Analysis Report 6a76e615_by_Libranalysis
Overview
General Information
Detection
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"lang_id": "RU, CN", "RSA Public Key": "0dnHb74sj6Vx8GWJZBcafw3TO76HRXTw2xAvtE4gwa2PPH4GC1bS9ornclyyR+kRMdKgigemv76+jMpuzK3GsVW4bUgIZu1wJsCbeT1jaF5kC+5Z1C6WwhCeQEfIn0dyGjO5mUnASq25O8pDwp1usOwI+ce4E6YjxyGNet+kZTTTWPAfmqhY/oVc/59pNJ4uEqRk+ADd1TNfgLrsg26xKI43EH4hpRNWFYgPpsuKC3cgm4UuNnw6ui0jM0gK2wq0zUZ26PkDxSML25mcd8d1kiSEwdUG+0E4a6rwpbhziJ3p5LrDu62+TdIp8Qd07baMfJt0/+VaossEzWbTvcs7R5oksEG/YD69/WtOVAIlyO4=", "c2_domain": ["green.salurober.com", "frm.mironeramp.com", "chat.billionady.com", "app3.maintorna.com"], "botnet": "5500", "server": "580", "serpent_key": "vTK10R2O25XUrTRW", "sleep_time": "10", "SetWaitableTimer_value": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 8 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 0_2_6E1D1B89 | |
Source: | Code function: | 0_2_6E1D18D1 | |
Source: | Code function: | 0_2_6E1D2485 | |
Source: | Code function: | 3_2_6E1D2485 |
Source: | Code function: | 0_2_6E1D2264 | |
Source: | Code function: | 0_2_6E219FB0 | |
Source: | Code function: | 0_2_6E204C10 | |
Source: | Code function: | 0_2_6E2384F0 | |
Source: | Code function: | 0_2_6E21AD90 | |
Source: | Code function: | 3_2_6E1D2264 | |
Source: | Code function: | 3_2_6E219FB0 | |
Source: | Code function: | 3_2_6E204C10 | |
Source: | Code function: | 3_2_6E2384F0 | |
Source: | Code function: | 3_2_6E21AD90 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_6E1D1F31 |
Source: | Static PE information: |
Source: | Code function: | 0_2_6E1D2209 | |
Source: | Code function: | 0_2_6E1D2263 | |
Source: | Code function: | 0_2_6E2A36DE | |
Source: | Code function: | 3_2_6E1D2209 | |
Source: | Code function: | 3_2_6E1D2263 | |
Source: | Code function: | 3_2_6E2A36DE |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_6E203B20 |
Source: | Code function: | 0_2_6E1D1F31 |
Source: | Code function: | 0_2_6E2A1A61 | |
Source: | Code function: | 0_2_6E2A159E | |
Source: | Code function: | 0_2_6E2A1997 | |
Source: | Code function: | 3_2_6E2A1A61 | |
Source: | Code function: | 3_2_6E2A159E | |
Source: | Code function: | 3_2_6E2A1997 |
Source: | Code function: | 0_2_6E203B20 | |
Source: | Code function: | 0_2_6E1FB460 | |
Source: | Code function: | 3_2_6E203B20 | |
Source: | Code function: | 3_2_6E1FB460 |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6E1D1566 | |
Source: | Code function: | 0_2_6E1FB300 | |
Source: | Code function: | 0_2_6E225D90 | |
Source: | Code function: | 3_2_6E1D1566 | |
Source: | Code function: | 3_2_6E220AD0 | |
Source: | Code function: | 3_2_6E1FB300 | |
Source: | Code function: | 3_2_6E221380 | |
Source: | Code function: | 3_2_6E220790 | |
Source: | Code function: | 3_2_6E220FD0 | |
Source: | Code function: | 3_2_6E225D90 | |
Source: | Code function: | 3_2_6E2211F0 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_6E1D17A7 |
Source: | Code function: | 0_2_6E1D146C |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | Path Interception | Process Injection12 | Masquerading1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection12 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Security Software Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Rundll321 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery24 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | Virustotal | Browse | ||
30% | ReversingLabs | Win32.Worm.Cridex |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
green.salurober.com | 34.86.224.8 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
34.86.224.8 | green.salurober.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 406107 |
Start date: | 06.05.2021 |
Start time: | 18:34:02 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 50s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 6a76e615_by_Libranalysis (renamed file extension from none to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal88.troj.winDLL@10/22@1/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7743734001829912 |
Encrypted: | false |
SSDEEP: | 192:rBZGZS2TWNTtN8dfNCmhoMqZiFJJQWAiB:rHiRqrWVRhtqZiDJQWAU |
MD5: | 329C5791845991B14F943D8704DAA0B1 |
SHA1: | A5036FCA30ED9F659CEE09B08AB123268F806DE3 |
SHA-256: | A0D15FDADBB9DDE434EAC1B63B7CDE1DC482974FB00D2641A76A3F74A1418BFE |
SHA-512: | D082ADF307C43ED9EEFE1CF5642CEBD871939C3E45AFCF39C7DFF59B0AE88E7ACC2F74EE6B3C5BDE568B8852A2937E7C514513E2986D8057C5D1381FEC8F038E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28120 |
Entropy (8bit): | 1.9055818644411726 |
Encrypted: | false |
SSDEEP: | 96:rxZOVQu6EBSJjl2DW6MqlJkz+3H1Jqkz+3Fgpr:rxZOVQu6EkJjl2DW6MqlfX1M2r |
MD5: | EDF80852605AACD09AE783EC216CF711 |
SHA1: | C0446AE0C40114BC8D0D13C9AB142F9D808D2829 |
SHA-256: | 335681B5E564427F76562A6D6D7AD6D7348355151401E8C0FEB355CD26B9A95D |
SHA-512: | CCA19C24B70A285B0F9F9F1F279ABB3B3E600FB04264F0F771CE6B43AAA37FD699E86777899706910806259220DB1770E5F51FD41D0F6739D637FB48F258CCC8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.106451702405661 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOEiKTnWimI002EtM3MHdNMNxOEiKTnWimI00ObVbkEtMb:2d6NxOFKTSZHKd6NxOFKTSZ76b |
MD5: | C2AF277C2F544EF628C6F67A4B869C83 |
SHA1: | 2060CCA43174810BDA3D00D9AA1E63CE2F58CD56 |
SHA-256: | F7F158C84B509E091B138DC60B568D42F5B04FD77778B0BD738847797AF14F46 |
SHA-512: | 9A84C90EC67890C39052A386E0FD0EB1AF671DB12FBB13823190A30E0FCB220C15CE932EF2DF10C9CF8AEB16F0F6D5C7D45818F7FDDFC9A49145E33F84FC03BB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.135910629543779 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kdRvnWimI002EtM3MHdNMNxe2kdRvnWimI00Obkak6EtMb:2d6NxreSZHKd6NxreSZ7Aa7b |
MD5: | 717191D4BDF943CFCD5536E48BB5D16E |
SHA1: | A839440C2B850E181D3FB8BB17109FE52019029B |
SHA-256: | B561A23907D0F5E5BE5FF28A2E3ABCA0477CBD90DFB6065D3302F233C323A4CE |
SHA-512: | 416D99EB4B9A557C8C1E221A393CFDE2E159D969FA62CEED3208BA7C6787042062FC6121A4C0D1F44B2DA508E32D5D911A73886BC0C8D20170B49DB33F67E7AB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.124205105045539 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvLiKTnWimI002EtM3MHdNMNxvLiKTnWimI00ObmZEtMb:2d6NxvGKTSZHKd6NxvGKTSZ7mb |
MD5: | 1E89FB064F884C39AAD7F1B098D7DA03 |
SHA1: | 16349438B04D04F924804DECDBDD0D89845F9326 |
SHA-256: | 8726F81D8F0417EEB7563403AC31193E335634F5DA20AE162AFA36910778B604 |
SHA-512: | 915E08236D2864091A57965A232D842F0B5CC1D521135910419A6A89DD3417594934CBA7883117F721003762EFECE50C46D76C6A16BA41257574F2B318D94D6B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 647 |
Entropy (8bit): | 5.100898923936443 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxixnWimI002EtM3MHdNMNxixnWimI00Obd5EtMb:2d6NxSSZHKd6NxSSZ7Jjb |
MD5: | 176B2977A5B85BCBF5B08EC3C07C49F8 |
SHA1: | FFA2FF0642C78A083049365601AF970E66B5667D |
SHA-256: | 68D9B0A83E140BE782919E6085AFC57165108F68A7CC3DA1EA0F874ECFC2D00A |
SHA-512: | 27EC9A22BB78E2360B2004A90E2382120F4D2033C73BC45BB8FFDE883F99C6FD339F048F41453923793A889E0CD383BAD3E40960F9B97DBEB4D90165A9E745B7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.148837651421818 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGwiKTnWimI002EtM3MHdNMNxhGwiOVovnWimI00Ob8K075EtMb:2d6NxQhKTSZHKd6NxQh6ovSZ7YKajb |
MD5: | 5C298F81FCAA04216F2530A930C37C4C |
SHA1: | EFB52CE883A164586E257FAAF3A856BA5DDED7E9 |
SHA-256: | D6328A3A011DC121B2DDEE6990E09E61AA0FB2843B49B434E7F98888FA446ECA |
SHA-512: | 7D66B8D68733D77F8742D567C54658A7FECEA50C5FA345A5F17D3BE9C6CDF9DB61AFED7A48EF9CDEC8454290714E9CE8B924F65FC5F7690C86BFC19DD5B160EA |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.126476726885286 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0n40vnWimI002EtM3MHdNMNx0n40vnWimI00ObxEtMb:2d6Nx0BSZHKd6Nx0BSZ7nb |
MD5: | EDAB3B2A7ECCB41CCE5AAD1579CBF606 |
SHA1: | 061A0A2FF59DDE6EA3BC1580B0C3FA75A280C5AC |
SHA-256: | DB7D20BFC9C332DA8CE7A739B9F7D1493653B79E58E9EA7FD175C0B3F435BFAF |
SHA-512: | 8BEBD19A90E6FD4CCD836B7E0B17EE5AF72A54054E368E644005A2CAB626FA944D18D3AEDD8E1C31E26194A442940CC61986F6B16268EF1012616ABA95D8DC23 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.163597157714972 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxx40vnWimI002EtM3MHdNMNxx40vnWimI00Ob6Kq5EtMb:2d6NxLSZHKd6NxLSZ7ob |
MD5: | 85B9BA302AE9A93C54D180E68D8A552A |
SHA1: | 7025EB7E210B19C2E43923A36946A4848CEF1D00 |
SHA-256: | 1B9C786934EE484BB1507D312E47F432C14214BDDFDE8FDC71E97CF04DF06023 |
SHA-512: | 3F89BA55B049CCA25347DDE871397B6EE129D4D1C333F969E953AFF5B1491DA5AECCD9A8278D07B21480BBB4F565D7BFEC28793F41B209BCA2CCE29C6B4B1CE7 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.147855963240122 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxcRnWimI002EtM3MHdNMNxcRnWimI00ObVEtMb:2d6NxQSZHKd6NxASZ7Db |
MD5: | 32E994F553E905D3DB22776733CD0503 |
SHA1: | 48A028162646914C352E3F3128C1E7F6A817759A |
SHA-256: | A2CB11D8383E13C6A48AEBE325305DA8AF12AD2FEE3E53AAD88E987B34D91C3C |
SHA-512: | 9EA27FFC7DEC62E48F7B83EE93837BA164A00C4C7F41434005114ED66316E8D3C4DABA219CA9C32A36B73D3098BCDA79C9C03747665EDD74748145597CFC65ED |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.086656438816332 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnxnWimI002EtM3MHdNMNxfnxnWimI00Obe5EtMb:2d6NxZSZHKd6NxZSZ7ijb |
MD5: | 39781118704E21F48B01A11FAF1889BD |
SHA1: | B82B63515994B9D8937D11C08305DF7B82F75991 |
SHA-256: | 319D945105F64E310DC748941AEB5353E5E03CE9B23874FA2183385FBD85BA97 |
SHA-512: | 76C3EFF22C2673A0A5C4151E3F12F49AA63E190051D488F4DB4912BAD25692231E4678A7F00A2E48E637320D24E53B3D19A40936FA571D31155660736F68C59D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 2168 |
Entropy (8bit): | 5.207912016937144 |
Encrypted: | false |
SSDEEP: | 24:5+j5xU5k5N0ndgvoyeP0yyiyQCDr3nowMVworDtX3orKxWxDnCMA0da+hieyuSQK:5Q5K5k5pvFehWrrarrZIrHd3FIQfOS6 |
MD5: | F4FE1CB77E758E1BA56B8A8EC20417C5 |
SHA1: | F4EDA06901EDB98633A686B11D02F4925F827BF0 |
SHA-256: | 8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F |
SHA-512: | 62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436 |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/ErrorPageTemplate.css |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 447 |
Entropy (8bit): | 7.304718288205936 |
Encrypted: | false |
SSDEEP: | 12:6v/71Cyt/JNTWxGdr+kZDWO7+4dKIv0b1GKuxu+R:/yBJNTqsSk9BTwE05su+R |
MD5: | 26F971D87CA00E23BD2D064524AEF838 |
SHA1: | 7440BEFF2F4F8FABC9315608A13BF26CABAD27D9 |
SHA-256: | 1D8E5FD3C1FD384C0A7507E7283C7FE8F65015E521B84569132A7EABEDC9D41D |
SHA-512: | C62EB51BE301BB96C80539D66A73CD17CA2021D5D816233853A37DB72E04050271E581CC99652F3D8469B390003CA6C62DAD2A9D57164C620B7777AE99AA1B15 |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/bullet.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4113 |
Entropy (8bit): | 7.9370830126943375 |
Encrypted: | false |
SSDEEP: | 96:WNTJL8szf79M8FUjE39KJoUUuJPnvmKacs6Uq7qDMj1XPL:WNrzFoQSJPnvzs6rL |
MD5: | 5565250FCC163AA3A79F0B746416CE69 |
SHA1: | B97CC66471FCDEE07D0EE36C7FB03F342C231F8F |
SHA-256: | 51129C6C98A82EA491F89857C31146ECEC14C4AF184517450A7A20C699C84859 |
SHA-512: | E60EA153B0FECE4D311769391D3B763B14B9A140105A36A13DAD23C2906735EAAB9092236DEB8C68EF078E8864D6E288BEF7EF1731C1E9F1AD9B0170B95AC134 |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/info_48.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/down.png |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/errorPageStrings.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 453 |
Entropy (8bit): | 5.019973044227213 |
Encrypted: | false |
SSDEEP: | 6:3llVuiPjlXJYhg5suRd8PImMo23C/kHrJ8yA/NIeYoWg78C/vTFvbKLAh3:V/XPYhiPRd8j7+9LoIrobtHTdbKi |
MD5: | 20F0110ED5E4E0D5384A496E4880139B |
SHA1: | 51F5FC61D8BF19100DF0F8AADAA57FCD9C086255 |
SHA-256: | 1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B |
SHA-512: | 5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/background_gradient.jpg |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/httpErrorPagesScripts.js |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 6495 |
Entropy (8bit): | 3.8998802417135856 |
Encrypted: | false |
SSDEEP: | 48:up4d0yV4VkBXvLutC5N9J/1a5TI7kZ3GUXn3GFa7K083GJehBu01kptk7KwyBwpM:uKp6yN9JaKktZX36a7x05hwW7RM |
MD5: | F65C729DC2D457B7A1093813F1253192 |
SHA1: | 5006C9B50108CF582BE308411B157574E5A893FC |
SHA-256: | B82BFB6FA37FD5D56AC7C00536F150C0F244C81F1FC2D4FEFBBDC5E175C71B4F |
SHA-512: | 717AFF18F105F342103D36270D642CC17BD9921FF0DBC87E3E3C2D897F490F4ECFAB29CF998D6D99C4951C3EABB356FE759C3483A33704CE9FCC1F546EBCBBC7 |
Malicious: | false |
IE Cache URL: | res://ieframe.dll/http_404.htm |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 89 |
Entropy (8bit): | 4.516252432360235 |
Encrypted: | false |
SSDEEP: | 3:oVXUWTFUKftd4T498JOGXnEWTFUKf3IZun:o9UcVftdU49qEcVf4g |
MD5: | BCD1C7004F306795816D1E05C4A0BCED |
SHA1: | 1876D5B051CB27B8F21A670CACA23F435E4D3233 |
SHA-256: | A8AA6263291901BA6AA6AC989E76B1459E3E45F77BB92AEF4A67E340CF5E2851 |
SHA-512: | 21EAA3DF5E9D4157D1F4149F3EEF871093495F67CAD75BF002339D511EB2C43D7F6D558AE99C3A02F76526E88739143AA3CC4F9935E45856B3460C8C559960D0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40105 |
Entropy (8bit): | 0.6615204351898638 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+QWMNWTJkz+3TJkz+3EJkz+3R:kBqoxKAuqR+QWMNWTfDf0fh |
MD5: | 1361DBCE93EE04C042C4C4CCD1A532C4 |
SHA1: | 7307943A6F9A92F97A11C8F2D1DAD9C776C2B80D |
SHA-256: | 4EA598F7369159271B7CE55DBF1D9F7A1DE10AA99507A63376EB8C56C7BA50A8 |
SHA-512: | 2AEAAF7A352723BFF7F52408DC610B99165FC5A80307B352A32CC323685D399A3013F47683DECCB2F6C00761009EF4AE3547D458CCFEF8A1E7DDA46C4A560FEF |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.4095497570778211 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loQF9loY9lW5LdLMUP:kBqoIjV5LdYUP |
MD5: | 1BA428B1FFA2F54EA7D2A3395C21C13B |
SHA1: | B8863FB1D9D8CC29226F4101FE8E12BCC41C9D33 |
SHA-256: | 694ECED7FACACEE4BD8D561B86275DA9D2BDCD97EF97E71E6C779ADE017C068F |
SHA-512: | 2B5CAF0E67B0D6F395BE6BD95EF9E433FB6559F00943F8E4681B45AC58387AF6140E6DEE925DBCEA200C96F8FDF256C5E91D7A2FA97EB8B01AFD62D8D6169F1D |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.4676770958554455 |
TrID: |
|
File name: | 6a76e615_by_Libranalysis.dll |
File size: | 871936 |
MD5: | 6a76e615a7997fc04e3003ce16c9bc3d |
SHA1: | 90d82c7e8a3f2d3c4ec8e4542605eafbcb07bf95 |
SHA256: | f9f77f992f0c7bf8ec0a39acdac1a343f6418e50510db1f92347d5270d0ab9ab |
SHA512: | b132a87d0c5391049d57f8cf3448a86b5f69822b2dfa51e99235ed497fa25b981664d8545e6d34c12f46cb39835f6b324198fb12de45a9e8588a83d2afb4e595 |
SSDEEP: | 12288:KO2UqKIpQyBwBJpU4OpQHXi/AfBC0arX3kHcWlNyZaH/3LYwVe5xd2hx:Z920HS/Aff0yNNyZu3LTeW |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5...q...q...q...V*..r...o.G.s.....B.s...o.A.t...o.W.....o.P.v...V*..}...q.......o.^.|...o.F.p...o.@.p...o.E.p...Richq.......... |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x102c580 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE |
Time Stamp: | 0x4BBB12A1 [Tue Apr 6 10:53:21 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 973489e8c974fff7f93fb4970ed9b5a2 |
Entrypoint Preview |
---|
Instruction |
---|
mov edi, edi |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F81D0E548E7h |
call 00007F81D0E6CA25h |
mov eax, dword ptr [ebp+10h] |
push eax |
mov ecx, dword ptr [ebp+0Ch] |
push ecx |
mov edx, dword ptr [ebp+08h] |
push edx |
call 00007F81D0E548F4h |
add esp, 0Ch |
pop ebp |
retn 000Ch |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov edi, edi |
push ebp |
mov ebp, esp |
push FFFFFFFEh |
push 010C84C8h |
push 0103B300h |
mov eax, dword ptr fs:[00000000h] |
push eax |
add esp, FFFFFFE8h |
push ebx |
push esi |
push edi |
mov eax, dword ptr [010CBE20h] |
xor dword ptr [ebp-08h], eax |
xor eax, ebp |
push eax |
lea eax, dword ptr [ebp-10h] |
mov dword ptr fs:[00000000h], eax |
mov dword ptr [ebp-18h], esp |
mov dword ptr [ebp-1Ch], 00000001h |
cmp dword ptr [ebp+0Ch], 00000000h |
jne 00007F81D0E548F2h |
cmp dword ptr [010D03F8h], 00000000h |
jne 00007F81D0E548E9h |
xor eax, eax |
jmp 00007F81D0E54A33h |
mov dword ptr [ebp-04h], 00000000h |
cmp dword ptr [ebp+0Ch], 01h |
je 00007F81D0E548E8h |
cmp dword ptr [ebp+0Ch], 02h |
jne 00007F81D0E54936h |
cmp dword ptr [01094090h], 00000000h |
je 00007F81D0E548F7h |
mov eax, dword ptr [ebp+10h] |
push eax |
mov ecx, dword ptr [ebp+0Ch] |
push ecx |
mov edx, dword ptr [ebp+08h] |
push edx |
call dword ptr [01094090h] |
mov dword ptr [ebp-1Ch], eax |
cmp dword ptr [ebp-1Ch], 00000000h |
je 00007F81D0E548F6h |
mov eax, dword ptr [ebp+10h] |
push eax |
mov ecx, dword ptr [ebp+0Ch] |
push ecx |
mov edx, dword ptr [ebp+08h] |
push edx |
call 00007F81D0E6464Bh |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xca650 | 0x48 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc98e8 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe1000 | 0x3c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe2000 | 0x5adc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x91340 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xc5500 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x91000 | 0x244 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x8f271 | 0x8f400 | False | 0.454819071771 | data | 6.32766080365 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x91000 | 0x39698 | 0x39800 | False | 0.527394701087 | data | 5.61071149584 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xcb000 | 0x15de8 | 0x5200 | False | 0.388814786585 | data | 4.9202387107 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe1000 | 0x3c8 | 0x400 | False | 0.4140625 | data | 3.16300752289 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe2000 | 0x664a | 0x6800 | False | 0.673490084135 | data | 6.32175906547 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xe1060 | 0x368 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetModuleFileNameA, VirtualProtect, GlobalFree, GetCurrentDirectoryA, FileTimeToLocalFileTime, GetVersion, GetTempPathA, CreatePipe, VirtualProtectEx, CreateSemaphoreA, CreateEventA, Sleep, GlobalAlloc, SetErrorMode, GetLocaleInfoA, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, InterlockedExchange, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, MultiByteToWideChar, InterlockedCompareExchange, GetCurrentThreadId, GetCommandLineA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameW, HeapValidate, IsBadReadPtr, RaiseException, RtlUnwind, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, GetCPInfo, GetTimeFormatA, GetDateFormatA, LCMapStringA, GetLastError, LCMapStringW, GetStringTypeW, CompareStringW, CompareStringA, FatalAppExitA, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, GetProcAddress, TlsGetValue, GetModuleHandleW, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThread, ExitProcess, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapDestroy, HeapCreate, HeapFree, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, SetConsoleCtrlHandler, WriteFile, FlushFileBuffers, GetConsoleCP, GetConsoleMode, DebugBreak, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, LoadLibraryW, HeapAlloc, HeapSize, HeapReAlloc, VirtualAlloc, GetACP, GetOEMCP, IsValidCodePage, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetUserDefaultLCID, GetModuleHandleA, GetTimeZoneInformation, InitializeCriticalSectionAndSpinCount, FreeLibrary, LoadLibraryA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, SetFilePointer, GetLocaleInfoW, lstrlenA, CloseHandle, CreateFileA, GetProcessHeap, VirtualQuery, SetEnvironmentVariableA |
ADVAPI32.dll | CreateServiceA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegQueryValueExA, RegisterServiceCtrlHandlerA, RegSetValueExA, GetTokenInformation, RegCloseKey, AdjustTokenPrivileges, RegEnumKeyA, ControlService, FreeSid, SetServiceStatus, AllocateAndInitializeSid, RegOpenKeyExA, CloseServiceHandle, OpenProcessToken, StartServiceCtrlDispatcherA, DeleteService, SetEntriesInAclA, LookupPrivilegeValueA |
COMDLG32.dll | GetSaveFileNameA, CommDlgExtendedError, GetOpenFileNameW, ChooseFontA, ReplaceTextA |
COMCTL32.dll | ImageList_Create, ImageList_GetIcon, ImageList_GetImageCount, ImageList_GetBkColor, ImageList_EndDrag, ImageList_GetDragImage |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Surprisefun | 1 | 0x108c7f0 |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | 2013 Fractioncomplete Corporation. All rights reserved |
InternalName | Smile.dll |
FileVersion | 3.6.8.634 |
CompanyName | Fractioncomplete |
Comments | http://deeplow.ru |
ProductName | Fractioncomplete Free learn |
ProductVersion | 3.6.8.634 |
FileDescription | Free learn |
OriginalFilename | Smile.dll |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 6, 2021 18:36:15.548310995 CEST | 49705 | 80 | 192.168.2.3 | 34.86.224.8 |
May 6, 2021 18:36:15.548321962 CEST | 49704 | 80 | 192.168.2.3 | 34.86.224.8 |
May 6, 2021 18:36:15.673017979 CEST | 80 | 49704 | 34.86.224.8 | 192.168.2.3 |
May 6, 2021 18:36:15.673166990 CEST | 49704 | 80 | 192.168.2.3 | 34.86.224.8 |
May 6, 2021 18:36:15.674125910 CEST | 49704 | 80 | 192.168.2.3 | 34.86.224.8 |
May 6, 2021 18:36:15.674455881 CEST | 80 | 49705 | 34.86.224.8 | 192.168.2.3 |
May 6, 2021 18:36:15.674573898 CEST | 49705 | 80 | 192.168.2.3 | 34.86.224.8 |
May 6, 2021 18:36:15.841811895 CEST | 80 | 49704 | 34.86.224.8 | 192.168.2.3 |
May 6, 2021 18:36:16.425347090 CEST | 80 | 49704 | 34.86.224.8 | 192.168.2.3 |
May 6, 2021 18:36:16.425525904 CEST | 49704 | 80 | 192.168.2.3 | 34.86.224.8 |
May 6, 2021 18:36:16.428164005 CEST | 49704 | 80 | 192.168.2.3 | 34.86.224.8 |
May 6, 2021 18:36:16.551932096 CEST | 80 | 49704 | 34.86.224.8 | 192.168.2.3 |
May 6, 2021 18:36:18.116828918 CEST | 49705 | 80 | 192.168.2.3 | 34.86.224.8 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 6, 2021 18:34:39.570384026 CEST | 59353 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:34:39.619128942 CEST | 53 | 59353 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:34:40.730128050 CEST | 52238 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:34:40.782289028 CEST | 53 | 52238 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:34:41.563797951 CEST | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:34:41.615484953 CEST | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:34:42.467937946 CEST | 53196 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:34:42.520390034 CEST | 53 | 53196 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:34:43.653125048 CEST | 56777 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:34:43.702444077 CEST | 53 | 56777 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:34:44.613404989 CEST | 58643 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:34:44.662230968 CEST | 53 | 58643 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:34:45.670059919 CEST | 60985 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:34:45.718873978 CEST | 53 | 60985 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:34:46.623615980 CEST | 50200 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:34:46.672355890 CEST | 53 | 50200 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:23.546204090 CEST | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:23.605609894 CEST | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:27.720648050 CEST | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:27.770137072 CEST | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:28.791017056 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:28.842993975 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:29.852673054 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:29.901518106 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:31.224854946 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:31.273621082 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:32.505561113 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:32.557183027 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:33.408765078 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:33.468740940 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:34.951941013 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:34.997826099 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:35:35.009131908 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:35:35.055320024 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:36:13.719527006 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:36:13.784255028 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:36:15.169644117 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:36:15.521414995 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:36:43.726162910 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:36:43.786439896 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:36:44.726944923 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:36:44.789702892 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:36:45.744447947 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:36:45.796224117 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:36:47.758946896 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:36:47.812130928 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
May 6, 2021 18:36:51.774255991 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
May 6, 2021 18:36:51.827344894 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 6, 2021 18:36:15.169644117 CEST | 192.168.2.3 | 8.8.8.8 | 0xa847 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 6, 2021 18:36:15.521414995 CEST | 8.8.8.8 | 192.168.2.3 | 0xa847 | No error (0) | 34.86.224.8 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49704 | 34.86.224.8 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 6, 2021 18:36:15.674125910 CEST | 305 | OUT | |
May 6, 2021 18:36:16.425347090 CEST | 305 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 18:34:46 |
Start date: | 06/05/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10d0000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 18:34:46 |
Start date: | 06/05/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbd0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 18:34:46 |
Start date: | 06/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 18:34:46 |
Start date: | 06/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 18:36:13 |
Start date: | 06/05/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff602dd0000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 18:36:13 |
Start date: | 06/05/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xce0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 6E1D17A7, Relevance: 15.1, APIs: 10, Instructions: 103threadsleepsynchronizationCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D18D1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1566, Relevance: 4.5, APIs: 3, Instructions: 23COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1B89, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1E04, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D15A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1D32, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1030, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1C12, Relevance: 2.5, APIs: 2, Instructions: 48memoryCOMMON
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E212B20, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1236, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6E1FB460, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D146C, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D2264, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E204C10, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E2A159E, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E2A1997, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1EF260, Relevance: 9.2, APIs: 6, Instructions: 198COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E231E30, Relevance: 9.1, APIs: 6, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E3050, Relevance: 6.2, APIs: 4, Instructions: 190COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1EF150, Relevance: 6.1, APIs: 4, Instructions: 80COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D17A7, Relevance: 15.1, APIs: 10, Instructions: 103threadsleepsynchronizationCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1E04, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D15A3, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D1D32, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E212B20, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6E1FB460, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1EF260, Relevance: 9.2, APIs: 6, Instructions: 198COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E231E30, Relevance: 9.1, APIs: 6, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E3050, Relevance: 6.2, APIs: 4, Instructions: 190COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1EF150, Relevance: 6.1, APIs: 4, Instructions: 80COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1D146C, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |