Analysis Report HU4TEm4Vr7
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Emotet | Emotet Payload | kevoreilly |
| |
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Emotet | Emotet Payload | kevoreilly |
| |
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Click to see the 3 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Emotet | Emotet Payload | kevoreilly |
| |
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Emotet | Emotet Payload | kevoreilly |
| |
JoeSecurity_Emotet | Yara detected Emotet | Joe Security | ||
Click to see the 3 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Code function: | 1_2_00AA2496 | |
Source: | Code function: | 1_2_00AA24F6 | |
Source: | Code function: | 1_2_00AA2406 | |
Source: | Code function: | 1_2_00AA2466 | |
Source: | Code function: | 1_2_00AA2595 | |
Source: | Code function: | 1_2_00AA22C9 | |
Source: | Code function: | 1_2_00AA2279 | |
Source: | Code function: | 1_2_00AA23B7 | |
Source: | Code function: | 1_2_00AA2399 | |
Source: | Code function: | 1_2_00AA2335 | |
Source: | Code function: | 1_2_00AA2314 | |
Source: | Code function: | 6_2_01582496 | |
Source: | Code function: | 6_2_01582314 | |
Source: | Code function: | 6_2_01582335 | |
Source: | Code function: | 6_2_01582399 | |
Source: | Code function: | 6_2_015823B7 | |
Source: | Code function: | 6_2_01582279 | |
Source: | Code function: | 6_2_015822F5 | |
Source: | Code function: | 6_2_01582595 | |
Source: | Code function: | 6_2_01582466 | |
Source: | Code function: | 6_2_01582406 | |
Source: | Code function: | 6_2_015824F6 | |
Source: | Code function: | 6_2_015822C9 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | Code function: | 6_2_01581628 |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Detected Emotet e-Banking trojan | Show sources |
Source: | Code function: | 1_2_00AACA89 | |
Source: | Code function: | 6_2_0158CA89 |
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_00AA2335 | |
Source: | Code function: | 6_2_01582335 |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 1_2_00AAC980 | |
Source: | Code function: | 6_2_0158C980 |
Source: | Code function: | 1_2_00AADC10 |
Source: | Code function: | 1_2_00AA210D |
Source: | File created: | Jump to behavior |
Source: | File deleted: | Jump to behavior |
Source: | Code function: | 0_2_00B3A692 | |
Source: | Code function: | 0_2_00B3B060 | |
Source: | Code function: | 0_2_00B3B8D4 | |
Source: | Code function: | 0_2_00B35CC0 | |
Source: | Code function: | 0_2_00B3A330 | |
Source: | Code function: | 0_2_00B34D6F | |
Source: | Code function: | 0_2_00B31357 | |
Source: | Code function: | 1_2_00AA56EF | |
Source: | Code function: | 1_2_00AA56EF | |
Source: | Code function: | 5_2_00B156EF | |
Source: | Code function: | 5_2_00B156EF | |
Source: | Code function: | 6_2_015856EF | |
Source: | Code function: | 6_2_015856EF |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 1_2_00AADCBB | |
Source: | Code function: | 6_2_0158DCB9 |
Source: | Code function: | 1_2_00AA1C10 |
Source: | Code function: | 1_2_00AADD3B |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 1_2_00AA1A36 |
Source: | Static PE information: |
Persistence and Installation Behavior: |
---|
Drops executables to the windows directory (C:\Windows) and starts them | Show sources |
Source: | Executable created and started: | Jump to behavior |
Source: | PE file moved: | Jump to behavior |
Source: | Code function: | 1_2_00AADD51 |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 0_2_00B3C7F0 |
Source: | Code function: | 1_2_00AADA7D | |
Source: | Code function: | 1_2_00AADA24 | |
Source: | Code function: | 6_2_0158DA7D | |
Source: | Code function: | 6_2_0158DA24 |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Last function: |
Source: | File Volume queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00B3C7F0 |
Source: | Code function: | 1_2_00AA1A36 |
Source: | Code function: | 1_2_00AA21B0 | |
Source: | Code function: | 1_2_00AA1530 | |
Source: | Code function: | 5_2_00B121B0 | |
Source: | Code function: | 5_2_00B11530 | |
Source: | Code function: | 6_2_01581530 | |
Source: | Code function: | 6_2_015821B0 |
Source: | Code function: | 1_2_00AA17C0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_00AA277F |
Source: | Key value queried: | Jump to behavior |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Changes security center settings (notifications, updates, antivirus, firewall) | Show sources |
Source: | Key value created or modified: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Stealing of Sensitive Information: |
---|
Yara detected Emotet | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts1 | Windows Management Instrumentation1 | DLL Side-Loading1 | DLL Side-Loading1 | Disable or Modify Tools1 | Input Capture1 | System Service Discovery1 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Data Encrypted for Impact1 |
Default Accounts | Native API1 | Valid Accounts1 | Valid Accounts1 | DLL Side-Loading1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Input Capture1 | Exfiltration Over Bluetooth | Encrypted Channel2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Service Execution12 | Windows Service12 | Access Token Manipulation1 | File Deletion1 | Security Account Manager | System Information Discovery124 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Standard Port1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Windows Service12 | Masquerading121 | NTDS | Security Software Discovery161 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Process Injection2 | Valid Accounts1 | LSA Secrets | Virtualization/Sandbox Evasion3 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Access Token Manipulation1 | Cached Domain Credentials | Process Discovery3 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Virtualization/Sandbox Evasion3 | DCSync | Remote System Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Process Injection2 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Hidden Files and Directories1 | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
80% | Virustotal | Browse | ||
68% | Metadefender | Browse | ||
100% | ReversingLabs | Win32.Trojan.Emotet | ||
100% | Avira | HEUR/AGEN.1128381 | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1128381 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1128381 | Download File | ||
100% | Avira | HEUR/AGEN.1128381 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1128381 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1128381 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1128381 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1128381 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1128381 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
189.152.183.239 | unknown | Mexico | 8151 | UninetSAdeCVMX | false | |
105.228.198.254 | unknown | South Africa | 37457 | Telkom-InternetZA | false | |
187.205.170.3 | unknown | Mexico | 8151 | UninetSAdeCVMX | false | |
169.0.142.82 | unknown | South Africa | 37611 | AfrihostZA | false | |
83.110.95.159 | unknown | United Arab Emirates | 5384 | EMIRATES-INTERNETEmiratesInternetAE | false |
Private |
---|
IP |
---|
127.0.0.1 |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 408099 |
Start date: | 08.05.2021 |
Start time: | 12:32:47 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 24s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | HU4TEm4Vr7 (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winEXE@20/8@0/6 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:34:01 | API Interceptor | |
12:35:17 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
105.228.198.254 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
169.0.142.82 | Get hash | malicious | Browse |
| |
83.110.95.159 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UninetSAdeCVMX | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Telkom-InternetZA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4096 |
Entropy (8bit): | 0.5963698724903859 |
Encrypted: | false |
SSDEEP: | 6:0FuSqk1GaD0JOCEfMuaaD0JOCEfMKQmD22SAAl/gz2cE0fMbhEZolrRSQ2hyYIIT:0PGaD0JcaaD0JwQQRtAg/0bjSQJ |
MD5: | 09DA49C7EECAD81B6EBF128183245165 |
SHA1: | 5891BCC9A7C502DF909035B989E39510F61D4F68 |
SHA-256: | 5C93FB9C745D5A0738EE9CAF0BAB821546BE1B5B3885C0B69A843D1720DCE6A5 |
SHA-512: | 20C96B68F38419287AB6362498A4976E123E79C96CFED3435F8D19DE4B7AC51F3DD2978832E255BBD2D5F4A81328DCB7D1DFE0DC41E61741936D0AD143EA91A4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 0.09590510762507905 |
Encrypted: | false |
SSDEEP: | 6:Ezwl/+QeU1RIE11Y8TRXtuuleKCzwl/+QeU1RIE11Y8TRXtuuleK:E0+DU1O4bltVleKC0+DU1O4bltVleK |
MD5: | 9D533A5A9185C6667255D2B037516044 |
SHA1: | EE2F7E16AF46F886FC087248A8F741B12FF264A8 |
SHA-256: | B9C10F6156B684371F0DF875C7FC9800DA8E4D9D4257BDFDB0BEECF3CF93C002 |
SHA-512: | 3E2F1F08B4F5DDBCE8C30309837575A07F1079DFEFF776C49D61502CF5A7CF1AE51EB5112642472B9442A3FB671122AE1147C938C0DE452ED05B26A776D0C187 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8192 |
Entropy (8bit): | 0.11126258918616926 |
Encrypted: | false |
SSDEEP: | 3:p0mtl1EvkH2wuXl/bJdAtiztWS4ll:ailQk3At4B |
MD5: | 4135BCECC9BB771C45F5367D06C30CB1 |
SHA1: | 30682A668D5BE72306BB21A6E3FEC624776B286A |
SHA-256: | 88E175AA8B25C33ACFBF0265EA9A99541942E1C34E1EA7378B45EA66A6447B83 |
SHA-512: | A12C346518B6BFFC8554EB0F1DD74E04D36E3DC61604094E3B1D8F970B945657E4A045A7E4DED8D0B3958EA632D9CA0F6F0DF55CBFF1DDBF06A6A796E31D2621 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.1100472575674534 |
Encrypted: | false |
SSDEEP: | 12:261TXm/Ey6q9995pU3mq3qQ10nMCldimE8eawHjcV/0P:261Kl68iDLyMCldzE9BHjcd0P |
MD5: | F1B8A92F2EC4B3C6C0A9D64406FEB398 |
SHA1: | 1E35D716BDA3BB8BE53B9BDA5F4CE16FA06C9261 |
SHA-256: | FB893D0C4A989D9D0945247C7BEE293A01D167291549258E1624B8775244F28C |
SHA-512: | EC9C7EAD9E22755A6F6D83CA1184B9D1955F71B40E0D08901BF3017D980716FCFE5ED3BABEA73E0744CE4FCAA39EB15728A89EAF21347773E1A60639B20632B4 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.11256350126691057 |
Encrypted: | false |
SSDEEP: | 12:/TXm/Ey6q9995pUo1miM3qQ10nMCldimE8eawHza1miIP/:/Kl68/1tMLyMCldzE9BHza1tIP/ |
MD5: | 85948CD99470140A4B69F11E14715988 |
SHA1: | 7D533DE7ABC28D7F74638264F4E94B803C2A83C8 |
SHA-256: | 04BA79C0C87D3EACDB85030E2139FFC8F8E8D166FBE85DF7AAD02ACCD1BAFCC8 |
SHA-512: | 5875A0E32A81FBB03A4F731A63E02E88EF3221F9B0AA62833591A2B927E027A14CDA22C8C928A58A3C3405CBACC946145DB026A6CF7F7D3EA23B848D1F5C95EA |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.11236779795229494 |
Encrypted: | false |
SSDEEP: | 12:AXm/Ey6q9995pUo1mK2P3qQ10nMCldimE8eawHza1mKUc:xl68H1iPLyMCldzE9BHza14c |
MD5: | DF313122F681B78476F22984B7653520 |
SHA1: | FB6FCD875713089D9907F53544B876A6FC08BC3F |
SHA-256: | A4D4C7D883E5A1326B61CDA404200D5D603CB0FBD9056044121C87A33E05A844 |
SHA-512: | 21C433CA4CAC03545C8D31996C4B1A3B4BE89BB8F324A81B6ED92F7B63EE61298B695929A33960AB79C9D83B454B484514B88D964F048F44711CDA3181F7141C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\svchost.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 55 |
Entropy (8bit): | 4.306461250274409 |
Encrypted: | false |
SSDEEP: | 3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y |
MD5: | DCA83F08D448911A14C22EBCACC5AD57 |
SHA1: | 91270525521B7FE0D986DB19747F47D34B6318AD |
SHA-256: | 2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9 |
SHA-512: | 96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Windows Defender\MpCmdRun.exe |
File Type: | |
Category: | modified |
Size (bytes): | 906 |
Entropy (8bit): | 3.1569243444383877 |
Encrypted: | false |
SSDEEP: | 12:58KRBubdpkoF1AG3rZOyR8Nk9+MlWlLehB4yAq7ejC4OyR8IlI:OaqdmuF3rIy+kWReH4yJ7MgIO |
MD5: | A0462341CDFC29DF1A9CD9D13C61B151 |
SHA1: | 08746F2CBEE01CAA4E8B5CBB344A2705CF06FAFD |
SHA-256: | 1AB3D208A30FE144B1972D31E87D1BDAE8262C29D1CE36A04F8BFE1B0DF041F3 |
SHA-512: | 3FFCC841501C3B676D0040DA92F686788D9678C53B4850FE66C1B8401F7387464B0724A8C408DCC041BEDC33FC48671FE103B08EDBC8151D119587BC60F023A2 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.796567814011747 |
TrID: |
|
File name: | HU4TEm4Vr7.exe |
File size: | 536576 |
MD5: | b15d974f421d3e19332c6094e56e314d |
SHA1: | b15f580af5e3e774fe02d8e7f1bce6fc250c05e6 |
SHA256: | bc92df452b140f3ec4d88796ed0b9a5c74514349e785505ad55f0b82b1c9c1fa |
SHA512: | 3ad0beec45722a4170830bdb981eb42e2b3d907ee69c8a4f2e441e86aad416a078da74add47489c53d8894a2b6dc666f335f60cb64bb57d0818d445978cb1ff1 |
SSDEEP: | 3072:NXydx2FXLHpkc8NyyEoNCS2Fonl24y1mEd2pJH9QVWrZ6c3BTYE8:IWLHHvwQgHEd2p5Ww56E |
File Content Preview: | MZ......................@.......................................nS beFC.. ich@q RxSg..SnS.... run in DOS.!.his progr.L.!Tcannotmmode....$...........@qnS@qnS@q..jR^#.SR/..S.*lSe..Sa...R............PE..L...Ud.\............................0A............@.... |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x404130 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5C0A6455 [Fri Dec 7 12:15:17 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | a66aef82c3738d30b87eed50696699d2 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007FFB7CC34BA0h |
mov dword ptr [ebp-04h], eax |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push ebx |
push edi |
push esi |
and esp, FFFFFFF8h |
sub esp, 000000B0h |
mov eax, dword ptr [ebp+10h] |
mov ecx, dword ptr [ebp+0Ch] |
mov edx, dword ptr [ebp+08h] |
mov esi, dword ptr [esp+000000A0h] |
mov edi, dword ptr [esp+000000A4h] |
mov ebx, esi |
and ebx, ebx |
mov dword ptr [esp+54h], eax |
mov eax, edi |
and eax, eax |
mov dword ptr [esp+000000A4h], eax |
mov dword ptr [esp+000000A0h], ebx |
mov dword ptr [esp+0000009Ch], 00CE25BCh |
mov dword ptr [esp+00000094h], 00000000h |
mov dword ptr [esp+00000090h], 006CC7C6h |
mov eax, esi |
not eax |
mov ebx, edi |
not ebx |
mov dword ptr [esp+000000A4h], ebx |
mov dword ptr [esp+000000A0h], eax |
mov eax, dword ptr [esp+00000090h] |
mov ebx, dword ptr [esp+00000094h] |
mov dword ptr [esp+50h], eax |
mov eax, esi |
xor eax, 2E4EF8F4h |
mov dword ptr [esp+000000A4h], edi |
mov dword ptr [esp+000000A0h], eax |
mov eax, dword ptr [esp+00000098h] |
mov dword ptr [esp+4Ch], eax |
xor eax, eax |
mov dword ptr [esp+48h], eax |
mov eax, 6EB0EDC0h |
mov dword ptr [esp+44h], ecx |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x1001 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe0d0 | 0xb4 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x82000 | 0xa88 | DATA |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x83000 | 0x53c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd090 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0x84 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xba1c | 0xc000 | False | 0.502685546875 | data | 5.68974196082 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0x1458 | 0x2000 | False | 0.339721679688 | data | 3.15443502703 | IMAGE_SCN_TYPE_NOLOAD, IMAGE_SCN_TYPE_DSECT, IMAGE_SCN_TYPE_NO_PAD, IMAGE_SCN_TYPE_GROUP, IMAGE_SCN_TYPE_COPY, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xf000 | 0x72fc4 | 0x72000 | False | 0.19159470943 | data | 4.47393552065 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
DATA | 0x82000 | 0xa88 | 0x1000 | False | 0.236328125 | data | 2.4534078274 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x83000 | 0x53c | 0x1000 | False | 0.276611328125 | data | 2.73244821786 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_DIALOG | 0x82160 | 0x1b4 | data | English | United States |
RT_STRING | 0x82318 | 0x1f8 | data | English | United States |
RT_STRING | 0x82510 | 0x52 | data | English | United States |
RT_STRING | 0x82568 | 0x15c | data | English | United States |
RT_VERSION | 0x826c8 | 0x3bc | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
SHLWAPI.dll | StrChrA |
LZ32.dll | LZSeek |
SETUPAPI.dll | SetupDiDestroyDriverInfoList |
Secur32.dll | GetComputerObjectNameW |
GDI32.dll | LineTo |
USER32.dll | InsertMenuA, GetFocus, GetPriorityClipboardFormat, DdeFreeStringHandle, GetUpdateRect, PackDDElParam, CallMsgFilterA |
KERNEL32.dll | GetVolumePathNamesForVolumeNameW, lstrlenW, GlobalMemoryStatus, GetBinaryTypeW, FillConsoleOutputAttribute, GetCommMask, GetTickCount, GetNamedPipeClientComputerNameW, GetDriveTypeW, GetUserDefaultLangID, GetModuleHandleA, GetStringTypeExA |
RPCRT4.dll | RpcRevertToSelf |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Microsoft Corporation. All |
InternalName | IdS |
FileVersion | 6.1.7600 |
CompanyName | Microsoft Corporat |
LegalTrademarks | Microsoft is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation |
ProductName | Mic |
FileDescription | Identi |
ProuctVersion | Version 4.0 |
Translation | 0x0409 0x04e4 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 8, 2021 12:34:07.546890020 CEST | 49726 | 7080 | 192.168.2.3 | 105.228.198.254 |
May 8, 2021 12:34:10.557920933 CEST | 49726 | 7080 | 192.168.2.3 | 105.228.198.254 |
May 8, 2021 12:34:16.589679003 CEST | 49726 | 7080 | 192.168.2.3 | 105.228.198.254 |
May 8, 2021 12:34:29.021936893 CEST | 49731 | 990 | 192.168.2.3 | 83.110.95.159 |
May 8, 2021 12:34:32.200385094 CEST | 49731 | 990 | 192.168.2.3 | 83.110.95.159 |
May 8, 2021 12:34:38.372795105 CEST | 49731 | 990 | 192.168.2.3 | 83.110.95.159 |
May 8, 2021 12:34:50.457331896 CEST | 49738 | 8080 | 192.168.2.3 | 169.0.142.82 |
May 8, 2021 12:34:53.467735052 CEST | 49738 | 8080 | 192.168.2.3 | 169.0.142.82 |
May 8, 2021 12:34:59.483824968 CEST | 49738 | 8080 | 192.168.2.3 | 169.0.142.82 |
May 8, 2021 12:35:11.602997065 CEST | 49739 | 80 | 192.168.2.3 | 189.152.183.239 |
May 8, 2021 12:35:14.597174883 CEST | 49739 | 80 | 192.168.2.3 | 189.152.183.239 |
May 8, 2021 12:35:20.610589027 CEST | 49739 | 80 | 192.168.2.3 | 189.152.183.239 |
May 8, 2021 12:35:32.658021927 CEST | 49742 | 990 | 192.168.2.3 | 187.205.170.3 |
May 8, 2021 12:35:35.643137932 CEST | 49742 | 990 | 192.168.2.3 | 187.205.170.3 |
May 8, 2021 12:35:41.659308910 CEST | 49742 | 990 | 192.168.2.3 | 187.205.170.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 8, 2021 12:33:30.829304934 CEST | 56777 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:30.878340960 CEST | 53 | 56777 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:30.920418978 CEST | 58643 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:30.988805056 CEST | 53 | 58643 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:31.647109985 CEST | 60985 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:31.669708014 CEST | 50200 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:31.705887079 CEST | 53 | 60985 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:31.784935951 CEST | 53 | 50200 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:32.587498903 CEST | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:32.646872997 CEST | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:33.476305962 CEST | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:33.525167942 CEST | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:34.277993917 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:34.329554081 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:34.747648001 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:34.806380987 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:35.272893906 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:35.335546970 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:36.543384075 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:36.595890999 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:37.563182116 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:37.616673946 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:40.203732014 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:40.252425909 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:41.128773928 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:41.186206102 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:42.341967106 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:42.393512011 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:43.240911961 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:43.289623022 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:44.178216934 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:44.229787111 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:45.005451918 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:45.054240942 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:45.839670897 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:45.891206980 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:46.876707077 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:46.925502062 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:47.685483932 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:47.734709024 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:48.550729036 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:48.599630117 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:49.574163914 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:49.633908033 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:33:50.616195917 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:33:50.665044069 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:34:04.784966946 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:34:04.874753952 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:34:09.954204082 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:34:10.014204025 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:34:25.179337025 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:34:25.242888927 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:34:25.345680952 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:34:25.395994902 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:34:45.957432985 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:34:46.035394907 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:34:48.999222994 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:34:49.060647011 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:35:21.192047119 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:35:21.269829035 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
May 8, 2021 12:35:22.899897099 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
May 8, 2021 12:35:22.957539082 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:33:39 |
Start date: | 08/05/2021 |
Path: | C:\Users\user\Desktop\HU4TEm4Vr7.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 536576 bytes |
MD5 hash: | B15D974F421D3E19332C6094E56E314D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:33:39 |
Start date: | 08/05/2021 |
Path: | C:\Users\user\Desktop\HU4TEm4Vr7.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 536576 bytes |
MD5 hash: | B15D974F421D3E19332C6094E56E314D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:33:46 |
Start date: | 08/05/2021 |
Path: | C:\Windows\SysWOW64\msrarunning.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 536576 bytes |
MD5 hash: | B15D974F421D3E19332C6094E56E314D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:33:47 |
Start date: | 08/05/2021 |
Path: | C:\Windows\SysWOW64\msrarunning.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb30000 |
File size: | 536576 bytes |
MD5 hash: | B15D974F421D3E19332C6094E56E314D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:33:51 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:01 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:11 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:12 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:13 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:13 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61d340000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:13 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:14 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:14 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\SgrmBroker.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff690ff0000 |
File size: | 163336 bytes |
MD5 hash: | D3170A3F3A9626597EEE1888686E3EA6 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:15 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:34:35 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\svchost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7488e0000 |
File size: | 51288 bytes |
MD5 hash: | 32569E403279B3FD2EDB7EBD036273FA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 12:35:16 |
Start date: | 08/05/2021 |
Path: | C:\Program Files\Windows Defender\MpCmdRun.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b0b0000 |
File size: | 455656 bytes |
MD5 hash: | A267555174BFA53844371226F482B86B |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 12:35:16 |
Start date: | 08/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 5.9% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 22.7% |
Total number of Nodes: | 75 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph |
---|
Executed Functions |
---|
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3B060, Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 272memoryCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3A692, Relevance: 3.2, APIs: 1, Strings: 1, Instructions: 220memoryCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B33500, Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 317pipeCOMMON
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Control-flow Graph |
---|
C-Code - Quality: 91% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3A330, Relevance: 9.1, Strings: 7, Instructions: 342COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B31357, Relevance: .2, Instructions: 214COMMONCrypto
C-Code - Quality: 92% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B34D6F, Relevance: .2, Instructions: 201COMMONCrypto
C-Code - Quality: 83% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B3C7F0, Relevance: .1, Instructions: 121COMMON
C-Code - Quality: 95% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 19.9% |
Total number of Nodes: | 583 |
Total number of Limit Nodes: | 24 |
Graph
Executed Functions |
---|
Function 00AACA89, Relevance: 13.5, APIs: 9, Instructions: 38windowsynchronizationtimeCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AADCBB, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51serviceCOMMON
Control-flow Graph |
---|
C-Code - Quality: 43% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 28% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA17C0, Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA1C10, Relevance: 1.5, APIs: 1, Instructions: 8processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA6E3A, Relevance: 49.4, APIs: 1, Strings: 27, Instructions: 447libraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA7EDA, Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 465libraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAC801, Relevance: 10.6, APIs: 7, Instructions: 93COMMON
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAC9C9, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 50registryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 33% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAD8D4, Relevance: 9.0, APIs: 6, Instructions: 22fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 51% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 26% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AACB13, Relevance: 7.5, APIs: 5, Instructions: 18windowsynchronizationCOMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A82537, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181memoryCOMMON
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA1321, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24fileCOMMON
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 47% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AADE40, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 25stringCOMMON
Control-flow Graph |
---|
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA12BD, Relevance: 3.0, APIs: 2, Instructions: 22COMMON
C-Code - Quality: 45% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAD864, Relevance: 3.0, APIs: 2, Instructions: 11fileCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA1C27, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA1C58, Relevance: 3.0, APIs: 2, Instructions: 7COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAD569, Relevance: 3.0, APIs: 2, Instructions: 7serviceCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAC4A5, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAD500, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA1264, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAC4DC, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA1C45, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA1C6A, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAD61D, Relevance: 1.5, APIs: 1, Instructions: 2COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00A81CCD, Relevance: 1.3, APIs: 1, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 61% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 18% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA2279, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 18% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA277F, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 28% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AADD3B, Relevance: 1.5, APIs: 1, Instructions: 6serviceCOMMON
C-Code - Quality: 41% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA1530, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAC980, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA21B0, Relevance: .0, Instructions: 3COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA902A, Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 225libraryCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AABA2A, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 171libraryCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAD792, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51fileCOMMON
C-Code - Quality: 19% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AABFFA, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 140libraryCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAB4A4, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 139libraryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AADD90, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA10B7, Relevance: 7.5, APIs: 5, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA2031, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37processCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AADF73, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35registryCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAE000, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32stringCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AAE130, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA5EE5, Relevance: 5.1, APIs: 4, Instructions: 82COMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AA5D95, Relevance: 5.1, APIs: 4, Instructions: 79COMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 4.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 494 |
Total number of Limit Nodes: | 4 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
C-Code - Quality: 41% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 29% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B12031, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37processCOMMON
Control-flow Graph |
---|
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF2537, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181memoryCOMMON
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B11C27, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B11C58, Relevance: 3.0, APIs: 2, Instructions: 7COMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1D500, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B11C10, Relevance: 1.5, APIs: 1, Instructions: 8processCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B11C45, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B11C6A, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00AF1CCD, Relevance: 1.3, APIs: 1, Instructions: 74memoryCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00B16E3A, Relevance: 49.4, APIs: 1, Strings: 27, Instructions: 447libraryCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B17EDA, Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 465libraryCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1902A, Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 225libraryCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1BA2A, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 171libraryCOMMON
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1C801, Relevance: 10.6, APIs: 7, Instructions: 93COMMON
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1D8D4, Relevance: 9.0, APIs: 6, Instructions: 22fileCOMMON
C-Code - Quality: 51% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1BFFA, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 140libraryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1B4A4, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 139libraryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B110B7, Relevance: 7.5, APIs: 5, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1DD90, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 29stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1D792, Relevance: 6.1, APIs: 4, Instructions: 51fileCOMMON
C-Code - Quality: 18% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E130, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 67% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B1E000, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32stringCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B15EE5, Relevance: 5.1, APIs: 4, Instructions: 82COMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00B15D95, Relevance: 5.1, APIs: 4, Instructions: 79COMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Execution Graph |
---|
Execution Coverage: | 14.2% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0.9% |
Total number of Nodes: | 687 |
Total number of Limit Nodes: | 34 |
Graph
Executed Functions |
---|
Function 0158CA89, Relevance: 13.5, APIs: 9, Instructions: 38windowsynchronizationtimeCOMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01582279, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13encryptionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01586E3A, Relevance: 49.4, APIs: 1, Strings: 27, Instructions: 447libraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158981A, Relevance: 44.3, APIs: 1, Strings: 24, Instructions: 503libraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01587EDA, Relevance: 44.2, APIs: 1, Strings: 24, Instructions: 465libraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158902A, Relevance: 19.5, APIs: 1, Strings: 10, Instructions: 225libraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158BA2A, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 171libraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158C801, Relevance: 10.6, APIs: 7, Instructions: 93COMMON
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158C9C7, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51registryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 31% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158D8D4, Relevance: 9.0, APIs: 6, Instructions: 22fileCOMMON
Control-flow Graph |
---|
C-Code - Quality: 51% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158BFFA, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 140libraryCOMMON
Control-flow Graph |
---|
C-Code - Quality: 99% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 31% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158CB13, Relevance: 7.5, APIs: 5, Instructions: 18windowsynchronizationCOMMON
Control-flow Graph |
---|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01562537, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181memoryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158C6B0, Relevance: 4.6, APIs: 3, Instructions: 93stringCOMMON
C-Code - Quality: 89% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158DE40, Relevance: 4.5, APIs: 1, Strings: 2, Instructions: 25stringCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01582696, Relevance: 3.8, APIs: 3, Instructions: 79stringCOMMON
C-Code - Quality: 94% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158B941, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42libraryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158277F, Relevance: 3.0, APIs: 2, Instructions: 18COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158D864, Relevance: 3.0, APIs: 2, Instructions: 11fileCOMMON
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01581C27, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015829E6, Relevance: 3.0, APIs: 2, Instructions: 8memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158D569, Relevance: 3.0, APIs: 2, Instructions: 7serviceCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01581C58, Relevance: 3.0, APIs: 2, Instructions: 7COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015817C0, Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01582A08, Relevance: 3.0, APIs: 2, Instructions: 5memoryCOMMON
C-Code - Quality: 16% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158C4A5, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015815DC, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158D500, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158C4DC, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01581C45, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01581C10, Relevance: 1.5, APIs: 1, Instructions: 8processCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158D8A3, Relevance: 1.5, APIs: 1, Instructions: 8fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01581C6A, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158D61D, Relevance: 1.5, APIs: 1, Instructions: 2COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01561CCD, Relevance: 1.3, APIs: 1, Instructions: 74memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0158DCB9, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52serviceCOMMON
C-Code - Quality: 35% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158D792, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51fileCOMMON
C-Code - Quality: 19% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158B4A4, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 139libraryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158DD90, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29stringCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 015810B7, Relevance: 7.5, APIs: 5, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01582031, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37processCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158DF73, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35registryCOMMON
C-Code - Quality: 82% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158E000, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 32stringCOMMON
C-Code - Quality: 68% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0158E12E, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
C-Code - Quality: 43% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01581321, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 47% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01585EE5, Relevance: 5.1, APIs: 4, Instructions: 82COMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01585D95, Relevance: 5.1, APIs: 4, Instructions: 79COMMON
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |