Analysis Report Transferencia
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 0_2_004145B8 |
Source: | Process Stats: |
Source: | Code function: | 11_2_01372C3F | |
Source: | Code function: | 11_2_0137849A | |
Source: | Code function: | 11_2_01370724 | |
Source: | Code function: | 11_2_01370BF8 | |
Source: | Code function: | 11_2_0137096A | |
Source: | Code function: | 11_2_01370942 | |
Source: | Code function: | 11_2_0137099A | |
Source: | Code function: | 11_2_013709FC | |
Source: | Code function: | 11_2_013769E2 | |
Source: | Code function: | 11_2_013709C6 | |
Source: | Code function: | 11_2_01376409 | |
Source: | Code function: | 11_2_01370878 | |
Source: | Code function: | 11_2_0137846D | |
Source: | Code function: | 11_2_0137844B | |
Source: | Code function: | 11_2_0137084A | |
Source: | Code function: | 11_2_01370848 | |
Source: | Code function: | 11_2_013708BA | |
Source: | Code function: | 11_2_013764F1 | |
Source: | Code function: | 11_2_013708E7 | |
Source: | Code function: | 11_2_01377BEA | |
Source: | Code function: | 11_2_01370A24 | |
Source: | Code function: | 11_2_01370A6E | |
Source: | Code function: | 11_2_01370AC7 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00404E49 | |
Source: | Code function: | 0_2_0040404D | |
Source: | Code function: | 0_2_00409056 | |
Source: | Code function: | 0_2_004020FD | |
Source: | Code function: | 0_2_00402EFD | |
Source: | Code function: | 0_2_00402101 | |
Source: | Code function: | 0_2_00407E9D | |
Source: | Code function: | 0_2_00403405 | |
Source: | Code function: | 0_2_00408F7E | |
Source: | Code function: | 0_2_0040897A | |
Source: | Code function: | 0_2_00402305 | |
Source: | Code function: | 0_2_00409182 | |
Source: | Code function: | 0_2_00402BE1 | |
Source: | Code function: | 0_2_00402F95 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Contain functionality to detect virtual machines | Show sources |
Source: | Code function: | 11_2_01374236 | |
Source: | Code function: | 11_2_0137421B |
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: | Code function: | 11_2_01370CFF | |
Source: | Code function: | 11_2_01370BF8 | |
Source: | Code function: | 11_2_01370D04 | |
Source: | Code function: | 11_2_01371DBB | |
Source: | Code function: | 11_2_01370C23 | |
Source: | Code function: | 11_2_01370CBA | |
Source: | Code function: | 11_2_01370B8E | |
Source: | Code function: | 11_2_01377E0C |
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 11_2_01372C3F |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: |
Anti Debugging: |
---|
Contains functionality to hide a thread from the debugger | Show sources |
Source: | Code function: | 11_2_01372C3F |
Found potential dummy code loops (likely to delay analysis) | Show sources |
Source: | Process Stats: |
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 11_2_01372C3F |
Source: | Code function: | 11_2_01375079 |
Source: | Code function: | 11_2_013729A6 | |
Source: | Code function: | 11_2_0137299C | |
Source: | Code function: | 11_2_013729E7 | |
Source: | Code function: | 11_2_013760E3 | |
Source: | Code function: | 11_2_01373B32 | |
Source: | Code function: | 11_2_01371FD0 | |
Source: | Code function: | 11_2_01372A37 | |
Source: | Code function: | 11_2_01377E22 | |
Source: | Code function: | 11_2_01376E17 | |
Source: | Code function: | 11_2_01377E0C | |
Source: | Code function: | 11_2_01372696 | |
Source: | Code function: | 11_2_01372684 | |
Source: | Code function: | 11_2_013726DC |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | DLL Side-Loading1 | Process Injection2 | Virtualization/Sandbox Evasion421 | OS Credential Dumping | Security Software Discovery921 | Remote Services | Clipboard Data1 | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Process Injection2 | LSASS Memory | Virtualization/Sandbox Evasion421 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | DLL Side-Loading1 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | System Information Discovery311 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | Virustotal | Browse | ||
69% | ReversingLabs | Win32.Backdoor.Convagent | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 384290 |
Start date: | 08.04.2021 |
Start time: | 21:11:21 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Transferencia (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@4/0@0/0 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
21:13:39 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.7314228952467845 |
TrID: |
|
File name: | Transferencia.exe |
File size: | 122880 |
MD5: | 7c22c3e3b8726dd1b03e69c203590026 |
SHA1: | 7715be6b73e52535d81b083a3dfd95568a729782 |
SHA256: | 96fb89fdc3873864981ec26c355111c26c7ab5132770ead9d1d97bdfac32e566 |
SHA512: | bea857c957f771e3b7c24a3e9770da90766f3c8bf2af74fa79a7b2e9a372b55a1fe628dd72f0744ac1e99d63527e72092dfc47bc2e9b09e2c84030e25f519625 |
SSDEEP: | 1536:yGouBnMJDe1Rd/tnt+5vAQlhI2k1c8VtK9ihGo:yGZBn5j+3I2gtVtK9ihG |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1.......0...~...0.......0...Rich1...........PE..L....{.O.................p...`......(.............@................ |
File Icon |
---|
Icon Hash: | 0ccea09899191898 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401328 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4F8F7B90 [Thu Apr 19 02:42:24 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | efa774b90ad6b9ab8c4fabb031ebe78d |
Entrypoint Preview |
---|
Instruction |
---|
push 00413E10h |
call 00007F48ACE91015h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
jl 00007F48ACE91014h |
fisub dword ptr [edi] |
mov bh, 3Fh |
sti |
inc eax |
or dword ptr [edi-6Fh], 17349181h |
push esi |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
inc ecx |
add byte ptr [esi+53018250h], al |
push 7372656Fh |
aaa |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
sub bl, dl |
aam 67h |
dec esi |
add dword ptr [ebp-6Ah], DE15A246h |
inc dword ptr [edx] |
sal byte ptr [ebx-5D2637B1h], 00000045h |
push ecx |
jc 00007F48ACE90FFAh |
dec ebp |
sahf |
pop ds |
in al, dx |
dec ebx |
inc esi |
push esp |
mov word ptr [edi+33AD4F3Ah], seg? |
cdq |
iretw |
adc dword ptr [edi+00AA000Ch], esi |
pushad |
rcl dword ptr [ebx+00000000h], cl |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
mov ebp, D8000129h |
inc esp |
add byte ptr [eax], al |
add byte ptr [ecx], cl |
add byte ptr [ecx+eax*2+53h], cl |
push esp |
inc ebp |
push eax |
inc ecx |
dec esp |
dec esp |
add byte ptr [62000701h], cl |
insb |
jo 00007F48ACE9108Bh |
popad |
jc 00007F48ACE91022h |
sbb dword ptr [ecx], eax |
add byte ptr [edx+00h], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x17614 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x19000 | 0x4856 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xd4 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x16a04 | 0x17000 | False | 0.347465183424 | data | 6.19151280258 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x18000 | 0xa88 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x19000 | 0x4856 | 0x5000 | False | 0.4142578125 | data | 4.36602718987 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x1b2ae | 0x25a8 | data | ||
RT_ICON | 0x1a206 | 0x10a8 | data | ||
RT_ICON | 0x1987e | 0x988 | data | ||
RT_ICON | 0x19416 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x193d8 | 0x3e | data | ||
RT_VERSION | 0x19180 | 0x258 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaFreeVar, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaVarForInit, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, _allmul, _CItan, __vbaVarForNext, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
InternalName | YCIETRA |
FileVersion | 3.00 |
CompanyName | Salty |
Comments | Salty |
ProductName | Salty |
ProductVersion | 3.00 |
FileDescription | Salty |
OriginalFilename | YCIETRA.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2021 21:11:55.768042088 CEST | 54531 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:11:55.780359983 CEST | 53 | 54531 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:11:55.883462906 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:11:55.898070097 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:11:58.097877979 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:11:58.110531092 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:11:59.033427000 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:11:59.048686028 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:11:59.959151983 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:11:59.971601009 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:01.150670052 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:01.163203001 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:02.185863972 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:02.198513985 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:03.113531113 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:03.126367092 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:04.205010891 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:04.218501091 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:05.546283960 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:05.560033083 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:09.546550989 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:09.559048891 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:10.521244049 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:10.534894943 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:24.931571960 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:24.944093943 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:27.205535889 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:27.225574970 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:42.319421053 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:42.332051992 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:42.969063044 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:42.981756926 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:43.728193045 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:43.741270065 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:44.649430990 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:44.663150072 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:46.299026012 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:46.312469959 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:46.953691006 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:46.966485023 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:50.850680113 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:50.865803003 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:50.899362087 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:50.917721987 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:51.834000111 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:51.847381115 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:12:59.857206106 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:12:59.871678114 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:13:03.895875931 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:13:03.914320946 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:13:34.054303885 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:13:34.067322016 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:13:39.253865957 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:13:39.280627966 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:13:42.108520985 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:13:42.135521889 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Apr 8, 2021 21:13:43.186271906 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 8, 2021 21:13:43.204425097 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 21:12:03 |
Start date: | 08/04/2021 |
Path: | C:\Users\user\Desktop\Transferencia.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 122880 bytes |
MD5 hash: | 7C22C3E3B8726DD1B03E69C203590026 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 21:13:30 |
Start date: | 08/04/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:13:30 |
Start date: | 08/04/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xfa0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 21:13:31 |
Start date: | 08/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 13.7% |
Dynamic/Decrypted Code Coverage: | 8.6% |
Signature Coverage: | 0% |
Total number of Nodes: | 139 |
Total number of Limit Nodes: | 16 |
Graph
Executed Functions |
---|
Function 00416164, Relevance: 151.4, APIs: 82, Strings: 4, Instructions: 924COMMON
Control-flow Graph |
---|
C-Code - Quality: 55% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417505, Relevance: 7.5, APIs: 5, Instructions: 35COMMON
Control-flow Graph |
---|
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 28% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414528, Relevance: .0, Instructions: 8COMMON
Control-flow Graph |
---|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 004145B8, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004172B8, Relevance: 10.6, APIs: 7, Instructions: 81COMMON
Control-flow Graph |
---|
C-Code - Quality: 63% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004173FB, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
Control-flow Graph |
---|
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417130, Relevance: 10.6, APIs: 7, Instructions: 62COMMON
Control-flow Graph |
---|
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 1.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 40.8% |
Total number of Nodes: | 355 |
Total number of Limit Nodes: | 24 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01376409, Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 304libraryCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370724, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 155nativethreadCOMMON
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01372C3F, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 228nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013764F1, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 211nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013708E7, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 208nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370942, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 158nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370878, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 158nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137099A, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013709C6, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 153nativethreadCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013769E2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 147nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137096A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 144nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013708BA, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370848, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 126nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370A24, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370A6E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013709FC, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01375079, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01371FD0, Relevance: 1.9, APIs: 1, Instructions: 439COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01377E0C, Relevance: 1.8, APIs: 1, Instructions: 322COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137849A, Relevance: 1.7, APIs: 1, Instructions: 229COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01371DBB, Relevance: 1.6, APIs: 1, Instructions: 137COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137844B, Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370B8E, Relevance: .4, Instructions: 375COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370C23, Relevance: .3, Instructions: 343COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370D04, Relevance: .3, Instructions: 302COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01370CBA, Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01374B44, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 158libraryCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01374BCD, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 138libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01374F9E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 121libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013788DE, Relevance: 3.2, APIs: 2, Instructions: 188COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378496, Relevance: 1.8, APIs: 1, Instructions: 257COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137898F, Relevance: 1.7, APIs: 1, Instructions: 185COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378C02, Relevance: 1.7, APIs: 1, Instructions: 169COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137892F, Relevance: 1.7, APIs: 1, Instructions: 162COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137895E, Relevance: 1.7, APIs: 1, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378B22, Relevance: 1.7, APIs: 1, Instructions: 155COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013788F9, Relevance: 1.7, APIs: 1, Instructions: 151COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378B72, Relevance: 1.7, APIs: 1, Instructions: 151COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378AAE, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378ADE, Relevance: 1.6, APIs: 1, Instructions: 139COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378D6A, Relevance: 1.6, APIs: 1, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378A7F, Relevance: 1.6, APIs: 1, Instructions: 128COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013746AE, Relevance: 1.6, APIs: 1, Instructions: 126COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378E82, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378CB1, Relevance: 1.6, APIs: 1, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378B44, Relevance: 1.6, APIs: 1, Instructions: 114COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013789FF, Relevance: 1.6, APIs: 1, Instructions: 101COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378A26, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378BCC, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01377665, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378C71, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378D1E, Relevance: 1.6, APIs: 1, Instructions: 88COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013700EC, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378B09, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378BA6, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378E45, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378D3A, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378D96, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01378DF8, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137079A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137430A, Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013742E9, Relevance: 1.5, APIs: 1, Instructions: 10fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137162D, Relevance: 1.3, APIs: 1, Instructions: 58sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013715EE, Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013716BF, Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01371560, Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137158D, Relevance: 1.3, APIs: 1, Instructions: 54sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01371676, Relevance: 1.3, APIs: 1, Instructions: 51sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013715C2, Relevance: 1.3, APIs: 1, Instructions: 48sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137156F, Relevance: 1.3, APIs: 1, Instructions: 47sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01371587, Relevance: 1.3, APIs: 1, Instructions: 41sleepCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 01374236, Relevance: 1.4, Strings: 1, Instructions: 107COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137421B, Relevance: 1.4, Strings: 1, Instructions: 105COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01372684, Relevance: .4, Instructions: 403COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01372696, Relevance: .2, Instructions: 197COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01377E22, Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013729A6, Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013726DC, Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0137299C, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013729E7, Relevance: .1, Instructions: 99COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01372A37, Relevance: .1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01376E17, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01373B32, Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 013760E3, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |