Analysis Report o0AX0nKiUn.dll
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 44 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_03172FE4 | |
Source: | Code function: | 26_2_0092429A | |
Source: | Code function: | 26_2_0091DABA | |
Source: | Code function: | 26_2_00914D8B | |
Source: | Code function: | 26_2_02CD2FE4 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Found Tor onion address | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Uses nslookup.exe to query domains | Show sources |
Source: | Process created: | ||
Source: | Process created: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Detected Gozi e-Banking trojan | Show sources |
Source: | Code function: | 26_2_0091D75A | |
Source: | Code function: | 26_2_0091D75A |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Disables SPDY (HTTP compression, likely to perform web injects) | Show sources |
Source: | Registry key value created / modified: | Jump to behavior |
Source: | Code function: | 3_2_03174459 | |
Source: | Code function: | 3_2_03173D76 | |
Source: | Code function: | 3_2_03171071 | |
Source: | Code function: | 3_2_03172892 | |
Source: | Code function: | 3_2_03171288 | |
Source: | Code function: | 3_2_031713A6 | |
Source: | Code function: | 3_2_031732A8 | |
Source: | Code function: | 3_2_031712DC | |
Source: | Code function: | 3_2_031718F2 | |
Source: | Code function: | 3_2_0317553C | |
Source: | Code function: | 3_2_03175269 | |
Source: | Code function: | 13_2_0027E25C | |
Source: | Code function: | 13_2_0027E36C | |
Source: | Code function: | 13_2_00293C40 | |
Source: | Code function: | 13_2_00277CF4 | |
Source: | Code function: | 13_2_00280570 | |
Source: | Code function: | 13_2_0027B5BC | |
Source: | Code function: | 13_2_0029AEAC | |
Source: | Code function: | 13_2_0029D6AC | |
Source: | Code function: | 13_2_00292F88 | |
Source: | Code function: | 13_2_002B1004 | |
Source: | Code function: | 14_2_007AE25C | |
Source: | Code function: | 14_2_007AE36C | |
Source: | Code function: | 14_2_007C3C40 | |
Source: | Code function: | 14_2_007A7CF4 | |
Source: | Code function: | 14_2_007B0570 | |
Source: | Code function: | 14_2_007AB5BC | |
Source: | Code function: | 14_2_007CAEAC | |
Source: | Code function: | 14_2_007CD6AC | |
Source: | Code function: | 14_2_007C2F88 | |
Source: | Code function: | 14_2_007E1041 | |
Source: | Code function: | 16_2_000002413CB2D6AC | |
Source: | Code function: | 16_2_000002413CB23C40 | |
Source: | Code function: | 17_2_000001EA04133C40 | |
Source: | Code function: | 17_2_000001EA0413D6AC | |
Source: | Code function: | 17_2_000001EA0415104B | |
Source: | Code function: | 18_2_000001E766783C40 | |
Source: | Code function: | 18_2_000001E76678D6AC | |
Source: | Code function: | 19_2_00000209AC2ED6AC | |
Source: | Code function: | 19_2_00000209AC2E3C40 | |
Source: | Code function: | 21_2_000001598A09D6AC | |
Source: | Code function: | 21_2_000001598A093C40 | |
Source: | Code function: | 22_2_000001F9FF95D6AC | |
Source: | Code function: | 22_2_000001F9FF953C40 | |
Source: | Code function: | 25_2_000002EEDF847CF4 | |
Source: | Code function: | 25_2_000002EEDF863C40 | |
Source: | Code function: | 25_2_000002EEDF84E36C | |
Source: | Code function: | 25_2_000002EEDF84E25C | |
Source: | Code function: | 25_2_000002EEDF846808 | |
Source: | Code function: | 25_2_000002EEDF862F88 | |
Source: | Code function: | 25_2_000002EEDF86D6AC | |
Source: | Code function: | 25_2_000002EEDF86AEAC | |
Source: | Code function: | 25_2_000002EEDF84B5BC | |
Source: | Code function: | 25_2_000002EEDF850570 | |
Source: | Code function: | 25_2_000002EEDF88102A | |
Source: | Code function: | 26_2_009102C1 | |
Source: | Code function: | 26_2_0090222C | |
Source: | Code function: | 26_2_00903D9D | |
Source: | Code function: | 26_2_0090D948 | |
Source: | Code function: | 26_2_00907AE4 | |
Source: | Code function: | 26_2_00921B39 | |
Source: | Code function: | 26_2_00919435 | |
Source: | Code function: | 26_2_00923D61 | |
Source: | Code function: | 26_2_00910EA5 | |
Source: | Code function: | 26_2_00934048 | |
Source: | Code function: | 26_2_0093403E | |
Source: | Code function: | 26_2_02CD12DC | |
Source: | Code function: | 26_2_02CD18F2 | |
Source: | Code function: | 26_2_02CD1288 | |
Source: | Code function: | 26_2_02CD2892 | |
Source: | Code function: | 26_2_02CD32A8 | |
Source: | Code function: | 26_2_02CD13A6 | |
Source: | Code function: | 26_2_02CD4459 | |
Source: | Code function: | 26_2_02CD3D76 | |
Source: | Code function: | 26_2_02CD1071 | |
Source: | Code function: | 26_2_02CD5269 | |
Source: | Code function: | 26_2_02CD553C |
Source: | Code function: | 26_2_00922D10 |
Source: | Code function: | 3_2_03175588 | |
Source: | Code function: | 13_2_00282930 | |
Source: | Code function: | 13_2_00277CF4 | |
Source: | Code function: | 13_2_0029568C | |
Source: | Code function: | 13_2_00275010 | |
Source: | Code function: | 13_2_0027F01C | |
Source: | Code function: | 13_2_0029A878 | |
Source: | Code function: | 13_2_0029D84C | |
Source: | Code function: | 13_2_0027D0A0 | |
Source: | Code function: | 13_2_002950B0 | |
Source: | Code function: | 13_2_002880FC | |
Source: | Code function: | 13_2_00298178 | |
Source: | Code function: | 13_2_002889AC | |
Source: | Code function: | 13_2_0028398C | |
Source: | Code function: | 13_2_0028E1F8 | |
Source: | Code function: | 13_2_0029E250 | |
Source: | Code function: | 13_2_00275AE0 | |
Source: | Code function: | 13_2_002932C8 | |
Source: | Code function: | 13_2_00290380 | |
Source: | Code function: | 13_2_002783EC | |
Source: | Code function: | 13_2_002943F0 | |
Source: | Code function: | 13_2_0028BBC4 | |
Source: | Code function: | 13_2_0027E3D8 | |
Source: | Code function: | 13_2_00281464 | |
Source: | Code function: | 13_2_0028C4E4 | |
Source: | Code function: | 13_2_002774D8 | |
Source: | Code function: | 13_2_00279D64 | |
Source: | Code function: | 13_2_0029A5AC | |
Source: | Code function: | 13_2_002895C4 | |
Source: | Code function: | 13_2_002845C4 | |
Source: | Code function: | 13_2_0028CE1C | |
Source: | Code function: | 13_2_00285E40 | |
Source: | Code function: | 13_2_0029B640 | |
Source: | Code function: | 13_2_0027265C | |
Source: | Code function: | 13_2_002826B0 | |
Source: | Code function: | 13_2_0028F694 | |
Source: | Code function: | 13_2_002806FC | |
Source: | Code function: | 13_2_002746D0 | |
Source: | Code function: | 13_2_0029774C | |
Source: | Code function: | 13_2_00280FA8 | |
Source: | Code function: | 13_2_00273F9C | |
Source: | Code function: | 13_2_002997F8 | |
Source: | Code function: | 14_2_007B2930 | |
Source: | Code function: | 14_2_007A7CF4 | |
Source: | Code function: | 14_2_007C568C | |
Source: | Code function: | 14_2_007CA878 | |
Source: | Code function: | 14_2_007CD84C | |
Source: | Code function: | 14_2_007AF01C | |
Source: | Code function: | 14_2_007A5010 | |
Source: | Code function: | 14_2_007B80FC | |
Source: | Code function: | 14_2_007C50B0 | |
Source: | Code function: | 14_2_007AD0A0 | |
Source: | Code function: | 14_2_007C8178 | |
Source: | Code function: | 14_2_007BE1F8 | |
Source: | Code function: | 14_2_007B89AC | |
Source: | Code function: | 14_2_007B398C | |
Source: | Code function: | 14_2_007CE250 | |
Source: | Code function: | 14_2_007A5AE0 | |
Source: | Code function: | 14_2_007C32C8 | |
Source: | Code function: | 14_2_007C43F0 | |
Source: | Code function: | 14_2_007A83EC | |
Source: | Code function: | 14_2_007AE3D8 | |
Source: | Code function: | 14_2_007BBBC4 | |
Source: | Code function: | 14_2_007C0380 | |
Source: | Code function: | 14_2_007B1464 | |
Source: | Code function: | 14_2_007BC4E4 | |
Source: | Code function: | 14_2_007A74D8 | |
Source: | Code function: | 14_2_007A9D64 | |
Source: | Code function: | 14_2_007B95C4 | |
Source: | Code function: | 14_2_007B45C4 | |
Source: | Code function: | 14_2_007CA5AC | |
Source: | Code function: | 14_2_007A265C | |
Source: | Code function: | 14_2_007B5E40 | |
Source: | Code function: | 14_2_007CB640 | |
Source: | Code function: | 14_2_007BCE1C | |
Source: | Code function: | 14_2_007B06FC | |
Source: | Code function: | 14_2_007A46D0 | |
Source: | Code function: | 14_2_007B26B0 | |
Source: | Code function: | 14_2_007BF694 | |
Source: | Code function: | 14_2_007C774C | |
Source: | Code function: | 14_2_007C97F8 | |
Source: | Code function: | 14_2_007B0FA8 | |
Source: | Code function: | 14_2_007A3F9C | |
Source: | Code function: | 16_2_000002413CA046D0 | |
Source: | Code function: | 16_2_000002413CA126B0 | |
Source: | Code function: | 16_2_000002413CA106FC | |
Source: | Code function: | 16_2_000002413CA0265C | |
Source: | Code function: | 16_2_000002413CA2B640 | |
Source: | Code function: | 16_2_000002413CA15E40 | |
Source: | Code function: | 16_2_000002413CA2568C | |
Source: | Code function: | 16_2_000002413CA1F694 | |
Source: | Code function: | 16_2_000002413CA10FA8 | |
Source: | Code function: | 16_2_000002413CA05010 | |
Source: | Code function: | 16_2_000002413CA0F01C | |
Source: | Code function: | 16_2_000002413CA297F8 | |
Source: | Code function: | 16_2_000002413CA2774C | |
Source: | Code function: | 16_2_000002413CA03F9C | |
Source: | Code function: | 16_2_000002413CA250B0 | |
Source: | Code function: | 16_2_000002413CA180FC | |
Source: | Code function: | 16_2_000002413CA2D84C | |
Source: | Code function: | 16_2_000002413CA0D0A0 | |
Source: | Code function: | 16_2_000002413CA2A878 | |
Source: | Code function: | 16_2_000002413CA189AC | |
Source: | Code function: | 16_2_000002413CA1E1F8 | |
Source: | Code function: | 16_2_000002413CA12930 | |
Source: | Code function: | 16_2_000002413CA1398C | |
Source: | Code function: | 16_2_000002413CA28178 | |
Source: | Code function: | 16_2_000002413CA232C8 | |
Source: | Code function: | 16_2_000002413CA05AE0 | |
Source: | Code function: | 16_2_000002413CA2E250 | |
Source: | Code function: | 16_2_000002413CA1BBC4 | |
Source: | Code function: | 16_2_000002413CA0E3D8 | |
Source: | Code function: | 16_2_000002413CA083EC | |
Source: | Code function: | 16_2_000002413CA243F0 | |
Source: | Code function: | 16_2_000002413CA20380 | |
Source: | Code function: | 16_2_000002413CA074D8 | |
Source: | Code function: | 16_2_000002413CA1C4E4 | |
Source: | Code function: | 16_2_000002413CA07CF4 | |
Source: | Code function: | 16_2_000002413CA11464 | |
Source: | Code function: | 16_2_000002413CA195C4 | |
Source: | Code function: | 16_2_000002413CA145C4 | |
Source: | Code function: | 16_2_000002413CA2A5AC | |
Source: | Code function: | 16_2_000002413CA1CE1C | |
Source: | Code function: | 16_2_000002413CA09D64 | |
Source: | Code function: | 16_2_000002413CB2568C | |
Source: | Code function: | 16_2_000002413CB12930 | |
Source: | Code function: | 16_2_000002413CB046D0 | |
Source: | Code function: | 16_2_000002413CB126B0 | |
Source: | Code function: | 16_2_000002413CB106FC | |
Source: | Code function: | 16_2_000002413CB0265C | |
Source: | Code function: | 16_2_000002413CB2B640 | |
Source: | Code function: | 16_2_000002413CB15E40 | |
Source: | Code function: | 16_2_000002413CB1F694 | |
Source: | Code function: | 16_2_000002413CB10FA8 | |
Source: | Code function: | 16_2_000002413CB0F01C | |
Source: | Code function: | 16_2_000002413CB05010 | |
Source: | Code function: | 16_2_000002413CB297F8 | |
Source: | Code function: | 16_2_000002413CB2774C | |
Source: | Code function: | 16_2_000002413CB03F9C | |
Source: | Code function: | 16_2_000002413CB250B0 | |
Source: | Code function: | 16_2_000002413CB180FC | |
Source: | Code function: | 16_2_000002413CB2D84C | |
Source: | Code function: | 16_2_000002413CB0D0A0 | |
Source: | Code function: | 16_2_000002413CB2A878 | |
Source: | Code function: | 16_2_000002413CB189AC | |
Source: | Code function: | 16_2_000002413CB1E1F8 | |
Source: | Code function: | 16_2_000002413CB1398C | |
Source: | Code function: | 16_2_000002413CB28178 | |
Source: | Code function: | 16_2_000002413CB05AE0 | |
Source: | Code function: | 16_2_000002413CB232C8 | |
Source: | Code function: | 16_2_000002413CB2E250 | |
Source: | Code function: | 16_2_000002413CB0E3D8 | |
Source: | Code function: | 16_2_000002413CB1BBC4 | |
Source: | Code function: | 16_2_000002413CB083EC | |
Source: | Code function: | 16_2_000002413CB243F0 | |
Source: | Code function: | 16_2_000002413CB20380 | |
Source: | Code function: | 16_2_000002413CB074D8 | |
Source: | Code function: | 16_2_000002413CB07CF4 | |
Source: | Code function: | 16_2_000002413CB1C4E4 | |
Source: | Code function: | 16_2_000002413CB11464 | |
Source: | Code function: | 16_2_000002413CB195C4 | |
Source: | Code function: | 16_2_000002413CB145C4 | |
Source: | Code function: | 16_2_000002413CB2A5AC | |
Source: | Code function: | 16_2_000002413CB1CE1C | |
Source: | Code function: | 16_2_000002413CB09D64 | |
Source: | Code function: | 17_2_000001EA04122930 | |
Source: | Code function: | 17_2_000001EA0413568C | |
Source: | Code function: | 17_2_000001EA041350B0 | |
Source: | Code function: | 17_2_000001EA041280FC | |
Source: | Code function: | 17_2_000001EA04138178 | |
Source: | Code function: | 17_2_000001EA0412398C | |
Source: | Code function: | 17_2_000001EA041289AC | |
Source: | Code function: | 17_2_000001EA0412E1F8 | |
Source: | Code function: | 17_2_000001EA0413E250 | |
Source: | Code function: | 17_2_000001EA041332C8 | |
Source: | Code function: | 17_2_000001EA04115AE0 | |
Source: | Code function: | 17_2_000001EA04130380 | |
Source: | Code function: | 17_2_000001EA0412BBC4 | |
Source: | Code function: | 17_2_000001EA0411E3D8 | |
Source: | Code function: | 17_2_000001EA041183EC | |
Source: | Code function: | 17_2_000001EA041343F0 | |
Source: | Code function: | 17_2_000001EA04121464 | |
Source: | Code function: | 17_2_000001EA0412C4E4 | |
Source: | Code function: | 17_2_000001EA041174D8 | |
Source: | Code function: | 17_2_000001EA04117CF4 | |
Source: | Code function: | 17_2_000001EA04119D64 | |
Source: | Code function: | 17_2_000001EA041295C4 | |
Source: | Code function: | 17_2_000001EA041245C4 | |
Source: | Code function: | 17_2_000001EA0413A5AC | |
Source: | Code function: | 17_2_000001EA0412CE1C | |
Source: | Code function: | 17_2_000001EA04125E40 | |
Source: | Code function: | 17_2_000001EA0413B640 | |
Source: | Code function: | 17_2_000001EA0411265C | |
Source: | Code function: | 17_2_000001EA0412F694 | |
Source: | Code function: | 17_2_000001EA041226B0 | |
Source: | Code function: | 17_2_000001EA041146D0 | |
Source: | Code function: | 17_2_000001EA041206FC | |
Source: | Code function: | 17_2_000001EA0413774C | |
Source: | Code function: | 17_2_000001EA04113F9C | |
Source: | Code function: | 17_2_000001EA04120FA8 | |
Source: | Code function: | 17_2_000001EA041397F8 | |
Source: | Code function: | 17_2_000001EA0411F01C | |
Source: | Code function: | 17_2_000001EA04115010 | |
Source: | Code function: | 17_2_000001EA0413D84C | |
Source: | Code function: | 17_2_000001EA0413A878 | |
Source: | Code function: | 17_2_000001EA0411D0A0 | |
Source: | Code function: | 18_2_000001E766690380 | |
Source: | Code function: | 18_2_000001E7666943F0 | |
Source: | Code function: | 18_2_000001E7666783EC | |
Source: | Code function: | 18_2_000001E76667E3D8 | |
Source: | Code function: | 18_2_000001E76668BBC4 | |
Source: | Code function: | 18_2_000001E766681464 | |
Source: | Code function: | 18_2_000001E766677CF4 | |
Source: | Code function: | 18_2_000001E76668C4E4 | |
Source: | Code function: | 18_2_000001E7666774D8 | |
Source: | Code function: | 18_2_000001E766698178 | |
Source: | Code function: | 18_2_000001E766682930 | |
Source: | Code function: | 18_2_000001E76668E1F8 | |
Source: | Code function: | 18_2_000001E7666889AC | |
Source: | Code function: | 18_2_000001E76668398C | |
Source: | Code function: | 18_2_000001E76669E250 | |
Source: | Code function: | 18_2_000001E7666932C8 | |
Source: | Code function: | 18_2_000001E766675AE0 | |
Source: | Code function: | 18_2_000001E76669774C | |
Source: | Code function: | 18_2_000001E7666997F8 | |
Source: | Code function: | 18_2_000001E766680FA8 | |
Source: | Code function: | 18_2_000001E766673F9C | |
Source: | Code function: | 18_2_000001E76669A878 | |
Source: | Code function: | 18_2_000001E76669D84C | |
Source: | Code function: | 18_2_000001E766675010 | |
Source: | Code function: | 18_2_000001E76667F01C | |
Source: | Code function: | 18_2_000001E7666880FC | |
Source: | Code function: | 18_2_000001E7666950B0 | |
Source: | Code function: | 18_2_000001E76667D0A0 | |
Source: | Code function: | 18_2_000001E766679D64 | |
Source: | Code function: | 18_2_000001E76669A5AC | |
Source: | Code function: | 18_2_000001E7666895C4 | |
Source: | Code function: | 18_2_000001E7666845C4 | |
Source: | Code function: | 18_2_000001E76667265C | |
Source: | Code function: | 18_2_000001E76669B640 | |
Source: | Code function: | 18_2_000001E766685E40 | |
Source: | Code function: | 18_2_000001E76668CE1C | |
Source: | Code function: | 18_2_000001E7666806FC | |
Source: | Code function: | 18_2_000001E7666746D0 | |
Source: | Code function: | 18_2_000001E7666826B0 | |
Source: | Code function: | 18_2_000001E76668F694 | |
Source: | Code function: | 18_2_000001E76669568C | |
Source: | Code function: | 18_2_000001E766772930 | |
Source: | Code function: | 18_2_000001E76678568C | |
Source: | Code function: | 18_2_000001E766780380 | |
Source: | Code function: | 18_2_000001E7667843F0 | |
Source: | Code function: | 18_2_000001E7667683EC | |
Source: | Code function: | 18_2_000001E76676E3D8 | |
Source: | Code function: | 18_2_000001E76677BBC4 | |
Source: | Code function: | 18_2_000001E766771464 | |
Source: | Code function: | 18_2_000001E766767CF4 | |
Source: | Code function: | 18_2_000001E7667674D8 | |
Source: | Code function: | 18_2_000001E76677C4E4 | |
Source: | Code function: | 18_2_000001E766788178 | |
Source: | Code function: | 18_2_000001E76677E1F8 | |
Source: | Code function: | 18_2_000001E7667789AC | |
Source: | Code function: | 18_2_000001E76677398C | |
Source: | Code function: | 18_2_000001E76678E250 | |
Source: | Code function: | 18_2_000001E766765AE0 | |
Source: | Code function: | 18_2_000001E7667832C8 | |
Source: | Code function: | 18_2_000001E76678774C | |
Source: | Code function: | 18_2_000001E7667897F8 | |
Source: | Code function: | 18_2_000001E766770FA8 | |
Source: | Code function: | 18_2_000001E766763F9C | |
Source: | Code function: | 18_2_000001E76678A878 | |
Source: | Code function: | 18_2_000001E76678D84C | |
Source: | Code function: | 18_2_000001E76676F01C | |
Source: | Code function: | 18_2_000001E766765010 | |
Source: | Code function: | 18_2_000001E7667780FC | |
Source: | Code function: | 18_2_000001E7667850B0 | |
Source: | Code function: | 18_2_000001E76676D0A0 | |
Source: | Code function: | 18_2_000001E766769D64 | |
Source: | Code function: | 18_2_000001E7667795C4 | |
Source: | Code function: | 18_2_000001E7667745C4 | |
Source: | Code function: | 18_2_000001E76678A5AC | |
Source: | Code function: | 18_2_000001E76676265C | |
Source: | Code function: | 18_2_000001E76678B640 | |
Source: | Code function: | 18_2_000001E766775E40 | |
Source: | Code function: | 18_2_000001E76677CE1C | |
Source: | Code function: | 18_2_000001E7667706FC | |
Source: | Code function: | 18_2_000001E7667646D0 | |
Source: | Code function: | 18_2_000001E7667726B0 | |
Source: | Code function: | 18_2_000001E76677F694 | |
Source: | Code function: | 19_2_00000209AC207CF4 | |
Source: | Code function: | 19_2_00000209AC209D64 | |
Source: | Code function: | 19_2_00000209AC22A5AC | |
Source: | Code function: | 19_2_00000209AC2195C4 | |
Source: | Code function: | 19_2_00000209AC2145C4 | |
Source: | Code function: | 19_2_00000209AC21CE1C | |
Source: | Code function: | 19_2_00000209AC20265C | |
Source: | Code function: | 19_2_00000209AC22B640 | |
Source: | Code function: | 19_2_00000209AC215E40 | |
Source: | Code function: | 19_2_00000209AC22568C | |
Source: | Code function: | 19_2_00000209AC21F694 | |
Source: | Code function: | 19_2_00000209AC2046D0 | |
Source: | Code function: | 19_2_00000209AC2126B0 | |
Source: | Code function: | 19_2_00000209AC2106FC | |
Source: | Code function: | 19_2_00000209AC22774C | |
Source: | Code function: | 19_2_00000209AC203F9C | |
Source: | Code function: | 19_2_00000209AC210FA8 | |
Source: | Code function: | 19_2_00000209AC205010 | |
Source: | Code function: | 19_2_00000209AC20F01C | |
Source: | Code function: | 19_2_00000209AC2297F8 | |
Source: | Code function: | 19_2_00000209AC22D84C | |
Source: | Code function: | 19_2_00000209AC20D0A0 | |
Source: | Code function: | 19_2_00000209AC22A878 | |
Source: | Code function: | 19_2_00000209AC2250B0 | |
Source: | Code function: | 19_2_00000209AC2180FC | |
Source: | Code function: | 19_2_00000209AC212930 | |
Source: | Code function: | 19_2_00000209AC21398C | |
Source: | Code function: | 19_2_00000209AC228178 | |
Source: | Code function: | 19_2_00000209AC2189AC | |
Source: | Code function: | 19_2_00000209AC21E1F8 | |
Source: | Code function: | 19_2_00000209AC22E250 | |
Source: | Code function: | 19_2_00000209AC205AE0 | |
Source: | Code function: | 19_2_00000209AC2232C8 | |
Source: | Code function: | 19_2_00000209AC220380 | |
Source: | Code function: | 19_2_00000209AC20E3D8 | |
Source: | Code function: | 19_2_00000209AC21BBC4 | |
Source: | Code function: | 19_2_00000209AC2083EC | |
Source: | Code function: | 19_2_00000209AC2243F0 | |
Source: | Code function: | 19_2_00000209AC211464 | |
Source: | Code function: | 19_2_00000209AC2074D8 | |
Source: | Code function: | 19_2_00000209AC21C4E4 | |
Source: | Code function: | 19_2_00000209AC2E568C | |
Source: | Code function: | 19_2_00000209AC2D2930 | |
Source: | Code function: | 19_2_00000209AC2C7CF4 | |
Source: | Code function: | 19_2_00000209AC2C9D64 | |
Source: | Code function: | 19_2_00000209AC2EA5AC | |
Source: | Code function: | 19_2_00000209AC2D95C4 | |
Source: | Code function: | 19_2_00000209AC2D45C4 | |
Source: | Code function: | 19_2_00000209AC2DCE1C | |
Source: | Code function: | 19_2_00000209AC2C265C | |
Source: | Code function: | 19_2_00000209AC2EB640 | |
Source: | Code function: | 19_2_00000209AC2D5E40 | |
Source: | Code function: | 19_2_00000209AC2DF694 | |
Source: | Code function: | 19_2_00000209AC2C46D0 | |
Source: | Code function: | 19_2_00000209AC2D26B0 | |
Source: | Code function: | 19_2_00000209AC2D06FC | |
Source: | Code function: | 19_2_00000209AC2E774C | |
Source: | Code function: | 19_2_00000209AC2D0FA8 | |
Source: | Code function: | 19_2_00000209AC2C3F9C | |
Source: | Code function: | 19_2_00000209AC2C5010 | |
Source: | Code function: | 19_2_00000209AC2CF01C | |
Source: | Code function: | 19_2_00000209AC2E97F8 | |
Source: | Code function: | 19_2_00000209AC2ED84C | |
Source: | Code function: | 19_2_00000209AC2CD0A0 | |
Source: | Code function: | 19_2_00000209AC2EA878 | |
Source: | Code function: | 19_2_00000209AC2E50B0 | |
Source: | Code function: | 19_2_00000209AC2D80FC | |
Source: | Code function: | 19_2_00000209AC2D398C | |
Source: | Code function: | 19_2_00000209AC2E8178 | |
Source: | Code function: | 19_2_00000209AC2D89AC | |
Source: | Code function: | 19_2_00000209AC2DE1F8 | |
Source: | Code function: | 19_2_00000209AC2EE250 | |
Source: | Code function: | 19_2_00000209AC2C5AE0 | |
Source: | Code function: | 19_2_00000209AC2E32C8 | |
Source: | Code function: | 19_2_00000209AC2E0380 | |
Source: | Code function: | 19_2_00000209AC2CE3D8 | |
Source: | Code function: | 19_2_00000209AC2DBBC4 | |
Source: | Code function: | 19_2_00000209AC2E43F0 | |
Source: | Code function: | 19_2_00000209AC2C83EC | |
Source: | Code function: | 19_2_00000209AC2D1464 | |
Source: | Code function: | 19_2_00000209AC2C74D8 | |
Source: | Code function: | 19_2_00000209AC2DC4E4 | |
Source: | Code function: | 21_2_0000015989FAF01C | |
Source: | Code function: | 21_2_0000015989FA5010 | |
Source: | Code function: | 21_2_0000015989FC97F8 | |
Source: | Code function: | 21_2_0000015989FB0FA8 | |
Source: | Code function: | 21_2_0000015989FA3F9C | |
Source: | Code function: | 21_2_0000015989FC774C | |
Source: | Code function: | 21_2_0000015989FB06FC | |
Source: | Code function: | 21_2_0000015989FA46D0 | |
Source: | Code function: | 21_2_0000015989FB26B0 | |
Source: | Code function: | 21_2_0000015989FBF694 | |
Source: | Code function: | 21_2_0000015989FC568C | |
Source: | Code function: | 21_2_0000015989FA265C | |
Source: | Code function: | 21_2_0000015989FCB640 | |
Source: | Code function: | 21_2_0000015989FB5E40 | |
Source: | Code function: | 21_2_0000015989FBE1F8 | |
Source: | Code function: | 21_2_0000015989FB89AC | |
Source: | Code function: | 21_2_0000015989FB398C | |
Source: | Code function: | 21_2_0000015989FC8178 | |
Source: | Code function: | 21_2_0000015989FB2930 | |
Source: | Code function: | 21_2_0000015989FB80FC | |
Source: | Code function: | 21_2_0000015989FC50B0 | |
Source: | Code function: | 21_2_0000015989FAD0A0 | |
Source: | Code function: | 21_2_0000015989FCA878 | |
Source: | Code function: | 21_2_0000015989FCD84C | |
Source: | Code function: | 21_2_0000015989FA83EC | |
Source: | Code function: | 21_2_0000015989FC43F0 | |
Source: | Code function: | 21_2_0000015989FAE3D8 | |
Source: | Code function: | 21_2_0000015989FBBBC4 | |
Source: | Code function: | 21_2_0000015989FC0380 | |
Source: | Code function: | 21_2_0000015989FA5AE0 | |
Source: | Code function: | 21_2_0000015989FC32C8 | |
Source: | Code function: | 21_2_0000015989FCE250 | |
Source: | Code function: | 21_2_0000015989FBCE1C | |
Source: | Code function: | 21_2_0000015989FB95C4 | |
Source: | Code function: | 21_2_0000015989FB45C4 | |
Source: | Code function: | 21_2_0000015989FCA5AC | |
Source: | Code function: | 21_2_0000015989FA9D64 | |
Source: | Code function: | 21_2_0000015989FA7CF4 | |
Source: | Code function: | 21_2_0000015989FBC4E4 | |
Source: | Code function: | 21_2_0000015989FA74D8 | |
Source: | Code function: | 21_2_0000015989FB1464 | |
Source: | Code function: | 21_2_000001598A082930 | |
Source: | Code function: | 21_2_000001598A09568C | |
Source: | Code function: | 21_2_000001598A09D84C | |
Source: | Code function: | 21_2_000001598A09A878 | |
Source: | Code function: | 21_2_000001598A07D0A0 | |
Source: | Code function: | 21_2_000001598A0950B0 | |
Source: | Code function: | 21_2_000001598A0880FC | |
Source: | Code function: | 21_2_000001598A098178 | |
Source: | Code function: | 21_2_000001598A08398C | |
Source: | Code function: | 21_2_000001598A0889AC | |
Source: | Code function: | 21_2_000001598A08E1F8 | |
Source: | Code function: | 21_2_000001598A09B640 | |
Source: | Code function: | 21_2_000001598A085E40 | |
Source: | Code function: | 21_2_000001598A07265C | |
Source: | Code function: | 21_2_000001598A08F694 | |
Source: | Code function: | 21_2_000001598A0826B0 | |
Source: | Code function: | 21_2_000001598A0746D0 | |
Source: | Code function: | 21_2_000001598A0806FC | |
Source: | Code function: | 21_2_000001598A09774C | |
Source: | Code function: | 21_2_000001598A073F9C | |
Source: | Code function: | 21_2_000001598A080FA8 | |
Source: | Code function: | 21_2_000001598A0997F8 | |
Source: | Code function: | 21_2_000001598A075010 | |
Source: | Code function: | 21_2_000001598A07F01C | |
Source: | Code function: | 21_2_000001598A081464 | |
Source: | Code function: | 21_2_000001598A0774D8 | |
Source: | Code function: | 21_2_000001598A08C4E4 | |
Source: | Code function: | 21_2_000001598A077CF4 | |
Source: | Code function: | 21_2_000001598A079D64 | |
Source: | Code function: | 21_2_000001598A09A5AC | |
Source: | Code function: | 21_2_000001598A0895C4 | |
Source: | Code function: | 21_2_000001598A0845C4 | |
Source: | Code function: | 21_2_000001598A08CE1C | |
Source: | Code function: | 21_2_000001598A09E250 | |
Source: | Code function: | 21_2_000001598A0932C8 | |
Source: | Code function: | 21_2_000001598A075AE0 | |
Source: | Code function: | 21_2_000001598A090380 | |
Source: | Code function: | 21_2_000001598A08BBC4 | |
Source: | Code function: | 21_2_000001598A07E3D8 | |
Source: | Code function: | 21_2_000001598A0783EC | |
Source: | Code function: | 21_2_000001598A0943F0 | |
Source: | Code function: | 22_2_000001F9FF15E1F8 | |
Source: | Code function: | 22_2_000001F9FF16E250 | |
Source: | Code function: | 22_2_000001F9FF1632C8 | |
Source: | Code function: | 22_2_000001F9FF1580FC | |
Source: | Code function: | 22_2_000001F9FF152930 | |
Source: | Code function: | 22_2_000001F9FF168178 | |
Source: | Code function: | 22_2_000001F9FF15398C | |
Source: | Code function: | 22_2_000001F9FF1589AC | |
Source: | Code function: | 22_2_000001F9FF1697F8 | |
Source: | Code function: | 22_2_000001F9FF145010 | |
Source: | Code function: | 22_2_000001F9FF14F01C | |
Source: | Code function: | 22_2_000001F9FF16D84C | |
Source: | Code function: | 22_2_000001F9FF16A878 | |
Source: | Code function: | 22_2_000001F9FF1650B0 | |
Source: | Code function: | 22_2_000001F9FF14D0A0 | |
Source: | Code function: | 22_2_000001F9FF1506FC | |
Source: | Code function: | 22_2_000001F9FF16774C | |
Source: | Code function: | 22_2_000001F9FF143F9C | |
Source: | Code function: | 22_2_000001F9FF150FA8 | |
Source: | Code function: | 22_2_000001F9FF15CE1C | |
Source: | Code function: | 22_2_000001F9FF16B640 | |
Source: | Code function: | 22_2_000001F9FF155E40 | |
Source: | Code function: | 22_2_000001F9FF14265C | |
Source: | Code function: | 22_2_000001F9FF16568C | |
Source: | Code function: | 22_2_000001F9FF15F694 | |
Source: | Code function: | 22_2_000001F9FF1526B0 | |
Source: | Code function: | 22_2_000001F9FF1446D0 | |
Source: | Code function: | 22_2_000001F9FF147CF4 | |
Source: | Code function: | 22_2_000001F9FF15C4E4 | |
Source: | Code function: | 22_2_000001F9FF149D64 | |
Source: | Code function: | 22_2_000001F9FF16A5AC | |
Source: | Code function: | 22_2_000001F9FF1595C4 | |
Source: | Code function: | 22_2_000001F9FF1545C4 | |
Source: | Code function: | 22_2_000001F9FF1643F0 | |
Source: | Code function: | 22_2_000001F9FF1483EC | |
Source: | Code function: | 22_2_000001F9FF151464 | |
Source: | Code function: | 22_2_000001F9FF1474D8 | |
Source: | Code function: | 22_2_000001F9FF145AE0 | |
Source: | Code function: | 22_2_000001F9FF160380 | |
Source: | Code function: | 22_2_000001F9FF14E3D8 | |
Source: | Code function: | 22_2_000001F9FF15BBC4 | |
Source: | Code function: | 22_2_000001F9FF942930 | |
Source: | Code function: | 22_2_000001F9FF95568C | |
Source: | Code function: | 22_2_000001F9FF9532C8 | |
Source: | Code function: | 22_2_000001F9FF94E1F8 | |
Source: | Code function: | 22_2_000001F9FF95E250 | |
Source: | Code function: | 22_2_000001F9FF958178 | |
Source: | Code function: | 22_2_000001F9FF94398C |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 26_2_00921D74 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | ||
Source: | File read: |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | File opened: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_03171578 |
Source: | Static PE information: |
Source: | Code function: | 0_2_6D48F9E3 | |
Source: | Code function: | 0_2_6D48FDBD | |
Source: | Code function: | 0_2_6D48C052 | |
Source: | Code function: | 0_2_6D4F2836 | |
Source: | Code function: | 0_2_6D4930E1 | |
Source: | Code function: | 3_2_03175539 | |
Source: | Code function: | 3_2_03175587 | |
Source: | Code function: | 3_2_6D48F9E3 | |
Source: | Code function: | 3_2_6D48FDBD | |
Source: | Code function: | 3_2_6D48C052 | |
Source: | Code function: | 3_2_6D4F2836 | |
Source: | Code function: | 3_2_6D4930E1 | |
Source: | Code function: | 13_2_0029C7F5 | |
Source: | Code function: | 14_2_007CC7F5 | |
Source: | Code function: | 16_2_000002413CA2C7F5 | |
Source: | Code function: | 16_2_000002413CB2C7F5 | |
Source: | Code function: | 17_2_000001EA0413C7F5 | |
Source: | Code function: | 18_2_000001E76669C7F5 | |
Source: | Code function: | 18_2_000001E76678C7F5 | |
Source: | Code function: | 19_2_00000209AC22C7F5 | |
Source: | Code function: | 19_2_00000209AC2EC7F5 | |
Source: | Code function: | 21_2_0000015989FCC7F5 | |
Source: | Code function: | 21_2_000001598A09C7F5 | |
Source: | Code function: | 22_2_000001F9FF16C7F5 | |
Source: | Code function: | 22_2_000001F9FF95C7F5 | |
Source: | Code function: | 25_2_000002EEDF86C7F5 | |
Source: | Code function: | 26_2_00926A99 | |
Source: | Code function: | 26_2_00921209 | |
Source: | Code function: | 26_2_0092700B | |
Source: | Code function: | 26_2_02CD5587 | |
Source: | Code function: | 26_2_02CD5539 |
Boot Survival: |
---|
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) | Show sources |
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | Jump to behavior | ||
Source: | Window found: | |||
Source: | Window found: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Hooks registry keys query functions (used to hide registry keys) | Show sources |
Source: | IAT, EAT, inline or SSDT hook detected: |
Modifies the export address table of user mode modules (user mode EAT hooks) | Show sources |
Source: | IAT of a user mode module has changed: |
Modifies the import address table of user mode modules (user mode IAT hooks) | Show sources |
Source: | EAT of a user mode module has changed: |
Modifies the prolog of user mode functions (user mode inline hooks) | Show sources |
Source: | User mode code has changed: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Source: | File opened / queried: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 3_2_03172FE4 | |
Source: | Code function: | 26_2_0092429A | |
Source: | Code function: | 26_2_0091DABA | |
Source: | Code function: | 26_2_00914D8B | |
Source: | Code function: | 26_2_02CD2FE4 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_6D545400 |
Source: | Code function: | 3_2_03171578 |
Source: | Code function: | 0_2_6D545400 | |
Source: | Code function: | 0_2_6D544F42 | |
Source: | Code function: | 0_2_6D545336 | |
Source: | Code function: | 3_2_6D545400 | |
Source: | Code function: | 3_2_6D544F42 | |
Source: | Code function: | 3_2_6D545336 |
Source: | Code function: | 3_2_03173B25 | |
Source: | Code function: | 26_2_0090DCB3 | |
Source: | Code function: | 26_2_00921FFD | |
Source: | Code function: | 26_2_02CD3B25 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: |
Changes memory attributes in foreign processes to executable or writable | Show sources |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | |||
Source: | Thread register set: | |||
Source: | Thread register set: |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 26_2_00922672 |
Source: | Code function: | 26_2_0090785F |
Source: | Code function: | 3_2_03173A8A |
Source: | Code function: | 13_2_00282930 |
Source: | Code function: | 3_2_03173C83 |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Native API1 | DLL Side-Loading1 | DLL Side-Loading1 | Obfuscated Files or Information1 | Credential API Hooking3 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Valid Accounts1 | Valid Accounts1 | Software Packing1 | LSASS Memory | Account Discovery1 | Remote Desktop Protocol | Email Collection1 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Registry Run Keys / Startup Folder1 | Access Token Manipulation1 | DLL Side-Loading1 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Credential API Hooking3 | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Process Injection813 | Rootkit4 | NTDS | System Information Discovery14 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Registry Run Keys / Startup Folder1 | Masquerading1 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Proxy1 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Valid Accounts1 | Cached Domain Credentials | Security Software Discovery111 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Access Token Manipulation1 | DCSync | Virtualization/Sandbox Evasion1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Virtualization/Sandbox Evasion1 | Proc Filesystem | Process Discovery3 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Process Injection813 | /etc/passwd and /etc/shadow | System Owner/User Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Rundll321 | Network Sniffing | Remote System Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | System Network Configuration Discovery2 | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
62% | Virustotal | Browse | ||
47% | Metadefender | Browse | ||
62% | ReversingLabs | Win32.Trojan.Predator | ||
100% | Avira | TR/AD.UrsnifDropper.eki | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1139211 | Download File | ||
100% | Avira | HEUR/AGEN.1139211 | Download File | ||
100% | Avira | HEUR/AGEN.1139211 | Download File | ||
100% | Avira | HEUR/AGEN.1139211 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse | ||
4% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
shoshanna.at | 87.106.18.141 | true | true |
| unknown |
myip.opendns.com | 84.17.52.3 | true | false | high | |
resolver1.opendns.com | 208.67.222.222 | true | false | high | |
222.222.67.208.in-addr.arpa | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
true |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 391256 |
Start date: | 18.04.2021 |
Start time: | 09:38:54 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | o0AX0nKiUn.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 33 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 7 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.spyw.evad.winDLL@38/12@18/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:40:06 | API Interceptor | |
09:40:09 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
87.106.18.141 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
resolver1.opendns.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
myip.opendns.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ONEANDONE-ASBrauerstrasse48DE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 1.0476747992754052 |
Encrypted: | false |
SSDEEP: | 3:pjt/l:Nt |
MD5: | 76CDB2BAD9582D23C1F6F4D868218D6C |
SHA1: | B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33 |
SHA-256: | 8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85 |
SHA-512: | 5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 260 |
Entropy (8bit): | 5.036957043895559 |
Encrypted: | false |
SSDEEP: | 6:8RcE5PJ0MDMEGRnWU46POumMVBlrMVARcMB+l8:AcE5PJ0kMvxzpOuxBlrm0c2a8 |
MD5: | A8B91D682208F3BD2536FF85E73ECC13 |
SHA1: | 1BFAF51C88C79EDDAD24A5C133F051A73F68FF98 |
SHA-256: | 7CEEF6B46A3CEED6A3FEF8AF94E0FE4ECAB57333E3CA983B95A9669247264DF7 |
SHA-512: | 33AC544DA5DDCA28A86C781008865970C5317BFF0423A10F25FE223166B1883A832229698D8F45D9A9D2F3599A417D6472AE823C9BE4EAC750455588A7651E7C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\cmd.exe |
File Type: | |
Category: | modified |
Size (bytes): | 11 |
Entropy (8bit): | 1.2776134368191157 |
Encrypted: | false |
SSDEEP: | 3:111Qv:Luv |
MD5: | 5B3345909519932D6670D92F16496463 |
SHA1: | 6CCABAAC9315486C106AB1BBB7E6F153F5C1A3BD |
SHA-256: | 0B5C0F6FFAC14107357E2C1BFE0DEA06932FD2AA5C8BD598A73F25655F0ABFD5 |
SHA-512: | B41A0E9BA8A092E134E9403EA3C1B080B8F2D1030CE14AFA2647B282F66A76C48A4419D5D0F7C3C78412A427F4B84B8B48349B76FF2C3FD1DA9EC80D2AB14A6B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 1.0476747992754052 |
Encrypted: | false |
SSDEEP: | 3:pjt/l:Nt |
MD5: | 76CDB2BAD9582D23C1F6F4D868218D6C |
SHA1: | B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33 |
SHA-256: | 8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85 |
SHA-512: | 5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1098240 |
Entropy (8bit): | 6.368363002242261 |
Encrypted: | false |
SSDEEP: | 24576:ZM7rd0PBLf2gYwRIHC/0D5XKt2XsCxpZw4p+:3EIMD5X/8Y8P |
MD5: | B4CFA63ACFBFD87F50FD19DF83B2D412 |
SHA1: | 10848B4C3EEFF9D6556CF71A3C443D025CBB134C |
SHA-256: | D3868AB14D2A831951C50E65AB0008F4AF9B603AD3E1C6DC2FF6CFFC0FC08A43 |
SHA-512: | FBA46FD1D9C17590B2EC2BFFE1DD05DB3D9158A1D03975CD61B0C637097E5CC7F9A1D44D710646CA7CD3AAE3C0A76D770E9DA98C6496B4E34EF7BCAF1A1A00B9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 142 |
Entropy (8bit): | 3.409866276867412 |
Encrypted: | false |
SSDEEP: | 3:QQNlPXOlFlwt+dl+Sli5lAHPklXYl72vl16blovDl4qlvyv:QQ3Pelfo+n+SkEMl47VbWiqlKv |
MD5: | 40D585F886B9C0BF8521D9A8F365769C |
SHA1: | 8B4856AC9AFE53769B30A15C4030D8FC6B414E0D |
SHA-256: | 5E04C7C77576F651161857F4930DE3CA6925EC3FB4894601B4D963328F90315C |
SHA-512: | 570ADD3865290BA32E2AC248A6548F5A95C9532D46BC7C09765F6977E9C111AA7C27DF9FE7A0E86BA0468F31F8632EE263517394E0376E5F7BFCF77952058535 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\nslookup.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28 |
Entropy (8bit): | 4.039148671903071 |
Encrypted: | false |
SSDEEP: | 3:U+6QlBxAN:U+7BW |
MD5: | D796BA3AE0C072AA0E189083C7E8C308 |
SHA1: | ABB1B68758B9C2BF43018A4AEAE2F2E72B626482 |
SHA-256: | EF17537B7CAAB3B16493F11A099F3192D5DCD911C1E8DF0F68FE4AB6531FB43E |
SHA-512: | BF497C5ACF74DE2446834E93900E92EC021FC03A7F1D3BF7453024266349CCE39C5193E64ACBBD41E3A037473A9DB6B2499540304EAD51E002EF3B747748BF36 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285696 |
Entropy (8bit): | 7.87767780112774 |
Encrypted: | false |
SSDEEP: | 6144:kccpTOguuUBSGRwBQcvLZim5GjdcYesCmmSKwls3QBdRA:kDSguNcqIxD0mYsRmIgB |
MD5: | C32A384357CFC247BD195C54E4811DA5 |
SHA1: | 1210C1BB780A3BA72D3BEA750D7C212FE5E6FE1C |
SHA-256: | 343C0D3420D047FFF2E37BEECD8DE4CC1E04EFAED2152FAF87BEEDB0759D4ED2 |
SHA-512: | 533BB9B89A5A90B916A002324C6E7ABDBE37A931FA5B5BEF78185EC04654A9C7DE5F19D86894A8D35203BC4036498C7678094C56D373391C4C397E5E3E8CCF1C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\loaddll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285696 |
Entropy (8bit): | 7.87767780112774 |
Encrypted: | false |
SSDEEP: | 6144:kccpTOguuUBSGRwBQcvLZim5GjdcYesCmmSKwls3QBdRA:kDSguNcqIxD0mYsRmIgB |
MD5: | C32A384357CFC247BD195C54E4811DA5 |
SHA1: | 1210C1BB780A3BA72D3BEA750D7C212FE5E6FE1C |
SHA-256: | 343C0D3420D047FFF2E37BEECD8DE4CC1E04EFAED2152FAF87BEEDB0759D4ED2 |
SHA-512: | 533BB9B89A5A90B916A002324C6E7ABDBE37A931FA5B5BEF78185EC04654A9C7DE5F19D86894A8D35203BC4036498C7678094C56D373391C4C397E5E3E8CCF1C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285696 |
Entropy (8bit): | 7.87767780112774 |
Encrypted: | false |
SSDEEP: | 6144:kccpTOguuUBSGRwBQcvLZim5GjdcYesCmmSKwls3QBdRA:kDSguNcqIxD0mYsRmIgB |
MD5: | C32A384357CFC247BD195C54E4811DA5 |
SHA1: | 1210C1BB780A3BA72D3BEA750D7C212FE5E6FE1C |
SHA-256: | 343C0D3420D047FFF2E37BEECD8DE4CC1E04EFAED2152FAF87BEEDB0759D4ED2 |
SHA-512: | 533BB9B89A5A90B916A002324C6E7ABDBE37A931FA5B5BEF78185EC04654A9C7DE5F19D86894A8D35203BC4036498C7678094C56D373391C4C397E5E3E8CCF1C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\rundll32.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 285696 |
Entropy (8bit): | 7.87767780112774 |
Encrypted: | false |
SSDEEP: | 6144:kccpTOguuUBSGRwBQcvLZim5GjdcYesCmmSKwls3QBdRA:kDSguNcqIxD0mYsRmIgB |
MD5: | C32A384357CFC247BD195C54E4811DA5 |
SHA1: | 1210C1BB780A3BA72D3BEA750D7C212FE5E6FE1C |
SHA-256: | 343C0D3420D047FFF2E37BEECD8DE4CC1E04EFAED2152FAF87BEEDB0759D4ED2 |
SHA-512: | 533BB9B89A5A90B916A002324C6E7ABDBE37A931FA5B5BEF78185EC04654A9C7DE5F19D86894A8D35203BC4036498C7678094C56D373391C4C397E5E3E8CCF1C |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.367147994107642 |
TrID: |
|
File name: | o0AX0nKiUn.dll |
File size: | 1094144 |
MD5: | a3aa691bc97faf6f17eec0841b5ff730 |
SHA1: | 9a642c22ebc19f4f8063b5ae986843916309b95a |
SHA256: | eb639e9d45ed4d4cf911195b7ef53d61897dd8f826c542ae411854ddec3aea87 |
SHA512: | 6664e24a698b1f7b392b8bcc1f64525b90ee0b6d63d4c86fd4f099888dcb1b90a6dde7986b406abdb3813941e1e7e9c35fe9268951996ff18aba0ae290ada939 |
SSDEEP: | 24576:yM7rd0PBLf2gYwRIHC/0D5XKt2XsCxpZw4p:mEIMD5X/8Y8 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P......R...R...R.l'R...R.l.Rw..R.l.R?..R..*R...R...R}..R.l.R...R.l"R...R.l#R...R.l$R...RRich...R........................PE..L.. |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401710 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5D9B23E7 [Mon Oct 7 11:39:19 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 311eb3276aa89abb7c1fb493855050ac |
Entrypoint Preview |
---|
Instruction |
---|
mov edi, edi |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F9F30C6C6A7h |
call 00007F9F30C73D45h |
mov eax, dword ptr [ebp+10h] |
push eax |
mov ecx, dword ptr [ebp+0Ch] |
push ecx |
mov edx, dword ptr [ebp+08h] |
push edx |
call 00007F9F30C6C6B4h |
add esp, 0Ch |
pop ebp |
retn 000Ch |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov edi, edi |
push ebp |
mov ebp, esp |
push FFFFFFFEh |
push 004CA220h |
push 004027B0h |
mov eax, dword ptr fs:[00000000h] |
push eax |
add esp, FFFFFFE8h |
push ebx |
push esi |
push edi |
mov eax, dword ptr [004CC038h] |
xor dword ptr [ebp-08h], eax |
xor eax, ebp |
push eax |
lea eax, dword ptr [ebp-10h] |
mov dword ptr fs:[00000000h], eax |
mov dword ptr [ebp-18h], esp |
mov dword ptr [ebp-1Ch], 00000001h |
cmp dword ptr [ebp+0Ch], 00000000h |
jne 00007F9F30C6C6B2h |
cmp dword ptr [00503A80h], 00000000h |
jne 00007F9F30C6C6A9h |
xor eax, eax |
jmp 00007F9F30C6C7F3h |
mov dword ptr [ebp-04h], 00000000h |
cmp dword ptr [ebp+0Ch], 01h |
je 00007F9F30C6C6A8h |
cmp dword ptr [ebp+0Ch], 02h |
jne 00007F9F30C6C6F6h |
cmp dword ptr [004B4434h], 00000000h |
je 00007F9F30C6C6B7h |
mov eax, dword ptr [ebp+10h] |
push eax |
mov ecx, dword ptr [ebp+0Ch] |
push ecx |
mov edx, dword ptr [ebp+08h] |
push edx |
call dword ptr [004B4434h] |
mov dword ptr [ebp-1Ch], eax |
cmp dword ptr [ebp-1Ch], 00000000h |
je 00007F9F30C6C6B6h |
mov eax, dword ptr [ebp+10h] |
push eax |
mov ecx, dword ptr [ebp+0Ch] |
push ecx |
mov edx, dword ptr [ebp+08h] |
push edx |
call 00007F9F30C7C3BBh |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xcb180 | 0x49 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xca864 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa14000 | 0x508 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xa15000 | 0x19c0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xb41d0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xb4000 | 0x18c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb2511 | 0xb2600 | False | 0.806728221356 | data | 6.73698610232 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xb4000 | 0x171c9 | 0x17200 | False | 0.634607263514 | data | 5.83788928294 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcc000 | 0x947b28 | 0x37c00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xa14000 | 0x508 | 0x600 | False | 0.411458333333 | data | 4.52366799917 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xa15000 | 0x92e2 | 0x9400 | False | 0.144003378378 | data | 1.78583816464 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xa140a0 | 0x30c | data | English | United States |
RT_MANIFEST | 0xa143ac | 0x15a | ASCII text, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetProcessHeap, WriteFile, Sleep, GetFileAttributesA, CreateProcessA, VirtualProtectEx, GetLocalTime, OpenMutexA, FindNextChangeNotification, GetSystemInfo, FindFirstChangeNotificationA, GetFileTime, DeleteCriticalSection, FindCloseChangeNotification, GetCurrentProcessId, GetTempPathA, SetFilePointer, SetStdHandle, LCMapStringW, GetStringTypeW, IsProcessorFeaturePresent, GetConsoleMode, GetConsoleCP, HeapAlloc, GetFileSize, CloseHandle, CreateFileA, GetCurrentThreadId, DecodePointer, GetCommandLineA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, EncodePointer, GetModuleFileNameW, HeapValidate, IsBadReadPtr, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetProcAddress, GetModuleHandleW, InterlockedIncrement, SetLastError, GetLastError, InterlockedDecrement, ExitProcess, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, GetStartupInfoW, GetModuleFileNameA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, HeapDestroy, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, RaiseException, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, LoadLibraryW, RtlUnwind, MultiByteToWideChar, GetACP, GetOEMCP, GetCPInfo, IsValidCodePage, HeapReAlloc, HeapSize, HeapQueryInformation, HeapFree, FlushFileBuffers, CreateFileW |
ole32.dll | OleInitialize, OleSetContainedObject, CoUninitialize, CoCreateInstance, OleUninitialize, CoInitialize |
UxTheme.dll | CloseThemeData, GetThemeTextExtent, OpenThemeData |
COMCTL32.dll | ImageList_DragEnter, ImageList_DragShowNolock, ImageList_ReplaceIcon |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Lengthwhether | 1 | 0x4b2900 |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright 2006. All rights reserved. complete |
InternalName | take.dll |
FileVersion | 12.0.1058.1892 |
CompanyName | ConnectWise Job |
Comments | Large Character again |
ProductName | Spring Tool |
FileDescription | Spring Tool |
OriginalFilename | take.dll |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/18/21-09:41:04.847351 | TCP | 2021813 | ET TROJAN Ursnif Variant CnC Beacon | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
04/18/21-09:41:14.975962 | TCP | 2021830 | ET TROJAN Ursnif Variant CnC Data Exfil | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
04/18/21-09:41:49.253906 | TCP | 2021813 | ET TROJAN Ursnif Variant CnC Beacon | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
04/18/21-09:41:58.270609 | TCP | 2021813 | ET TROJAN Ursnif Variant CnC Beacon | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 18, 2021 09:41:04.796722889 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:04.843426943 CEST | 80 | 49718 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:04.847184896 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:04.847351074 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:04.892488956 CEST | 80 | 49718 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:04.918188095 CEST | 80 | 49718 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:04.984070063 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:14.975961924 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:14.976001978 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:15.023818016 CEST | 80 | 49718 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:15.067914963 CEST | 80 | 49718 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:15.190805912 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:45.068007946 CEST | 80 | 49718 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:45.068234921 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:45.068412066 CEST | 49718 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:45.113569021 CEST | 80 | 49718 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:48.574537039 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:48.623358965 CEST | 80 | 49728 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:48.623459101 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:48.623589039 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:48.670603991 CEST | 80 | 49728 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:48.707075119 CEST | 80 | 49728 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:48.752868891 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:49.253906012 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:49.338651896 CEST | 80 | 49728 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:49.393502951 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:58.164978981 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:58.255956888 CEST | 80 | 49728 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:58.262980938 CEST | 80 | 49728 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:58.270608902 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
Apr 18, 2021 09:41:58.319300890 CEST | 80 | 49728 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:58.363212109 CEST | 80 | 49728 | 87.106.18.141 | 192.168.2.5 |
Apr 18, 2021 09:41:58.409857035 CEST | 49728 | 80 | 192.168.2.5 | 87.106.18.141 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 18, 2021 09:39:37.101397038 CEST | 52704 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:37.153733015 CEST | 53 | 52704 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:37.649435043 CEST | 52212 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:37.721932888 CEST | 53 | 52212 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:37.851533890 CEST | 54302 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:37.902973890 CEST | 53 | 54302 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:38.152333021 CEST | 53784 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:38.211005926 CEST | 53 | 53784 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:38.658293962 CEST | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:38.707084894 CEST | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:40.341577053 CEST | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:40.398725033 CEST | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:41.536864042 CEST | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:41.585576057 CEST | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:42.782883883 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:42.843887091 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:43.874511957 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:43.923260927 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:44.151384115 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:44.204957008 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:44.764738083 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:44.816196918 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:47.271008015 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:47.334469080 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:48.451271057 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:48.512270927 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:39:49.384151936 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:39:49.443948030 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:07.225579023 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:07.284168959 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:09.114603996 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:09.166254044 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:09.411850929 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:09.470730066 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:10.394619942 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:10.443559885 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:11.263130903 CEST | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:11.314462900 CEST | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:33.125494003 CEST | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:33.187067986 CEST | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:36.406869888 CEST | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:36.458266020 CEST | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:36.665307045 CEST | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:36.715969086 CEST | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:39.410204887 CEST | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:39.476300955 CEST | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:40:54.939121962 CEST | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:40:54.989783049 CEST | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:03.132299900 CEST | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:03.181334972 CEST | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:03.195161104 CEST | 64346 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:03.237315893 CEST | 53 | 64346 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:03.238759995 CEST | 64347 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:03.279834986 CEST | 53 | 64347 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:03.298584938 CEST | 64348 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:03.339581966 CEST | 53 | 64348 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:04.652205944 CEST | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:04.795351028 CEST | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:17.700311899 CEST | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:17.758696079 CEST | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:27.074599981 CEST | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:27.126178026 CEST | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:35.315640926 CEST | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:35.372771025 CEST | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:45.938949108 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:45.995951891 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:46.130815983 CEST | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:46.187843084 CEST | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:46.776478052 CEST | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:46.833442926 CEST | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:46.838860035 CEST | 63733 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:46.879894018 CEST | 53 | 63733 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:46.881589890 CEST | 63734 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:46.922631025 CEST | 53 | 63734 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:46.929106951 CEST | 63735 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:46.970146894 CEST | 53 | 63735 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:48.474878073 CEST | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:48.573781967 CEST | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:57.889935017 CEST | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:57.891514063 CEST | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:41:57.938723087 CEST | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:57.942375898 CEST | 59262 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:57.942888021 CEST | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:41:57.949722052 CEST | 59263 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:57.983464956 CEST | 53 | 59262 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:57.984013081 CEST | 59264 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:57.990770102 CEST | 53 | 59263 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:57.991329908 CEST | 59265 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:58.025084972 CEST | 53 | 59264 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:58.031673908 CEST | 59266 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:58.033520937 CEST | 53 | 59265 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:58.038284063 CEST | 59267 | 53 | 192.168.2.5 | 208.67.222.222 |
Apr 18, 2021 09:41:58.072978973 CEST | 53 | 59266 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:41:58.079454899 CEST | 53 | 59267 | 208.67.222.222 | 192.168.2.5 |
Apr 18, 2021 09:42:01.711359978 CEST | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:42:01.760206938 CEST | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Apr 18, 2021 09:42:02.065135956 CEST | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Apr 18, 2021 09:42:02.136586905 CEST | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 18, 2021 09:41:03.132299900 CEST | 192.168.2.5 | 8.8.8.8 | 0x393e | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:03.195161104 CEST | 192.168.2.5 | 208.67.222.222 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Apr 18, 2021 09:41:03.238759995 CEST | 192.168.2.5 | 208.67.222.222 | 0x2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:03.298584938 CEST | 192.168.2.5 | 208.67.222.222 | 0x3 | Standard query (0) | 28 | IN (0x0001) | |
Apr 18, 2021 09:41:04.652205944 CEST | 192.168.2.5 | 8.8.8.8 | 0x4f95 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:46.776478052 CEST | 192.168.2.5 | 8.8.8.8 | 0xaed4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:46.838860035 CEST | 192.168.2.5 | 208.67.222.222 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Apr 18, 2021 09:41:46.881589890 CEST | 192.168.2.5 | 208.67.222.222 | 0x2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:46.929106951 CEST | 192.168.2.5 | 208.67.222.222 | 0x3 | Standard query (0) | 28 | IN (0x0001) | |
Apr 18, 2021 09:41:48.474878073 CEST | 192.168.2.5 | 8.8.8.8 | 0x454f | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:57.889935017 CEST | 192.168.2.5 | 8.8.8.8 | 0xe706 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:57.891514063 CEST | 192.168.2.5 | 8.8.8.8 | 0x3293 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:57.942375898 CEST | 192.168.2.5 | 208.67.222.222 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Apr 18, 2021 09:41:57.949722052 CEST | 192.168.2.5 | 208.67.222.222 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Apr 18, 2021 09:41:57.984013081 CEST | 192.168.2.5 | 208.67.222.222 | 0x2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:57.991329908 CEST | 192.168.2.5 | 208.67.222.222 | 0x2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 18, 2021 09:41:58.031673908 CEST | 192.168.2.5 | 208.67.222.222 | 0x3 | Standard query (0) | 28 | IN (0x0001) | |
Apr 18, 2021 09:41:58.038284063 CEST | 192.168.2.5 | 208.67.222.222 | 0x3 | Standard query (0) | 28 | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 18, 2021 09:41:03.181334972 CEST | 8.8.8.8 | 192.168.2.5 | 0x393e | No error (0) | 208.67.222.222 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:03.237315893 CEST | 208.67.222.222 | 192.168.2.5 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Apr 18, 2021 09:41:03.279834986 CEST | 208.67.222.222 | 192.168.2.5 | 0x2 | No error (0) | 84.17.52.3 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:04.795351028 CEST | 8.8.8.8 | 192.168.2.5 | 0x4f95 | No error (0) | 87.106.18.141 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:46.833442926 CEST | 8.8.8.8 | 192.168.2.5 | 0xaed4 | No error (0) | 208.67.222.222 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:46.879894018 CEST | 208.67.222.222 | 192.168.2.5 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Apr 18, 2021 09:41:46.922631025 CEST | 208.67.222.222 | 192.168.2.5 | 0x2 | No error (0) | 84.17.52.3 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:48.573781967 CEST | 8.8.8.8 | 192.168.2.5 | 0x454f | No error (0) | 87.106.18.141 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:57.938723087 CEST | 8.8.8.8 | 192.168.2.5 | 0xe706 | No error (0) | 208.67.222.222 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:57.942888021 CEST | 8.8.8.8 | 192.168.2.5 | 0x3293 | No error (0) | 208.67.222.222 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:57.983464956 CEST | 208.67.222.222 | 192.168.2.5 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Apr 18, 2021 09:41:57.990770102 CEST | 208.67.222.222 | 192.168.2.5 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Apr 18, 2021 09:41:58.025084972 CEST | 208.67.222.222 | 192.168.2.5 | 0x2 | No error (0) | 84.17.52.3 | A (IP address) | IN (0x0001) | ||
Apr 18, 2021 09:41:58.033520937 CEST | 208.67.222.222 | 192.168.2.5 | 0x2 | No error (0) | 84.17.52.3 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49718 | 87.106.18.141 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 18, 2021 09:41:04.847351074 CEST | 1636 | OUT | |
Apr 18, 2021 09:41:04.918188095 CEST | 1637 | IN | |
Apr 18, 2021 09:41:14.975961924 CEST | 1637 | OUT | |
Apr 18, 2021 09:41:14.976001978 CEST | 1638 | OUT | |
Apr 18, 2021 09:41:15.067914963 CEST | 1638 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.5 | 49728 | 87.106.18.141 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 18, 2021 09:41:48.623589039 CEST | 5773 | OUT | |
Apr 18, 2021 09:41:48.707075119 CEST | 5773 | IN | |
Apr 18, 2021 09:41:49.253906012 CEST | 5773 | OUT | |
Apr 18, 2021 09:41:49.338651896 CEST | 5774 | IN | |
Apr 18, 2021 09:41:58.164978981 CEST | 5783 | OUT | |
Apr 18, 2021 09:41:58.262980938 CEST | 5783 | IN | |
Apr 18, 2021 09:41:58.270608902 CEST | 5783 | OUT | |
Apr 18, 2021 09:41:58.363212109 CEST | 5784 | IN |
Code Manipulations |
---|
User Modules |
---|
Hook Summary |
---|
Function Name | Hook Type | Active in Processes |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | explorer.exe |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | explorer.exe |
CreateProcessAsUserW | EAT | explorer.exe |
CreateProcessAsUserW | INLINE | explorer.exe |
CreateProcessW | EAT | explorer.exe |
CreateProcessW | INLINE | explorer.exe |
CreateProcessA | EAT | explorer.exe |
CreateProcessA | INLINE | explorer.exe |
Processes |
---|
Process: explorer.exe, Module: WININET.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | 7FFA9B335200 |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | 72EACE4 |
Process: explorer.exe, Module: user32.dll |
---|
Function Name | Hook Type | New Data |
---|---|---|
api-ms-win-core-processthreads-l1-1-0.dll:CreateProcessW | IAT | 7FFA9B335200 |
api-ms-win-core-registry-l1-1-0.dll:RegGetValueW | IAT | 72EACE4 |
Process: explorer.exe, Module: KERNEL32.DLL |
---|
Function Name | Hook Type | New Data |
---|---|---|
CreateProcessAsUserW | EAT | 7FFA9B33521C |
CreateProcessAsUserW | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
CreateProcessW | EAT | 7FFA9B335200 |
CreateProcessW | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
CreateProcessA | EAT | 7FFA9B33520E |
CreateProcessA | INLINE | 0xFF 0xF2 0x25 0x50 0x00 0x00 |
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:39:49 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x8e0000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:39:49 |
Start date: | 18/04/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:39:49 |
Start date: | 18/04/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb70000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:39:49 |
Start date: | 18/04/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb70000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:40:16 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff78f190000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 09:40:17 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\control.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff78f190000 |
File size: | 117760 bytes |
MD5 hash: | 625DAC87CB5D7D44C5CA1DA57898065F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 09:40:28 |
Start date: | 18/04/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff693d90000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:40:30 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\RuntimeBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bbfa0000 |
File size: | 99272 bytes |
MD5 hash: | C7E36B4A5D9E6AC600DD7A0E0D52DAC5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 09:40:30 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d5830000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:40:35 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\RuntimeBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bbfa0000 |
File size: | 99272 bytes |
MD5 hash: | C7E36B4A5D9E6AC600DD7A0E0D52DAC5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 09:40:37 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\RuntimeBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bbfa0000 |
File size: | 99272 bytes |
MD5 hash: | C7E36B4A5D9E6AC600DD7A0E0D52DAC5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 09:40:40 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\RuntimeBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bbfa0000 |
File size: | 99272 bytes |
MD5 hash: | C7E36B4A5D9E6AC600DD7A0E0D52DAC5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:40:43 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\RuntimeBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bbfa0000 |
File size: | 99272 bytes |
MD5 hash: | C7E36B4A5D9E6AC600DD7A0E0D52DAC5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:40:47 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\RuntimeBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6bbfa0000 |
File size: | 99272 bytes |
MD5 hash: | C7E36B4A5D9E6AC600DD7A0E0D52DAC5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:40:50 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76c1b0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:40:51 |
Start date: | 18/04/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbf0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:40:53 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76c1b0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:40:58 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76c1b0000 |
File size: | 69632 bytes |
MD5 hash: | 73C519F050C20580F8A62C849D49215A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:40:59 |
Start date: | 18/04/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbf0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:40:59 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c8160000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:41:00 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:41:02 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\nslookup.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b1290000 |
File size: | 86528 bytes |
MD5 hash: | AF1787F1DBE0053D74FC687E7233F8CE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:41:03 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6c8160000 |
File size: | 273920 bytes |
MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:41:03 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 09:41:04 |
Start date: | 18/04/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x910000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 09:41:05 |
Start date: | 18/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7ecfc0000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D441542, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 98sleepfileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4418F1, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 80memorysleepfileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D441415, Relevance: 16.6, APIs: 11, Instructions: 89threadsynchronizationCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D441651, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 101librarystringloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D441230, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D441A63, Relevance: 4.5, APIs: 3, Instructions: 31memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4F2BD0, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4418CA, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4412F6, Relevance: 1.3, APIs: 1, Instructions: 63memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6D544F42, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D545336, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 03172FE4, Relevance: 21.2, APIs: 14, Instructions: 218filememorytimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031712DC, Relevance: 9.1, APIs: 6, Instructions: 81nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171071, Relevance: 6.1, APIs: 4, Instructions: 79nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03173B25, Relevance: 6.0, APIs: 4, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031718F2, Relevance: 4.5, APIs: 3, Instructions: 26nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031732A8, Relevance: 3.0, APIs: 2, Instructions: 48nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031713A6, Relevance: 3.0, APIs: 2, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171288, Relevance: 3.0, APIs: 2, Instructions: 33librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03173D76, Relevance: 3.0, APIs: 2, Instructions: 28nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031748CC, Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 282registrymemorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03173DB5, Relevance: 25.8, APIs: 17, Instructions: 262timesleepfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0317238E, Relevance: 18.1, APIs: 12, Instructions: 98fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03172BA8, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 78registrymemorystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171863, Relevance: 12.1, APIs: 8, Instructions: 62fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0317163D, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03174221, Relevance: 9.1, APIs: 6, Instructions: 105threadsynchronizationinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171BCC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73processmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0317248C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03172F0C, Relevance: 7.6, APIs: 5, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171706, Relevance: 6.1, APIs: 4, Instructions: 107threadsynchronizationinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171DD6, Relevance: 6.1, APIs: 4, Instructions: 99registrysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03175002, Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031729A1, Relevance: 5.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0317437C, Relevance: 4.5, APIs: 3, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03173942, Relevance: 3.8, APIs: 3, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4F2BD0, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 105sleepCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0317471A, Relevance: 3.1, APIs: 2, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031734B5, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171499, Relevance: 2.6, APIs: 2, Instructions: 67memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031747D4, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031750AB, Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031728E2, Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171B4F, Relevance: 1.3, APIs: 1, Instructions: 50memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171000, Relevance: 1.3, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03173B8B, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 031725BB, Relevance: 1.3, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03171544, Relevance: 1.3, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 03173A8A, Relevance: 7.6, APIs: 5, Instructions: 59stringthreadtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03173C83, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03175269, Relevance: 3.0, APIs: 2, Instructions: 37nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03175588, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0317553C, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0317275E, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 108stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03172540, Relevance: 9.0, APIs: 6, Instructions: 40fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03174D20, Relevance: 7.6, APIs: 5, Instructions: 72fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03173766, Relevance: 6.1, APIs: 4, Instructions: 69fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03173A16, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 00277CF4, Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 549memorynativeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00293C40, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113nativeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00282930, Relevance: 7.0, APIs: 4, Instructions: 1000threadsynchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00280570, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 148nativethreadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0027E36C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0027E25C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029D6AC, Relevance: 1.6, APIs: 1, Instructions: 51nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0027B5BC, Relevance: 1.5, APIs: 1, Instructions: 30nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029AEAC, Relevance: 1.5, APIs: 1, Instructions: 30nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00276F60, Relevance: 7.7, APIs: 5, Instructions: 231threadinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002867C0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 127registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00290FB4, Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 002A07DC, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 311libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0028D3D0, Relevance: 3.1, APIs: 2, Instructions: 108threadinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00280C74, Relevance: 1.6, APIs: 1, Instructions: 142timeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0027AFEC, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0028DEFC, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0028B8C4, Relevance: 1.6, APIs: 1, Instructions: 55timeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029AC70, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0029BA38, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 007A7CF4, Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 549memorynativeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007C3C40, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113nativeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007B2930, Relevance: 7.0, APIs: 4, Instructions: 1000threadsynchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007B0570, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 148nativethreadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007AE36C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007AE25C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007CD6AC, Relevance: 1.6, APIs: 1, Instructions: 51nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007AB5BC, Relevance: 1.5, APIs: 1, Instructions: 30nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007CAEAC, Relevance: 1.5, APIs: 1, Instructions: 30nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007A6F60, Relevance: 7.7, APIs: 5, Instructions: 231threadinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007C0FB4, Relevance: 6.1, APIs: 4, Instructions: 145fileCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007B67C0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127registryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007D07DC, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 311libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007BD3D0, Relevance: 3.1, APIs: 2, Instructions: 108threadinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007BDEFC, Relevance: 1.6, APIs: 1, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007CAC70, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 007CBA38, Relevance: 1.5, APIs: 1, Instructions: 42COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 000002413CB12930, Relevance: 5.5, APIs: 3, Instructions: 1000synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002413CB23C40, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002413CB06614, Relevance: 1.6, APIs: 1, Instructions: 97registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002413CB01A84, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001EA04133C40, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001EA04122930, Relevance: 5.5, APIs: 3, Instructions: 1000synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001EA041267C0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001EA041407DC, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 311libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001EA04116614, Relevance: 3.1, APIs: 2, Instructions: 97registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001EA04111A84, Relevance: 3.1, APIs: 2, Instructions: 60registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 000001E766783C40, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001E766772930, Relevance: 4.0, APIs: 2, Instructions: 1000synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001E766766614, Relevance: 1.6, APIs: 1, Instructions: 97registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 00000209AC2D2930, Relevance: 5.5, APIs: 3, Instructions: 1000synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000209AC2E3C40, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000209AC2C6614, Relevance: 1.6, APIs: 1, Instructions: 97registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00000209AC2C1A84, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 000001598A093C40, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001598A082930, Relevance: 4.0, APIs: 2, Instructions: 1000synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001598A076614, Relevance: 1.6, APIs: 1, Instructions: 97registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 000001F9FF942930, Relevance: 5.5, APIs: 3, Instructions: 1000synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F9FF953C40, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F9FF936614, Relevance: 1.6, APIs: 1, Instructions: 97registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000001F9FF931A84, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 000002EEDF847CF4, Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 549nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF863C40, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF850570, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 148nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF84E36C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39memorynativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF84E25C, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF846F60, Relevance: 7.7, APIs: 5, Instructions: 231threadinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF852930, Relevance: 5.5, APIs: 3, Instructions: 1000synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF8567C0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 127registryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF8707DC, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 311libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF846614, Relevance: 3.1, APIs: 2, Instructions: 97registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF841A84, Relevance: 3.1, APIs: 2, Instructions: 60registryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 000002EEDF85B944, Relevance: 1.6, APIs: 1, Instructions: 107processCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 0090222C, Relevance: 22.8, APIs: 15, Instructions: 258memorylibrarynativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD2FE4, Relevance: 21.2, APIs: 14, Instructions: 218filememorytimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD12DC, Relevance: 9.1, APIs: 6, Instructions: 81nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00934048, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 226nativelibraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD1071, Relevance: 6.1, APIs: 4, Instructions: 79nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD3B25, Relevance: 6.0, APIs: 4, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD18F2, Relevance: 4.5, APIs: 3, Instructions: 26nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD32A8, Relevance: 3.0, APIs: 2, Instructions: 48nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD13A6, Relevance: 3.0, APIs: 2, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD1288, Relevance: 3.0, APIs: 2, Instructions: 33librarynativeloaderCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD3D76, Relevance: 3.0, APIs: 2, Instructions: 28nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009102C1, Relevance: 1.5, APIs: 1, Instructions: 33nativeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD3DB5, Relevance: 25.8, APIs: 17, Instructions: 262timesleepfileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091E42F, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 126memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD1863, Relevance: 12.1, APIs: 8, Instructions: 62fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091130E, Relevance: 10.6, APIs: 7, Instructions: 120memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD4221, Relevance: 9.1, APIs: 6, Instructions: 105threadsynchronizationinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD1BCC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73processmemoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD248C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD2F0C, Relevance: 7.6, APIs: 5, Instructions: 78COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00914F28, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 98registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD1706, Relevance: 6.1, APIs: 4, Instructions: 107threadsynchronizationinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00923928, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD5002, Relevance: 6.1, APIs: 4, Instructions: 64memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD29A1, Relevance: 5.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090F26D, Relevance: 4.5, APIs: 3, Instructions: 33COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD437C, Relevance: 4.5, APIs: 3, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00910891, Relevance: 4.5, APIs: 3, Instructions: 18memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD3942, Relevance: 3.8, APIs: 3, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD471A, Relevance: 3.1, APIs: 2, Instructions: 61COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD34B5, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009164DD, Relevance: 3.0, APIs: 2, Instructions: 27COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD1499, Relevance: 2.6, APIs: 2, Instructions: 67memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00921A69, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00905F8C, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00926A9A, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00926ABA, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00926AC4, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00926ACE, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090F2BB, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD47D4, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD25A6, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00912BEF, Relevance: 1.3, APIs: 1, Instructions: 59COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD50AB, Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD28E2, Relevance: 1.3, APIs: 1, Instructions: 56memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090A3A6, Relevance: 1.3, APIs: 1, Instructions: 49memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091B7D8, Relevance: 1.3, APIs: 1, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091530C, Relevance: 1.3, APIs: 1, Instructions: 47memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD1000, Relevance: 1.3, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009139CB, Relevance: 1.3, APIs: 1, Instructions: 45memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD3B8B, Relevance: 1.3, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD25BB, Relevance: 1.3, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02CD1544, Relevance: 1.3, APIs: 1, Instructions: 14COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0091D75A, Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 158memorystringfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091DABA, Relevance: 19.7, APIs: 13, Instructions: 234filesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00922672, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 97memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00921D74, Relevance: 10.6, APIs: 7, Instructions: 65threadprocesslibraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00914D8B, Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0092429A, Relevance: 6.1, APIs: 4, Instructions: 107fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090D948, Relevance: 6.1, APIs: 4, Instructions: 79nativeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00919FB5, Relevance: 37.1, APIs: 15, Strings: 6, Instructions: 377memorystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009205C3, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 217filememorytimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00913AF0, Relevance: 19.9, APIs: 13, Instructions: 394synchronizationthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00907395, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 76stringfilememoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090C1C7, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 113memorythreadstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00902C8F, Relevance: 16.7, APIs: 11, Instructions: 187synchronizationstringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090830C, Relevance: 16.6, APIs: 11, Instructions: 115registrythreadsleepCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00920E52, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 156memoryfilestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00918A82, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 102processstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00917118, Relevance: 15.2, APIs: 10, Instructions: 196memorystringthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090DB73, Relevance: 15.1, APIs: 10, Instructions: 109pipesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009178A6, Relevance: 15.1, APIs: 10, Instructions: 64sleepsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091683E, Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 173stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009108F1, Relevance: 13.6, APIs: 9, Instructions: 96filememorystringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090DA50, Relevance: 13.6, APIs: 9, Instructions: 82fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00909D60, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 128registryfilememoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091C871, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 82memoryfilestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091B9FC, Relevance: 10.7, APIs: 7, Instructions: 161memorythreadsleepCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009051D0, Relevance: 10.6, APIs: 7, Instructions: 144memoryregistryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00905DC2, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 125memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00904788, Relevance: 10.6, APIs: 7, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009155C2, Relevance: 10.6, APIs: 7, Instructions: 110memoryfilestringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009078EA, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00925289, Relevance: 10.6, APIs: 7, Instructions: 91memorystringsynchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009111BD, Relevance: 10.6, APIs: 7, Instructions: 89memorystringpipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009067BB, Relevance: 10.6, APIs: 7, Instructions: 89filesynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091F019, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87memoryfilestringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091BE12, Relevance: 10.6, APIs: 7, Instructions: 85registrylibraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00902886, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00918C11, Relevance: 10.6, APIs: 7, Instructions: 62memorystringthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00925576, Relevance: 10.6, APIs: 7, Instructions: 62memorysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090F4E4, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 59stringtimeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00916AF3, Relevance: 9.2, APIs: 6, Instructions: 189memorystringthreadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091B3A8, Relevance: 9.1, APIs: 6, Instructions: 123threadsynchronizationinjectionCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00919B72, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 148registrysynchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091CC2A, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 137timeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00901778, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106memorystringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00903C99, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091F108, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80memorystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009254D2, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63memoryregistryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091C601, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41memorystringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00901E22, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 33memorystringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00921400, Relevance: 7.9, APIs: 6, Instructions: 401COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090881F, Relevance: 7.6, APIs: 5, Instructions: 127COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00918F0A, Relevance: 7.6, APIs: 5, Instructions: 122memoryregistrysynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00918CB2, Relevance: 7.6, APIs: 5, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00909F36, Relevance: 7.6, APIs: 5, Instructions: 78sleepCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009189AB, Relevance: 7.6, APIs: 5, Instructions: 76stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0092577E, Relevance: 7.6, APIs: 5, Instructions: 72fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0092113A, Relevance: 7.6, APIs: 5, Instructions: 67threadCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00907476, Relevance: 7.6, APIs: 5, Instructions: 67memorysynchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090301F, Relevance: 7.6, APIs: 5, Instructions: 62memorystringtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00908954, Relevance: 7.6, APIs: 5, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090B70C, Relevance: 7.5, APIs: 5, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00922BBA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091F1F7, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009132E6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55memorystringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009180EB, Relevance: 6.3, APIs: 3, Strings: 1, Instructions: 262memorystringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00922DA8, Relevance: 6.2, APIs: 4, Instructions: 192COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00903793, Relevance: 6.1, APIs: 4, Instructions: 113COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00917637, Relevance: 6.1, APIs: 4, Instructions: 108threadsynchronizationinjectionCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00901FBF, Relevance: 6.1, APIs: 4, Instructions: 108synchronizationCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091154B, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 103stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091CE80, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 97memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00909C75, Relevance: 6.1, APIs: 4, Instructions: 78threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00902F15, Relevance: 6.1, APIs: 4, Instructions: 77stringCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00925B50, Relevance: 6.1, APIs: 4, Instructions: 75COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091BC72, Relevance: 6.1, APIs: 4, Instructions: 75stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009068BF, Relevance: 6.1, APIs: 4, Instructions: 74memoryCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091CDCC, Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009063DB, Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090F378, Relevance: 6.1, APIs: 4, Instructions: 66stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00906976, Relevance: 6.1, APIs: 4, Instructions: 59stringthreadtimeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00921C2C, Relevance: 6.1, APIs: 4, Instructions: 54memorystringtimeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00913491, Relevance: 6.0, APIs: 4, Instructions: 49sleepCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00921CB5, Relevance: 6.0, APIs: 4, Instructions: 41filestringsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090A01A, Relevance: 6.0, APIs: 4, Instructions: 39filesynchronizationpipeCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00905A0A, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 39stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00921BAD, Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 39memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00901505, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134memorystringCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00918803, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0091B1FE, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0092537C, Relevance: 5.1, APIs: 4, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009186E7, Relevance: 5.1, APIs: 4, Instructions: 106COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00907B46, Relevance: 5.1, APIs: 4, Instructions: 76COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009038D7, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090711B, Relevance: 5.1, APIs: 4, Instructions: 64COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |