Analysis Report TT SWIFT COPY.scr
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security | ||
JoeSecurity_VB6DownloaderGeneric | Yara detected VB6 Downloader Generic | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Remcos | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Uses secure TLS version for HTTPS connections | Show sources |
Source: | HTTPS traffic detected: |
Networking: |
---|
Connects to many ports of the same IP (likely port scanning) | Show sources |
Source: | TCP traffic: |
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Source: | Process Stats: |
Source: | Code function: | 1_2_00785569 | |
Source: | Code function: | 1_2_00785E81 | |
Source: | Code function: | 1_2_007847E5 | |
Source: | Code function: | 1_2_00786458 | |
Source: | Code function: | 1_2_0078285A | |
Source: | Code function: | 1_2_00786432 | |
Source: | Code function: | 1_2_00782818 | |
Source: | Code function: | 1_2_0078641E | |
Source: | Code function: | 1_2_007824DA | |
Source: | Code function: | 1_2_007828B8 | |
Source: | Code function: | 1_2_007864B9 | |
Source: | Code function: | 1_2_007824BA | |
Source: | Code function: | 1_2_00782556 | |
Source: | Code function: | 1_2_00782935 | |
Source: | Code function: | 1_2_00786526 | |
Source: | Code function: | 1_2_0078250D | |
Source: | Code function: | 1_2_00785D04 | |
Source: | Code function: | 1_2_007825E6 | |
Source: | Code function: | 1_2_007825AE | |
Source: | Code function: | 1_2_0078267E | |
Source: | Code function: | 1_2_00785E37 | |
Source: | Code function: | 1_2_00782607 | |
Source: | Code function: | 1_2_007826D9 | |
Source: | Code function: | 1_2_007826B3 | |
Source: | Code function: | 1_2_00782773 | |
Source: | Code function: | 1_2_0078632E | |
Source: | Code function: | 1_2_0078271A | |
Source: | Code function: | 1_2_007863AA | |
Source: | Code function: | 1_2_007863AD | |
Source: | Code function: | 1_2_00782792 | |
Source: | Code function: | 1_2_0078238E | |
Source: | Code function: | 8_2_00E85E81 | |
Source: | Code function: | 8_2_00E85525 | |
Source: | Code function: | 8_2_00E864B9 | |
Source: | Code function: | 8_2_00E85E58 | |
Source: | Code function: | 8_2_00E86458 | |
Source: | Code function: | 8_2_00E86432 | |
Source: | Code function: | 8_2_00E85E37 | |
Source: | Code function: | 8_2_00E8641E | |
Source: | Code function: | 8_2_00E863AA | |
Source: | Code function: | 8_2_00E863AD | |
Source: | Code function: | 8_2_00E8632E | |
Source: | Code function: | 8_2_00E86526 | |
Source: | Code function: | 8_2_00E85D04 | |
Source: | Code function: | 8_2_00E8631A |
Source: | Code function: | 1_2_004018FB | |
Source: | Code function: | 1_2_00401BF8 | |
Source: | Code function: | 1_2_00401BAC | |
Source: | Code function: | 1_2_007847E5 | |
Source: | Code function: | 1_2_0078498A | |
Source: | Code function: | 8_2_00E85525 | |
Source: | Code function: | 8_2_00E8498A |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected VB6 Downloader Generic | Show sources |
Source: | File source: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contain functionality to detect virtual machines | Show sources |
Source: | Code function: | 1_2_0078436A | |
Source: | Code function: | 1_2_007841A6 |
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: | Code function: | 1_2_0078087B | |
Source: | Code function: | 1_2_00781456 | |
Source: | Code function: | 1_2_00780856 | |
Source: | Code function: | 1_2_00780829 | |
Source: | Code function: | 1_2_007808D4 | |
Source: | Code function: | 1_2_007808B6 | |
Source: | Code function: | 1_2_00781972 | |
Source: | Code function: | 1_2_00781936 | |
Source: | Code function: | 1_2_0078192C | |
Source: | Code function: | 1_2_00780905 | |
Source: | Code function: | 1_2_007809FF | |
Source: | Code function: | 1_2_007819AE | |
Source: | Code function: | 1_2_00780983 | |
Source: | Code function: | 1_2_00780A36 | |
Source: | Code function: | 1_2_00781A1A | |
Source: | Code function: | 1_2_00781A0D | |
Source: | Code function: | 1_2_00781AF6 | |
Source: | Code function: | 1_2_00781ADA | |
Source: | Code function: | 1_2_007806D0 | |
Source: | Code function: | 1_2_007816CA | |
Source: | Code function: | 1_2_00780AB3 | |
Source: | Code function: | 1_2_00781A83 | |
Source: | Code function: | 1_2_00780A86 | |
Source: | Code function: | 1_2_00780778 | |
Source: | Code function: | 1_2_00781B62 | |
Source: | Code function: | 1_2_00781B20 | |
Source: | Code function: | 1_2_007807FB | |
Source: | Code function: | 1_2_00781BC3 | |
Source: | Code function: | 1_2_0078079E | |
Source: | Code function: | 1_2_00781B82 |
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 1_2_0078087B |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_0078087B |
Source: | Code function: | 1_2_007839FA |
Source: | Code function: | 1_2_004018FB | |
Source: | Code function: | 1_2_00401B7C | |
Source: | Code function: | 1_2_00401B90 | |
Source: | Code function: | 1_2_00401BAC | |
Source: | Code function: | 1_2_0078205E | |
Source: | Code function: | 1_2_00782032 | |
Source: | Code function: | 1_2_0078202C | |
Source: | Code function: | 1_2_007820BE | |
Source: | Code function: | 1_2_00785972 | |
Source: | Code function: | 1_2_0078594E | |
Source: | Code function: | 1_2_00785935 | |
Source: | Code function: | 1_2_0078192C | |
Source: | Code function: | 1_2_007851F3 | |
Source: | Code function: | 1_2_00782DD1 | |
Source: | Code function: | 1_2_00781DB2 | |
Source: | Code function: | 1_2_00781E32 | |
Source: | Code function: | 1_2_00785A0A | |
Source: | Code function: | 1_2_007852F6 | |
Source: | Code function: | 1_2_00784AB5 | |
Source: | Code function: | 1_2_00781E83 | |
Source: | Code function: | 1_2_00785335 | |
Source: | Code function: | 1_2_00781FCA | |
Source: | Code function: | 8_2_00E84AB5 | |
Source: | Code function: | 8_2_00E85A0A | |
Source: | Code function: | 8_2_00E859E1 | |
Source: | Code function: | 8_2_00E82DCE | |
Source: | Code function: | 8_2_00E8597E | |
Source: | Code function: | 8_2_00E85941 | |
Source: | Code function: | 8_2_00E8592A | |
Source: | Code function: | 8_2_00E85931 | |
Source: | Code function: | 8_2_00E85333 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_00781841 |
Stealing of Sensitive Information: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection112 | Masquerading1 | Input Capture1 | Security Software Discovery721 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion32 | LSASS Memory | Virtualization/Sandbox Evasion32 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol12 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery311 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
30% | Virustotal | Browse | ||
11% | ReversingLabs | Win32.Trojan.Generic |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
wealthybillionaire.ddns.net | 41.217.65.85 | true | true |
| unknown |
googlehosted.l.googleusercontent.com | 172.217.22.225 | true | false | high | |
doc-10-4c-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 345064 |
Start date: | 27.01.2021 |
Start time: | 16:47:09 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | TT SWIFT COPY.scr (renamed file extension from scr to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@3/1@7/3 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
16:48:50 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
172.217.22.225 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
wealthybillionaire.ddns.net | Get hash | malicious | Browse |
| |
googlehosted.l.googleusercontent.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
SpectranetNG | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
GOOGLEUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 74 |
Entropy (8bit): | 4.761677312794259 |
Encrypted: | false |
SSDEEP: | 3:ttUWdYFOJKrA4RXMRPHv31aeo:tmbEJ4XqdHv3IP |
MD5: | CCE1AAB72179A0181668FA420CCDB994 |
SHA1: | 92BD82FDD219BEDAED8F627D305D74AA3A9D91C0 |
SHA-256: | 6F40F518DBC5052C964E12111EE853D3B4C8BD84B4D0B280B4B1D76FA3F3CF0C |
SHA-512: | 10D3909C8FC7C98D41217AA08A59BB15BD85FAD785BDF374D6406324BD4B3B5A3DF43EA8FEF5947E66238573A48C7C83A47F4B9932261E8563FEB734AC1487A6 |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.2833548504304 |
TrID: |
|
File name: | TT SWIFT COPY.exe |
File size: | 139264 |
MD5: | cb3b77181a200f9b066fd29e4431ad0f |
SHA1: | 0019eab67d15bf22a9e90345bf7281b4f0c11d5f |
SHA256: | d94aa8eba8dce581912552261b549bb8bcf04e8380fa68dc525c0d94236b761b |
SHA512: | 727c614587570ce6ecf1489dcce3fd0e7415f83937dd9b349a3b055f4568fcdd319978310c47c01dcb2bc151426807d0812579e922dee4ffc329e3e8117885e3 |
SSDEEP: | 1536:nz2K0+KowzEQVKnQrIskYv67Z6ojCaXDdoDIlB:zSuwoLyaBo6B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1.......0...~...0.......0...Rich1...........PE..L...H..V..................... ......,.............@................ |
File Icon |
---|
Icon Hash: | b064666ae6d6ee6c |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40152c |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x56BFC148 [Sat Feb 13 23:50:32 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 20fa7021831ab23270faf65321b1b2e3 |
Entrypoint Preview |
---|
Instruction |
---|
push 00408BACh |
call 00007F059475F493h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
push ebp |
xchg eax, ebx |
into |
mov esi, 4EE7931Fh |
mov al, FDh |
loopne 00007F059475F4AEh |
pop ds |
cmp dword ptr [esi+00000095h], esp |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [edx+00h], al |
push es |
push eax |
add dword ptr [ecx], 6Dh |
imul esi, dword ptr [ebx+67h], 00860072h |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
pop es |
pop eax |
and dl, bh |
push eax |
inc ebx |
loope 00007F059475F4E7h |
xchg eax, ebx |
sbb eax, 097A1802h |
add al, 3Fh |
in al, 66h |
mov word ptr [ebp+2Ch], gs |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xf664 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x11000 | 0x10b34 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x120 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xeb2c | 0xf000 | False | 0.453678385417 | data | 6.18718833178 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x10000 | 0xa48 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x11000 | 0x10b34 | 0x11000 | False | 0.124540441176 | data | 4.29488419368 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x110e8 | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
RT_GROUP_ICON | 0x21910 | 0x14 | data | ||
RT_VERSION | 0x21924 | 0x210 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaHresultCheck, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaDateVar, _CIlog, __vbaNew2, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaLateMemCall, __vbaVarDup, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
InternalName | Rombudd |
FileVersion | 1.00 |
CompanyName | Longines |
ProductName | Longines |
ProductVersion | 1.00 |
OriginalFilename | Rombudd.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 27, 2021 16:48:49.658221006 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.700680971 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.700802088 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.701518059 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.745665073 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.759439945 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.759474993 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.759500980 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.759522915 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.759556055 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.759603024 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.773170948 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.816327095 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.816487074 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.817303896 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.864830017 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.983856916 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.983881950 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.983938932 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.983952999 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:49.983962059 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.983978987 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:49.984044075 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:50.381218910 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:50.425501108 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.003437996 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.003489017 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.003526926 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.003566980 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.004884005 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.004914999 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.004976034 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.005017996 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.006592035 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.006654978 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.006720066 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.006755114 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.009722948 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.009777069 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.009821892 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.009848118 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.012815952 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.012868881 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.012892008 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.012916088 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.015885115 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.015938997 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.015976906 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.016000032 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.018995047 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.019017935 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.019076109 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.020843983 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.020873070 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.020916939 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.020941019 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.023940086 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.023967028 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.024028063 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.024046898 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.027069092 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.027189970 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.046031952 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.046061993 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.046120882 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.046156883 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.047482967 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.047524929 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.047566891 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.047586918 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.050605059 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.050635099 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.050702095 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.053744078 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.053777933 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.053822041 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.053850889 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.056838036 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.056874037 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.056916952 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.056940079 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.059954882 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.059993029 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.060040951 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.060065031 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.063044071 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.063091993 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.063114882 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.063143969 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.066198111 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.066242933 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.066278934 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.066324949 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.069329977 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.069372892 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.069490910 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.072274923 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.072334051 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:48:51.072351933 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.072391033 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:48:51.200222969 CET | 49756 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:48:54.202102900 CET | 49756 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:49:00.233917952 CET | 49756 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:49:13.375659943 CET | 49767 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:49:16.375791073 CET | 49767 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:49:22.376302958 CET | 49767 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:49:36.098659992 CET | 49768 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:49:39.096483946 CET | 49768 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:49:45.112684011 CET | 49768 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:49:58.271168947 CET | 49770 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:50:01.285892963 CET | 49770 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:50:07.286390066 CET | 49770 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:50:20.447057962 CET | 49771 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:50:23.459593058 CET | 49771 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:50:29.461057901 CET | 49771 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:50:38.459234953 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:50:38.501533031 CET | 443 | 49750 | 172.217.22.225 | 192.168.2.4 |
Jan 27, 2021 16:50:38.501601934 CET | 49750 | 443 | 192.168.2.4 | 172.217.22.225 |
Jan 27, 2021 16:50:42.664093971 CET | 49772 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:50:45.664592981 CET | 49772 | 52360 | 192.168.2.4 | 41.217.65.85 |
Jan 27, 2021 16:50:51.665102959 CET | 49772 | 52360 | 192.168.2.4 | 41.217.65.85 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 27, 2021 16:47:52.199857950 CET | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:47:52.251549006 CET | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:47:53.401667118 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:47:53.452290058 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:47:54.748959064 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:47:54.798152924 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:47:56.092576027 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:47:56.140506029 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:47:57.445337057 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:47:57.501646042 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:47:58.529681921 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:47:58.577590942 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:47:59.502315044 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:47:59.550240993 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:01.316770077 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:01.364873886 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:02.614227057 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:02.663778067 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:03.592953920 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:03.654442072 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:04.860775948 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:04.908763885 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:05.819096088 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:05.869807959 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:07.242556095 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:07.303323030 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:08.404150009 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:08.453174114 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:09.410604954 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:09.461582899 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:10.582242966 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:10.638855934 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:20.587336063 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:20.635426044 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:34.118211031 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:34.178715944 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:41.792427063 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:41.853951931 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:48.438832998 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:48.503421068 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:48.952749968 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:49.011135101 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:49.577096939 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:49.632471085 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:49.655276060 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:49.688832045 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:49.994541883 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:50.063925982 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:50.275145054 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:50.339596033 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:50.930318117 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:50.987020969 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:51.133460999 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:51.135895014 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:51.185509920 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:51.199150085 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:51.465825081 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:51.524655104 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:52.177882910 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:52.234494925 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:52.892705917 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:52.954174042 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:53.725513935 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:53.789880991 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:54.969630003 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:55.030900955 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:55.893250942 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:55.949723959 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:48:59.302361012 CET | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:48:59.365312099 CET | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:49:13.310650110 CET | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:49:13.374368906 CET | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:49:36.041059971 CET | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:49:36.097318888 CET | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:49:37.338814974 CET | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:49:37.387098074 CET | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:49:58.210439920 CET | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:49:58.269824982 CET | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:50:20.384707928 CET | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:50:20.444418907 CET | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Jan 27, 2021 16:50:42.605174065 CET | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 27, 2021 16:50:42.661493063 CET | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 27, 2021 16:48:49.577096939 CET | 192.168.2.4 | 8.8.8.8 | 0x93ed | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 16:48:51.133460999 CET | 192.168.2.4 | 8.8.8.8 | 0xdedc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 16:49:13.310650110 CET | 192.168.2.4 | 8.8.8.8 | 0x591d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 16:49:36.041059971 CET | 192.168.2.4 | 8.8.8.8 | 0x8409 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 16:49:58.210439920 CET | 192.168.2.4 | 8.8.8.8 | 0x65ff | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 16:50:20.384707928 CET | 192.168.2.4 | 8.8.8.8 | 0x13e3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 27, 2021 16:50:42.605174065 CET | 192.168.2.4 | 8.8.8.8 | 0x8a28 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 27, 2021 16:48:49.655276060 CET | 8.8.8.8 | 192.168.2.4 | 0x93ed | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 27, 2021 16:48:49.655276060 CET | 8.8.8.8 | 192.168.2.4 | 0x93ed | No error (0) | 172.217.22.225 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 16:48:51.199150085 CET | 8.8.8.8 | 192.168.2.4 | 0xdedc | No error (0) | 41.217.65.85 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 16:49:13.374368906 CET | 8.8.8.8 | 192.168.2.4 | 0x591d | No error (0) | 41.217.65.85 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 16:49:36.097318888 CET | 8.8.8.8 | 192.168.2.4 | 0x8409 | No error (0) | 41.217.65.85 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 16:49:58.269824982 CET | 8.8.8.8 | 192.168.2.4 | 0x65ff | No error (0) | 41.217.65.85 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 16:50:20.444418907 CET | 8.8.8.8 | 192.168.2.4 | 0x13e3 | No error (0) | 41.217.65.85 | A (IP address) | IN (0x0001) | ||
Jan 27, 2021 16:50:42.661493063 CET | 8.8.8.8 | 192.168.2.4 | 0x8a28 | No error (0) | 41.217.65.85 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Jan 27, 2021 16:48:49.759522915 CET | 172.217.22.225 | 443 | 192.168.2.4 | 49750 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Jan 05 13:11:08 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Mar 30 14:11:07 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:47:56 |
Start date: | 27/01/2021 |
Path: | C:\Users\user\Desktop\TT SWIFT COPY.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 139264 bytes |
MD5 hash: | CB3B77181A200F9B066FD29E4431AD0F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 16:48:37 |
Start date: | 27/01/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\ieinstal.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 480256 bytes |
MD5 hash: | DAD17AB737E680C47C8A44CBB95EE67E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078271A, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 200nativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00782773, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 178nativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00782792, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 140nativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00782818, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137nativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078285A, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99nativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007828B8, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124nativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078436A, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101fileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00782935, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 80nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007839FA, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007847E5, Relevance: 3.1, APIs: 1, Instructions: 1558COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078498A, Relevance: 2.8, APIs: 1, Instructions: 1338COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007851F3, Relevance: 2.3, APIs: 1, Instructions: 811COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004018FB, Relevance: 1.9, APIs: 1, Instructions: 655COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00785D04, Relevance: 1.9, APIs: 1, Instructions: 374COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078632E, Relevance: 1.8, APIs: 1, Instructions: 298COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780829, Relevance: 1.8, APIs: 1, Instructions: 283COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078079E, Relevance: 1.8, APIs: 1, Instructions: 278COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007807FB, Relevance: 1.8, APIs: 1, Instructions: 259COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780778, Relevance: 1.7, APIs: 1, Instructions: 249COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780856, Relevance: 1.7, APIs: 1, Instructions: 220COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078087B, Relevance: 1.7, APIs: 1, Instructions: 214COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007808B6, Relevance: 1.7, APIs: 1, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007808D4, Relevance: 1.7, APIs: 1, Instructions: 179COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780983, Relevance: 1.6, APIs: 1, Instructions: 139COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007809FF, Relevance: 1.6, APIs: 1, Instructions: 137COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780A36, Relevance: 1.6, APIs: 1, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780AB3, Relevance: 1.6, APIs: 1, Instructions: 111COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780A86, Relevance: 1.6, APIs: 1, Instructions: 106COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 70% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00785E37, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401B90, Relevance: 1.4, APIs: 1, Instructions: 198COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 33% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007832C2, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00783192, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007831CE, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 108libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007832E8, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078327A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 98libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00783236, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 93libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007839C9, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078220B, Relevance: 1.6, APIs: 1, Instructions: 148COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780B1C, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780B7A, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780B3A, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780C0E, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007842AA, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00780BCF, Relevance: 1.5, APIs: 1, Instructions: 36COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078052E, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007842DA, Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078430A, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C4B, Relevance: 1.5, APIs: 1, Instructions: 234COMMON
C-Code - Quality: 78% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401C1C, Relevance: 1.5, APIs: 1, Instructions: 202COMMON
C-Code - Quality: 64% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401CB5, Relevance: 1.4, APIs: 1, Instructions: 157COMMON
C-Code - Quality: 44% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401E0D, Relevance: 1.3, APIs: 1, Instructions: 99memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401E41, Relevance: 1.3, APIs: 1, Instructions: 96memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EBA, Relevance: 1.3, APIs: 1, Instructions: 82memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401F02, Relevance: 1.3, APIs: 1, Instructions: 70memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401EED, Relevance: 1.3, APIs: 1, Instructions: 62memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 007841A6, Relevance: 2.6, Strings: 2, Instructions: 86COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078192C, Relevance: .4, Instructions: 409COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781936, Relevance: .3, Instructions: 311COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781972, Relevance: .2, Instructions: 250COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781A0D, Relevance: .2, Instructions: 244COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007819AE, Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781A83, Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781A1A, Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781B20, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781DB2, Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078594E, Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781ADA, Relevance: .2, Instructions: 196COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00785935, Relevance: .2, Instructions: 195COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781B62, Relevance: .2, Instructions: 194COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781AF6, Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00785972, Relevance: .2, Instructions: 186COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00785A0A, Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781B82, Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781BC3, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781FCA, Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781E83, Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078202C, Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781E32, Relevance: .1, Instructions: 121COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00782032, Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0078205E, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00781841, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007820BE, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007852F6, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00785335, Relevance: .0, Instructions: 39COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007816CA, Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00782DD1, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00784AB5, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F11C, Relevance: 30.1, APIs: 20, Instructions: 128COMMON
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EF2F, Relevance: 24.1, APIs: 16, Instructions: 135COMMON
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E4A4, Relevance: 21.1, APIs: 14, Instructions: 65COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E6CA, Relevance: 19.6, APIs: 13, Instructions: 150COMMON
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E8FB, Relevance: 19.6, APIs: 13, Instructions: 99COMMON
C-Code - Quality: 61% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 48% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E18E, Relevance: 18.1, APIs: 12, Instructions: 141COMMON
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040DFD2, Relevance: 18.1, APIs: 12, Instructions: 119COMMON
C-Code - Quality: 48% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F4CE, Relevance: 15.1, APIs: 10, Instructions: 94COMMON
C-Code - Quality: 62% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDC8, Relevance: 12.1, APIs: 8, Instructions: 98COMMON
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040E372, Relevance: 12.1, APIs: 8, Instructions: 74COMMON
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 42% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F3D7, Relevance: 7.6, APIs: 5, Instructions: 61COMMON
C-Code - Quality: 66% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EB09, Relevance: 7.5, APIs: 5, Instructions: 36COMMON
C-Code - Quality: 79% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EA7A, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00E85525, Relevance: 3.1, APIs: 1, Instructions: 1562COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8498A, Relevance: 2.9, APIs: 1, Instructions: 1394COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E85D04, Relevance: 1.9, APIs: 1, Instructions: 399COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E864B9, Relevance: 1.6, APIs: 1, Instructions: 96nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E86458, Relevance: 1.6, APIs: 1, Instructions: 96nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E863AD, Relevance: 1.6, APIs: 1, Instructions: 91nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E85333, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E863AA, Relevance: 1.6, APIs: 1, Instructions: 85nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8641E, Relevance: 1.6, APIs: 1, Instructions: 70nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E86432, Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E86526, Relevance: 1.5, APIs: 1, Instructions: 32nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E85E37, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E83966, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 167libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E83172, Relevance: 3.2, APIs: 2, Instructions: 155COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E82B0B, Relevance: 2.2, APIs: 1, Instructions: 656COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E82E8E, Relevance: 1.7, APIs: 1, Instructions: 162COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8390A, Relevance: 1.6, APIs: 1, Instructions: 130COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E821AA, Relevance: 1.6, APIs: 1, Instructions: 80threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E842AA, Relevance: 1.5, APIs: 1, Instructions: 39fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E842DA, Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00E8430A, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|