | 24 | IN | |
2024-04-26 03:44:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49707 | 172.67.163.209 | 443 | 5444 | C:\Users\user\Desktop\VoGtelkHSn.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:02 UTC | 286 | OUT | |
2024-04-26 03:44:02 UTC | 15081 | OUT | |
2024-04-26 03:44:03 UTC | 808 | IN | |
2024-04-26 03:44:03 UTC | 24 | IN | |
2024-04-26 03:44:03 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49708 | 172.67.163.209 | 443 | 5444 | C:\Users\user\Desktop\VoGtelkHSn.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:03 UTC | 286 | OUT | |
2024-04-26 03:44:03 UTC | 15331 | OUT | |
2024-04-26 03:44:03 UTC | 5240 | OUT | |
2024-04-26 03:44:04 UTC | 804 | IN | |
2024-04-26 03:44:04 UTC | 24 | IN | |
2024-04-26 03:44:04 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49709 | 172.67.163.209 | 443 | 5444 | C:\Users\user\Desktop\VoGtelkHSn.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:04 UTC | 285 | OUT | |
2024-04-26 03:44:04 UTC | 5448 | OUT | |
2024-04-26 03:44:05 UTC | 808 | IN | |
2024-04-26 03:44:05 UTC | 24 | IN | |
2024-04-26 03:44:05 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49710 | 172.67.163.209 | 443 | 5444 | C:\Users\user\Desktop\VoGtelkHSn.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:05 UTC | 285 | OUT | |
2024-04-26 03:44:05 UTC | 1385 | OUT | |
2024-04-26 03:44:06 UTC | 814 | IN | |
2024-04-26 03:44:06 UTC | 24 | IN | |
2024-04-26 03:44:06 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49711 | 172.67.163.209 | 443 | 5444 | C:\Users\user\Desktop\VoGtelkHSn.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-26 03:44:07 UTC | 287 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:07 UTC | 15331 | OUT | |
2024-04-26 03:44:09 UTC | 818 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:43:55 |
Start date: | 26/04/2024 |
Path: | C:\Users\user\Desktop\VoGtelkHSn.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 351'232 bytes |
MD5 hash: | 7F26737F63FCD5B7E2695F438E341075 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 4 |
Start time: | 05:44:08 |
Start date: | 26/04/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x380000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 8.4% |
Dynamic/Decrypted Code Coverage: | 8.4% |
Signature Coverage: | 24.3% |
Total number of Nodes: | 382 |
Total number of Limit Nodes: | 17 |
Graph
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404740 Relevance: 5.5, Strings: 4, Instructions: 501COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BF817E Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414C49 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041C540 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433CC0 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004137C9 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004204B7 Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420CA0 Relevance: .4, Instructions: 371COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00432010 Relevance: .3, Instructions: 300COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433D10 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422458 Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004357CA Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004359E2 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429597 Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D608 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417810 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427F5A Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427F84 Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436209 Relevance: 1.6, APIs: 1, Instructions: 87libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435F1F Relevance: 1.6, APIs: 1, Instructions: 68libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433B50 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004375CD Relevance: 1.5, APIs: 1, Instructions: 44memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433C2A Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BF7E3D Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C500 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB49A7 Relevance: 5.5, Strings: 4, Instructions: 501COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB5557 Relevance: 3.4, Strings: 2, Instructions: 851COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004052F0 Relevance: 3.4, Strings: 2, Instructions: 851COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED3BAA Relevance: 3.1, Strings: 2, Instructions: 643COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB1267 Relevance: 3.0, Strings: 2, Instructions: 518COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE9D57 Relevance: 2.8, Strings: 2, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00439AF0 Relevance: 2.8, Strings: 2, Instructions: 310COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC40B1 Relevance: 2.6, Strings: 2, Instructions: 146COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413E4A Relevance: 2.6, Strings: 2, Instructions: 146COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC4EB0 Relevance: 2.6, Strings: 2, Instructions: 80COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED42EB Relevance: 1.9, Strings: 1, Instructions: 676COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED42EE Relevance: 1.9, Strings: 1, Instructions: 650COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ECC7A7 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ECAB27 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A8C0 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ECA687 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A420 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB6857 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004065F0 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC3EAD Relevance: 1.4, Strings: 1, Instructions: 106COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413C46 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ECF49B Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC3A30 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F234 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED2984 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042271D Relevance: 1.3, Strings: 1, Instructions: 88COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ECE6B8 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041E451 Relevance: 1.3, Strings: 1, Instructions: 34COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB7F17 Relevance: .9, Instructions: 863COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407CB0 Relevance: .9, Instructions: 863COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB34C7 Relevance: .7, Instructions: 739COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403260 Relevance: .7, Instructions: 739COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE4857 Relevance: .7, Instructions: 654COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004345F0 Relevance: .7, Instructions: 654COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB6297 Relevance: .5, Instructions: 506COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406030 Relevance: .5, Instructions: 506COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED5BB6 Relevance: .4, Instructions: 439COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042594F Relevance: .4, Instructions: 439COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED5C39 Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004259D2 Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED5C34 Relevance: .4, Instructions: 388COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004259CD Relevance: .4, Instructions: 388COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED0F07 Relevance: .4, Instructions: 371COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE9A37 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004397D0 Relevance: .3, Instructions: 294COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC0656 Relevance: .2, Instructions: 245COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004103EF Relevance: .2, Instructions: 245COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EBF824 Relevance: .2, Instructions: 231COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE3F77 Relevance: .2, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE1CD7 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431A70 Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED26BF Relevance: .2, Instructions: 153COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC4557 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004142F0 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EBF8F7 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC5FE4 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F690 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415D7D Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE5A31 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC494D Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004146E6 Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB30D7 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E70 Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ECFA8F Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F828 Relevance: .1, Instructions: 97COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ECF8A7 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F640 Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE5C49 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED4F17 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424CB0 Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EDFAF7 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F890 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ECD377 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02BF7A5B Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC1CAB Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411A44 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02ED1F2E Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00421CC7 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EB0D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EBFCB0 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040FA49 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EBD3A7 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D140 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC7494 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EC47FD Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE7EAE Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EE7EAC Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414596 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437C47 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00437C45 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02EDC767 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 153clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |