Analysis Report fc0bc077_by_Libranalysis.dll
Overview
General Information
Detection
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Dridex |
---|
{"Version": 40112, "C2 list": ["193.200.130.181:443", "95.138.161.226:2303", "167.114.113.13:4125"], "RC4 keys": ["MqW38NQIO70GhjGOOvjtl5AwyenW6A8fcZ", "xeMr6QHn7uRk1D2ChU8OuyaRFUZJZZHUIgxCzaPXtOkjmhTMtNxfWU8nlnD7q009ahEI51R1"]}
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
SUSP_WER_Critical_HeapCorruption | Detects a crashed application that crashed due to a heap corruption error (could be a sign of exploitation) | Florian Roth |
| |
SUSP_WER_Critical_HeapCorruption | Detects a crashed application that crashed due to a heap corruption error (could be a sign of exploitation) | Florian Roth |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
Click to see the 1 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
JoeSecurity_Dridex_1 | Yara detected Dridex unpacked file | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | IPs: | ||
Source: | IPs: | ||
Source: | IPs: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Dridex unpacked file | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 4_2_10001494 | |
Source: | Code function: | 4_2_1000846C | |
Source: | Code function: | 4_2_1000A52C | |
Source: | Code function: | 4_2_10011D58 | |
Source: | Code function: | 4_2_10019348 | |
Source: | Code function: | 4_2_10010754 | |
Source: | Code function: | 4_2_100090CC |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | |||
Source: | File read: | |||
Source: | File read: | |||
Source: | File read: |
Source: | Process created: |
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 4_2_1000F6CD |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion: |
---|
Tries to detect sandboxes / dynamic malware analysis system (file name check) | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 4_2_10006D50 |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 4_2_10006D50 |
Source: | Code function: | 4_2_10006D50 |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection11 | Virtualization/Sandbox Evasion11 | Input Capture1 | Security Software Discovery11 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection11 | LSASS Memory | Virtualization/Sandbox Evasion11 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information2 | Security Account Manager | Account Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Rundll321 | NTDS | System Owner/User Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing3 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery11 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | Metadefender | Browse | ||
30% | ReversingLabs | Win32.Trojan.Wacatac | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen2 | Download File | ||
100% | Avira | TR/ATRAPS.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen2 | Download File | ||
100% | Avira | TR/ATRAPS.Gen2 | Download File | ||
100% | Avira | TR/ATRAPS.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/ATRAPS.Gen2 | Download File | ||
100% | Avira | TR/ATRAPS.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
167.114.113.13 | unknown | Canada | 16276 | OVHFR | true | |
95.138.161.226 | unknown | United Kingdom | 15395 | RACKSPACE-LONGB | true | |
193.200.130.181 | unknown | unknown | 42960 | CLOUD-MANAGEMENT-LLCUS | true |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 404283 |
Start date: | 04.05.2021 |
Start time: | 21:42:23 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 37s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | fc0bc077_by_Libranalysis.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal76.troj.evad.winDLL@23/24@0/4 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
167.114.113.13 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
95.138.161.226 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
RACKSPACE-LONGB | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
OVHFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12698 |
Entropy (8bit): | 3.7729930672976533 |
Encrypted: | false |
SSDEEP: | 192:ieiM0oXORH4+V/Ojed+DgR/u7sBS274ItWcq:7iKXOh4+VGjed/u7sBX4ItWcq |
MD5: | 26D2C96778ACD61D9780C4EBC68E166F |
SHA1: | 26B7461B9FB449D28ECD6DDE7E99DE8AE63C5BBE |
SHA-256: | C4CFF568547C8FEA55F6542B714C6FDBC188903C03D8EAB5B2A35C3103BD095A |
SHA-512: | FA9C76A6E32A929A88F3B4DE1055A028A91617829A2F6F72E612A9BA8F857E8DE210406A9A6CB94A5AC04A20DB23BF7F7C257DDA1B5999489954E706A9963101 |
Malicious: | false |
Yara Hits: |
|
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12696 |
Entropy (8bit): | 3.774323540979425 |
Encrypted: | false |
SSDEEP: | 192:3FiB0oXmRH4+V/Ojed+DgR/u7sQS274ItWc8:VivXmh4+VGjed/u7sQX4ItWc8 |
MD5: | 0C20D6700D4FDF6471A54E7946F4CA18 |
SHA1: | D963D50A85003F2E41F000D70C816ADDEA69868A |
SHA-256: | BD244616AF0012F8328FADB035BEDD3A0514480F6B8B391B3FA59F143DF325E0 |
SHA-512: | 713D98A0AFD2F9DCF28BD48D1328D7477233CE305388615DF42AA8491DE750CE13AF5F8705941975A2CBE40D6D3D092571C45A03A71B2B4A31D6AEEB1262763E |
Malicious: | false |
Yara Hits: |
|
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12770 |
Entropy (8bit): | 3.7728479326199715 |
Encrypted: | false |
SSDEEP: | 192:83Prim0oXTHBUZMX4jed+DgR/u7sQS274It7ch:OriAXTBUZMX4jed/u7sQX4It7ch |
MD5: | AFC7551E811E97D4890917F0725F1135 |
SHA1: | ED63C72EE8C1309A591CCF3CDC5A5332F85E6611 |
SHA-256: | 55ACE0B113C0EABD560D6E4668688CD71A30B75590AB9DBAD10CA315AC77A76C |
SHA-512: | 5392B7C52AF1C27897AA46975DFD75719BD67FDAFA1F38887C623F82E16ADF9D6521493C5A97F1C7FF55A2767F157B3C345DAD95844E42D89AEFDF1B7A5C5B1B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12682 |
Entropy (8bit): | 3.769413043333247 |
Encrypted: | false |
SSDEEP: | 192:9SVi7K0oXN3xHBUZMX4jed+DoR/u7sQS274ItWcX:QViAXLBUZMX4jeF/u7sQX4ItWcX |
MD5: | 9440EA7972766E07CD1327E19C1C247B |
SHA1: | 088A04CA3B6C73A3D7650AB92F6597FFEE89EAF1 |
SHA-256: | 6DEBE33DDFC65B62A5BD2DA29535905133645514D1E48AFC89ECF593E9604E10 |
SHA-512: | 40EEF3E0A6B4115B94C490CA3F0A145F78DC65805BBADAF48B9DC31712F0682E1E8D116EE0908BEEBC3821917C74B67AECA3267F894AF96EA8AD4746380D91B6 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12680 |
Entropy (8bit): | 3.768900346517595 |
Encrypted: | false |
SSDEEP: | 192:IUmix0oX9k3HBUZMX4jed+DgR/u7sQS274ItWcl:jmi/XOBUZMX4jed/u7sQX4ItWcl |
MD5: | A12EAA04D0506870309C2F7138A98AA0 |
SHA1: | 9114AE848AE88603BEDDF06398424E3C67DC29D1 |
SHA-256: | 9333B076D9AF6EEBF65B397A53CB3F4BA49336735C8F231FD57A39D8A02369AA |
SHA-512: | F18D88FEC310B7F7401FCF5A32931B5D64CBCCEA3200D082774B33EE49C7EB6D3CC38EF3F2C94D292DB2C4B705799A6A03C8E6918CC70C13BD2DFDC8E3C8B5AB |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12856 |
Entropy (8bit): | 3.7590354861574173 |
Encrypted: | false |
SSDEEP: | 192:dHip0oX0FHVzOMjed+Do8/u7sBS274It7cp:dHiHXOVzOMje4/u7sBX4It7cp |
MD5: | AC6564A38DA01ECB0BE197ACA75CD794 |
SHA1: | 4F9E50FE2F686FE00F5BC846E4ECBB0A54A25B56 |
SHA-256: | FEFC9EC2AFAB62C5624F71587E383BC844E40ECACD6DFEAEF114ADA2F90EB0D8 |
SHA-512: | EE4010567180A83E2EEFDCBEB12496BB177EFF8B923195D8B556D66D3ED4039353F07020D140717CB3938DB14BB50DBA109EF1E64A0797FFCB39ACB937232421 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46968 |
Entropy (8bit): | 2.3180308197716517 |
Encrypted: | false |
SSDEEP: | 192:iLSUC4DSyUldBW8SqnEaBqAWVbvU2ZHutLribZE5nM7:Py+dI8iuqlbvPYrkUM7 |
MD5: | FD6A5D857A265F140C64A8EC4401E76E |
SHA1: | 5BA50E56C090A014951E2CCF09294481C9BBD72F |
SHA-256: | 35DE6FA92055213621668CADD243C03859D628519623732D27D023B32C2E0E9A |
SHA-512: | 408CD84742B203FD055FE55327CEC85B87E6AEA73768BFDB67CAD660F724D9CCFC44B802F0E934A05DD105979BD87563D1AD95D377BEA32103ED98EBD773BD8B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46328 |
Entropy (8bit): | 2.2818682712438516 |
Encrypted: | false |
SSDEEP: | 192:5JTH8y+r0xjdDU6zgPCEaBqAWVbvSoDsuNRvt8rWnUa:wy+kd2nuqlbvFTRv6WB |
MD5: | 89E785F7C61BF264942ABCD23B3CDE58 |
SHA1: | 950214BA1EBBA19EF1A91499F317E00FEAF1E351 |
SHA-256: | FDD192D0CF9CC7BFDB7F1B06256498FC87F02B6FDE3DCC8E114C6246852EF1B4 |
SHA-512: | 6DFD762243E120D6AC71A5D0FD257AFAE44D74956F146E6443200ABA5B64C9C9341665B5BFD9C69B1E661644295498ED1A96610E09B52E58FC7A03957C9C25E0 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 48188 |
Entropy (8bit): | 2.1711333233485948 |
Encrypted: | false |
SSDEEP: | 192:vYpWqB8r1dnKLnHH3AY/mGvIoEaBqAWVbvhi2QV9Jx6PnQSKcnv:pqWr7cn3AYOGQ5uqlbvhsJsQSrv |
MD5: | 128F18CD712C2AE70EBDC763040B46DB |
SHA1: | 3A74DA025DDE09F7299EF3FA65C0C1D890A0B1D4 |
SHA-256: | D5F9926551CEFB9ABE055F3C985AAE2666881D2FB177332BD9E452FAB62D5C30 |
SHA-512: | 5D17EA7BDEF9F36FD447DBBD49E8C0021C950E02CA5133893A1352A739BFDCFC29D731B87144D94D8BE5FC5328E63FDF91F320574E33AFDE233CC1FE33B3BE7B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39596 |
Entropy (8bit): | 2.4898563574167345 |
Encrypted: | false |
SSDEEP: | 192:Cbvk0B1zS7UKocLM/7VrGrt/WQ9M6BMPei:Cw024OCKT99Bcei |
MD5: | F61221EE7B709FA21CDE8D6C40CBAE44 |
SHA1: | AB4EE081228AB2899833E913571709644087B816 |
SHA-256: | 001AA7F47984E90637B69CD29C894A971F7150EC101187527B1FAEECE198163C |
SHA-512: | 42274DA99FB2828138016888BF6B9DC5ADBD17E92D0023BE7E5A557C55141A8EC5A6CCCD80876BA97560199CAF6CA80918B14F46241F1F59B945783546F54C23 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8328 |
Entropy (8bit): | 3.7028798362459625 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi/d616YBAJ6VC1gmfTHPSXeCpru89bnTsfetm:RrlsNil616YBe6VC1gmfTHPSxn4fV |
MD5: | 0EF96EFA460D69819DF04855A0C83953 |
SHA1: | A0896DBDD1F257A071476BD98B8B4C0E69B334D7 |
SHA-256: | B5B3E798C971E181F0E958A884E2C736EDFD4C9558FF893DA0765B3862CCBFCC |
SHA-512: | 306822950855FE89F6CD7132AA20BB60A3BEB7892BB39262FD418ED75382274744526F2A5610F9A07018374370A6CD1C8817D4464C8D52F5E20B696ACB4BA90B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8314 |
Entropy (8bit): | 3.6953779035389136 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNixG6qE6YBAP6VC1gmfTGGSwCpr+89bIzsfhA4m:RrlsNig6B6YBY6VC1gmfTRSPIYf8 |
MD5: | F75236C3A579EED761F0E10030B6E27A |
SHA1: | 8A1121F50A9FBA4881EA20F2899CF22872E80479 |
SHA-256: | 0AB3BC6F3164430D89874CED4717C6472E657A13B39B80FBF2C34E1DABF5CCAC |
SHA-512: | C5E7213A174DA90E324752406588C9A904F5FFF0ACB11DE815B14F38C9CE3837C933B95EC17EC0A7E50334821D86251783E7A321ABBE7C9D4AF8F53F61F603E9 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4679 |
Entropy (8bit): | 4.5104481865614465 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zstJgtWI9n/WSC8B78fm8M4JCdsrZFydN+q8/3URlv4SrSkd:uITfHUuSNqJpev7DWkd |
MD5: | 4ABE9138941AF30891290FAE0515DB9B |
SHA1: | A83B7E57EB58CE42EC65E383DC579DA7C3ECE6CF |
SHA-256: | 1E4CF4BE3C12082489172157059442B2615425256D366FBD643170CABAC477D2 |
SHA-512: | 39FF5C1DD408E065ACE7F7CEBBF5CE2671147BDEB7A05D7038B62AA8E64BAC4DBDB7E712AE65D1AC18F1C73FA965D92D45157526E0D3406D45AA652FA9EBBD3E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4665 |
Entropy (8bit): | 4.475614910572437 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zstJgtWI9n/WSC8BM8fm8M4JCdskN4xFIwb+q8/9NGnuv4SrS2d:uITfHUuSNXJ2N40mmNGSDW2d |
MD5: | 4846F50F872E4A8AA53D571CEECD559F |
SHA1: | EC8F2D321F6EE4FEE864F21ECE27F9E8CDB1FF99 |
SHA-256: | 8CB133E033F854D6FBE136B2D89A52FB3EEB13F71CBC659B5C83D002FBB255AC |
SHA-512: | DD1E51E1A5CA7A22796A9A96EC99C0E17337F91620A6A8C0DC348D4471F4A97821824483C781AE31DA73078691CA20AE9CBD6CA73B8878B31529B7A6B3632330 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8382 |
Entropy (8bit): | 3.697021584652469 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNimi6Z6YBAT6VC1gmf8eSwCpr189bIFsfC4m:RrlsNi76Z6YBk6VC1gmf8eS6Iefc |
MD5: | 7EF2060332D0A5610A3207C565CC2D64 |
SHA1: | BD9CFDCD2D9F6752B026604A60EDCF857EB574C0 |
SHA-256: | 06662A694D2C443D43AE0553CECF3D8781C97A5403024214A993F5EDE548D4FA |
SHA-512: | FE5BC54CAE83F064681EC9403C23088F829D9438ED5675DF4226B69D497059732623F3E79C1CA858F028F1DB76CA85A4D42CC19D8E788BD5BAB2AC80F595B82D |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8314 |
Entropy (8bit): | 3.6958368096956407 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiVMj6936YBAT6VC1gmfTGsSwCpru89bIWsfIT4m:RrlsNiC6N6YBk6VC1gmfT3SvI1fIZ |
MD5: | E13F9F0460180CF911320252CE6CF9C0 |
SHA1: | 1856F05EB0387E3A21BC61D0FF209010AFE0342C |
SHA-256: | CFA8BEC43BE69FF45D5DCB11A9F35035D66D0A0C1A4A0FD7E678B6EA0B39C779 |
SHA-512: | 7DA3B9BCA9ACAEDC29CFBBEB511301C9DC9CD9AFA7EC652CE21CF48884782C156A59CF607D52C4096A32D3EE8477E47541C8DF8003868F36B86629453BA79E7B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4770 |
Entropy (8bit): | 4.485189072854489 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zstJgtWI9n/WSC8BD8fm8M4JCds0MFK+q8vjs0f4SrS5d:uITfHUuSNCJyjKtfDW5d |
MD5: | 76F4C198B2027A56FDE3377775B02D6A |
SHA1: | EB9A75DD8E34CBC8B6FF8C4335490FE33A1C813B |
SHA-256: | A979FEE51D81CB7B0F8A16EF2675F414286E0BE4A7CE12C2D22EA6F2BED0D8EA |
SHA-512: | F9B64331EFAD0E153309EA056E2B0435AFCDB11C24C067073DB16E1F2600788E0F0E39E291B900E9DC83DBEA0C207E6F4B310724F4D8B446493D9A5F06310EBC |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4665 |
Entropy (8bit): | 4.47479950329589 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zstJgtWI9n/WSC8Bb8fm8M4JCdskN4lFi+q8/9NGPGk4SrS6d:uITfHUuSNCJ2N4CmNGtDW6d |
MD5: | 3134EDDD2FDD88A1D65DB9756C231EB8 |
SHA1: | 7660D8D31893A8C6AAE866B4909CC79928B451F7 |
SHA-256: | 88F009E69E0E5966A9F26A35F46D57A07C92C907F7723946097FE0714C1E8078 |
SHA-512: | 910BAB55C74041FDB6016F9BF7F2F38AAE0A4F2EA2EB70E68BBE2969363BC2E3EE3052AAA376E6CC3527031A8DB11465DEF8EB40A72E0FB7055D6BB892DCCF48 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46648 |
Entropy (8bit): | 2.4535395835887615 |
Encrypted: | false |
SSDEEP: | 192:9umavpqvZkOvC3hcnoZofEaBqAWVbvx2p5R+6J86cndbpU:ivMRd67ruqlbvQJJ2DU |
MD5: | 7AE3527170E540035BDD93E0EE31C096 |
SHA1: | 14A3BA01D791E538CDF6845415F8D025C89C4931 |
SHA-256: | A31507D3C30BE23DCC3FD2163DAC1DDD8A885372CDA1371D70155DE170E41007 |
SHA-512: | 4C9E6C15030CE194524D6806935938F0194CBA2CB0C41D1A29EE6B3AED10DBB93FB84853C3463DB20F15269390B1E93F55F5F9E802C6E8FC5E24737E08DA687F |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8308 |
Entropy (8bit): | 3.702193352850464 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiJP6P6YBVq62lgmfTHPSXeCprN89bOQsf5am:RrlsNiB6P6YBo62lgmfTHPScOjfF |
MD5: | 5B80932A4AC95EB65E3ACA9DDA87E718 |
SHA1: | 9B9BE79028FC60FFDC206B5D68ABBAEF95FD33ED |
SHA-256: | D65FC1C0C6358462EB3491E6D175B3C590390198D602F9DE58A29DAE9B84F815 |
SHA-512: | AFBDFAB58086D61B8745AA988629588E08E93DAF3F98771AB9EB02BFDCF64A2AA2381B166407BED1DBAFCCE10B0AD8DF401AC81371E72CAFA0D96072073A91D4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4679 |
Entropy (8bit): | 4.510648672121708 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsEJgtWI9n/WSC8BY8fm8M4JCdsrZFE+q8/3UM4SrSH1d:uITfCUuSNTJpovMDWH1d |
MD5: | 3D916DD79CDE1C883423BD9B839B953F |
SHA1: | 62CA53FF330706120B5519B143FCEC7BD6DB4247 |
SHA-256: | 681344A6C49F9419C18BD31836A0B7D655253DE18874C3B9AE80054B0E2CE14D |
SHA-512: | A97E39D45F37CA5D0EDD5854C1442002588F8C17923BC63537C92D0A41E06208A81BFCB0B760003E16822B918046947B4026EF01DD7BF70EFC01B8070386D2F0 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55668 |
Entropy (8bit): | 2.2904308539354665 |
Encrypted: | false |
SSDEEP: | 192:y+zeWh19dnkac2JDEj1aI/980h3AMCCcDqiSP3FjYZdIhZ0ynImBo2uPzhcB:pzeWldFcC0w6mGCE5P5YZi9XxubyB |
MD5: | E34E085293DC18A24A3DDC8F35287D65 |
SHA1: | 28270F46B36994AC7DF344FEFAB8642DE830AB19 |
SHA-256: | 7BB4A909167FB906A87CDE2A234E95186ABD940C21F9BFA7844C38AF1B2B02FF |
SHA-512: | 682AFA5F0552E934EC6E8FC90607E02354376166296FE80E9C35004F2721BB6F45F34469316F9EF0AA5A3A26C9D35073EDB092883A62C9AEE6BD6AE1CB0F7C19 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8380 |
Entropy (8bit): | 3.6919968957861586 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNind606YBAV6L6Cdgmf8GHS7CpBg89b7XsfFpm:RrlsNid606YB66WCdgmf8USM7cfC |
MD5: | 4D4A7E4D09FAA799E97D6176C63AE803 |
SHA1: | E0BC1FD43A1BF867A6102731AAEEFDB0A7FE95D8 |
SHA-256: | FE002D89650D220CD275724E3C7982D0B82FA48C3DA934A67DA7CF5F00C36815 |
SHA-512: | 4DB6A8811591527BEA21D2AB760DFD25405436599894AA0920D4E04F8D888113C5202A293C3FDFA09B1D0E3F196CBC4933E0F1DE7ADA46468213282E9C9259A5 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4766 |
Entropy (8bit): | 4.458276862803724 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsEJgtWI9n/WSC8Bh8fm8M4JCdskN4fFApF+q8vjskN4T4SrSCd:uITfCUuSNsJ2N4KfKrN4TDWCd |
MD5: | 0A2B816991697FE1C620267C2B0C607A |
SHA1: | 9A1F08BA075938CADB65A79F3ADD7F34875D86B5 |
SHA-256: | BF2E2E4527DC9096AAF9EE9856E38D289EDFF1F72CE97F6E55B9E7B03DED5413 |
SHA-512: | 2DB64775768B9E633663A98263550F1583C0D72257FAE05A7AB34E56FEB9237B903C5731B9714C431026FE5AFCEDDC9DF2025E39C5348F3A6D7E8964D6D4A3FD |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.53604314211802 |
TrID: |
|
File name: | fc0bc077_by_Libranalysis.dll |
File size: | 164864 |
MD5: | fc0bc07721ce94bc9b100e7c846a1210 |
SHA1: | 2d98f05fb78cd75bb44a0087bead8c1604545d07 |
SHA256: | e707edac036a1a2d08b746c6a50ac0f0e2b1ba1c2668aadf87ea11b666b0eb28 |
SHA512: | 148d0dbd3b2cfa7a9182f073e13a83bbbf5cbce934b04366b539799007df341bf953308647f0bee16e351b3716f25e4e10c349dfda5bae70ded3cae208621b35 |
SSDEEP: | 3072:sC2X+QFg3UutDvUvoU8pz6EJEEhu6Tzace9kuaGA81/YXKHML/Vp8AF:MG3rUvoU4JE/Wzan9T7B/CKsL/Vy |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.%.0zK.0zK.0zK.0zJ.}{K...3..{K.....P{K...3..zK.V....zK...1..{K......zK.Rich0zK.........................................PE..L.. |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x100241a0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x60903ADD [Mon May 3 18:03:09 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | f108efab351dd21acb187c36805c5bbe |
Entrypoint Preview |
---|
Instruction |
---|
mov edx, eax |
xor eax, eax |
add eax, 00002233h |
cmpss xmm1, xmm2, 03h |
sub eax, 00002233h |
mov edx, 00000000h |
mov edx, 00000000h |
mov edx, 00000000h |
mov edx, 00000000h |
mov edx, 00000000h |
mov edx, 00000000h |
cmpss xmm1, xmm2, 03h |
cmp eax, 01h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
mov eax, 00000000h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x27730 | 0x55 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x27804 | 0x59 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2c000 | 0x3a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2d000 | 0x1220 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x10018 | 0x38 | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x25000 | 0x60 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x23322 | 0x23400 | False | 0.759010693706 | data | 7.5511794748 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x25000 | 0x2e39 | 0x2c00 | False | 0.770774147727 | data | 7.47865520081 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.pdata | 0x28000 | 0x336c | 0x1800 | False | 0.78564453125 | MMDF mailbox | 7.42299069747 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x2c000 | 0x48c | 0x400 | False | 0.4091796875 | data | 3.06807977608 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x2d000 | 0x258 | 0x400 | False | 0.5263671875 | data | 4.16057022331 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x2c060 | 0x33c | data |
Imports |
---|
DLL | Import |
---|---|
msvcrt.dll | memset |
ADVAPI32.dll | RegOverridePredefKey |
ole32.dll | CreatePointerMoniker, CreateStreamOnHGlobal |
USER32.dll | TranslateMessage |
OPENGL32.dll | glTexSubImage1D |
KERNEL32.dll | CloseHandle, OutputDebugStringA, LoadLibraryExW, CreateFileW, GetProfileSectionW, LoadLibraryW, GetProfileSectionA, OpenSemaphoreW |
RASAPI32.dll | RasGetConnectionStatistics |
CLUSAPI.dll | ClusterEnum |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
LoxmtYt | 1 | 0x10027776 |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright 2018 |
InternalName | j2pcsc |
FileVersion | 8.0.1710.11 |
Full Version | 1.8.0_171-b11 |
CompanyName | Oracle Corporation |
ProductName | Java(TM) Platform SE 8 |
ProductVersion | 8.0.1710.11 |
FileDescription | Java(TM) Platform SE binary |
OriginalFilename | j2pcsc.dll |
Translation | 0x0000 0x04b0 |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2021 21:43:07.290054083 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:07.340730906 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:08.356738091 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:08.410634995 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:08.711296082 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:08.771044970 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:09.556556940 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:09.621206999 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:10.489531994 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:10.539915085 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:11.973864079 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:12.027225018 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:13.452745914 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:13.501549006 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:14.552916050 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:14.602003098 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:15.522281885 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:15.570959091 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:45.853096008 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:45.936233997 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:58.366470098 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:58.420455933 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:43:59.903868914 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:43:59.963656902 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:44:01.529102087 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:44:01.580902100 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:44:01.986046076 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:44:02.046535969 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:44:04.101972103 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:44:04.158121109 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:20.032542944 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:20.107333899 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:20.127286911 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:20.158092022 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:20.577899933 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:20.637445927 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:21.121624947 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:21.155797958 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:21.170548916 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:21.214432001 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:21.667354107 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:21.725111961 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:22.202001095 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:22.208492994 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:22.250680923 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:22.260543108 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:23.365561008 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:23.380847931 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:23.429649115 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:23.430177927 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:23.492109060 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:23.549302101 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:23.920649052 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:23.966571093 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:23.981606007 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:24.023734093 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:24.175579071 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:24.226135015 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:24.973644972 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:25.030881882 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:25.818038940 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:25.878962040 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:26.423403978 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:26.480717897 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:45:27.331106901 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:45:27.382663965 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:46:02.031594992 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:46:02.091624975 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:46:09.996799946 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:46:10.050515890 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
May 4, 2021 21:46:22.169416904 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
May 4, 2021 21:46:22.219254971 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 4, 2021 21:45:20.127286911 CEST | 8.8.8.8 | 192.168.2.3 | 0x80ed | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
May 4, 2021 21:45:20.637445927 CEST | 8.8.8.8 | 192.168.2.3 | 0xe98c | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
May 4, 2021 21:45:21.214432001 CEST | 8.8.8.8 | 192.168.2.3 | 0x72fd | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
May 4, 2021 21:45:21.725111961 CEST | 8.8.8.8 | 192.168.2.3 | 0x16d1 | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
May 4, 2021 21:45:26.480717897 CEST | 8.8.8.8 | 192.168.2.3 | 0x568 | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 21:44:06 |
Start date: | 04/05/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x190000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:44:06 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbd0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:44:06 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:44:06 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 21:44:50 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa80000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:44:53 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa80000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:44:55 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 21:44:55 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 21:44:56 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 21:44:57 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 21:44:57 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1c0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 21:46:10 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa80000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 21:46:10 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa80000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 21:46:11 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa80000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 21:46:11 |
Start date: | 04/05/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa80000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0137193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
C-Code - Quality: 42% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
C-Code - Quality: 32% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 78% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10011D58, Relevance: .3, Instructions: 282COMMONCrypto
C-Code - Quality: 89% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 10006D50, Relevance: .0, Instructions: 36COMMON
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1000C218, Relevance: 5.1, Strings: 4, Instructions: 53COMMON
C-Code - Quality: 83% |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0322193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
C-Code - Quality: 42% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 02CD193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
C-Code - Quality: 42% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Executed Functions |
---|
Function 02BE193D, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 219memoryCOMMON
C-Code - Quality: 42% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|