Analysis Report BsYHxeX7Ok.dll
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
JoeSecurity_Emotet | Yara detected Emotet | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00738000 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_007385AC |
Source: | Code function: | 1_2_0071DBB2 | |
Source: | Code function: | 1_2_0072D87D | |
Source: | Code function: | 1_2_00711662 | |
Source: | Code function: | 1_2_00711664 | |
Source: | Code function: | 1_2_0072505A | |
Source: | Code function: | 1_2_0071BA46 | |
Source: | Code function: | 1_2_0071F249 | |
Source: | Code function: | 1_2_00728C4D | |
Source: | Code function: | 1_2_0072DA27 | |
Source: | Code function: | 1_2_00728A24 | |
Source: | Code function: | 1_2_0071422B | |
Source: | Code function: | 1_2_0071A82A | |
Source: | Code function: | 1_2_0071B22A | |
Source: | Code function: | 1_2_0072A02C | |
Source: | Code function: | 1_2_0072A82C | |
Source: | Code function: | 1_2_0071E42E | |
Source: | Code function: | 1_2_00712814 | |
Source: | Code function: | 1_2_0072821E | |
Source: | Code function: | 1_2_00724602 | |
Source: | Code function: | 1_2_0071E8F6 | |
Source: | Code function: | 1_2_00711EF9 | |
Source: | Code function: | 1_2_00716AFC | |
Source: | Code function: | 1_2_007138E1 | |
Source: | Code function: | 1_2_00722CE3 | |
Source: | Code function: | 1_2_00720CE0 | |
Source: | Code function: | 1_2_0072E4E1 | |
Source: | Code function: | 1_2_0072A2E5 | |
Source: | Code function: | 1_2_00714AD3 | |
Source: | Code function: | 1_2_0072B0D5 | |
Source: | Code function: | 1_2_007168D8 | |
Source: | Code function: | 1_2_007184D8 | |
Source: | Code function: | 1_2_007142DE | |
Source: | Code function: | 1_2_007148C7 | |
Source: | Code function: | 1_2_007212B3 | |
Source: | Code function: | 1_2_0072E0B6 | |
Source: | Code function: | 1_2_0071BEBD | |
Source: | Code function: | 1_2_00718EA1 | |
Source: | Code function: | 1_2_007126A0 | |
Source: | Code function: | 1_2_00712C93 | |
Source: | Code function: | 1_2_00721494 | |
Source: | Code function: | 1_2_0071AE9E | |
Source: | Code function: | 1_2_00720082 | |
Source: | Code function: | 1_2_0072E689 | |
Source: | Code function: | 1_2_00728489 | |
Source: | Code function: | 1_2_0072197B | |
Source: | Code function: | 1_2_0072BF69 | |
Source: | Code function: | 1_2_00717B6A | |
Source: | Code function: | 1_2_0071A16A | |
Source: | Code function: | 1_2_00729D6D | |
Source: | Code function: | 1_2_00720950 | |
Source: | Code function: | 1_2_00721F54 | |
Source: | Code function: | 1_2_0072CB58 | |
Source: | Code function: | 1_2_00713743 | |
Source: | Code function: | 1_2_0071F54C | |
Source: | Code function: | 1_2_0072894D | |
Source: | Code function: | 1_2_0071D535 | |
Source: | Code function: | 1_2_00726334 | |
Source: | Code function: | 1_2_00724D39 | |
Source: | Code function: | 1_2_00728721 | |
Source: | Code function: | 1_2_00729726 | |
Source: | Code function: | 1_2_0072732F | |
Source: | Code function: | 1_2_0072C92D | |
Source: | Code function: | 1_2_00723F16 | |
Source: | Code function: | 1_2_0072CF07 | |
Source: | Code function: | 1_2_00717306 | |
Source: | Code function: | 1_2_00713F0A | |
Source: | Code function: | 1_2_007133F4 | |
Source: | Code function: | 1_2_0071A7FA | |
Source: | Code function: | 1_2_007229E3 | |
Source: | Code function: | 1_2_0071F7EF | |
Source: | Code function: | 1_2_007207D3 | |
Source: | Code function: | 1_2_007195DD | |
Source: | Code function: | 1_2_0072D5DF | |
Source: | Code function: | 1_2_0072C1C2 | |
Source: | Code function: | 1_2_007121C0 | |
Source: | Code function: | 1_2_0072E9A2 | |
Source: | Code function: | 1_2_0071EBA4 | |
Source: | Code function: | 1_2_0072B598 | |
Source: | Code function: | 1_2_0072539F | |
Source: | Code function: | 1_2_0071799F | |
Source: | Code function: | 1_2_0072DD80 | |
Source: | Code function: | 1_2_00727B8D | |
Source: | Code function: | 1_2_0074303C | |
Source: | Code function: | 1_2_00751E14 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00762E1D | |
Source: | Code function: | 1_2_00770890 | |
Source: | Code function: | 1_2_0077386C | |
Source: | Code function: | 1_2_00770858 | |
Source: | Code function: | 1_2_0076405C | |
Source: | Code function: | 1_2_00770050 | |
Source: | Code function: | 1_2_0073C914 | |
Source: | Code function: | 1_2_0073B927 | |
Source: | Code function: | 1_2_0075292B | |
Source: | Code function: | 1_2_0073A0D8 | |
Source: | Code function: | 1_2_007738DC | |
Source: | Code function: | 1_2_0073C8DE | |
Source: | Code function: | 1_2_007738A4 | |
Source: | Code function: | 1_2_0073B988 | |
Source: | Code function: | 1_2_00770958 | |
Source: | Code function: | 1_2_0073EA0C | |
Source: | Code function: | 1_2_00758998 | |
Source: | Code function: | 1_2_0073B9CC | |
Source: | Code function: | 1_2_0073B2C5 | |
Source: | Code function: | 1_2_00738A74 | |
Source: | Code function: | 1_2_0073CA7C | |
Source: | Code function: | 1_2_0073BA54 | |
Source: | Code function: | 1_2_0073AA7F | |
Source: | Code function: | 1_2_0076CA50 | |
Source: | Code function: | 1_2_0076BB2A | |
Source: | Code function: | 1_2_0073AB04 | |
Source: | Code function: | 1_2_0073AACC | |
Source: | Code function: | 1_2_00738BA0 | |
Source: | Code function: | 1_2_0076BB88 | |
Source: | Code function: | 1_2_0073BB84 | |
Source: | Code function: | 1_2_00739B9A |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_0071A823 |
Source: | Memory protected: | Jump to behavior |
Source: | Code function: | 1_2_007384D8 |
Stealing of Sensitive Information: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Virtualization/Sandbox Evasion1 | OS Credential Dumping | Query Registry1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery11 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Peripheral Device Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | System Information Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
14% | Virustotal | Browse | ||
57% | ReversingLabs | Win32.Trojan.EmotetCrypt | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1110387 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 344139 |
Start date: | 26.01.2021 |
Start time: | 07:15:18 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | BsYHxeX7Ok.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 33 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.troj.winDLL@4/12@0/0 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
07:16:20 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10134 |
Entropy (8bit): | 3.7646610495056536 |
Encrypted: | false |
SSDEEP: | 96:RYnj4CW0yTVy9hTot7JnqpXIQcQac6pcEccw35+a+z+HbHgEVG4rmMKazWbSmvFp:qjXUsH0tGtjpDH/u7s+S274ItWu |
MD5: | C422BA0A5A2F8E68DE85C4F2B27F9744 |
SHA1: | 3BF55DF103B0A07C910E7212E996086058E92EE2 |
SHA-256: | 76F9281E1BBF7371B963688062377A17A0FF6C0EA433DA31BAF23F7607B0FD15 |
SHA-512: | A2CF62D79BE241ED893FC1D22D92A5584BB816D248509E744D6B853D6BC3F610290BEB393E370DA1008D9B711A11E2192F932F6A64E8AD36C30FA1C5AD2678F6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10088 |
Entropy (8bit): | 3.7615576725876148 |
Encrypted: | false |
SSDEEP: | 96:ox36Plcpj4CW0yEmqy9hT97efvpXIQcQPc6bcEycw37+a+z+HbHgEVG4rmMKazWG:E36SdXU/oHhfoXjpDH/u7sZS274ItWo |
MD5: | 7C12BFAB0F59B52846C04CA731DB267F |
SHA1: | 35D9E460CADC4404C6869BD59529D76B7D65F552 |
SHA-256: | 1B1AAD60F962C1D569BFCE727AC594D027798D06BA38326D51FCFB41E7FCC265 |
SHA-512: | 82B663750666DF8D20A7902E743E6304D570E6B48817CAD93D6E2A8750DC97081C2D1C21F59B2BAD1A5D546F56E60611207C4BAD7213C53875AB55179985120F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9694 |
Entropy (8bit): | 3.759141443436875 |
Encrypted: | false |
SSDEEP: | 96:ACj4CW0yxy9hT97WzSZpXIQcQac6pcEccw35+a+z+HbHgEVG4rmMKazWbSmvFVh/:XXU8H0tGtjpDy/u7s+S274ItbY |
MD5: | C0C05C8B451A7A3E6C0931043ACAE82B |
SHA1: | BBD9E48041A8C762CA2F04063102F83C6C58E2EC |
SHA-256: | 124FCECED0D204475F000701E1B296B48038426D5A1C0480FEEB189B8E19D338 |
SHA-512: | 5573A6CB152E6CCBE99D757B9019DD96FB534B8268E279C366226410F10477BC29BDF75F62A1040B5A824A1DF8FC2A1DB78D55E1BF0B6D81E669DBCA3CAF0092 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41828 |
Entropy (8bit): | 2.038826544545495 |
Encrypted: | false |
SSDEEP: | 192:w0RghZKselJ94Q2S1uBIWrE91VNybNDXnpon/J/j:tRWZ5elJGQ2ScSWwPybN8Fj |
MD5: | 13F7C11E69DA9921F0651BDEF07D381B |
SHA1: | E0892C6958FECCD7EEAF5387B7B8A4B841454185 |
SHA-256: | 7A7A6DB3E948ADCFAEA494D9CEB767647D5BF746395B61BEBAC7B129117D7552 |
SHA-512: | 297C0760F2705149595CB09F3170DB9DA313C8CBCE833C7C2C2C89519DC48427385BE4D7D6EFC4B69B4D15AD41FE11A0C01AB9260AC4175770E2243C40DA62B3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8348 |
Entropy (8bit): | 3.6920162098436102 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi4DY6Qu2v6YIvSU8aigmfiSWCpN489bsn41fQkm:RrlsNiD6Z2v6YgSU8aigmfiS9snifi |
MD5: | B087A84A63DCF6F547DED7B76CEA8618 |
SHA1: | 0FE760CDC04A8A14D83F93FEC8BE0CB32B1A4415 |
SHA-256: | 8EC704446CE8495B41A93C89D8C6ECFC9B8A969B6C01F3A19773B86A1D45CD63 |
SHA-512: | 923B0462F9B50227320B7885D51437D4265C1F3A1A51256DCDF6BE16704DAA01EB039D193DFA5DA95E1606BD43D6AECCD2360DB4C88CB818B522D8BAB53E78BE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4658 |
Entropy (8bit): | 4.429769617248258 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsxRJgtWI9r2yWSC8B548fm8M4JONgFa2+q8vYNQxKcQIcQwv+ld:uITfxESSN/1JjKLxKkwv+ld |
MD5: | 15F23103DA45B2E2067424F685EEAC3B |
SHA1: | 0A0ECF39D509F43B7A4DDA03CC795ED7FDD98F35 |
SHA-256: | E7395CD429268F456A2870CFAA16863EEE1BE912FCFB1C984E05C37814307726 |
SHA-512: | 0A25EAA7333E6DB9589FB4BA33CD61043AB5ECC0C0821F0681419D5561AFED3CCC99B61E04083688758C89137E26FE1A82D45EBF2A7BA78B3458EF2CAC9D38AE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41588 |
Entropy (8bit): | 1.9841631652526566 |
Encrypted: | false |
SSDEEP: | 192:eTJghZKs+lJV4QLduBIWrNkSIyP0R57uClbfyS:IJWZ5+lJeQLESWR1IycmS |
MD5: | 765F4C728B13DB1896B73E947B12A075 |
SHA1: | 3A442390A85D48F3C59F11EC23CD50616DF903EE |
SHA-256: | 90713247A4E4F0607D07381F754AE6FD3ABA76219BB96F45E4D8EEC59D43FF0F |
SHA-512: | CC29B2948E90E7B937D9D3440C2D8C1E60365397E1AD1500116E4171F26485C11D364EE26B04B140A880073C7171910DA4C9C3F53F87A58C1B6EE64BB226F312 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8324 |
Entropy (8bit): | 3.6961754756167085 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi4Dc67k2v6YI6SUqaRyegmf4SWCpr789bRnYsfzbm:RrlsNi36Y2v6Y1SUqawegmf4SiRnLfu |
MD5: | 62A4C5380C0701B801FB197677E5ABAC |
SHA1: | 4D292495B0B5F91FE005AE50849CAFABA41DBBA3 |
SHA-256: | 75913919B52F091A4CE08D29F16A405613FC5E3D46BB781B98C4444AD14D4A5D |
SHA-512: | 3969A874806BBEE55F225514FA20B83BD0A33D7B78CBDBC6B5FF79DF564D3D1937EB3203607CCCEFB696C8AA6F4AF4715ACDD7FB32701BBEA2008A0E535D9FF7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4597 |
Entropy (8bit): | 4.472832368306633 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsxRJgtWI9r2yWSC8BCa8fm8M4JO6ZFD+q8bDRxKcQIcQwv+kd:uITfxESSNkJ1XGRxKkwv+kd |
MD5: | BC1B5B1EEC72DA00CD5949DC7F3BA676 |
SHA1: | E12EC1F3D79B613019F10A0045D0438CC00E1BCC |
SHA-256: | 1B18F4B5F4C9BFEBA22BADF0E6151A5E12F659825AD8D70BD4E646BB80C1E6F6 |
SHA-512: | CEE37113BD761A498F4F3E4EC6967A6254E339AE4FB5657EC08E286BD46DD4ECAAD9FE01C3B775B7C6AF0724369330DB21AD1EF0DB9FAC0828C24E80BD402871 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38012 |
Entropy (8bit): | 1.9487981955990552 |
Encrypted: | false |
SSDEEP: | 192:T9NhZKs+lJn4QjeuBIWrR79BK7EIjefEgd:JNhZ5+lJ4QjlSWV9BLEy |
MD5: | 0B9AD215C68D0C2D8D4ECF2D37D404FA |
SHA1: | E59D52ABA900ABB633313B1C1069C44EA413D5CD |
SHA-256: | A2359A269A277B7C0C9F22E3B87C282F06660E5CD25522CC1B0261CE1010DF7F |
SHA-512: | 381A837F6896D77F9666D088D5126163C908D6289AF713FD96472AF7DFFDDDFB5AC17C971D5840CB9AEE8928ED6A3418D0AA6D6BB1581F94F1343ABA2CF90BBD |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8284 |
Entropy (8bit): | 3.6935941200272753 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi4DK6ON2v6YIBSUqWJGgmfVSNCpDI89bgnYsfT6jAm:RrlsNiZ6U2v6YOSUqRgmfVSognLfex |
MD5: | D3EF14C680659FAFE7857906EA45F07E |
SHA1: | 8E38362D0022974C6F9D4DE01928B9860149F470 |
SHA-256: | 1CC0D42DE82F5B2CD5BF2DAEE353CC4C7D04908884ABAFB8B78401015163A0FA |
SHA-512: | 18C25D8A622E514729EBCB9BCAB71D67B40557689605E49746F35A412D04FE4B75C9E16C613D3BBCF4A502C444C142360DADEC758B703F01EB53FAF1E89683A1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4557 |
Entropy (8bit): | 4.4437911607407345 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsxKJgtWI9r2yWSC8Bk8fm8M4JORjFa5+q8p8nxKcQIcQwv+kd:uITf+ESSNnJ1bxKkwv+kd |
MD5: | 0299DEE8AB3686E56106BD95512135EE |
SHA1: | 99340B2A5043DCC5BC2953D621AA2A1193B649CF |
SHA-256: | 085A99D7E2E96BA20FDC7A439CD870BE4B5DBEBE288B8A411B9F9E2EDBC3D448 |
SHA-512: | 913A7E69FF027B2E0FA6468B3AC9D02D316184596845B6B30B581F13B3E11F2D4BFD47D98E73795F3F13222B104D61C496788CA99B032B6E2AE44A06B48A75D4 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.906327751615201 |
TrID: |
|
File name: | BsYHxeX7Ok.dll |
File size: | 628736 |
MD5: | 0125320a954399ad7b275b67b97a273f |
SHA1: | 37afd871f306977f49c56400183ef5a80d8748f1 |
SHA256: | d8a15d14d7bdc4d2e1d948e20cf2835b452f46b2c0860ccd8147ee8d8a43adec |
SHA512: | bc4b30147d97520ff627cf8e843ffe3619ae7423fe1da7f3e6b21a0452728c1ba944d5acb53c65ea07372db22f9fac5c850683a5e385335ad08f28c6d20e6951 |
SSDEEP: | 12288:SYzchQVZnkmt/70MWugxPJZFpf0c1pHBbdJrs2xnd:d4KV5Hpt8bZHLXCA |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
File Icon |
---|
Icon Hash: | b99988fcd4f66e0f |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x463ebc |
Entrypoint Section: | CODE |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7ed08afc6b0c9da85427ea1b02b1e145 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFC4h |
mov eax, 00463C14h |
call 00007FCAB4E9DD45h |
mov dword ptr [0046666Ch], 00463928h |
mov eax, 00000001h |
call 00007FCAB4EFB23Dh |
call 00007FCAB4E9B9FCh |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x67000 | 0x22ec | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x71000 | 0x2ba00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6a000 | 0x6ed4 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
CODE | 0x1000 | 0x62ee8 | 0x63000 | False | 0.52030806108 | data | 6.5550941356 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
DATA | 0x64000 | 0x14cc | 0x1600 | False | 0.433948863636 | data | 4.11607326462 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
BSS | 0x66000 | 0xcd1 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x67000 | 0x22ec | 0x2400 | False | 0.359809027778 | data | 4.92726416893 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.reloc | 0x6a000 | 0x6ed4 | 0x7000 | False | 0.624232700893 | data | 6.67422538704 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
.rsrc | 0x71000 | 0x2ba00 | 0x2ba00 | False | 0.685765132521 | data | 6.85431640563 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
FF | 0x71b2c | 0x25c09 | data | English | United States |
RT_CURSOR | 0x97738 | 0x134 | data | ||
RT_CURSOR | 0x9786c | 0x134 | data | ||
RT_CURSOR | 0x979a0 | 0x134 | data | ||
RT_CURSOR | 0x97ad4 | 0x134 | data | ||
RT_CURSOR | 0x97c08 | 0x134 | data | ||
RT_CURSOR | 0x97d3c | 0x134 | data | ||
RT_CURSOR | 0x97e70 | 0x134 | data | ||
RT_BITMAP | 0x97fa4 | 0x1d0 | data | ||
RT_BITMAP | 0x98174 | 0x1e4 | data | ||
RT_BITMAP | 0x98358 | 0x1d0 | data | ||
RT_BITMAP | 0x98528 | 0x1d0 | data | ||
RT_BITMAP | 0x986f8 | 0x1d0 | data | ||
RT_BITMAP | 0x988c8 | 0x1d0 | data | ||
RT_BITMAP | 0x98a98 | 0x1d0 | data | ||
RT_BITMAP | 0x98c68 | 0x1d0 | data | ||
RT_BITMAP | 0x98e38 | 0x1d0 | data | ||
RT_BITMAP | 0x99008 | 0x1d0 | data | ||
RT_BITMAP | 0x991d8 | 0xe8 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x992c0 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 49, next used block 48059 | Russian | Russia |
RT_DIALOG | 0x995a8 | 0x52 | data | ||
RT_STRING | 0x995fc | 0x404 | data | ||
RT_STRING | 0x99a00 | 0x1cc | data | ||
RT_STRING | 0x99bcc | 0x188 | data | ||
RT_STRING | 0x99d54 | 0x1b0 | data | ||
RT_STRING | 0x99f04 | 0x218 | data | ||
RT_STRING | 0x9a11c | 0xec | data | ||
RT_STRING | 0x9a208 | 0x224 | data | ||
RT_STRING | 0x9a42c | 0x33c | data | ||
RT_STRING | 0x9a768 | 0x3d4 | data | ||
RT_STRING | 0x9ab3c | 0x3a4 | data | ||
RT_STRING | 0x9aee0 | 0x3e8 | data | ||
RT_STRING | 0x9b2c8 | 0xf4 | data | ||
RT_STRING | 0x9b3bc | 0xc4 | data | ||
RT_STRING | 0x9b480 | 0x2c0 | data | ||
RT_STRING | 0x9b740 | 0x478 | data | ||
RT_STRING | 0x9bbb8 | 0x3ac | data | ||
RT_STRING | 0x9bf64 | 0x2d4 | data | ||
RT_RCDATA | 0x9c238 | 0x10 | data | ||
RT_RCDATA | 0x9c248 | 0x358 | data | ||
RT_RCDATA | 0x9c5a0 | 0x29c | Delphi compiled form 'TForm1' | ||
RT_GROUP_CURSOR | 0x9c83c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0x9c850 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0x9c864 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0x9c878 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0x9c88c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0x9c8a0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_CURSOR | 0x9c8b4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | ||
RT_GROUP_ICON | 0x9c8c8 | 0x14 | data | Russian | Russia |
Imports |
---|
DLL | Import |
---|---|
kernel32.dll | DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle |
user32.dll | GetKeyboardType, LoadStringA, MessageBoxA, CharNextA |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
kernel32.dll | TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
kernel32.dll | lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, ExitProcess, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFileA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt |
user32.dll | CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharUpperW, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharUpperBuffA, CharUpperA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
ole32.dll | CoCreateInstance, CoUninitialize, CoInitialize |
oleaut32.dll | CreateErrorInfo, GetErrorInfo, SetErrorInfo, SysFreeString |
comctl32.dll | ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
user32.dll | DdeCmpStringHandles, DdeFreeStringHandle, DdeQueryStringA, DdeCreateStringHandleA, DdeGetLastError, DdeFreeDataHandle, DdeUnaccessData, DdeAccessData, DdeCreateDataHandle, DdeClientTransaction, DdeNameService, DdePostAdvise, DdeSetUserHandle, DdeQueryConvInfo, DdeDisconnect, DdeConnect, DdeUninitialize, DdeInitializeA |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Russian | Russia |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 26, 2021 07:16:01.119040012 CET | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:01.178134918 CET | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:01.209001064 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:01.256872892 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:02.487807035 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:02.546792030 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:03.683407068 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:03.739995003 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:05.011957884 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:05.059942961 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:05.960835934 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:06.011603117 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:07.402606964 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:07.450618029 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:08.767453909 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:08.826179981 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:10.116492033 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:10.164515972 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:13.290750980 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:13.341430902 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:18.910341024 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:18.958494902 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:27.058024883 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:27.119025946 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:31.141572952 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:31.192306995 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:34.584722042 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:34.632829905 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:42.898499012 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:42.954871893 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:50.643254042 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:50.691179037 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:56.036890030 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:56.092883110 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:56.728971958 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:56.788089037 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:57.551562071 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:57.608000994 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:16:58.070348024 CET | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:16:58.121098995 CET | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:17:00.018488884 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:17:00.077462912 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:17:00.651200056 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:17:00.707487106 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:17:01.280186892 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:17:01.330993891 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:17:01.361679077 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:17:01.425633907 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:17:02.171823025 CET | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:17:02.230834007 CET | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:17:02.438508034 CET | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:17:02.494695902 CET | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:17:05.021364927 CET | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:17:05.077379942 CET | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Jan 26, 2021 07:17:05.499620914 CET | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 26, 2021 07:17:05.555548906 CET | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 07:16:05 |
Start date: | 26/01/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1050000 |
File size: | 120832 bytes |
MD5 hash: | 2D39D4DFDE8F7151723794029AB8A034 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 07:16:07 |
Start date: | 26/01/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 07:16:13 |
Start date: | 26/01/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 07:16:24 |
Start date: | 26/01/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x240000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0071DBB2, Relevance: 10.4, Strings: 8, Instructions: 359COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00773928, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 136filememoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00711B9D, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0074761C, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 98% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 95% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00721F54, Relevance: 20.5, Strings: 16, Instructions: 480COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00728C4D, Relevance: 20.4, Strings: 16, Instructions: 436COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00718EA1, Relevance: 19.1, Strings: 15, Instructions: 362COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007195DD, Relevance: 16.6, Strings: 13, Instructions: 345COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072C1C2, Relevance: 16.5, Strings: 13, Instructions: 297COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007184D8, Relevance: 15.3, Strings: 12, Instructions: 332COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00712C93, Relevance: 15.3, Strings: 12, Instructions: 315COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00720082, Relevance: 15.3, Strings: 12, Instructions: 309COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00724602, Relevance: 15.3, Strings: 12, Instructions: 307COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072CF07, Relevance: 15.3, Strings: 12, Instructions: 259COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071A82A, Relevance: 15.2, Strings: 12, Instructions: 248COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00729726, Relevance: 14.0, Strings: 11, Instructions: 259COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00717B6A, Relevance: 14.0, Strings: 11, Instructions: 212COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071AE9E, Relevance: 13.9, Strings: 11, Instructions: 190COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072732F, Relevance: 12.9, Strings: 10, Instructions: 365COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00723F16, Relevance: 12.8, Strings: 10, Instructions: 344COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00712814, Relevance: 12.7, Strings: 10, Instructions: 208COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00717306, Relevance: 11.5, Strings: 9, Instructions: 277COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071EBA4, Relevance: 11.5, Strings: 9, Instructions: 275COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072197B, Relevance: 11.5, Strings: 9, Instructions: 243COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007121C0, Relevance: 11.4, Strings: 9, Instructions: 195COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071D535, Relevance: 10.3, Strings: 8, Instructions: 312COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00716AFC, Relevance: 10.3, Strings: 8, Instructions: 305COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071F249, Relevance: 10.2, Strings: 8, Instructions: 165COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00711662, Relevance: 10.1, Strings: 8, Instructions: 112COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00711664, Relevance: 10.1, Strings: 8, Instructions: 111COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071BA46, Relevance: 8.9, Strings: 7, Instructions: 197COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072BF69, Relevance: 8.9, Strings: 7, Instructions: 137COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00721494, Relevance: 8.9, Strings: 7, Instructions: 119COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00720CE0, Relevance: 8.9, Strings: 7, Instructions: 107COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071A7FA, Relevance: 8.8, Strings: 7, Instructions: 94COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007138E1, Relevance: 7.7, Strings: 6, Instructions: 247COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00727B8D, Relevance: 7.7, Strings: 6, Instructions: 239COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071E42E, Relevance: 7.6, Strings: 6, Instructions: 143COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007168D8, Relevance: 7.6, Strings: 6, Instructions: 120COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007212B3, Relevance: 7.6, Strings: 6, Instructions: 107COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071B22A, Relevance: 6.5, Strings: 5, Instructions: 229COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072DA27, Relevance: 6.5, Strings: 5, Instructions: 210COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071F54C, Relevance: 6.4, Strings: 5, Instructions: 153COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072CB58, Relevance: 6.4, Strings: 5, Instructions: 151COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072B598, Relevance: 6.4, Strings: 5, Instructions: 147COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071799F, Relevance: 6.4, Strings: 5, Instructions: 117COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00711EF9, Relevance: 6.4, Strings: 5, Instructions: 108COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072E4E1, Relevance: 6.3, Strings: 5, Instructions: 97COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00729D6D, Relevance: 6.3, Strings: 5, Instructions: 93COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072E0B6, Relevance: 5.2, Strings: 4, Instructions: 211COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072E9A2, Relevance: 5.2, Strings: 4, Instructions: 198COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072505A, Relevance: 5.2, Strings: 4, Instructions: 175COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072C92D, Relevance: 5.1, Strings: 4, Instructions: 133COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072E689, Relevance: 3.9, Strings: 3, Instructions: 137COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00724D39, Relevance: 3.9, Strings: 3, Instructions: 137COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072D87D, Relevance: 3.8, Strings: 3, Instructions: 97COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00751E14, Relevance: 2.9, Strings: 2, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00720950, Relevance: 2.7, Strings: 2, Instructions: 200COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071E8F6, Relevance: 2.6, Strings: 2, Instructions: 149COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072D5DF, Relevance: 2.6, Strings: 2, Instructions: 115COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007142DE, Relevance: 2.6, Strings: 2, Instructions: 106COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071A16A, Relevance: 2.6, Strings: 2, Instructions: 103COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00728721, Relevance: 2.6, Strings: 2, Instructions: 99COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007229E3, Relevance: 2.6, Strings: 2, Instructions: 93COMMON
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0074303C, Relevance: 1.5, Strings: 1, Instructions: 284COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072B0D5, Relevance: 1.4, Strings: 1, Instructions: 176COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00713743, Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00713F0A, Relevance: 1.3, Strings: 1, Instructions: 89COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072894D, Relevance: 1.3, Strings: 1, Instructions: 62COMMON
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072DD80, Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00728489, Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007148C7, Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00728A24, Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072A2E5, Relevance: .1, Instructions: 91COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007126A0, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007207D3, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072821E, Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0072A02C, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007133F4, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071422B, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0071A823, Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00744A08, Relevance: 6.2, APIs: 4, Instructions: 192COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00772B38, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0074A6C4, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 282windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |