Analysis Report Import shipment.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "working@omnlltd.comF]0fJ[fn)WB@server126.web-hosting.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 1 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to register a low level keyboard hook | Show sources |
Source: | Code function: | 4_2_0117085C |
Installs a global keyboard hook | Show sources |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
System Summary: |
---|
.NET source code contains very large array initializations | Show sources |
Source: | Large array initialization: |
Source: | Code function: | 1_2_00C2929D | |
Source: | Code function: | 1_2_0162C164 | |
Source: | Code function: | 1_2_0162E5A0 | |
Source: | Code function: | 1_2_0162E5B0 | |
Source: | Code function: | 1_2_00C29BE6 | |
Source: | Code function: | 4_2_00A4929D | |
Source: | Code function: | 4_2_010E20E8 | |
Source: | Code function: | 4_2_010F68D0 | |
Source: | Code function: | 4_2_010F5B70 | |
Source: | Code function: | 4_2_0117A400 | |
Source: | Code function: | 4_2_0117DA58 | |
Source: | Code function: | 4_2_01171358 | |
Source: | Code function: | 4_2_0117AF00 | |
Source: | Code function: | 4_2_011A7D88 | |
Source: | Code function: | 4_2_011A95E8 | |
Source: | Code function: | 4_2_011A0842 | |
Source: | Code function: | 4_2_011A9CF8 | |
Source: | Code function: | 4_2_011A4B90 | |
Source: | Code function: | 4_2_011AAEA0 | |
Source: | Code function: | 4_2_011A55F0 | |
Source: | Code function: | 4_2_011A54F2 | |
Source: | Code function: | 4_2_011AF0E0 | |
Source: | Code function: | 4_2_011ACFC0 | |
Source: | Code function: | 4_2_00A49BE6 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_00C2B29A | |
Source: | Code function: | 1_2_00C2B024 | |
Source: | Code function: | 1_2_00C2B032 | |
Source: | Code function: | 4_3_012D7D09 | |
Source: | Code function: | 4_2_00A4B024 | |
Source: | Code function: | 4_2_00A4B032 | |
Source: | Code function: | 4_2_00A4B29A | |
Source: | Code function: | 4_2_010FB5B9 | |
Source: | Code function: | 4_2_010FD421 |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 4_2_010F0A70 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Path Interception | Process Injection12 | Disable or Modify Tools1 | OS Credential Dumping2 | System Information Discovery114 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Deobfuscate/Decode Files or Information1 | Input Capture21 | Query Registry1 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information2 | Credentials in Registry1 | Security Software Discovery211 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Software Packing3 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture21 | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Timestomp1 | LSA Secrets | Virtualization/Sandbox Evasion131 | SSH | Clipboard Data1 | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Masquerading1 | Cached Domain Credentials | Application Window Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion131 | DCSync | Remote System Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Process Injection12 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
23% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Spy.Gen8 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
server126.web-hosting.com | 198.54.126.165 | true | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
198.54.126.165 | server126.web-hosting.com | United States | 22612 | NAMECHEAP-NETUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 385333 |
Start date: | 12.04.2021 |
Start time: | 10:47:14 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Import shipment.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/2@2/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:48:04 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
198.54.126.165 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
server126.web-hosting.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
NAMECHEAP-NETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Import shipment.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1216 |
Entropy (8bit): | 5.355304211458859 |
Encrypted: | false |
SSDEEP: | 24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr |
MD5: | FED34146BF2F2FA59DCF8702FCC8232E |
SHA1: | B03BFEA175989D989850CF06FE5E7BBF56EAA00A |
SHA-256: | 123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C |
SHA-512: | 1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Import shipment.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 0.6951152985249047 |
Encrypted: | false |
SSDEEP: | 24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBopIvJn2QOYiUG3PaVrX:T5LLOpEO5J/Kn7U1uBopIvZXC/alX |
MD5: | EA7F9615D77815B5FFF7C15179C6C560 |
SHA1: | 3D1D0BAC6633344E2B6592464EBB957D0D8DD48F |
SHA-256: | A5D1ABB57C516F4B3DF3D18950AD1319BA1A63F9A39785F8F0EACE0A482CAB17 |
SHA-512: | 9C818471F69758BD4884FDB9B543211C9E1EE832AC29C2C5A0377C412454E8C745FB3F38FF6E3853AE365D04933C0EC55A46DDA60580D244B308F92C57258C98 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.875779706970726 |
TrID: |
|
File name: | Import shipment.exe |
File size: | 662528 |
MD5: | c70decc03a9214f65a58ae036149fb17 |
SHA1: | 2acb36495475fb87f39379d1dabbbaca0fba7a1a |
SHA256: | af1d434f702045685e163c36d8d24098389e7675eed56ae34a90532764df2d3b |
SHA512: | a440172df4a7ad4b2125f233f3f8d7f342ab20c47e47e3edd1ce3254f3f4bb42d984d0670d3f4fcbbcfa854a73ac6de8ca0bf953cb62489ac52467cf0cfdbdcd |
SSDEEP: | 12288:R7WAGdp+LZ6FVQrWYRTCtmp2q/iTS9u6MYy:NWAGd0LZ6FiWYRTCU45PK |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Q................0..............0... ...@....@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4a3002 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0xCCA75117 [Thu Oct 20 18:48:55 2078 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa2fb0 | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa4000 | 0x5f8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa6000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xa2f94 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0xa1008 | 0xa1200 | False | 0.89808445258 | data | 7.88279722869 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xa4000 | 0x5f8 | 0x600 | False | 0.439453125 | data | 4.24639037543 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa6000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0980041756627 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xa4090 | 0x366 | data | ||
RT_MANIFEST | 0xa4408 | 0x1ea | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright Integra Wealth |
Assembly Version | 1.8.9.10 |
InternalName | rb.exe |
FileVersion | 1.9.1.0 |
CompanyName | Integra Wealth |
LegalTrademarks | |
Comments | |
ProductName | ReplacementFallback |
ProductVersion | 1.9.1.0 |
FileDescription | ReplacementFallback |
OriginalFilename | rb.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/12/21-10:48:02.995749 | ICMP | 384 | ICMP PING | 192.168.2.6 | 93.184.221.240 | ||
04/12/21-10:48:03.030703 | ICMP | 449 | ICMP Time-To-Live Exceeded in Transit | 84.17.52.126 | 192.168.2.6 | ||
04/12/21-10:48:03.031631 | ICMP | 384 | ICMP PING | 192.168.2.6 | 93.184.221.240 | ||
04/12/21-10:48:03.067430 | ICMP | 449 | ICMP Time-To-Live Exceeded in Transit | 5.56.20.161 | 192.168.2.6 | ||
04/12/21-10:48:03.067823 | ICMP | 384 | ICMP PING | 192.168.2.6 | 93.184.221.240 | ||
04/12/21-10:48:03.110774 | ICMP | 449 | ICMP Time-To-Live Exceeded in Transit | 81.95.15.57 | 192.168.2.6 | ||
04/12/21-10:48:03.111262 | ICMP | 384 | ICMP PING | 192.168.2.6 | 93.184.221.240 | ||
04/12/21-10:48:03.153152 | ICMP | 449 | ICMP Time-To-Live Exceeded in Transit | 152.195.101.202 | 192.168.2.6 | ||
04/12/21-10:48:03.153617 | ICMP | 384 | ICMP PING | 192.168.2.6 | 93.184.221.240 | ||
04/12/21-10:48:03.195257 | ICMP | 449 | ICMP Time-To-Live Exceeded in Transit | 152.195.101.129 | 192.168.2.6 | ||
04/12/21-10:48:03.195877 | ICMP | 384 | ICMP PING | 192.168.2.6 | 93.184.221.240 | ||
04/12/21-10:48:03.236459 | ICMP | 408 | ICMP Echo Reply | 93.184.221.240 | 192.168.2.6 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2021 10:49:54.191900969 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:54.385782003 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:54.386179924 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:54.859627962 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:54.860271931 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:55.054825068 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:55.055085897 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:55.260812044 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:55.305738926 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:55.347160101 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:55.565828085 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:55.565866947 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:55.565891981 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:55.565908909 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:55.565994978 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:55.566126108 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:55.571527004 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:55.606297970 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:55.801290989 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:55.852679968 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:56.069519043 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:56.268513918 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:56.270733118 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:56.464813948 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:56.465893984 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:56.681178093 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:56.682378054 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:56.876218081 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:56.879336119 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:57.102574110 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:57.103195906 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:57.298124075 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:57.299489975 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:57.299664974 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:57.300602913 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:57.300720930 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:57.493074894 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:57.493123055 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:57.494285107 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:57.494313002 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:57.504060030 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:57.555977106 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:59.171813965 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:59.368077040 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:49:59.368302107 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:59.476660967 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:49:59.905551910 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:00.101599932 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.101917028 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:00.324060917 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.324637890 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:00.519011974 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.519304991 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:00.717719078 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.718795061 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:00.923458099 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.923491955 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.923504114 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.923511982 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.923820972 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:00.925647974 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:00.933744907 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:01.129595041 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:01.133305073 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:01.327502012 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:01.327948093 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:01.521976948 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:01.523004055 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:01.722630978 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:01.723248005 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:01.916877031 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:01.917229891 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.116987944 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.137140036 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.331204891 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.333000898 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.333101034 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.333214998 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.333313942 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.333487034 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.333561897 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.333646059 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.333714962 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
Apr 12, 2021 10:50:02.527345896 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.527398109 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.527415037 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.527431011 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.527446985 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.527465105 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.527491093 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.538470984 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 |
Apr 12, 2021 10:50:02.587754965 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 12, 2021 10:47:55.756588936 CEST | 63791 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:47:55.816066027 CEST | 53 | 63791 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:47:58.054960966 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:47:58.112131119 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:47:59.206531048 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:47:59.255312920 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:00.397649050 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:00.449237108 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:01.797868967 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:01.846671104 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:02.931085110 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:02.937936068 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:02.986511946 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:02.994849920 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:11.893841982 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:11.946032047 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:29.895128965 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:29.946644068 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:33.924118996 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:33.983228922 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:45.860733032 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:45.910515070 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:47.094057083 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:47.142798901 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:47.889925003 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:48.000396013 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:48.513565063 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:48.653605938 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:49.224756956 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:49.316055059 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:49.317795992 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:49.381371975 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:49.758485079 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:49.776926041 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:49.816907883 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:49.826123953 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:50.388044119 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:50.476705074 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:51.029290915 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:51.086013079 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:51.509377003 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:51.566610098 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:52.938544989 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:52.996104002 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:53.824960947 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:53.886890888 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:54.473404884 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:54.530843973 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:56.052721024 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:56.104418039 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:57.568150997 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:57.616981983 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:48:58.355361938 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:48:58.412851095 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:00.883996964 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:00.935914993 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:04.266478062 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:04.438817024 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:04.957335949 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:05.006026030 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:05.756541014 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:05.824378014 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:05.841919899 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:05.890906096 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:06.659635067 CEST | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:06.722001076 CEST | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:35.185866117 CEST | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:35.247623920 CEST | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:37.821677923 CEST | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:37.878963947 CEST | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:39.156030893 CEST | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:39.207937956 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:42.658782005 CEST | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:42.707505941 CEST | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:44.193980932 CEST | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:44.242670059 CEST | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:47.130911112 CEST | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:47.179882050 CEST | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:54.015028000 CEST | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:54.093194962 CEST | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
Apr 12, 2021 10:49:59.754203081 CEST | 61178 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 12, 2021 10:49:59.903330088 CEST | 53 | 61178 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 12, 2021 10:49:54.015028000 CEST | 192.168.2.6 | 8.8.8.8 | 0xa9b7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 12, 2021 10:49:59.754203081 CEST | 192.168.2.6 | 8.8.8.8 | 0xc2b | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 12, 2021 10:49:54.093194962 CEST | 8.8.8.8 | 192.168.2.6 | 0xa9b7 | No error (0) | 198.54.126.165 | A (IP address) | IN (0x0001) | ||
Apr 12, 2021 10:49:59.903330088 CEST | 8.8.8.8 | 192.168.2.6 | 0xc2b | No error (0) | 198.54.126.165 | A (IP address) | IN (0x0001) |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Apr 12, 2021 10:49:54.859627962 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 | 220-server126.web-hosting.com ESMTP Exim 4.94 #2 Mon, 12 Apr 2021 04:49:54 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Apr 12, 2021 10:49:54.860271931 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 | EHLO 065367 |
Apr 12, 2021 10:49:55.054825068 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 | 250-server126.web-hosting.com Hello 065367 [84.17.52.3] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-X_PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
Apr 12, 2021 10:49:55.055085897 CEST | 49753 | 587 | 192.168.2.6 | 198.54.126.165 | STARTTLS |
Apr 12, 2021 10:49:55.260812044 CEST | 587 | 49753 | 198.54.126.165 | 192.168.2.6 | 220 TLS go ahead |
Apr 12, 2021 10:50:00.324060917 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 | 220-server126.web-hosting.com ESMTP Exim 4.94 #2 Mon, 12 Apr 2021 04:50:00 -0400 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Apr 12, 2021 10:50:00.324637890 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 | EHLO 065367 |
Apr 12, 2021 10:50:00.519011974 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 | 250-server126.web-hosting.com Hello 065367 [84.17.52.3] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-X_PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
Apr 12, 2021 10:50:00.519304991 CEST | 49754 | 587 | 192.168.2.6 | 198.54.126.165 | STARTTLS |
Apr 12, 2021 10:50:00.717719078 CEST | 587 | 49754 | 198.54.126.165 | 192.168.2.6 | 220 TLS go ahead |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:48:03 |
Start date: | 12/04/2021 |
Path: | C:\Users\user\Desktop\Import shipment.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc20000 |
File size: | 662528 bytes |
MD5 hash: | C70DECC03A9214F65A58AE036149FB17 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 10:48:07 |
Start date: | 12/04/2021 |
Path: | C:\Users\user\Desktop\Import shipment.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa40000 |
File size: | 662528 bytes |
MD5 hash: | C70DECC03A9214F65A58AE036149FB17 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0162E5A0, Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0162FBE0, Relevance: 1.8, APIs: 1, Instructions: 252COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0162FD38, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01625365, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01623DE8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0162B8F0, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0162B8F8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01629869, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01629870, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00C2929D, Relevance: 1.3, Instructions: 1264COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0162E5B0, Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0162C164, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0117085C, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1043, Relevance: 4.9, APIs: 3, Instructions: 430COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1088, Relevance: 4.9, APIs: 3, Instructions: 423COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F10CD, Relevance: 4.9, APIs: 3, Instructions: 416COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1112, Relevance: 4.9, APIs: 3, Instructions: 409COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1157, Relevance: 4.9, APIs: 3, Instructions: 402COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F119C, Relevance: 4.9, APIs: 3, Instructions: 395COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F11E1, Relevance: 4.9, APIs: 3, Instructions: 388COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1226, Relevance: 4.9, APIs: 3, Instructions: 381COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F126B, Relevance: 4.9, APIs: 3, Instructions: 372COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F12A7, Relevance: 4.9, APIs: 3, Instructions: 367COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F12EC, Relevance: 4.9, APIs: 3, Instructions: 360COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1331, Relevance: 4.9, APIs: 3, Instructions: 353COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1376, Relevance: 3.3, APIs: 2, Instructions: 346COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F13BE, Relevance: 3.3, APIs: 2, Instructions: 337COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F13FA, Relevance: 3.3, APIs: 2, Instructions: 332COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1442, Relevance: 3.3, APIs: 2, Instructions: 325COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F148A, Relevance: 3.3, APIs: 2, Instructions: 318COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F14D2, Relevance: 3.3, APIs: 2, Instructions: 309COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F150E, Relevance: 3.3, APIs: 2, Instructions: 304COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1556, Relevance: 3.3, APIs: 2, Instructions: 295COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1592, Relevance: 3.3, APIs: 2, Instructions: 288COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F15CE, Relevance: 3.3, APIs: 2, Instructions: 283COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1616, Relevance: 3.3, APIs: 2, Instructions: 276COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F165E, Relevance: 3.3, APIs: 2, Instructions: 269COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F16BC, Relevance: 1.8, APIs: 1, Instructions: 258COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1704, Relevance: 1.8, APIs: 1, Instructions: 251COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F174C, Relevance: 1.7, APIs: 1, Instructions: 244COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1794, Relevance: 1.7, APIs: 1, Instructions: 237COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F17DC, Relevance: 1.7, APIs: 1, Instructions: 228COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F182E, Relevance: 1.7, APIs: 1, Instructions: 219COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F1876, Relevance: 1.7, APIs: 1, Instructions: 212COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010F18BE, Relevance: 1.7, APIs: 1, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01170F78, Relevance: 1.6, APIs: 1, Instructions: 132COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01172030, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01171049, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010AD274, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010AD450, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011CD01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 011CD006, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010AD26F, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 010AD44B, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|