Analysis Report mcsrXx9lfD.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Username: ": "In9AcPpFuU", "URL: ": "http://Gwd19zMdFbudWhUhS.net", "To: ": "sales1@tzdieep.net", "ByHost: ": "smtp.tzdieep.net:587", "Password: ": "Ttlj1OTOO1N4A", "From: ": "sales1@tzdieep.net"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 11 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 4 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Code function: | 0_2_00408938 | |
Source: | Code function: | 0_2_00405AC0 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: |
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | JA3 fingerprint: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Code function: | 0_2_0040703E |
Source: | Code function: | 0_2_0043258C |
Source: | Code function: | 0_2_0045BDA0 |
Source: | Binary or memory string: |
Source: | Window created: | Jump to behavior |
Source: | Code function: | 0_2_00457E74 | |
Source: | Code function: | 0_2_004585F0 | |
Source: | Code function: | 0_2_004586A0 | |
Source: | Code function: | 0_2_0042E8BC | |
Source: | Code function: | 0_2_0044CA64 | |
Source: | Code function: | 0_2_0043CE20 | |
Source: | Code function: | 1_2_00444159 |
Source: | Code function: | 0_2_00452548 | |
Source: | Code function: | 0_2_0044CA64 | |
Source: | Code function: | 1_2_00405808 | |
Source: | Code function: | 1_2_00402296 | |
Source: | Code function: | 1_2_0040BD3D | |
Source: | Code function: | 1_2_0043D976 | |
Source: | Code function: | 1_2_0044313D | |
Source: | Code function: | 1_2_00788C78 | |
Source: | Code function: | 1_2_0078CD70 | |
Source: | Code function: | 1_2_00785150 | |
Source: | Code function: | 1_2_00787508 | |
Source: | Code function: | 1_2_007899B8 | |
Source: | Code function: | 1_2_00785598 | |
Source: | Code function: | 1_2_0078F770 | |
Source: | Code function: | 1_2_00780388 | |
Source: | Code function: | 1_2_0078CD6C | |
Source: | Code function: | 1_2_007855E0 | |
Source: | Code function: | 1_2_00AF40CE | |
Source: | Code function: | 1_2_00AF7A28 | |
Source: | Code function: | 1_2_00AF2E78 | |
Source: | Code function: | 1_2_00AF98A1 | |
Source: | Code function: | 1_2_00AF09A0 | |
Source: | Code function: | 1_2_00AF8170 | |
Source: | Code function: | 1_2_00AFDFB8 | |
Source: | Code function: | 1_2_04A646A0 | |
Source: | Code function: | 1_2_04A645B0 | |
Source: | Code function: | 1_2_04A6D301 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_00420594 |
Source: | Code function: | 0_2_00408B02 |
Source: | Code function: | 0_2_00416D64 |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00443C20 |
Source: | Code function: | 0_2_004442D5 | |
Source: | Code function: | 0_2_0040C030 | |
Source: | Code function: | 0_2_0040C0A3 | |
Source: | Code function: | 0_2_0040C0A3 | |
Source: | Code function: | 0_2_004101A9 | |
Source: | Code function: | 0_2_0040C140 | |
Source: | Code function: | 0_2_0040C140 | |
Source: | Code function: | 0_2_0046C14B | |
Source: | Code function: | 0_2_0046C200 | |
Source: | Code function: | 0_2_0045A1DD | |
Source: | Code function: | 0_2_00428200 | |
Source: | Code function: | 0_2_00444246 | |
Source: | Code function: | 0_2_004281C9 | |
Source: | Code function: | 0_2_004103AD | |
Source: | Code function: | 0_2_00428244 | |
Source: | Code function: | 0_2_0046C267 | |
Source: | Code function: | 0_2_0041C239 | |
Source: | Code function: | 0_2_0046C310 | |
Source: | Code function: | 0_2_0046C2CF | |
Source: | Code function: | 0_2_004323B5 | |
Source: | Code function: | 0_2_0046C348 | |
Source: | Code function: | 0_2_004264A0 | |
Source: | Code function: | 0_2_004104F4 | |
Source: | Code function: | 0_2_00412471 | |
Source: | Code function: | 0_2_0041A4CA | |
Source: | Code function: | 0_2_004104F4 | |
Source: | Code function: | 0_2_00470580 | |
Source: | Code function: | 0_2_004065C1 | |
Source: | Code function: | 0_2_004065C1 | |
Source: | Code function: | 0_2_0042855C | |
Source: | Code function: | 0_2_0042C608 |
Source: | Code function: | 0_2_00457EFC | |
Source: | Code function: | 0_2_0043E4F4 | |
Source: | Code function: | 0_2_004585F0 | |
Source: | Code function: | 0_2_004586A0 | |
Source: | Code function: | 0_2_00426BA4 | |
Source: | Code function: | 0_2_0043ED9C | |
Source: | Code function: | 0_2_00454FF0 | |
Source: | Code function: | 0_2_0043F680 |
Source: | Code function: | 0_2_00443C20 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contains functionality to detect sleep reduction / modifications | Show sources |
Source: | Code function: | 0_2_0043372C |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Code function: | 0_2_004574D0 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Code function: | 0_2_0043372C |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: |
Source: | Code function: | 0_2_004703B0 |
Source: | Code function: | 0_2_00408938 | |
Source: | Code function: | 0_2_00405AC0 |
Source: | Code function: | 0_2_00420B24 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_00AFE800 |
Source: | Code function: | 1_2_0043F6F3 |
Source: | Code function: | 0_2_00443C20 |
Source: | Code function: | 1_2_00443412 | |
Source: | Code function: | 1_2_004434D0 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_0043F6F3 | |
Source: | Code function: | 1_2_0043E746 | |
Source: | Code function: | 1_2_00441D7F | |
Source: | Code function: | 1_2_0043FBB5 |
Source: | Memory protected: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00405C78 | |
Source: | Code function: | 0_2_0040ACF0 | |
Source: | Code function: | 0_2_00409940 | |
Source: | Code function: | 0_2_0040998C | |
Source: | Code function: | 0_2_00405D84 | |
Source: | Code function: | 1_2_00442A4A |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_004703B0 |
Source: | Code function: | 0_2_00444250 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | DLL Side-Loading1 | Disable or Modify Tools1 | OS Credential Dumping2 | System Time Discovery11 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Application Shimming1 | Application Shimming1 | Deobfuscate/Decode Files or Information1 | Input Capture21 | File and Directory Discovery1 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Process Injection112 | Obfuscated Files or Information2 | Credentials in Registry1 | System Information Discovery128 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Software Packing21 | NTDS | Query Registry1 | Distributed Component Object Model | Input Capture21 | Scheduled Transfer | Application Layer Protocol12 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | Security Software Discovery251 | SSH | Clipboard Data3 | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Masquerading1 | Cached Domain Credentials | Virtualization/Sandbox Evasion14 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion14 | DCSync | Process Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Process Injection112 | Proc Filesystem | Application Window Discovery11 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Remote System Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | System Network Configuration Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | Virustotal | Browse | ||
79% | ReversingLabs | Win32.Trojan.LokiBot | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1138205 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File | ||
100% | Avira | HEUR/AGEN.1131223 | Download File | ||
100% | Avira | HEUR/AGEN.1138205 | Download File | ||
100% | Avira | HEUR/AGEN.1138205 | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
elb097307-934924932.us-east-1.elb.amazonaws.com | 54.235.83.248 | true | false | high | |
us2.smtp.mailhostbox.com | 208.91.199.225 | true | false | high | |
smtp.tzdieep.net | unknown | unknown | true | unknown | |
api.ipify.org | unknown | unknown | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.235.83.248 | unknown | United States | 14618 | AMAZON-AESUS | false | |
208.91.199.225 | unknown | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 321297 |
Start date: | 20.11.2020 |
Start time: | 20:03:26 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | mcsrXx9lfD.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/1@4/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
20:04:42 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
54.235.83.248 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
208.91.199.225 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
us2.smtp.mailhostbox.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
elb097307-934924932.us-east-1.elb.amazonaws.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AMAZON-AESUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\mcsrXx9lfD.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 0.7006690334145785 |
Encrypted: | false |
SSDEEP: | 24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ |
MD5: | A7FE10DA330AD03BF22DC9AC76BBB3E4 |
SHA1: | 1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803 |
SHA-256: | 8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8 |
SHA-512: | 1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.87101358003814 |
TrID: |
|
File name: | mcsrXx9lfD.exe |
File size: | 945664 |
MD5: | 3d549885e44863c57f59eab47f2271cc |
SHA1: | 76c51be921ef41ff2596f3f882b91c8ede3713c7 |
SHA256: | 1d9c8ee9be6e0ee20b600c71989292aa2efd0849611389e3121bae364d9d6adf |
SHA512: | 60d415743a8212cfc649ed20670d2ee4dff060cbf93475a7bc5f8d273bbbed5e472fb9d5ea055fa126d6986b250ca3203894b0454e6162fbd14e2dceeca40fc9 |
SSDEEP: | 24576:j6j4rvrKwang6WCxVA0d6yxE6iw2lKK0D/YNN:92wa5xB62ElJubYNN |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
File Icon |
---|
Icon Hash: | 6861f0969ee86882 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4707f8 |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f19034443dbba8ae65cae64d05fef57a |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 00470608h |
call 00007F1990EA8A01h |
mov eax, dword ptr [0048E6ECh] |
mov eax, dword ptr [eax] |
call 00007F1990EFAE65h |
mov ecx, dword ptr [0048E7D8h] |
mov eax, dword ptr [0048E6ECh] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [004700F4h] |
call 00007F1990EFAE65h |
mov eax, dword ptr [0048E6ECh] |
mov eax, dword ptr [eax] |
call 00007F1990EFAED9h |
call 00007F1990EA64F8h |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x90000 | 0x247a | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x9d000 | 0x4f5f4 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x95000 | 0x77c8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x94000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x6f840 | 0x6fa00 | False | 0.523629969205 | data | 6.51435589822 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
DATA | 0x71000 | 0x1d868 | 0x1da00 | False | 0.161260548523 | data | 2.59870276116 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
BSS | 0x8f000 | 0xcc1 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x90000 | 0x247a | 0x2600 | False | 0.349403782895 | data | 4.92563231128 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.tls | 0x93000 | 0x10 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rdata | 0x94000 | 0x18 | 0x200 | False | 0.05078125 | data | 0.206920017787 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.reloc | 0x95000 | 0x77c8 | 0x7800 | False | 0.582259114583 | data | 6.64226915187 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x9d000 | 0x4f5f4 | 0x4f600 | False | 0.908793676181 | data | 7.56970916741 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_CURSOR | 0x9db0c | 0x134 | data | ||
RT_CURSOR | 0x9dc40 | 0x134 | data | ||
RT_CURSOR | 0x9dd74 | 0x134 | data | ||
RT_CURSOR | 0x9dea8 | 0x134 | data | ||
RT_CURSOR | 0x9dfdc | 0x134 | data | ||
RT_CURSOR | 0x9e110 | 0x134 | data | ||
RT_CURSOR | 0x9e244 | 0x134 | data | ||
RT_BITMAP | 0x9e378 | 0x1d0 | data | ||
RT_BITMAP | 0x9e548 | 0x1e4 | data | ||
RT_BITMAP | 0x9e72c | 0x1d0 | data | ||
RT_BITMAP | 0x9e8fc | 0x1d0 | data | ||
RT_BITMAP | 0x9eacc | 0x1d0 | data | ||
RT_BITMAP | 0x9ec9c | 0x1d0 | data | ||
RT_BITMAP | 0x9ee6c | 0x1d0 | data | ||
RT_BITMAP | 0x9f03c | 0x1d0 | data | ||
RT_BITMAP | 0x9f20c | 0x49d04 | data | English | United States |
RT_BITMAP | 0xe8f10 | 0x1d0 | data | ||
RT_BITMAP | 0xe90e0 | 0xd8 | data | ||
RT_BITMAP | 0xe91b8 | 0xd8 | data | ||
RT_BITMAP | 0xe9290 | 0xd8 | data | ||
RT_BITMAP | 0xe9368 | 0xd8 | data | ||
RT_BITMAP | 0xe9440 | 0xd8 | data | ||
RT_ICON | 0xe9518 | 0x1e8 | data | English | United States |
RT_STRING | 0xe9700 | 0x1c4 | data | ||
RT_STRING | 0xe98c4 | 0x210 | data | ||
RT_STRING | 0xe9ad4 | 0xec | data | ||
RT_STRING | 0xe9bc0 | 0x24c | data | ||
RT_STRING | 0xe9e0c | 0x140 | data | ||
RT_STRING | 0xe9f4c | 0x4c0 | data | ||
RT_STRING | 0xea40c | 0x378 | data | ||
RT_STRING | 0xea784 | 0x378 | data | ||
RT_STRING | 0xeaafc | 0x418 | data | ||
RT_STRING | 0xeaf14 | 0xf4 | data | ||
RT_STRING | 0xeb008 | 0xc4 | data | ||
RT_STRING | 0xeb0cc | 0x2e0 | data | ||
RT_STRING | 0xeb3ac | 0x35c | data | ||
RT_STRING | 0xeb708 | 0x2b4 | data | ||
RT_RCDATA | 0xeb9bc | 0x10 | data | ||
RT_RCDATA | 0xeb9cc | 0x290 | data | ||
RT_RCDATA | 0xebc5c | 0x85d | Delphi compiled form 'TForm1' | ||
RT_GROUP_CURSOR | 0xec4bc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xec4d0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xec4e4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xec4f8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xec50c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xec520 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0xec534 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_ICON | 0xec548 | 0x14 | data | English | United States |
RT_HTML | 0xec55c | 0x98 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
kernel32.dll | lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtectEx, VirtualProtect, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemTime, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PolyPolyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExtCreatePen, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt |
opengl32.dll | wglDeleteContext |
user32.dll | WindowFromPoint, WinHelpA, WaitMessage, ValidateRect, UpdateWindow, UnregisterClassA, UnionRect, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetMenuItemInfoA, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, IsCharAlphaNumericA, IsCharAlphaA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DeferWindowPos, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, BeginDeferWindowPos, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayRedim, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
kernel32.dll | MulDiv |
kernel32.dll | AddVectoredExceptionHandler |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
11/20/20-20:06:14.054607 | TCP | 2030171 | ET TROJAN AgentTesla Exfil Via SMTP | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
11/20/20-20:06:19.529008 | TCP | 2030171 | ET TROJAN AgentTesla Exfil Via SMTP | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2020 20:06:02.867763042 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:02.970710039 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:02.970840931 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:03.048233032 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:03.151184082 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:03.151365995 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:03.151412010 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:03.151449919 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:03.151488066 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:03.151523113 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:03.151604891 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:03.152462959 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:03.193653107 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:03.296808958 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:03.337061882 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:03.527725935 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:03.650266886 CET | 443 | 49765 | 54.235.83.248 | 192.168.2.4 |
Nov 20, 2020 20:06:03.696402073 CET | 49765 | 443 | 192.168.2.4 | 54.235.83.248 |
Nov 20, 2020 20:06:12.046245098 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:12.195732117 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:12.195873022 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:12.812896967 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:12.813532114 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:12.963042974 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:12.963083982 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:12.965086937 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:13.117259979 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:13.118549109 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:13.272712946 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:13.273732901 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:13.426875114 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:13.427592993 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:13.587024927 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:13.587740898 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:13.900435925 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:13.970786095 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:13.970876932 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:14.052644968 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:14.054606915 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:14.054723978 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:14.054792881 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:14.054862022 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:14.206177950 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:14.206207037 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:14.304539919 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:14.353532076 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:15.132817984 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:15.285135031 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:15.285177946 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:15.285315037 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:15.285629988 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:15.287194967 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:15.437752962 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:18.291451931 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:18.443504095 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:18.443722963 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:18.597949028 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:18.598503113 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:18.750886917 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:18.750929117 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:18.751543045 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:18.905124903 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:18.905966997 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.059966087 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.060359955 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.213042021 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.213613987 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.372828960 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.373275995 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.526504993 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.528677940 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.529007912 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.529237986 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.529467106 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.529825926 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.530020952 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.530205011 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.530380964 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
Nov 20, 2020 20:06:19.682955027 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.683171988 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.683890104 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.683937073 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.723391056 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.782569885 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 |
Nov 20, 2020 20:06:19.822771072 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 20, 2020 20:04:25.524873972 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:25.551821947 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:26.320063114 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:26.346997976 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:27.294008017 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:27.321191072 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:28.159040928 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:28.194726944 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:29.805763960 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:29.832993984 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:30.656399012 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:30.683475018 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:31.821947098 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:31.848968029 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:33.008469105 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:33.035512924 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:33.855465889 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:33.885452986 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:34.672504902 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:34.699506998 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:35.485847950 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:36.471452951 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:37.468499899 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:37.468878031 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:38.335410118 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:38.371105909 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:39.222748995 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:39.249989986 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:48.703561068 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:48.730670929 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:56.614922047 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:56.650635958 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:57.426611900 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:57.462377071 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:04:58.906955004 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:04:58.934135914 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:05.601068020 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:05.638362885 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:06.045974970 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:06.188076019 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:06.658164024 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:06.694003105 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:07.053534031 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:07.091173887 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:07.443414927 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:07.479268074 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:07.865032911 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:07.885739088 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:07.900911093 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:07.912983894 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:08.316250086 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:08.351902962 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:08.967999935 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:09.004004955 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:09.666666985 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:09.693757057 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:10.107448101 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:10.145284891 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:24.209593058 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:24.236658096 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:24.264631033 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:24.300369024 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:27.762192965 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:27.799884081 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:05:59.897576094 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:05:59.926115036 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:06:01.692032099 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:06:01.719229937 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:06:02.679915905 CET | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:06:02.715765953 CET | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:06:02.738959074 CET | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:06:02.766254902 CET | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:06:11.700295925 CET | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:06:11.864727974 CET | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Nov 20, 2020 20:06:11.878782034 CET | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 20, 2020 20:06:12.043437004 CET | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 20, 2020 20:06:02.679915905 CET | 192.168.2.4 | 8.8.8.8 | 0x390f | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 20, 2020 20:06:02.738959074 CET | 192.168.2.4 | 8.8.8.8 | 0xd2a2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 20, 2020 20:06:11.700295925 CET | 192.168.2.4 | 8.8.8.8 | 0x6c4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 20, 2020 20:06:11.878782034 CET | 192.168.2.4 | 8.8.8.8 | 0xa6f5 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | nagano-19599.herokussl.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | elb097307-934924932.us-east-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | 54.235.83.248 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | 174.129.214.20 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | 54.235.182.194 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | 50.19.252.36 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | 54.225.66.103 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | 54.235.142.93 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | 54.243.164.148 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.715765953 CET | 8.8.8.8 | 192.168.2.4 | 0x390f | No error (0) | 23.21.126.66 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | nagano-19599.herokussl.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | elb097307-934924932.us-east-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | 54.235.83.248 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | 174.129.214.20 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | 54.235.182.194 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | 50.19.252.36 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | 54.225.66.103 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | 54.235.142.93 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | 54.243.164.148 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:02.766254902 CET | 8.8.8.8 | 192.168.2.4 | 0xd2a2 | No error (0) | 23.21.126.66 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:11.864727974 CET | 8.8.8.8 | 192.168.2.4 | 0x6c4 | No error (0) | us2.smtp.mailhostbox.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 20, 2020 20:06:11.864727974 CET | 8.8.8.8 | 192.168.2.4 | 0x6c4 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:11.864727974 CET | 8.8.8.8 | 192.168.2.4 | 0x6c4 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:11.864727974 CET | 8.8.8.8 | 192.168.2.4 | 0x6c4 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:11.864727974 CET | 8.8.8.8 | 192.168.2.4 | 0x6c4 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:12.043437004 CET | 8.8.8.8 | 192.168.2.4 | 0xa6f5 | No error (0) | us2.smtp.mailhostbox.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 20, 2020 20:06:12.043437004 CET | 8.8.8.8 | 192.168.2.4 | 0xa6f5 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:12.043437004 CET | 8.8.8.8 | 192.168.2.4 | 0xa6f5 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:12.043437004 CET | 8.8.8.8 | 192.168.2.4 | 0xa6f5 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) | ||
Nov 20, 2020 20:06:12.043437004 CET | 8.8.8.8 | 192.168.2.4 | 0xa6f5 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Nov 20, 2020 20:06:03.152462959 CET | 54.235.83.248 | 443 | 192.168.2.4 | 49765 | CN=*.ipify.org, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | Wed Jan 24 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue Jan 19 01:00:00 CET 2010 | Sun Jan 24 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Tue Jan 19 00:59:59 CET 2038 | 771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 3b5074b1b5d032e5620f69f9f700ff0e |
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | Wed Feb 12 01:00:00 CET 2014 | Mon Feb 12 00:59:59 CET 2029 | |||||||
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB | Tue Jan 19 01:00:00 CET 2010 | Tue Jan 19 00:59:59 CET 2038 |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Nov 20, 2020 20:06:12.812896967 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 220 us2.outbound.mailhostbox.com ESMTP Postfix |
Nov 20, 2020 20:06:12.813532114 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 | EHLO 928100 |
Nov 20, 2020 20:06:12.963083982 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 250-us2.outbound.mailhostbox.com 250-PIPELINING 250-SIZE 41648128 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN |
Nov 20, 2020 20:06:12.965086937 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 | AUTH login c2FsZXMxQHR6ZGllZXAubmV0 |
Nov 20, 2020 20:06:13.117259979 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 334 UGFzc3dvcmQ6 |
Nov 20, 2020 20:06:13.272712946 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 235 2.7.0 Authentication successful |
Nov 20, 2020 20:06:13.273732901 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 | MAIL FROM:<sales1@tzdieep.net> |
Nov 20, 2020 20:06:13.426875114 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 250 2.1.0 Ok |
Nov 20, 2020 20:06:13.427592993 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 | RCPT TO:<sales1@tzdieep.net> |
Nov 20, 2020 20:06:13.587024927 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 250 2.1.5 Ok |
Nov 20, 2020 20:06:13.587740898 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 | DATA |
Nov 20, 2020 20:06:13.900435925 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 | DATA |
Nov 20, 2020 20:06:13.970786095 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 250 2.1.5 Ok |
Nov 20, 2020 20:06:14.052644968 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 354 End data with <CR><LF>.<CR><LF> |
Nov 20, 2020 20:06:14.054862022 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 | . |
Nov 20, 2020 20:06:14.304539919 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 250 2.0.0 Ok: queued as 7CC42D5F69 |
Nov 20, 2020 20:06:15.132817984 CET | 49766 | 587 | 192.168.2.4 | 208.91.199.225 | QUIT |
Nov 20, 2020 20:06:15.285135031 CET | 587 | 49766 | 208.91.199.225 | 192.168.2.4 | 221 2.0.0 Bye |
Nov 20, 2020 20:06:18.597949028 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 | 220 us2.outbound.mailhostbox.com ESMTP Postfix |
Nov 20, 2020 20:06:18.598503113 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 | EHLO 928100 |
Nov 20, 2020 20:06:18.750929117 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 | 250-us2.outbound.mailhostbox.com 250-PIPELINING 250-SIZE 41648128 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN |
Nov 20, 2020 20:06:18.751543045 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 | AUTH login c2FsZXMxQHR6ZGllZXAubmV0 |
Nov 20, 2020 20:06:18.905124903 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 | 334 UGFzc3dvcmQ6 |
Nov 20, 2020 20:06:19.059966087 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 | 235 2.7.0 Authentication successful |
Nov 20, 2020 20:06:19.060359955 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 | MAIL FROM:<sales1@tzdieep.net> |
Nov 20, 2020 20:06:19.213042021 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 | 250 2.1.0 Ok |
Nov 20, 2020 20:06:19.213613987 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 | RCPT TO:<sales1@tzdieep.net> |
Nov 20, 2020 20:06:19.372828960 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 | 250 2.1.5 Ok |
Nov 20, 2020 20:06:19.373275995 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 | DATA |
Nov 20, 2020 20:06:19.526504993 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 | 354 End data with <CR><LF>.<CR><LF> |
Nov 20, 2020 20:06:19.530380964 CET | 49767 | 587 | 192.168.2.4 | 208.91.199.225 | . |
Nov 20, 2020 20:06:19.782569885 CET | 587 | 49767 | 208.91.199.225 | 192.168.2.4 | 250 2.0.0 Ok: queued as 484E9D6132 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 20:04:29 |
Start date: | 20/11/2020 |
Path: | C:\Users\user\Desktop\mcsrXx9lfD.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 945664 bytes |
MD5 hash: | 3D549885E44863C57F59EAB47F2271CC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 20:04:30 |
Start date: | 20/11/2020 |
Path: | C:\Users\user\Desktop\mcsrXx9lfD.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 945664 bytes |
MD5 hash: | 3D549885E44863C57F59EAB47F2271CC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00405C78, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D84, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
C-Code - Quality: 61% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00457E74, Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044401C, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 103registrylibraryloaderCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004579E0, Relevance: 13.6, APIs: 9, Instructions: 130windowregistryCOMMON
C-Code - Quality: 42% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456DD0, Relevance: 10.6, APIs: 7, Instructions: 89COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004576D8, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125windowCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004565F4, Relevance: 6.1, APIs: 4, Instructions: 99COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A78, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402164, Relevance: 3.1, APIs: 2, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004569B0, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401590, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004703F8, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040728A, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040728C, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405A3C, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401724, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041CDB0, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00443C20, Relevance: 49.1, APIs: 15, Strings: 13, Instructions: 95libraryloaderCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AC0, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044CA64, Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 405nativeCOMMONCrypto
C-Code - Quality: 91% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F680, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00452548, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 284windowCOMMONCrypto
C-Code - Quality: 92% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043ED9C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
C-Code - Quality: 85% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416D64, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043372C, Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004574D0, Relevance: 4.5, APIs: 3, Instructions: 33synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004703B0, Relevance: 4.5, APIs: 3, Instructions: 18timeCOMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E4F4, Relevance: 3.1, APIs: 2, Instructions: 63windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420594, Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ACF0, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408938, Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408B02, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042E8BC, Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420B24, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409940, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040998C, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040703E, Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046A130, Relevance: 23.0, APIs: 15, Instructions: 468COMMON
C-Code - Quality: 55% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004401C8, Relevance: 19.7, APIs: 13, Instructions: 213COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004072C0, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D5A0, Relevance: 16.6, APIs: 11, Instructions: 133COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436648, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 139threadCOMMON
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004388D8, Relevance: 13.6, APIs: 9, Instructions: 150COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF50, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00458D9C, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 132windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422B3E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00422B40, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 122fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426CD4, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 67% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426E7C, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A034, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 50filewindowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004041A4, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004463E8, Relevance: 12.2, APIs: 8, Instructions: 170COMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F440, Relevance: 12.1, APIs: 8, Instructions: 146COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D44C, Relevance: 12.1, APIs: 8, Instructions: 123COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004602B4, Relevance: 12.1, APIs: 8, Instructions: 102COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420B7C, Relevance: 12.1, APIs: 8, Instructions: 79COMMON
C-Code - Quality: 26% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448AC4, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 187windowCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004408BC, Relevance: 10.7, APIs: 7, Instructions: 151COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00456A90, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 31% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426DA8, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
C-Code - Quality: 47% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423744, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C3D0, Relevance: 9.1, APIs: 6, Instructions: 139COMMON
C-Code - Quality: 67% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042107C, Relevance: 9.1, APIs: 6, Instructions: 84COMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004214EC, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
C-Code - Quality: 45% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00435AE8, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420D2C, Relevance: 9.1, APIs: 6, Instructions: 55COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045E4BC, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420410, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C480, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 117registryCOMMON
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436824, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115keyboardwindowCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043260C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66clipboardCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040342C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045F454, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00451C90, Relevance: 7.7, APIs: 5, Instructions: 171COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00461670, Relevance: 7.7, APIs: 5, Instructions: 168COMMON
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449058, Relevance: 7.7, APIs: 5, Instructions: 162COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042AEC4, Relevance: 7.6, APIs: 5, Instructions: 110COMMON
C-Code - Quality: 77% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043D0C0, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041BC00, Relevance: 7.6, APIs: 5, Instructions: 89threadCOMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0046A7C4, Relevance: 7.6, APIs: 5, Instructions: 86COMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448E98, Relevance: 7.6, APIs: 5, Instructions: 77COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00458888, Relevance: 7.6, APIs: 5, Instructions: 73windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00424A88, Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00455FE4, Relevance: 7.6, APIs: 5, Instructions: 63COMMON
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420C94, Relevance: 7.6, APIs: 5, Instructions: 55COMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00465630, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409BC8, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004575E4, Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004624A0, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 276timeCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409C78, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EF68, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C174, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58windowCOMMON
C-Code - Quality: 93% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B3B8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00436BCC, Relevance: 6.2, APIs: 4, Instructions: 204COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ADDC, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042358C, Relevance: 6.1, APIs: 4, Instructions: 83COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C7CC, Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0045E5A8, Relevance: 6.1, APIs: 4, Instructions: 68windowCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042279C, Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00457C54, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00457570, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407224, Relevance: 6.0, APIs: 4, Instructions: 11memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 79% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004099F0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 106threadCOMMON
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044C050, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84keyboardCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044BE10, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00448FC8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00785598, Relevance: 2.3, Strings: 1, Instructions: 1064COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007899B8, Relevance: 1.6, Strings: 1, Instructions: 391COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007855E0, Relevance: 1.6, Strings: 1, Instructions: 305COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444159, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078CD70, Relevance: .8, Instructions: 847COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00787508, Relevance: .8, Instructions: 786COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078CD6C, Relevance: .7, Instructions: 733COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780388, Relevance: .6, Instructions: 617COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F770, Relevance: .4, Instructions: 402COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00785150, Relevance: .4, Instructions: 378COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00788C78, Relevance: .3, Instructions: 271COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004434F3, Relevance: 31.6, APIs: 3, Strings: 15, Instructions: 81libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004447C7, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 187memoryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00443B12, Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 165fileCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004436F4, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 110registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00444039, Relevance: 9.1, APIs: 6, Instructions: 54memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004443B2, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044389E, Relevance: 6.1, APIs: 4, Instructions: 71COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044346C, Relevance: 6.0, APIs: 4, Instructions: 42memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EBD8, Relevance: 4.5, APIs: 3, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F2C8, Relevance: 4.0, Strings: 3, Instructions: 214COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044395F, Relevance: 3.1, APIs: 2, Instructions: 58memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F1A8, Relevance: 2.7, Strings: 2, Instructions: 168COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00787EE8, Relevance: 1.9, Strings: 1, Instructions: 651COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A6500F, Relevance: 1.7, APIs: 1, Instructions: 164COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A65090, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A6779C, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A66B61, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A66B68, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A6BE89, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A6BE98, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A63300, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04A640AA, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004440B9, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E12C, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043EF47, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780CB0, Relevance: 1.5, Strings: 1, Instructions: 250COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00789EE8, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00789EE4, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00443F82, Relevance: 1.3, APIs: 1, Instructions: 69memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00443ED9, Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004440F0, Relevance: 1.3, APIs: 1, Instructions: 27COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007874B8, Relevance: 1.3, Strings: 1, Instructions: 22COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078DA07, Relevance: .8, Instructions: 776COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078BFE0, Relevance: .7, Instructions: 685COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078ADC8, Relevance: .6, Instructions: 637COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078B4C0, Relevance: .4, Instructions: 378COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007847B0, Relevance: .4, Instructions: 372COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078BA80, Relevance: .3, Instructions: 273COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078A232, Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780958, Relevance: .2, Instructions: 225COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078FCC1, Relevance: .2, Instructions: 215COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00782838, Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00785BE0, Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078EA68, Relevance: .2, Instructions: 150COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781620, Relevance: .1, Instructions: 134COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780E03, Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078ABD0, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F5F0, Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00788FE8, Relevance: .1, Instructions: 98COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078EA08, Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780C38, Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078A102, Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078BA20, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080D53C, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BDD01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00788C68, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00783E91, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00789098, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078AD37, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780EE0, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BDD005, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0080D537, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078B960, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F530, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F650, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078A1B0, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007899AA, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078ACD8, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078B9BF, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F58F, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F6AF, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00786988, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078F45C, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0043FBB5, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E746, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00443412, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004434D0, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F03C, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440F60, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043F577, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440CC4, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |