Analysis Report Shipping INVOICE-BL Shipment..exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 10 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 1 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Avira: |
Source: | Code function: | 0_2_00406469 | |
Source: | Code function: | 0_2_00402765 | |
Source: | Code function: | 0_2_0040592E |
Source: | Code function: | 2_2_00416227 | |
Source: | Code function: | 2_2_0040C37F | |
Source: | Code function: | 2_2_004157F1 | |
Source: | Code function: | 9_2_02F76227 | |
Source: | Code function: | 9_2_02F6C37F | |
Source: | Code function: | 9_2_02F757F1 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_004053CB |
E-Banking Fraud: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Executable has a suspicious name (potential lure to open the executable) | Show sources |
Source: | Static file information: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Code function: | 2_2_00418180 | |
Source: | Code function: | 2_2_00418230 | |
Source: | Code function: | 2_2_004182B0 | |
Source: | Code function: | 2_2_0041817A | |
Source: | Code function: | 2_2_004182DA | |
Source: | Code function: | 2_2_004182AC | |
Source: | Code function: | 2_2_04B795D0 | |
Source: | Code function: | 2_2_04B79540 | |
Source: | Code function: | 2_2_04B796E0 | |
Source: | Code function: | 2_2_04B797A0 | |
Source: | Code function: | 2_2_04B79780 | |
Source: | Code function: | 2_2_04B79FE0 | |
Source: | Code function: | 2_2_04B79710 | |
Source: | Code function: | 2_2_04B79860 | |
Source: | Code function: | 2_2_04B79840 | |
Source: | Code function: | 2_2_04B799A0 | |
Source: | Code function: | 2_2_04B79910 | |
Source: | Code function: | 2_2_04B79A20 | |
Source: | Code function: | 2_2_04B79A50 | |
Source: | Code function: | 2_2_04B795F0 | |
Source: | Code function: | 2_2_04B7AD30 | |
Source: | Code function: | 2_2_04B79520 | |
Source: | Code function: | 2_2_04B79560 | |
Source: | Code function: | 2_2_04B796D0 | |
Source: | Code function: | 2_2_04B79610 | |
Source: | Code function: | 2_2_04B79670 | |
Source: | Code function: | 2_2_04B79660 | |
Source: | Code function: | 2_2_04B79650 | |
Source: | Code function: | 2_2_04B79730 | |
Source: | Code function: | 2_2_04B7A710 | |
Source: | Code function: | 2_2_04B79770 | |
Source: | Code function: | 2_2_04B7A770 | |
Source: | Code function: | 2_2_04B79760 | |
Source: | Code function: | 2_2_04B798A0 | |
Source: | Code function: | 2_2_04B798F0 | |
Source: | Code function: | 2_2_04B79820 | |
Source: | Code function: | 2_2_04B7B040 | |
Source: | Code function: | 2_2_04B799D0 | |
Source: | Code function: | 2_2_04B79950 | |
Source: | Code function: | 2_2_04B79A80 | |
Source: | Code function: | 2_2_04B79A10 | |
Source: | Code function: | 2_2_04B79A00 | |
Source: | Code function: | 2_2_04B7A3B0 | |
Source: | Code function: | 2_2_04B79B00 | |
Source: | Code function: | 2_2_008054E0 | |
Source: | Code function: | 2_2_0080318C | |
Source: | Code function: | 9_2_03749A50 | |
Source: | Code function: | 9_2_03749910 | |
Source: | Code function: | 9_2_037499A0 | |
Source: | Code function: | 9_2_03749860 | |
Source: | Code function: | 9_2_03749840 | |
Source: | Code function: | 9_2_03749710 | |
Source: | Code function: | 9_2_03749FE0 | |
Source: | Code function: | 9_2_03749780 | |
Source: | Code function: | 9_2_037496E0 | |
Source: | Code function: | 9_2_037496D0 | |
Source: | Code function: | 9_2_03749540 | |
Source: | Code function: | 9_2_037495D0 | |
Source: | Code function: | 9_2_03749B00 | |
Source: | Code function: | 9_2_0374A3B0 | |
Source: | Code function: | 9_2_03749A20 | |
Source: | Code function: | 9_2_03749A10 | |
Source: | Code function: | 9_2_03749A00 | |
Source: | Code function: | 9_2_03749A80 | |
Source: | Code function: | 9_2_03749950 | |
Source: | Code function: | 9_2_037499D0 | |
Source: | Code function: | 9_2_0374B040 | |
Source: | Code function: | 9_2_03749820 | |
Source: | Code function: | 9_2_037498F0 | |
Source: | Code function: | 9_2_037498A0 | |
Source: | Code function: | 9_2_0374A770 | |
Source: | Code function: | 9_2_03749770 | |
Source: | Code function: | 9_2_03749760 | |
Source: | Code function: | 9_2_03749730 | |
Source: | Code function: | 9_2_0374A710 | |
Source: | Code function: | 9_2_037497A0 | |
Source: | Code function: | 9_2_03749670 | |
Source: | Code function: | 9_2_03749660 | |
Source: | Code function: | 9_2_03749650 | |
Source: | Code function: | 9_2_03749610 | |
Source: | Code function: | 9_2_03749560 | |
Source: | Code function: | 9_2_0374AD30 | |
Source: | Code function: | 9_2_03749520 | |
Source: | Code function: | 9_2_037495F0 | |
Source: | Code function: | 9_2_02F782B0 | |
Source: | Code function: | 9_2_02F78230 | |
Source: | Code function: | 9_2_02F78180 | |
Source: | Code function: | 9_2_02F782DA | |
Source: | Code function: | 9_2_02F782AC | |
Source: | Code function: | 9_2_02F7817A |
Source: | Code function: | 0_2_004033A9 |
Source: | Code function: | 0_2_00406943 | |
Source: | Code function: | 0_2_0040711A | |
Source: | Code function: | 1_2_10001BB0 | |
Source: | Code function: | 1_2_10004700 | |
Source: | Code function: | 1_2_10006325 | |
Source: | Code function: | 2_2_00401030 | |
Source: | Code function: | 2_2_0041CB17 | |
Source: | Code function: | 2_2_0041CB1A | |
Source: | Code function: | 2_2_0041B466 | |
Source: | Code function: | 2_2_00408C2B | |
Source: | Code function: | 2_2_00408C30 | |
Source: | Code function: | 2_2_00402D87 | |
Source: | Code function: | 2_2_00402D90 | |
Source: | Code function: | 2_2_00402FB0 | |
Source: | Code function: | 2_2_04B30D20 | |
Source: | Code function: | 2_2_04C01D55 | |
Source: | Code function: | 2_2_04B56E30 | |
Source: | Code function: | 2_2_04B4B090 | |
Source: | Code function: | 2_2_04BF1002 | |
Source: | Code function: | 2_2_04B54120 | |
Source: | Code function: | 2_2_04B3F900 | |
Source: | Code function: | 2_2_04B6EBB0 | |
Source: | Code function: | 9_2_0372AB40 | |
Source: | Code function: | 9_2_037ACB4F | |
Source: | Code function: | 9_2_037D2B28 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_037B23E3 | |
Source: | Code function: | 9_2_037C03DA | |
Source: | Code function: | 9_2_0373ABD8 | |
Source: | Code function: | 9_2_037CDBD2 | |
Source: | Code function: | 9_2_0373EBB0 | |
Source: | Code function: | 9_2_0373138B | |
Source: | Code function: | 9_2_0372B236 | |
Source: | Code function: | 9_2_037BFA2B | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037D22AE | |
Source: | Code function: | 9_2_03724120 | |
Source: | Code function: | 9_2_0370F900 | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_0372A830 | |
Source: | Code function: | 9_2_037DE824 | |
Source: | Code function: | 9_2_037C1002 | |
Source: | Code function: | 9_2_037D28EC | |
Source: | Code function: | 9_2_037320A0 | |
Source: | Code function: | 9_2_037D20A8 | |
Source: | Code function: | 9_2_0371B090 | |
Source: | Code function: | 9_2_037D1FF1 | |
Source: | Code function: | 9_2_037DDFCE | |
Source: | Code function: | 9_2_03726E30 | |
Source: | Code function: | 9_2_037CD616 | |
Source: | Code function: | 9_2_037D2EF7 | |
Source: | Code function: | 9_2_037D1D55 | |
Source: | Code function: | 9_2_03700D20 | |
Source: | Code function: | 9_2_037D2D07 | |
Source: | Code function: | 9_2_0371D5E0 | |
Source: | Code function: | 9_2_037D25DD | |
Source: | Code function: | 9_2_03732581 | |
Source: | Code function: | 9_2_037C2D82 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_037CD466 | |
Source: | Code function: | 9_2_0371841F | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_02F7CB17 | |
Source: | Code function: | 9_2_02F7CB1A | |
Source: | Code function: | 9_2_02F62FB0 | |
Source: | Code function: | 9_2_02F7B466 | |
Source: | Code function: | 9_2_02F68C30 | |
Source: | Code function: | 9_2_02F68C2B | |
Source: | Code function: | 9_2_02F62D90 | |
Source: | Code function: | 9_2_02F62D87 |
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 1_2_100019C0 |
Source: | Code function: | 0_2_004033A9 |
Source: | Code function: | 0_2_00404686 |
Source: | Code function: | 0_2_00402138 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_1000734B |
Source: | Code function: | 1_2_100046F8 | |
Source: | Code function: | 2_2_0041C954 | |
Source: | Code function: | 2_2_0041B3C8 | |
Source: | Code function: | 2_2_0041B3C8 | |
Source: | Code function: | 2_2_0041B432 | |
Source: | Code function: | 2_2_00409415 | |
Source: | Code function: | 2_2_0041B432 | |
Source: | Code function: | 2_2_00414DBA | |
Source: | Code function: | 2_2_00414F0A | |
Source: | Code function: | 2_2_04B8D0E4 | |
Source: | Code function: | 9_2_0375D0E4 | |
Source: | Code function: | 9_2_02F7B3C8 | |
Source: | Code function: | 9_2_02F7B432 | |
Source: | Code function: | 9_2_02F7B3C8 | |
Source: | Code function: | 9_2_02F7C954 | |
Source: | Code function: | 9_2_02F74F0A | |
Source: | Code function: | 9_2_02F7B432 | |
Source: | Code function: | 9_2_02F69415 | |
Source: | Code function: | 9_2_02F74DBA |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Overwrites code with unconditional jumps - possibly settings hooks in foreign process | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 2_2_00408880 |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_00406469 | |
Source: | Code function: | 0_2_00402765 | |
Source: | Code function: | 0_2_0040592E |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_00408880 |
Source: | Code function: | 2_2_00409AF0 |
Source: | Code function: | 1_2_10004CBC |
Source: | Code function: | 1_2_1000734B |
Source: | Code function: | 2_2_04C08CD6 | |
Source: | Code function: | 2_2_04BF14FB | |
Source: | Code function: | 2_2_04B6BC2C | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04BF1C06 | |
Source: | Code function: | 2_2_04C0740D | |
Source: | Code function: | 2_2_04C0740D | |
Source: | Code function: | 2_2_04C0740D | |
Source: | Code function: | 2_2_04B5746D | |
Source: | Code function: | 2_2_04B635A1 | |
Source: | Code function: | 2_2_04B32D8A | |
Source: | Code function: | 2_2_04B32D8A | |
Source: | Code function: | 2_2_04B32D8A | |
Source: | Code function: | 2_2_04B32D8A | |
Source: | Code function: | 2_2_04B32D8A | |
Source: | Code function: | 2_2_04BE8DF1 | |
Source: | Code function: | 2_2_04B3AD30 | |
Source: | Code function: | 2_2_04B5C577 | |
Source: | Code function: | 2_2_04B5C577 | |
Source: | Code function: | 2_2_04B57D50 | |
Source: | Code function: | 2_2_04C08D34 | |
Source: | Code function: | 2_2_04B73D43 | |
Source: | Code function: | 2_2_04C08ED6 | |
Source: | Code function: | 2_2_04BB46A7 | |
Source: | Code function: | 2_2_04BCFE87 | |
Source: | Code function: | 2_2_04B616E0 | |
Source: | Code function: | 2_2_04C00EA5 | |
Source: | Code function: | 2_2_04C00EA5 | |
Source: | Code function: | 2_2_04C00EA5 | |
Source: | Code function: | 2_2_04B636CC | |
Source: | Code function: | 2_2_04BEFEC0 | |
Source: | Code function: | 2_2_04BEFE3F | |
Source: | Code function: | 2_2_04B6E730 | |
Source: | Code function: | 2_2_04B34F2E | |
Source: | Code function: | 2_2_04B34F2E | |
Source: | Code function: | 2_2_04C08F6A | |
Source: | Code function: | 2_2_04BCFF10 | |
Source: | Code function: | 2_2_04BCFF10 | |
Source: | Code function: | 2_2_04C0070D | |
Source: | Code function: | 2_2_04C0070D | |
Source: | Code function: | 2_2_04B4EF40 | |
Source: | Code function: | 2_2_04B6F0BF | |
Source: | Code function: | 2_2_04B6F0BF | |
Source: | Code function: | 2_2_04B6F0BF | |
Source: | Code function: | 2_2_04B790AF | |
Source: | Code function: | 2_2_04B39080 | |
Source: | Code function: | 2_2_04B4B02A | |
Source: | Code function: | 2_2_04B4B02A | |
Source: | Code function: | 2_2_04B4B02A | |
Source: | Code function: | 2_2_04B4B02A | |
Source: | Code function: | 2_2_04BB7016 | |
Source: | Code function: | 2_2_04BB7016 | |
Source: | Code function: | 2_2_04BB7016 | |
Source: | Code function: | 2_2_04C01074 | |
Source: | Code function: | 2_2_04BF2073 | |
Source: | Code function: | 2_2_04B6A185 | |
Source: | Code function: | 2_2_04B5C182 | |
Source: | Code function: | 2_2_04B3B1E1 | |
Source: | Code function: | 2_2_04B3B1E1 | |
Source: | Code function: | 2_2_04B3B1E1 | |
Source: | Code function: | 2_2_04B54120 | |
Source: | Code function: | 2_2_04B54120 | |
Source: | Code function: | 2_2_04B54120 | |
Source: | Code function: | 2_2_04B54120 | |
Source: | Code function: | 2_2_04B54120 | |
Source: | Code function: | 2_2_04B39100 | |
Source: | Code function: | 2_2_04B39100 | |
Source: | Code function: | 2_2_04B39100 | |
Source: | Code function: | 2_2_04B3B171 | |
Source: | Code function: | 2_2_04B3B171 | |
Source: | Code function: | 2_2_04B5B944 | |
Source: | Code function: | 2_2_04B5B944 | |
Source: | Code function: | 2_2_04B352A5 | |
Source: | Code function: | 2_2_04B352A5 | |
Source: | Code function: | 2_2_04B352A5 | |
Source: | Code function: | 2_2_04B352A5 | |
Source: | Code function: | 2_2_04B352A5 | |
Source: | Code function: | 2_2_04B6D294 | |
Source: | Code function: | 2_2_04B6D294 | |
Source: | Code function: | 2_2_04BEB260 | |
Source: | Code function: | 2_2_04BEB260 | |
Source: | Code function: | 2_2_04B39240 | |
Source: | Code function: | 2_2_04B39240 | |
Source: | Code function: | 2_2_04B39240 | |
Source: | Code function: | 2_2_04B39240 | |
Source: | Code function: | 2_2_04BF138A | |
Source: | Code function: | 2_2_04C05BA5 | |
Source: | Code function: | 2_2_04C08B58 | |
Source: | Code function: | 2_2_04BF131B | |
Source: | Code function: | 2_2_00800000 | |
Source: | Code function: | 2_2_00800CE4 | |
Source: | Code function: | 2_2_00802C5D | |
Source: | Code function: | 2_2_00804E70 | |
Source: | Code function: | 9_2_03733B7A | |
Source: | Code function: | 9_2_03733B7A | |
Source: | Code function: | 9_2_0370DB60 | |
Source: | Code function: | 9_2_037D8B58 | |
Source: | Code function: | 9_2_0370F358 | |
Source: | Code function: | 9_2_0370DB40 | |
Source: | Code function: | 9_2_037C131B | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_0372A309 | |
Source: | Code function: | 9_2_037303E2 | |
Source: | Code function: | 9_2_037303E2 | |
Source: | Code function: | 9_2_037303E2 | |
Source: | Code function: | 9_2_037303E2 | |
Source: | Code function: | 9_2_037303E2 | |
Source: | Code function: | 9_2_037303E2 | |
Source: | Code function: | 9_2_037B23E3 | |
Source: | Code function: | 9_2_037B23E3 | |
Source: | Code function: | 9_2_037B23E3 | |
Source: | Code function: | 9_2_0372DBE9 | |
Source: | Code function: | 9_2_037853CA | |
Source: | Code function: | 9_2_037853CA | |
Source: | Code function: | 9_2_037D5BA5 | |
Source: | Code function: | 9_2_03734BAD | |
Source: | Code function: | 9_2_03734BAD | |
Source: | Code function: | 9_2_03734BAD | |
Source: | Code function: | 9_2_0373B390 | |
Source: | Code function: | 9_2_03732397 | |
Source: | Code function: | 9_2_037C138A | |
Source: | Code function: | 9_2_0373138B | |
Source: | Code function: | 9_2_0373138B | |
Source: | Code function: | 9_2_0373138B | |
Source: | Code function: | 9_2_037BD380 | |
Source: | Code function: | 9_2_03711B8F | |
Source: | Code function: | 9_2_03711B8F | |
Source: | Code function: | 9_2_0374927A | |
Source: | Code function: | 9_2_037BB260 | |
Source: | Code function: | 9_2_037BB260 | |
Source: | Code function: | 9_2_037D8A62 | |
Source: | Code function: | 9_2_037CEA55 | |
Source: | Code function: | 9_2_03794257 | |
Source: | Code function: | 9_2_03709240 | |
Source: | Code function: | 9_2_03709240 | |
Source: | Code function: | 9_2_03709240 | |
Source: | Code function: | 9_2_03709240 | |
Source: | Code function: | 9_2_0372B236 | |
Source: | Code function: | 9_2_0372B236 | |
Source: | Code function: | 9_2_0372B236 | |
Source: | Code function: | 9_2_0372B236 | |
Source: | Code function: | 9_2_0372B236 | |
Source: | Code function: | 9_2_0372B236 | |
Source: | Code function: | 9_2_03744A2C | |
Source: | Code function: | 9_2_03744A2C | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_0372A229 | |
Source: | Code function: | 9_2_03705210 | |
Source: | Code function: | 9_2_03705210 | |
Source: | Code function: | 9_2_03705210 | |
Source: | Code function: | 9_2_03705210 | |
Source: | Code function: | 9_2_0370AA16 | |
Source: | Code function: | 9_2_0370AA16 | |
Source: | Code function: | 9_2_037CAA16 | |
Source: | Code function: | 9_2_037CAA16 | |
Source: | Code function: | 9_2_03723A1C | |
Source: | Code function: | 9_2_03718A0A | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_037C4AEF | |
Source: | Code function: | 9_2_03732AE4 | |
Source: | Code function: | 9_2_03732ACB | |
Source: | Code function: | 9_2_0371AAB0 | |
Source: | Code function: | 9_2_0371AAB0 | |
Source: | Code function: | 9_2_0373FAB0 | |
Source: | Code function: | 9_2_037052A5 | |
Source: | Code function: | 9_2_037052A5 | |
Source: | Code function: | 9_2_037052A5 | |
Source: | Code function: | 9_2_037052A5 | |
Source: | Code function: | 9_2_037052A5 | |
Source: | Code function: | 9_2_0373D294 | |
Source: | Code function: | 9_2_0373D294 | |
Source: | Code function: | 9_2_0370B171 | |
Source: | Code function: | 9_2_0370B171 | |
Source: | Code function: | 9_2_0370C962 | |
Source: | Code function: | 9_2_0372B944 | |
Source: | Code function: | 9_2_0372B944 | |
Source: | Code function: | 9_2_0373513A | |
Source: | Code function: | 9_2_0373513A | |
Source: | Code function: | 9_2_03724120 | |
Source: | Code function: | 9_2_03724120 | |
Source: | Code function: | 9_2_03724120 | |
Source: | Code function: | 9_2_03724120 | |
Source: | Code function: | 9_2_03724120 | |
Source: | Code function: | 9_2_03709100 | |
Source: | Code function: | 9_2_03709100 | |
Source: | Code function: | 9_2_03709100 | |
Source: | Code function: | 9_2_037941E8 | |
Source: | Code function: | 9_2_0370B1E1 | |
Source: | Code function: | 9_2_0370B1E1 | |
Source: | Code function: | 9_2_0370B1E1 | |
Source: | Code function: | 9_2_037851BE | |
Source: | Code function: | 9_2_037851BE | |
Source: | Code function: | 9_2_037851BE | |
Source: | Code function: | 9_2_037851BE | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037299BF | |
Source: | Code function: | 9_2_037361A0 | |
Source: | Code function: | 9_2_037361A0 | |
Source: | Code function: | 9_2_037C49A4 | |
Source: | Code function: | 9_2_037C49A4 | |
Source: | Code function: | 9_2_037C49A4 | |
Source: | Code function: | 9_2_037C49A4 | |
Source: | Code function: | 9_2_037869A6 | |
Source: | Code function: | 9_2_03732990 | |
Source: | Code function: | 9_2_0372C182 | |
Source: | Code function: | 9_2_0373A185 | |
Source: | Code function: | 9_2_037D1074 | |
Source: | Code function: | 9_2_037C2073 | |
Source: | Code function: | 9_2_03720050 | |
Source: | Code function: | 9_2_03720050 | |
Source: | Code function: | 9_2_0372A830 | |
Source: | Code function: | 9_2_0372A830 | |
Source: | Code function: | 9_2_0372A830 | |
Source: | Code function: | 9_2_0372A830 | |
Source: | Code function: | 9_2_0371B02A | |
Source: | Code function: | 9_2_0371B02A | |
Source: | Code function: | 9_2_0371B02A | |
Source: | Code function: | 9_2_0371B02A | |
Source: | Code function: | 9_2_0373002D | |
Source: | Code function: | 9_2_0373002D | |
Source: | Code function: | 9_2_0373002D | |
Source: | Code function: | 9_2_0373002D | |
Source: | Code function: | 9_2_0373002D | |
Source: | Code function: | 9_2_037D4015 | |
Source: | Code function: | 9_2_037D4015 | |
Source: | Code function: | 9_2_03787016 | |
Source: | Code function: | 9_2_03787016 | |
Source: | Code function: | 9_2_03787016 | |
Source: | Code function: | 9_2_037040E1 | |
Source: | Code function: | 9_2_037040E1 | |
Source: | Code function: | 9_2_037040E1 | |
Source: | Code function: | 9_2_0372B8E4 | |
Source: | Code function: | 9_2_0372B8E4 | |
Source: | Code function: | 9_2_037058EC | |
Source: | Code function: | 9_2_0379B8D0 | |
Source: | Code function: | 9_2_0379B8D0 | |
Source: | Code function: | 9_2_0379B8D0 | |
Source: | Code function: | 9_2_0379B8D0 | |
Source: | Code function: | 9_2_0379B8D0 | |
Source: | Code function: | 9_2_0379B8D0 | |
Source: | Code function: | 9_2_0373F0BF | |
Source: | Code function: | 9_2_0373F0BF | |
Source: | Code function: | 9_2_0373F0BF | |
Source: | Code function: | 9_2_037320A0 | |
Source: | Code function: | 9_2_037320A0 | |
Source: | Code function: | 9_2_037320A0 | |
Source: | Code function: | 9_2_037320A0 | |
Source: | Code function: | 9_2_037320A0 | |
Source: | Code function: | 9_2_037320A0 | |
Source: | Code function: | 9_2_037490AF | |
Source: | Code function: | 9_2_03709080 | |
Source: | Code function: | 9_2_03783884 | |
Source: | Code function: | 9_2_03783884 | |
Source: | Code function: | 9_2_0371FF60 | |
Source: | Code function: | 9_2_037D8F6A | |
Source: | Code function: | 9_2_0371EF40 | |
Source: | Code function: | 9_2_0373E730 | |
Source: | Code function: | 9_2_0372B73D | |
Source: | Code function: | 9_2_0372B73D | |
Source: | Code function: | 9_2_03704F2E | |
Source: | Code function: | 9_2_03704F2E | |
Source: | Code function: | 9_2_0372F716 | |
Source: | Code function: | 9_2_0379FF10 | |
Source: | Code function: | 9_2_0379FF10 | |
Source: | Code function: | 9_2_037D070D | |
Source: | Code function: | 9_2_037D070D | |
Source: | Code function: | 9_2_0373A70E | |
Source: | Code function: | 9_2_0373A70E | |
Source: | Code function: | 9_2_037437F5 | |
Source: | Code function: | 9_2_03718794 | |
Source: | Code function: | 9_2_03787794 | |
Source: | Code function: | 9_2_03787794 | |
Source: | Code function: | 9_2_03787794 | |
Source: | Code function: | 9_2_0372AE73 | |
Source: | Code function: | 9_2_0372AE73 | |
Source: | Code function: | 9_2_0372AE73 | |
Source: | Code function: | 9_2_0372AE73 | |
Source: | Code function: | 9_2_0372AE73 | |
Source: | Code function: | 9_2_0371766D | |
Source: | Code function: | 9_2_03717E41 | |
Source: | Code function: | 9_2_03717E41 | |
Source: | Code function: | 9_2_03717E41 | |
Source: | Code function: | 9_2_03717E41 | |
Source: | Code function: | 9_2_03717E41 | |
Source: | Code function: | 9_2_03717E41 | |
Source: | Code function: | 9_2_037CAE44 | |
Source: | Code function: | 9_2_037CAE44 | |
Source: | Code function: | 9_2_037BFE3F | |
Source: | Code function: | 9_2_0370E620 | |
Source: | Code function: | 9_2_0373A61C | |
Source: | Code function: | 9_2_0373A61C | |
Source: | Code function: | 9_2_0370C600 | |
Source: | Code function: | 9_2_0370C600 | |
Source: | Code function: | 9_2_0370C600 | |
Source: | Code function: | 9_2_03738E00 | |
Source: | Code function: | 9_2_037C1608 | |
Source: | Code function: | 9_2_037316E0 | |
Source: | Code function: | 9_2_037176E2 | |
Source: | Code function: | 9_2_037D8ED6 | |
Source: | Code function: | 9_2_03748EC7 | |
Source: | Code function: | 9_2_037BFEC0 | |
Source: | Code function: | 9_2_037336CC | |
Source: | Code function: | 9_2_037D0EA5 | |
Source: | Code function: | 9_2_037D0EA5 | |
Source: | Code function: | 9_2_037D0EA5 | |
Source: | Code function: | 9_2_037846A7 | |
Source: | Code function: | 9_2_0379FE87 | |
Source: | Code function: | 9_2_0372C577 | |
Source: | Code function: | 9_2_0372C577 | |
Source: | Code function: | 9_2_03727D50 | |
Source: | Code function: | 9_2_03743D43 | |
Source: | Code function: | 9_2_03783540 | |
Source: | Code function: | 9_2_037B3D40 | |
Source: | Code function: | 9_2_0370AD30 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_03713D34 | |
Source: | Code function: | 9_2_037CE539 | |
Source: | Code function: | 9_2_03734D3B | |
Source: | Code function: | 9_2_03734D3B | |
Source: | Code function: | 9_2_03734D3B | |
Source: | Code function: | 9_2_037D8D34 | |
Source: | Code function: | 9_2_0378A537 | |
Source: | Code function: | 9_2_037B8DF1 | |
Source: | Code function: | 9_2_0371D5E0 | |
Source: | Code function: | 9_2_0371D5E0 | |
Source: | Code function: | 9_2_037CFDE2 | |
Source: | Code function: | 9_2_037CFDE2 | |
Source: | Code function: | 9_2_037CFDE2 | |
Source: | Code function: | 9_2_037CFDE2 | |
Source: | Code function: | 9_2_03786DC9 | |
Source: | Code function: | 9_2_03786DC9 | |
Source: | Code function: | 9_2_03786DC9 | |
Source: | Code function: | 9_2_03786DC9 | |
Source: | Code function: | 9_2_03786DC9 | |
Source: | Code function: | 9_2_03786DC9 | |
Source: | Code function: | 9_2_03731DB5 | |
Source: | Code function: | 9_2_03731DB5 | |
Source: | Code function: | 9_2_03731DB5 | |
Source: | Code function: | 9_2_037D05AC | |
Source: | Code function: | 9_2_037D05AC | |
Source: | Code function: | 9_2_037335A1 | |
Source: | Code function: | 9_2_0373FD9B | |
Source: | Code function: | 9_2_0373FD9B | |
Source: | Code function: | 9_2_03732581 | |
Source: | Code function: | 9_2_03732581 | |
Source: | Code function: | 9_2_03732581 | |
Source: | Code function: | 9_2_03732581 | |
Source: | Code function: | 9_2_03702D8A | |
Source: | Code function: | 9_2_03702D8A | |
Source: | Code function: | 9_2_03702D8A | |
Source: | Code function: | 9_2_03702D8A | |
Source: | Code function: | 9_2_03702D8A | |
Source: | Code function: | 9_2_037C2D82 | |
Source: | Code function: | 9_2_037C2D82 | |
Source: | Code function: | 9_2_037C2D82 | |
Source: | Code function: | 9_2_037C2D82 | |
Source: | Code function: | 9_2_037C2D82 | |
Source: | Code function: | 9_2_037C2D82 | |
Source: | Code function: | 9_2_037C2D82 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0372B477 | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0373AC7B | |
Source: | Code function: | 9_2_0372746D | |
Source: | Code function: | 9_2_0379C450 | |
Source: | Code function: | 9_2_0379C450 | |
Source: | Code function: | 9_2_0373A44B | |
Source: | Code function: | 9_2_0373BC2C | |
Source: | Code function: | 9_2_037D740D | |
Source: | Code function: | 9_2_037D740D | |
Source: | Code function: | 9_2_037D740D | |
Source: | Code function: | 9_2_03786C0A | |
Source: | Code function: | 9_2_03786C0A | |
Source: | Code function: | 9_2_03786C0A | |
Source: | Code function: | 9_2_03786C0A | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C1C06 | |
Source: | Code function: | 9_2_037C14FB | |
Source: | Code function: | 9_2_03786CF0 | |
Source: | Code function: | 9_2_03786CF0 | |
Source: | Code function: | 9_2_03786CF0 | |
Source: | Code function: | 9_2_037D8CD6 | |
Source: | Code function: | 9_2_0371849B | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 | |
Source: | Code function: | 9_2_037C4496 |
Source: | Code function: | 1_2_10002EDC |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_10004CBC | |
Source: | Code function: | 1_2_10002ECD | |
Source: | Code function: | 1_2_10007786 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Hijacks the control flow in another process | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Queues an APC in another process (thread injection) | Show sources |
Source: | Thread APC queued: | Jump to behavior |
Sample uses process hollowing technique | Show sources |
Source: | Section unmapped: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_10008C6C |
Source: | Code function: | 1_2_10008A23 |
Source: | Code function: | 1_2_10004896 |
Source: | Code function: | 0_2_004033A9 |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Uses netsh to modify the Windows network and firewall settings | Show sources |
Source: | Process created: |
Stealing of Sensitive Information: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Native API1 | DLL Side-Loading1 | DLL Side-Loading1 | Disable or Modify Tools1 | Credential API Hooking1 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Shared Modules1 | Boot or Logon Initialization Scripts | Access Token Manipulation1 | Deobfuscate/Decode Files or Information1 | LSASS Memory | File and Directory Discovery2 | Remote Desktop Protocol | Credential API Hooking1 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Process Injection612 | Obfuscated Files or Information3 | Security Account Manager | System Information Discovery124 | SMB/Windows Admin Shares | Clipboard Data1 | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Install Root Certificate1 | NTDS | Security Software Discovery251 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing1 | LSA Secrets | Virtualization/Sandbox Evasion3 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | Process Discovery2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Masquerading1 | DCSync | Remote System Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Virtualization/Sandbox Evasion3 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Access Token Manipulation1 | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Process Injection612 | Network Sniffing | Process Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Rundll321 | Input Capture | Permission Groups Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
28% | Virustotal | Browse | ||
45% | ReversingLabs | Win32.Trojan.Woreflint |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
2% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
28% | ReversingLabs | Win32.Trojan.Wacatac | ||
0% | Metadefender | Browse | ||
3% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1130366 | Download File | ||
100% | Avira | HEUR/AGEN.1130366 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.wtmailer15.com | 75.126.100.11 | true | true | unknown | |
gettingthehelloutofca.com | 34.102.136.180 | true | true | unknown | |
carnesveymacr.com | 192.0.78.24 | true | true | unknown | |
hvcharging.com | 34.102.136.180 | true | true | unknown | |
mehler.photography | 192.0.78.24 | true | true | unknown | |
caelaabadie.com | 165.227.229.15 | true | true | unknown | |
thelonerangernews.com | 34.102.136.180 | true | true | unknown | |
wastie.club | 95.215.210.10 | true | true | unknown | |
www.mapnimbis.com | 45.33.2.79 | true | false | unknown | |
jddq888.com | 23.88.85.105 | true | true | unknown | |
www.caelaabadie.com | unknown | unknown | true | unknown | |
www.uyieoamejus2zd.com | unknown | unknown | true | unknown | |
www.wastie.club | unknown | unknown | true | unknown | |
www.mehler.photography | unknown | unknown | true | unknown | |
www.jddq888.com | unknown | unknown | true | unknown | |
www.carnesveymacr.com | unknown | unknown | true | unknown | |
www.thelonerangernews.com | unknown | unknown | true | unknown | |
www.gettingthehelloutofca.com | unknown | unknown | true | unknown | |
www.hvcharging.com | unknown | unknown | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
192.0.78.24 | unknown | United States | 2635 | AUTOMATTICUS | true | |
95.215.210.10 | unknown | Russian Federation | 49055 | NEWIT-ASRU | true | |
165.227.229.15 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
34.102.136.180 | unknown | United States | 15169 | GOOGLEUS | true | |
23.88.85.105 | unknown | United States | 18978 | ENZUINC-US | true | |
75.126.100.11 | unknown | United States | 36351 | SOFTLAYERUS | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 323227 |
Start date: | 26.11.2020 |
Start time: | 15:06:20 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Shipping INVOICE-BL Shipment..exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@9/27@11/6 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:07:26 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
192.0.78.24 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
34.102.136.180 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AUTOMATTICUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
GOOGLEUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
DIGITALOCEAN-ASNUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\3\phplive\guidgen.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Temp\3\phplive\DevCfgUI.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Temp\3\phplive\MSBuildFramework.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53 |
Entropy (8bit): | 4.239357190608839 |
Encrypted: | false |
SSDEEP: | 3:p/uBEp/EiOmB4EAOM1F:RcAk2KHP |
MD5: | DAA2B2B53C73519E2CFE5239A33D7FE2 |
SHA1: | 4CDC35F6B76191DFB8045FFA68994AD7D470491A |
SHA-256: | 079BBC83AE9ECB7D781BD24EEDBAEEE2B58009906739990C97A0976AB9332E81 |
SHA-512: | 2130E15A5686EE1788C29C2022922C128257EB7C45313B49DD2946A23C9D9A78B7CB0AD3C700B2C3FFDD9225B5D9A020DE9B4A01114D771C4A850507F72E950C |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42 |
Entropy (8bit): | 4.034709089239382 |
Encrypted: | false |
SSDEEP: | 3:p/uBJzETOM1F:RcGHP |
MD5: | 3F2A75E68F8D67494B386DFAA5ABE2B3 |
SHA1: | F405E0BC8B4FC2CAD111045C67E3C64343E2C7CA |
SHA-256: | E7AB6B06A1134F3EFE20FC5816AD5402C8E111FBD5031EC4F2C520224B9D5BDB |
SHA-512: | A7909C511287C5A2F59992BD674998D0714F100CEAB30168D9C9F85FC3E6B9BA76D0066C2CEA3FEED9AE2E651605FDD0F3992C849300B9C073F4CB1D05ADA90E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27648 |
Entropy (8bit): | 4.228986376506815 |
Encrypted: | false |
SSDEEP: | 384:o4Fw3juO2A7BJ4a8VtZdGzcoRA3qswV/iYeSWsaeW7+J8d:5FmcaqGwoRA3qswV/ZeB6J |
MD5: | FE529E3B23EA66C07B43314EF0081B58 |
SHA1: | 5CC7F144DCCB312B0DC6BA7AD0CB2456F2FC3C61 |
SHA-256: | C2FA4308C73812360FC3FB01201B0FC9D1C6B53451ED15DF3739088A4C8789D5 |
SHA-512: | 8CA88376FB051481C44C51FDF38D90BADEBB255AF2DAC51DDB298AA0F203F1130DAE73D667F1CACCE4E6D80CDC846DBE09FA7A2BB0790E80FF8E584B55E3C6D8 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36864 |
Entropy (8bit): | 4.076507463551346 |
Encrypted: | false |
SSDEEP: | 384:CZPGn19CO5ESSQhJm9hMKCMI6g6ihJSxUCR1rgCPKabK2t0X5P7DZ+R/WeM2W:CVgRESSSKMBMI6FRJjM |
MD5: | 27280F57DF0638B41F709DAC754330D8 |
SHA1: | B7F3BF2C0BF39E523B7E4C79D7DAFD1E59B84B60 |
SHA-256: | 75D22B4B3D7CD995B99CA4EB3EFA782F3BDFF9675BC64CCE409223109FDA6DE7 |
SHA-512: | 8444E270D52F17E077D2B3A5B149FCF9029761B6E37411F213A055CB0942BE859EB60547CC4F1411F503EFB50D0D5539C3671F0CF6E2B9C1D9506E07DA21D869 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5902 |
Entropy (8bit): | 4.93869769577694 |
Encrypted: | false |
SSDEEP: | 96:TF+NU24NUNQYtsSztsOBtsWYtso9hj/Y3P:TcU2IUqosSpsGsWose8 |
MD5: | AE2BF9A46C64D68E42ECB985C1D2DE71 |
SHA1: | 9697E538D714CDF375EA907738DBFD219A0853FB |
SHA-256: | 0F98148F02B339F99B13587FD33F9796CC2E8DA76FFBB4EB27AF6C3D2CBAC945 |
SHA-512: | AA62BA3EB0BDD2F9DB3FD74000C5D709131DFD48928A93FDF570790F6123C39D3E50BCAAEB2C3C472B5471A241D6ACE93E8DE19CE3D8CAB7EAE1B9C3932D9E9D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2706 |
Entropy (8bit): | 5.179516218922872 |
Encrypted: | false |
SSDEEP: | 48:cFfH8vKYndVmmXlTkeH9vI5CduyrmmVp2i45dMg8FaTqye+B0Soqks4cyyRgLRdn:/KYn3mmXl4o1wCduyrmmVp2i4LMg8Fac |
MD5: | DABA225688B554152EB810A36D5AAA0B |
SHA1: | B21070F810E2F18F198BB08409CA14EFC9EAEF5C |
SHA-256: | 1806FD102100C6F3748942670CAAB86C19F7564CD69BB96A1FC0B29929230CCF |
SHA-512: | E3B7834082281B31F9C15E8A2B580AD1ABAC9718C9866454135B8D1A83E62916FF17D5B9FB1CADF2AE80BF6C4DF9F1DDD98D0037A9A923DCBB2D56FB86D6A3BB |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39104 |
Entropy (8bit): | 6.237597979894025 |
Encrypted: | false |
SSDEEP: | 768:QRi/Yplgp4V5qWNqYoMfTF/K4itMpdRJDh9ODV0L3d/o+X:AKYLHV5ZNbnFy4itMpdD7ODV0R/oK |
MD5: | 58C655527B57D74AE3C189A60A42DA18 |
SHA1: | F267630311A1C42CE9C4F0DEDA00E4132E9F8B25 |
SHA-256: | A2F590DEA50CDE47B0325D7A9ADEEA464257F46B76C059CF3E1AB2DB65574685 |
SHA-512: | 03C708A23339792802F506278891005E521B7188D0558FCC0F25DFD0C7CB0048C8FBF1F9FB1AC65FD6EF4BC4C7CAC1715BCD8F07DD82E3E6770E327CC630E209 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 508 |
Entropy (8bit): | 4.640723757143228 |
Encrypted: | false |
SSDEEP: | 12:pvPN+VnvbZdr5vZb1bBZb8bZbTZbqMB1C:tsb/r5vZb1FZbYZbTZbqMB1C |
MD5: | 6BBB6D648BA2C70B9635E843818BEEBB |
SHA1: | 21BF5A1ACF381285EF3FE88D180B3F17D474804C |
SHA-256: | 9E4A02255ACD8A4C10373B6E64454A95E57986C32245A6EDA7B8CF7F57E3D740 |
SHA-512: | 000324D55AC800870CC761C260A3DEE1EB4FA363426AE1C525FE72503502D4AA9F51104CFAB657C6F55D137BD3F1DDC5A1A4ACBA8F022468C0C1721AEFCB1A79 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7697 |
Entropy (8bit): | 5.515382730457339 |
Encrypted: | false |
SSDEEP: | 96:xAYS+gpcZWaIarmt/Omdwgm+Wz+BKUpva8i+NfY+g+uP+p+1dS59F0+9mo0my+Cn:9XxBi0Wxko7OXe8j57T2pgIcB |
MD5: | 5A6CAD444DBF130B22F855A889DBE677 |
SHA1: | 8F91D234CBE3AFC1F1993BE8C63A68F756FDFC83 |
SHA-256: | A76702F606092D47669779F8D48F2F701319437223D87EAD41D2FA068522FF87 |
SHA-512: | 3D777032EF8CE336E233F43A6FBDC08CFC305FE22A91433A580922A035FD71C819B423D314A888F8875FCCD0E89B3869553A38A9B20A6D078B4BDCF398818E85 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3100 |
Entropy (8bit): | 5.010092205102224 |
Encrypted: | false |
SSDEEP: | 96:nMxJAtLuI0UYJmMcaRb2kV2JjUWBULitlqp8cwngpzQNzxkK3eTHg3GXGSIDMH79:nD0bqFi2I5 |
MD5: | 61FFA6F5926C7F2CF819C2A0774D3E21 |
SHA1: | BEC77DA7C7492860DA713F8B87279CB1A3DDCB11 |
SHA-256: | 07A5F4DFB449940A7BEA1F100120AE284067F24961457FF5F56C16F556BE4856 |
SHA-512: | 3556CAC3A1713FF61D297F9837841DE8DB31CD90AAB848AA2BAE6BF8B1F6BFA4D42AD10324C9BAEA65BE7F08359267952B37B531C8823E4EF859202AD5AB45EB |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 238433 |
Entropy (8bit): | 7.998471610150145 |
Encrypted: | true |
SSDEEP: | 6144:BQfR8c9EBhNjuw4YNm8vH128zEoE/qG/ydG5h3aYvDUImzle+wX3:BQxUSw4YNXdJvE/qwakLvDupEH |
MD5: | 980A6B092855D202363B6436E4A854E8 |
SHA1: | AA8E1A7E1AB7832C3112E5C35B7DA143FF919CE0 |
SHA-256: | F617D029F947EBB5C0B7B159233E699F5653A1F92E81F9FE44C60555884DC93C |
SHA-512: | 6DEDF42A718DBC5A4AD25C20561C3ADC0FC629D1135AA68D02FC264363617C827FE7EAA0DD49E828DF93D80852B4E5AA8C932B20D43FF833C02C4B868DF30367 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73728 |
Entropy (8bit): | 5.318897902733705 |
Encrypted: | false |
SSDEEP: | 768:TXpmIFZK536QZVz2LHG/jgVUTTkSTC+OWsGMN8ZoVVtAb1zcGtIrdCR:T5nc3hVz26rJNC+OWsGtMtAZzcGtIp0 |
MD5: | F8AA685A3908110E79F4639AA7DADDFA |
SHA1: | DD4D16172EA4851F757ABD34A8CB3C835552E6A3 |
SHA-256: | AEEA4B86EA607CF9820E3CADD4E98353A57EC789EC0A0E2FEFBDD84ABD25194A |
SHA-512: | 8989A1E5A29043A8CEC9353D8923DC7FCA52988949637133D5AF5F655B04C8016EF8930DA4F57A9C068B8E9208C4B8AE2BDACA9CA699755D139CAB0ED2A3C5A6 |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39936 |
Entropy (8bit): | 5.640913891016309 |
Encrypted: | false |
SSDEEP: | 768:fqKIjHhW0CfW0FKT7vZKP1xG69D1/gEehcaLnTJ/2acSd:3RnfW0eoPPXpCnTJ/2acSd |
MD5: | ED1C00557CDE869CAA963BBF9C820F05 |
SHA1: | 53BBD8B86FCBEE9316E02AF399634522B12539B0 |
SHA-256: | 4D50CE341BE70511E9A871DD347B3F5793EA97787CDFC92045C0BCC8AAE6E298 |
SHA-512: | 509AFC51B647A6904A3A4ABF04B43DFAEE5FA0878C3A822FCE84DD58CE2AB1C15A38610487C520CA6F7C42ED37D754DF55A82B0A81A28D31493F2535D9568405 |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3225 |
Entropy (8bit): | 5.314169702825883 |
Encrypted: | false |
SSDEEP: | 96:1H5/nf2jK/PMQ5B15rPYs7xV01oAZXw5BQDs4XJxjvF1w0ng0nnmDkrZeClbrIMH:ffIil2FI0 |
MD5: | 9565C08D6037EEA308B97581F12BE260 |
SHA1: | 1954B1CFBF437BD79FDD597C15C25BB01B83F243 |
SHA-256: | 1199A3E8F3C8C23C59FEB468A1D1542BA6ABE3C373589DF0277924EAFDB50D57 |
SHA-512: | 247762DF5C903AC0F478831A88FB4E0FE3EDF5404FE3D263A443BC035D9741317DF8CDA8284A6409C3D7DB8E89742520E9DCAC4F9E0BB38ED18E24C791D6CA0D |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.965076682722952 |
Encrypted: | false |
SSDEEP: | 12:TMHd97KLSjTqy3F4N5542UHZ2DKX2IRKCJSHUBmAyJSHUBmA4AsF:2d97/joqZHZ2i2kKCLBmrLBmpjF |
MD5: | AD1C969082DE8AA77B382516F5B0FF61 |
SHA1: | A83DC30341A5752A9D0D18770EF257C8C0B3A692 |
SHA-256: | 78930E0C87BC468FC5B13A5F971C244D9158C9DE7B1F2C219213E5CA18E60F03 |
SHA-512: | 559B71307FF0159089FA194B1C0359B446C23A78F3B44D969BA44B759ACA409BFF0B63F7FF5CA7BDA840583F9C29E13527B36DA45CBEAB6189D15BA9037F473B |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1078 |
Entropy (8bit): | 5.254976539067803 |
Encrypted: | false |
SSDEEP: | 24:2djEk62f7mmhKslkmog89hEmYnLuZ1nLw3LHEaFXu0:cjP7mmh3amorEmYnLinLw3LHEaFXL |
MD5: | 3E2460DF0763A75406D2C92A6CAC864C |
SHA1: | 3CC0933DF52BD4B09767ADA563B58923EF68EBAF |
SHA-256: | 301A735BCB6DE1DE09D0B9098228A419954404D8AA575F40AD82FC3A84403E35 |
SHA-512: | 5B80AEBC3BEC840CE2ED024E1D6551F67E6DC7F611FDE1F054F7A4053AECDE72460517C5203672694E98DBE9F9C97CFEE2CF9A5FB39DCDCB17862051039D3FEA |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3965 |
Entropy (8bit): | 4.628651510242669 |
Encrypted: | false |
SSDEEP: | 48:J9EFoF4F+FYwFkkkOzycs608uXPfzW6up8JiJHhwU9gvzu/6v1wtgETtkbvcIEeP:JpCHncA75Jz |
MD5: | EF0EA2A1ECE97BE3CF9C9F1D30670E34 |
SHA1: | B960BCB826DA726AB2D919EEF781EE586DF4D607 |
SHA-256: | BA85D3915E513AF98861E7AD82A42E80D957CE52A71463E6E34609C34F3A0E1C |
SHA-512: | CA23AD61BAEF5E5E96331D7DB2D645D657FB692E4641D364D94F703CDEDDE7C2FCCBBB5939DFA2B43CE07E767F51F6EF72FE1ACE58A6CA47D4DDCCD7B6799443 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 18552 |
Entropy (8bit): | 6.326879340022009 |
Encrypted: | false |
SSDEEP: | 384:1vh8+o5DhIpvK2HSlajv9J1L/gLCcY9jBJJx+:1JuQ5DgL38TJx+ |
MD5: | 0C74A8A66DB361A91A8E46E256234B9D |
SHA1: | B4EEB6CC71C68264B348824997930426DE1E6C41 |
SHA-256: | 245BC780CA69A4B6019625BD1046D7C1C0F4720B795BA2D091AC62B9B7C73DE1 |
SHA-512: | CFBCA14304D8A168944381A139D0299516188C2914F78267CB75C9DB903CB1562BB48E6B540C39C3A9D436180D54B18772C0337C9711808829C20F837C5FEAC9 |
Malicious: | false |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2560 |
Entropy (8bit): | 2.8091845512006928 |
Encrypted: | false |
SSDEEP: | 48:6gclPCaIZWy+cAcMphg2R5WPWghhrSZP3CE3h:l+EWAAcwCgWPVhrSh3CEx |
MD5: | BC977F27DB75D9E99EF4733F6603AD0C |
SHA1: | 799BAF9192BDE18BF0B260840FFE5ADA27CD13A3 |
SHA-256: | BEC1776C798A4DCED9C153A9739FADAAC1D80AF11FB652275A6038396C960CA6 |
SHA-512: | 748AC90A592760BA02247A4C31786D5BB65414E1465A2EE81B3D658A856CCA94C07EC89F3A24DBEF3208258ED7F6F0DB990126EA6BBE8654D1A87C97D494BE07 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 657776 |
Entropy (8bit): | 6.748405173068804 |
Encrypted: | false |
SSDEEP: | 12288:sGgbmgcb04MKJuQxUSw4YNXdJvE/qwakLvDupEScr2d0:TlgcxrJuQ/TCtAqbpHc6d0 |
MD5: | 393215B51E4C54A6950B13796ABEA20F |
SHA1: | 77225F7A62F29560C7087176E187ED2012E0A25E |
SHA-256: | DA2F2572CCA884673B95FF9DD3C8BDF4598240F45F5206F110DF99EC6289EECA |
SHA-512: | C48A8C603B18790E83A19BAAFA7B5C1443C48163AA84D0CDCD3142F48C84DF971C0EAC8DA6B28F724B167C06E3B439E87A8DD116032701975CB691BF140CE96F |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16896 |
Entropy (8bit): | 3.838968174263835 |
Encrypted: | false |
SSDEEP: | 192:7YndHVTZZip3YBq2nieYqHAAUsJ3M3IDLbKDnbNWcuTWN:EdHVnG38DieFHcsJcYDL2DnpWbTW |
MD5: | 585AC8F0CA13C1326C5E562B509B8E2D |
SHA1: | B884490E95CEBA559E50E48F22E810D9E5925792 |
SHA-256: | 5551259AE036773BB93168503FE1BA75EA2E5718C02172FDCAE6E20B4B80CA25 |
SHA-512: | 88E734E475D3A6A721E18B9FB1E80231CA81509C6B20B9927DDE5A1F16D69FE118C56A1EDC655E492D6388037AE748E39D9A3FE8E4F957BC83703F18A2E5E237 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 134 |
Entropy (8bit): | 4.544675981202402 |
Encrypted: | false |
SSDEEP: | 3:vFWWMNCmVijhGOjaESwJFBngKbWJkZGWGOjaESydZMqgKbWJRqT:TM3VijhGif0KykZGWGiJuTKyET |
MD5: | A75CA31F7ED72AF18B51615986EDA289 |
SHA1: | 59CD60370C065551CC3B3EFEF5901B76DE930771 |
SHA-256: | 4C2CE6779620133C87EC716FA06DA2A3A9EA97862AC0B7AC1051B474573EE93E |
SHA-512: | 3BE3A461AFE5B0527719A1F1103BD0CB836C8F4340DB5192C99BF0121C9F3D3F9ECB0127E6C82F1FF830E297AF54199706671053CC6BE4CC91C29F6180C96010 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 47 |
Entropy (8bit): | 3.9953502875256306 |
Encrypted: | false |
SSDEEP: | 3:p/uBallM/lErm1F:RcasDP |
MD5: | E4E4F671BDE80749EA2EB465FDA2568D |
SHA1: | 5CA98566B46E8BC5538399CB05F85A8F41DDE61F |
SHA-256: | 82F834504F7C6FCE706E28083E8A93F52A61A84918B0CDCBDC0B1A70B505B1D1 |
SHA-512: | 61E8CED4EE21CED48F0D4FBCCE3CCC35546DBAFB6B6C63A73503205740830BA11452E44A668AEE123F72A1C75499B5F9A270E85B56BF782EA79A4D695EEDAA08 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.623117599850433 |
Encrypted: | false |
SSDEEP: | 96:K1DJcZB62DHzW6st3+K9XEWCPCNjaqNyyWPV:K1dIH1sD6WCKNjaMyyWN |
MD5: | 743B7D073C1BFB883B9F97CA1D5DDF94 |
SHA1: | 01AFEC884E6B5D1CA5ECCB47E18C52CFF44882FA |
SHA-256: | 1A0E9EC2FD53F7D0CE83BF4745D44681412724250046F0A88C54A630EE5A9A59 |
SHA-512: | 5947FC4DC66F476289EECA57E7D2CB0766528602DA8C124C62A544ACC4DDD38944B15ECFE9651A74764379797A5B782975DC7949EC37A3C6E6757E5477502979 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5120 |
Entropy (8bit): | 3.152590437417521 |
Encrypted: | false |
SSDEEP: | 48:KqiJ6OqhgmLwQpXMbqwcI65y7+OiaC+IZWo6zqhpm3F5WPWghnpgX:jOqhiZF6zSEWEOjWPVn0 |
MD5: | CC869C04E8771D08397DC86374FE5A5E |
SHA1: | D7CD17B9607538DCDD6FC267EE504B37740992FF |
SHA-256: | 420007C3E0A76AC880679F323653D3B9321832F578CA4DC1C2A1E5775A0F77DD |
SHA-512: | 684114317AB54248D20727058F58E592CFFEE865E876B8155C4426EE71CF15BFACAEE07E2C9EF49C8D3F99CF6F0E20AE8800D2DF88F0550E5304AB39BA468EF4 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46784 |
Entropy (8bit): | 6.38572528005874 |
Encrypted: | false |
SSDEEP: | 768:iiLuedE09FC5Ja5gR/2hyzsiPKxUd+0PpOmMKbfZD8L3d/o+/j:iiLu+LsjPR/2AzsiP3+KOmdbfZD8R/ou |
MD5: | 2483FFB732EFA8A92F6A78B4E97C07EA |
SHA1: | 4929D6076B400EB8C92D941E7C2898FEF282094D |
SHA-256: | 8713626CFB6493E4905448C96BEA3F77C0A05876208B3F87BF95D13166D53A70 |
SHA-512: | F71E5DBB2F985DCD7A0CB1C14D602A05964F15D6E32A859FA48710EB34AF9540448A86E27AD0E0BF3136465C6C142BCC473F74C215B248F07E8C641AF168FDE2 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1953 |
Entropy (8bit): | 5.19612754901248 |
Encrypted: | false |
SSDEEP: | 48:cFQHd6hH3nRBS46jdeBOfGguEeB5NCgZ2clMfeBtIQxq3vQjS/LMSkPYF:e13nRBSDheBOfGguEeBPCgZ2clMWBtIP |
MD5: | D36051864C2DB5D4112463629F26A091 |
SHA1: | 24BF1CC82EBBCCFEE903A0F11E45D40D8F93BF0E |
SHA-256: | E0B10A6875F8FAB58C1E9C58900CB5363DD7ABFC5921C9FBC67D5A12212E7B5F |
SHA-512: | 0F21BEA6ED7EA348E295FD551400F1928407C635077B7457C02B089D0C6B215DE818BFE2D7A5796DB82512EF8F4A91B053A60303A6737FC3872ACE861D8F83C3 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.87849220099009 |
TrID: |
|
File name: | Shipping INVOICE-BL Shipment..exe |
File size: | 438107 |
MD5: | 579ba39b6a146080ef6481591440e445 |
SHA1: | 06bfc3b47e1ad6a35e10cb4a1edee6c563710107 |
SHA256: | d8d9bb65ea3637fda09488baada0c9b387e0619b7c430b93c8a0fa2d8b489bc1 |
SHA512: | bc2c920da35971ea6a6dfa8fc4f49829d6ba1eeae9589207b1f77a6e5f66d66dcb87396aadce266a61652f6fdfbe40503b9183af5f5ce26fa6cc9218df1597b9 |
SSDEEP: | 12288:GanGnRPRnPSuPSw4YxX/Jva/qw0kLvDBZNC1J:8PhS7T8v+kW2J |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.w.F.*.....F...v...F...@...F.Rich..F.........PE..L......].................f...|.......3............@ |
File Icon |
---|
Icon Hash: | 90c8e472b85c261a |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4033a9 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5DF6D4F7 [Mon Dec 16 00:51:03 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7c2c71dfce9a27650634dc8b1ca03bf0 |
Entrypoint Preview |
---|
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 0040A130h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004080A8h] |
call dword ptr [004080A4h] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042F42Ch], eax |
je 00007F43E0572AA3h |
push ebx |
call 00007F43E0575BA3h |
cmp eax, ebx |
je 00007F43E0572A99h |
push 00000C00h |
call eax |
mov esi, 00408298h |
push esi |
call 00007F43E0575B1Fh |
push esi |
call dword ptr [004080A0h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007F43E0572A7Dh |
push 0000000Ah |
call 00007F43E0575B77h |
push 00000008h |
call 00007F43E0575B70h |
push 00000006h |
mov dword ptr [0042F424h], eax |
call 00007F43E0575B64h |
cmp eax, ebx |
je 00007F43E0572AA1h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F43E0572A99h |
or byte ptr [0042F42Fh], 00000040h |
push ebp |
call dword ptr [00408040h] |
push ebx |
call dword ptr [00408284h] |
mov dword ptr [0042F4F8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00429858h |
call dword ptr [00408178h] |
push 0040A1ECh |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x853c | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3f000 | 0x4340 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x294 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6455 | 0x6600 | False | 0.667356004902 | data | 6.43794179006 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x134a | 0x1400 | False | 0.459765625 | data | 5.23641914595 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x25538 | 0x600 | False | 0.461588541667 | data | 4.12893654735 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x30000 | 0xf000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x3f000 | 0x4340 | 0x4400 | False | 0.12890625 | data | 2.33445296823 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x3f310 | 0x10a8 | data | English | United States |
RT_ICON | 0x403b8 | 0xea8 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x41260 | 0x8a8 | data | English | United States |
RT_ICON | 0x41b08 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x42070 | 0x468 | data | English | United States |
RT_ICON | 0x424d8 | 0x2e8 | data | English | United States |
RT_ICON | 0x427c0 | 0x128 | data | English | United States |
RT_DIALOG | 0x428e8 | 0xb4 | data | English | United States |
RT_DIALOG | 0x429a0 | 0x120 | data | English | United States |
RT_DIALOG | 0x42ac0 | 0x202 | data | English | United States |
RT_DIALOG | 0x42cc8 | 0xf8 | data | English | United States |
RT_DIALOG | 0x42dc0 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x42eb0 | 0x68 | data | English | United States |
RT_MANIFEST | 0x42f18 | 0x423 | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | SetEnvironmentVariableA, CreateFileA, GetFileSize, GetModuleFileNameA, ReadFile, GetCurrentProcess, CopyFileA, Sleep, GetTickCount, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, SetFileAttributesA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, GetTempFileNameA, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileTime, GetFileAttributesA, SetCurrentDirectoryA, MoveFileA, GetFullPathNameA, GetShortPathNameA, SearchPathA, CloseHandle, lstrcmpiA, GlobalUnlock, GetDiskFreeSpaceA, lstrcmpA, DeleteFileA, FindFirstFileA, FindNextFileA, FindClose, SetFilePointer, GetPrivateProfileStringA, WritePrivateProfileStringA, MulDiv, MultiByteToWideChar, FreeLibrary, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA |
USER32.dll | GetSystemMenu, SetClassLongA, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, LoadImageA, CreateDialogParamA, SetTimer, SetWindowTextA, SetForegroundWindow, ShowWindow, SetWindowLongA, SendMessageTimeoutA, FindWindowExA, IsWindow, AppendMenuA, TrackPopupMenu, CreatePopupMenu, DrawTextA, EndPaint, DestroyWindow, wsprintfA, PostQuitMessage |
GDI32.dll | SelectObject, SetTextColor, SetBkMode, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, GetDeviceCaps, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
11/26/20-15:08:39.139293 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49766 | 34.102.136.180 | 192.168.2.4 |
11/26/20-15:08:44.471838 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49767 | 34.102.136.180 | 192.168.2.4 |
11/26/20-15:08:55.246997 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49769 | 75.126.100.11 | 192.168.2.4 |
11/26/20-15:09:05.767720 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49771 | 34.102.136.180 | 192.168.2.4 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 26, 2020 15:08:23.735517979 CET | 49764 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:23.752428055 CET | 80 | 49764 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:23.752602100 CET | 49764 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:23.752765894 CET | 49764 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:23.768997908 CET | 80 | 49764 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:23.769018888 CET | 80 | 49764 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:23.769026995 CET | 80 | 49764 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:23.769195080 CET | 49764 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:23.769305944 CET | 49764 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:23.787704945 CET | 80 | 49764 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:28.827683926 CET | 49765 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:28.844005108 CET | 80 | 49765 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:28.844106913 CET | 49765 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:28.844275951 CET | 49765 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:28.860564947 CET | 80 | 49765 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:28.860582113 CET | 80 | 49765 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:28.860589981 CET | 80 | 49765 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:28.860757113 CET | 49765 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:28.860820055 CET | 49765 | 80 | 192.168.2.4 | 192.0.78.24 |
Nov 26, 2020 15:08:28.877034903 CET | 80 | 49765 | 192.0.78.24 | 192.168.2.4 |
Nov 26, 2020 15:08:39.007757902 CET | 49766 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:39.023983002 CET | 80 | 49766 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:39.024090052 CET | 49766 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:39.024245024 CET | 49766 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:39.040355921 CET | 80 | 49766 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:39.139292955 CET | 80 | 49766 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:39.139324903 CET | 80 | 49766 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:39.139566898 CET | 49766 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:39.139718056 CET | 49766 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:39.155819893 CET | 80 | 49766 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:44.339562893 CET | 49767 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:44.356126070 CET | 80 | 49767 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:44.356231928 CET | 49767 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:44.356384993 CET | 49767 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:44.372896910 CET | 80 | 49767 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:44.471837997 CET | 80 | 49767 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:44.471859932 CET | 80 | 49767 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:44.472093105 CET | 49767 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:44.472237110 CET | 49767 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:08:44.488727093 CET | 80 | 49767 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:08:49.534532070 CET | 49768 | 80 | 192.168.2.4 | 23.88.85.105 |
Nov 26, 2020 15:08:49.701931953 CET | 80 | 49768 | 23.88.85.105 | 192.168.2.4 |
Nov 26, 2020 15:08:49.702104092 CET | 49768 | 80 | 192.168.2.4 | 23.88.85.105 |
Nov 26, 2020 15:08:49.702579021 CET | 49768 | 80 | 192.168.2.4 | 23.88.85.105 |
Nov 26, 2020 15:08:49.871308088 CET | 80 | 49768 | 23.88.85.105 | 192.168.2.4 |
Nov 26, 2020 15:08:49.871728897 CET | 49768 | 80 | 192.168.2.4 | 23.88.85.105 |
Nov 26, 2020 15:08:49.871788025 CET | 49768 | 80 | 192.168.2.4 | 23.88.85.105 |
Nov 26, 2020 15:08:50.039123058 CET | 80 | 49768 | 23.88.85.105 | 192.168.2.4 |
Nov 26, 2020 15:08:54.974551916 CET | 49769 | 80 | 192.168.2.4 | 75.126.100.11 |
Nov 26, 2020 15:08:55.110631943 CET | 80 | 49769 | 75.126.100.11 | 192.168.2.4 |
Nov 26, 2020 15:08:55.110913992 CET | 49769 | 80 | 192.168.2.4 | 75.126.100.11 |
Nov 26, 2020 15:08:55.111057997 CET | 49769 | 80 | 192.168.2.4 | 75.126.100.11 |
Nov 26, 2020 15:08:55.246968985 CET | 80 | 49769 | 75.126.100.11 | 192.168.2.4 |
Nov 26, 2020 15:08:55.246997118 CET | 80 | 49769 | 75.126.100.11 | 192.168.2.4 |
Nov 26, 2020 15:08:55.247005939 CET | 80 | 49769 | 75.126.100.11 | 192.168.2.4 |
Nov 26, 2020 15:08:55.247483969 CET | 49769 | 80 | 192.168.2.4 | 75.126.100.11 |
Nov 26, 2020 15:08:55.383516073 CET | 80 | 49769 | 75.126.100.11 | 192.168.2.4 |
Nov 26, 2020 15:09:00.310724974 CET | 49770 | 80 | 192.168.2.4 | 95.215.210.10 |
Nov 26, 2020 15:09:00.427397013 CET | 80 | 49770 | 95.215.210.10 | 192.168.2.4 |
Nov 26, 2020 15:09:00.427512884 CET | 49770 | 80 | 192.168.2.4 | 95.215.210.10 |
Nov 26, 2020 15:09:00.427666903 CET | 49770 | 80 | 192.168.2.4 | 95.215.210.10 |
Nov 26, 2020 15:09:00.543589115 CET | 80 | 49770 | 95.215.210.10 | 192.168.2.4 |
Nov 26, 2020 15:09:00.543806076 CET | 80 | 49770 | 95.215.210.10 | 192.168.2.4 |
Nov 26, 2020 15:09:00.543859005 CET | 80 | 49770 | 95.215.210.10 | 192.168.2.4 |
Nov 26, 2020 15:09:00.543992996 CET | 49770 | 80 | 192.168.2.4 | 95.215.210.10 |
Nov 26, 2020 15:09:00.544039965 CET | 49770 | 80 | 192.168.2.4 | 95.215.210.10 |
Nov 26, 2020 15:09:00.659297943 CET | 80 | 49770 | 95.215.210.10 | 192.168.2.4 |
Nov 26, 2020 15:09:05.636172056 CET | 49771 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:09:05.652481079 CET | 80 | 49771 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:09:05.652625084 CET | 49771 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:09:05.652915001 CET | 49771 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:09:05.669075966 CET | 80 | 49771 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:09:05.767719984 CET | 80 | 49771 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:09:05.767754078 CET | 80 | 49771 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:09:05.767883062 CET | 49771 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:09:05.767950058 CET | 49771 | 80 | 192.168.2.4 | 34.102.136.180 |
Nov 26, 2020 15:09:05.785839081 CET | 80 | 49771 | 34.102.136.180 | 192.168.2.4 |
Nov 26, 2020 15:09:10.998608112 CET | 49772 | 80 | 192.168.2.4 | 165.227.229.15 |
Nov 26, 2020 15:09:11.026669025 CET | 80 | 49772 | 165.227.229.15 | 192.168.2.4 |
Nov 26, 2020 15:09:11.026842117 CET | 49772 | 80 | 192.168.2.4 | 165.227.229.15 |
Nov 26, 2020 15:09:11.027050972 CET | 49772 | 80 | 192.168.2.4 | 165.227.229.15 |
Nov 26, 2020 15:09:11.054827929 CET | 80 | 49772 | 165.227.229.15 | 192.168.2.4 |
Nov 26, 2020 15:09:11.522761106 CET | 49772 | 80 | 192.168.2.4 | 165.227.229.15 |
Nov 26, 2020 15:09:11.589823961 CET | 80 | 49772 | 165.227.229.15 | 192.168.2.4 |
Nov 26, 2020 15:09:13.298913956 CET | 80 | 49772 | 165.227.229.15 | 192.168.2.4 |
Nov 26, 2020 15:09:13.299211025 CET | 49772 | 80 | 192.168.2.4 | 165.227.229.15 |
Nov 26, 2020 15:09:13.315665007 CET | 80 | 49772 | 165.227.229.15 | 192.168.2.4 |
Nov 26, 2020 15:09:13.315711975 CET | 80 | 49772 | 165.227.229.15 | 192.168.2.4 |
Nov 26, 2020 15:09:13.315924883 CET | 49772 | 80 | 192.168.2.4 | 165.227.229.15 |
Nov 26, 2020 15:09:13.316107035 CET | 49772 | 80 | 192.168.2.4 | 165.227.229.15 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 26, 2020 15:07:13.144359112 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:13.171447039 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:14.239559889 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:14.266622066 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:21.541554928 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:21.587124109 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:22.348275900 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:22.375363111 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:26.132932901 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:26.160192966 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:26.973536015 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:27.000674963 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:27.773952007 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:27.800987005 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:28.831362963 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:28.876629114 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:30.165488005 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:30.192444086 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:30.963388920 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:30.990685940 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:31.495783091 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:31.522849083 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:31.801719904 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:31.828955889 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:32.467648983 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:32.494673014 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:40.357604027 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:40.384687901 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:42.293867111 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:42.320950031 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:49.923564911 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:49.950719118 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:51.235740900 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:51.281332016 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:51.810421944 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:51.855747938 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:52.990712881 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:53.036309004 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:53.056974888 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:53.084016085 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:53.981822014 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:54.028368950 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:54.887774944 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:54.914705038 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:55.792689085 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:55.837688923 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:56.405735016 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:56.450957060 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:57.158721924 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:57.204114914 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:57.212976933 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:57.258393049 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:57.801665068 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:57.828541994 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:07:58.288177013 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:07:58.333524942 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:09.319849968 CET | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:09.346962929 CET | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:09.402966022 CET | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:09.430198908 CET | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:23.667031050 CET | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:23.724678993 CET | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:28.776492119 CET | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:28.826474905 CET | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:33.867263079 CET | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:33.917606115 CET | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:38.957355022 CET | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:39.006593943 CET | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:44.277055979 CET | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:44.338299990 CET | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:49.482791901 CET | 53418 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:49.533351898 CET | 53 | 53418 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:08:54.903394938 CET | 62833 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:08:54.973221064 CET | 53 | 62833 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:09:00.259206057 CET | 59260 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:09:00.309253931 CET | 53 | 59260 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:09:05.562294960 CET | 49944 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:09:05.633838892 CET | 53 | 49944 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:09:10.801733971 CET | 63300 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:09:10.996421099 CET | 53 | 63300 | 8.8.8.8 | 192.168.2.4 |
Nov 26, 2020 15:09:16.539433002 CET | 61449 | 53 | 192.168.2.4 | 8.8.8.8 |
Nov 26, 2020 15:09:16.707619905 CET | 53 | 61449 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 26, 2020 15:08:23.667031050 CET | 192.168.2.4 | 8.8.8.8 | 0xa1d5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:08:28.776492119 CET | 192.168.2.4 | 8.8.8.8 | 0x3f4b | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:08:33.867263079 CET | 192.168.2.4 | 8.8.8.8 | 0xb2a | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:08:38.957355022 CET | 192.168.2.4 | 8.8.8.8 | 0xef12 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:08:44.277055979 CET | 192.168.2.4 | 8.8.8.8 | 0xeae2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:08:49.482791901 CET | 192.168.2.4 | 8.8.8.8 | 0x2278 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:08:54.903394938 CET | 192.168.2.4 | 8.8.8.8 | 0x2c83 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:09:00.259206057 CET | 192.168.2.4 | 8.8.8.8 | 0x8642 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:09:05.562294960 CET | 192.168.2.4 | 8.8.8.8 | 0x460c | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:09:10.801733971 CET | 192.168.2.4 | 8.8.8.8 | 0x26fc | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:09:16.539433002 CET | 192.168.2.4 | 8.8.8.8 | 0xc857 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 26, 2020 15:08:23.724678993 CET | 8.8.8.8 | 192.168.2.4 | 0xa1d5 | No error (0) | carnesveymacr.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 26, 2020 15:08:23.724678993 CET | 8.8.8.8 | 192.168.2.4 | 0xa1d5 | No error (0) | 192.0.78.24 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:08:23.724678993 CET | 8.8.8.8 | 192.168.2.4 | 0xa1d5 | No error (0) | 192.0.78.25 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:08:28.826474905 CET | 8.8.8.8 | 192.168.2.4 | 0x3f4b | No error (0) | mehler.photography | CNAME (Canonical name) | IN (0x0001) | ||
Nov 26, 2020 15:08:28.826474905 CET | 8.8.8.8 | 192.168.2.4 | 0x3f4b | No error (0) | 192.0.78.24 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:08:28.826474905 CET | 8.8.8.8 | 192.168.2.4 | 0x3f4b | No error (0) | 192.0.78.25 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:08:33.917606115 CET | 8.8.8.8 | 192.168.2.4 | 0xb2a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Nov 26, 2020 15:08:39.006593943 CET | 8.8.8.8 | 192.168.2.4 | 0xef12 | No error (0) | thelonerangernews.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 26, 2020 15:08:39.006593943 CET | 8.8.8.8 | 192.168.2.4 | 0xef12 | No error (0) | 34.102.136.180 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:08:44.338299990 CET | 8.8.8.8 | 192.168.2.4 | 0xeae2 | No error (0) | hvcharging.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 26, 2020 15:08:44.338299990 CET | 8.8.8.8 | 192.168.2.4 | 0xeae2 | No error (0) | 34.102.136.180 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:08:49.533351898 CET | 8.8.8.8 | 192.168.2.4 | 0x2278 | No error (0) | jddq888.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 26, 2020 15:08:49.533351898 CET | 8.8.8.8 | 192.168.2.4 | 0x2278 | No error (0) | 23.88.85.105 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:08:54.973221064 CET | 8.8.8.8 | 192.168.2.4 | 0x2c83 | No error (0) | 75.126.100.11 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:00.309253931 CET | 8.8.8.8 | 192.168.2.4 | 0x8642 | No error (0) | wastie.club | CNAME (Canonical name) | IN (0x0001) | ||
Nov 26, 2020 15:09:00.309253931 CET | 8.8.8.8 | 192.168.2.4 | 0x8642 | No error (0) | 95.215.210.10 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:05.633838892 CET | 8.8.8.8 | 192.168.2.4 | 0x460c | No error (0) | gettingthehelloutofca.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 26, 2020 15:09:05.633838892 CET | 8.8.8.8 | 192.168.2.4 | 0x460c | No error (0) | 34.102.136.180 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:10.996421099 CET | 8.8.8.8 | 192.168.2.4 | 0x26fc | No error (0) | caelaabadie.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 26, 2020 15:09:10.996421099 CET | 8.8.8.8 | 192.168.2.4 | 0x26fc | No error (0) | 165.227.229.15 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:16.707619905 CET | 8.8.8.8 | 192.168.2.4 | 0xc857 | No error (0) | 45.33.2.79 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:16.707619905 CET | 8.8.8.8 | 192.168.2.4 | 0xc857 | No error (0) | 198.58.118.167 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:16.707619905 CET | 8.8.8.8 | 192.168.2.4 | 0xc857 | No error (0) | 45.33.23.183 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:16.707619905 CET | 8.8.8.8 | 192.168.2.4 | 0xc857 | No error (0) | 96.126.123.244 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:16.707619905 CET | 8.8.8.8 | 192.168.2.4 | 0xc857 | No error (0) | 45.56.79.23 | A (IP address) | IN (0x0001) | ||
Nov 26, 2020 15:09:16.707619905 CET | 8.8.8.8 | 192.168.2.4 | 0xc857 | No error (0) | 45.79.19.196 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49764 | 192.0.78.24 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:08:23.752765894 CET | 1403 | OUT | |
Nov 26, 2020 15:08:23.769018888 CET | 1403 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49765 | 192.0.78.24 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:08:28.844275951 CET | 1404 | OUT | |
Nov 26, 2020 15:08:28.860582113 CET | 1405 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49766 | 34.102.136.180 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:08:39.024245024 CET | 1406 | OUT | |
Nov 26, 2020 15:08:39.139292955 CET | 1406 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.4 | 49767 | 34.102.136.180 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:08:44.356384993 CET | 1409 | OUT | |
Nov 26, 2020 15:08:44.471837997 CET | 1409 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.4 | 49768 | 23.88.85.105 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:08:49.702579021 CET | 1410 | OUT | |
Nov 26, 2020 15:08:49.871308088 CET | 1410 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.4 | 49769 | 75.126.100.11 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:08:55.111057997 CET | 1411 | OUT | |
Nov 26, 2020 15:08:55.246997118 CET | 1412 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.4 | 49770 | 95.215.210.10 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:09:00.427666903 CET | 1413 | OUT | |
Nov 26, 2020 15:09:00.543806076 CET | 1414 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.4 | 49771 | 34.102.136.180 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:09:05.652915001 CET | 1415 | OUT | |
Nov 26, 2020 15:09:05.767719984 CET | 1415 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.4 | 49772 | 165.227.229.15 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 26, 2020 15:09:11.027050972 CET | 1417 | OUT | |
Nov 26, 2020 15:09:13.298913956 CET | 1417 | IN | |
Nov 26, 2020 15:09:13.315665007 CET | 1417 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:07:08 |
Start date: | 26/11/2020 |
Path: | C:\Users\user\Desktop\Shipping INVOICE-BL Shipment..exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 438107 bytes |
MD5 hash: | 579BA39B6A146080EF6481591440E445 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 15:07:09 |
Start date: | 26/11/2020 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd30000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:07:16 |
Start date: | 26/11/2020 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 15:07:30 |
Start date: | 26/11/2020 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6fee60000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:07:44 |
Start date: | 26/11/2020 |
Path: | C:\Windows\SysWOW64\netsh.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9f0000 |
File size: | 82944 bytes |
MD5 hash: | A0AA3322BB46BBFC36AB9DC1DBBBB807 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 15:07:48 |
Start date: | 26/11/2020 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:07:49 |
Start date: | 26/11/2020 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 004033A9, Relevance: 91.4, APIs: 33, Strings: 19, Instructions: 366stringcomfileCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406469, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403983, Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E14, Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 208memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406188, Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 199stringCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401759, Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406490, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405805, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405BEC, Relevance: 3.0, APIs: 2, Instructions: 46stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
C-Code - Quality: 59% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CFF, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405CDA, Relevance: 3.0, APIs: 2, Instructions: 13COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004057D0, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D77, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DA6, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403361, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F48, Relevance: 1.3, APIs: 1, Instructions: 37COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 004053CB, Relevance: 54.3, APIs: 36, Instructions: 282windowclipboardmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404686, Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 274stringCOMMON
C-Code - Quality: 78% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040592E, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 159filestringCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402138, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON
C-Code - Quality: 74% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402765, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406943, Relevance: .3, Instructions: 334COMMONCrypto
C-Code - Quality: 79% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040711A, Relevance: .3, Instructions: 300COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404BF9, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040435F, Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 202windowstringCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405DD5, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 129memorystringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040425B, Relevance: 12.1, APIs: 8, Instructions: 68COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404B47, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402CDD, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401D41, Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401DFF, Relevance: 7.5, APIs: 5, Instructions: 43COMMON
C-Code - Quality: 73% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C0A, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
C-Code - Quality: 59% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404A3D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
C-Code - Quality: 77% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405AFE, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405201, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
C-Code - Quality: 89% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040604D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405B45, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405C64, Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 10001BB0, Relevance: 104.3, APIs: 32, Strings: 27, Instructions: 1026registrytimeCOMMONCrypto
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002C30, Relevance: 37.0, APIs: 14, Strings: 7, Instructions: 201fileregistrypipeCOMMON
C-Code - Quality: 59% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002C7C, Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 183fileregistrypipeCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100026C8, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 295memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10004445, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 100019C0, Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 111memoryfileencryptionCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10002ECD, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100039D0, Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100036F7, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10003B54, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 100058E5, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0080318C, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 111nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418180, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041817A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004182DA, Relevance: 1.5, APIs: 1, Instructions: 47nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004182AC, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004182B0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008054E0, Relevance: 1.5, APIs: 1, Instructions: 19nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B797A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00800000, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408880, Relevance: .1, Instructions: 92COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008000E0, Relevance: 9.5, APIs: 2, Strings: 3, Instructions: 767libraryfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00805350, Relevance: 4.6, APIs: 3, Instructions: 56fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00800332, Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004185E1, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418417, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
C-Code - Quality: 30% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004185F0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004184C3, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
C-Code - Quality: 21% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041848E, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B7967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 04BEB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
C-Code - Quality: 44% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00802C5D, Relevance: 26.5, Strings: 21, Instructions: 267COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B3B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B5B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B32D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
C-Code - Quality: 63% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C00EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
C-Code - Quality: 80% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B6F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
C-Code - Quality: 75% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B6D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
C-Code - Quality: 33% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BE8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
C-Code - Quality: 71% |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BCFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C05BA5, Relevance: .6, Instructions: 592COMMON
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B54120, Relevance: .4, Instructions: 444COMMONCrypto
C-Code - Quality: 92% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B352A5, Relevance: .2, Instructions: 161COMMON
C-Code - Quality: 78% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B4EF40, Relevance: .1, Instructions: 147COMMON
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C0740D, Relevance: .1, Instructions: 141COMMON
C-Code - Quality: 84% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B73D43, Relevance: .1, Instructions: 106COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BB7016, Relevance: .1, Instructions: 104COMMON
C-Code - Quality: 76% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B5C182, Relevance: .1, Instructions: 104COMMON
C-Code - Quality: 68% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B6E730, Relevance: .1, Instructions: 89COMMON
C-Code - Quality: 74% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B6BC2C, Relevance: .1, Instructions: 88COMMON
C-Code - Quality: 67% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B39100, Relevance: .1, Instructions: 87COMMON
C-Code - Quality: 76% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B790AF, Relevance: .1, Instructions: 76COMMON
C-Code - Quality: 82% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C0070D, Relevance: .1, Instructions: 72COMMON
C-Code - Quality: 67% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C37F, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B39240, Relevance: .1, Instructions: 63COMMON
C-Code - Quality: 77% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BB46A7, Relevance: .1, Instructions: 59COMMON
C-Code - Quality: 93% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B39080, Relevance: .1, Instructions: 53COMMON
C-Code - Quality: 69% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416227, Relevance: .1, Instructions: 53COMMON
C-Code - Quality: 18% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF14FB, Relevance: .0, Instructions: 48COMMON
C-Code - Quality: 61% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF138A, Relevance: .0, Instructions: 48COMMON
C-Code - Quality: 61% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B4B02A, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C01074, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BEFEC0, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 59% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BEFE3F, Relevance: .0, Instructions: 46COMMON
C-Code - Quality: 59% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C08ED6, Relevance: .0, Instructions: 44COMMON
C-Code - Quality: 54% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B3B1E1, Relevance: .0, Instructions: 42COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BCFE87, Relevance: .0, Instructions: 38COMMON
C-Code - Quality: 46% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF131B, Relevance: .0, Instructions: 36COMMON
C-Code - Quality: 48% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C08F6A, Relevance: .0, Instructions: 36COMMON
C-Code - Quality: 48% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B5C577, Relevance: .0, Instructions: 33COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF2073, Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 94% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C08D34, Relevance: .0, Instructions: 32COMMON
C-Code - Quality: 43% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C08CD6, Relevance: .0, Instructions: 31COMMON
C-Code - Quality: 36% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B5746D, Relevance: .0, Instructions: 31COMMON
C-Code - Quality: 88% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04C08B58, Relevance: .0, Instructions: 31COMMON
C-Code - Quality: 36% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B34F2E, Relevance: .0, Instructions: 31COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00800CE4, Relevance: .0, Instructions: 25COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B6A185, Relevance: .0, Instructions: 20COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B616E0, Relevance: .0, Instructions: 17COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004157F1, Relevance: .0, Instructions: 16COMMON
C-Code - Quality: 25% |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00804E70, Relevance: .0, Instructions: 13COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B635A1, Relevance: .0, Instructions: 12COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B3AD30, Relevance: .0, Instructions: 10COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B636CC, Relevance: .0, Instructions: 10COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B57D50, Relevance: .0, Instructions: 7COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B798A0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B798F0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79820, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B7B040, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B795F0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B799D0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B7AD30, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79520, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79560, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79950, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79A80, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B796D0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79610, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79A10, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79A00, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79660, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79650, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B7A3B0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79730, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B7A710, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79B00, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79770, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B7A770, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79760, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04B79670, Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 02F78180, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F7817A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F782DA, Relevance: 1.5, APIs: 1, Instructions: 47nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F782AC, Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F782B0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03749A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03749910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 037499A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03749860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03749840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03749710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03749FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03749780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 037496E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 037496D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03749540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 037495D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F76EA0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F76E96, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F78490, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F78417, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F7848E, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F76FD0, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F76FC3, Relevance: 1.5, APIs: 1, Instructions: 32threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F785E1, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F785F0, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F6D3DC, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02F6D3E0, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0374967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |