Analysis Report 609a460e94791.tiff.dll
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "KujE77ctKyR8x3/dODwZbEsxGmck+FW9384s5u0Kacw8y1gCN+8m2bfjJPovkn+Uzufcdfss+a43eI6oHR1KgWQmvEAO6LK8tJv+Wl7iCBPJP7eef8xKeXht/Mhk1PSj7mHnJ9lcqKMtTteEdSecVvMRtb/WSKVTFfHDva9My7AJ/NbXqHdzCG7znACswLxD", "c2_domain": ["outlook.com/login", "gmail.com", "worunekulo.club", "horunekulo.website"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 15 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 1_2_6E1E5AB0 | |
Source: | Code function: | 4_2_02C94C3B | |
Source: | Code function: | 4_2_6E1E5AB0 |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 1_2_6E171F14 | |
Source: | Code function: | 1_2_6E1715F1 | |
Source: | Code function: | 1_2_6E1723A5 | |
Source: | Code function: | 4_2_02C91168 | |
Source: | Code function: | 4_2_02C9B2F1 |
Source: | Code function: | 1_2_6E172184 | |
Source: | Code function: | 4_2_02C9B0CC | |
Source: | Code function: | 4_2_02C9696A | |
Source: | Code function: | 4_2_02C91B6A |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 4_2_02C97F56 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_6E1717FA |
Source: | Static PE information: |
Source: | Code function: | 1_2_6E172129 | |
Source: | Code function: | 1_2_6E172183 | |
Source: | Code function: | 1_2_6E2406DC | |
Source: | Code function: | 4_2_02C9B0CB | |
Source: | Code function: | 4_2_02C9AD09 | |
Source: | Code function: | 4_2_6E2406DC |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_6E1A11D0 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 1_2_6E1E5AB0 | |
Source: | Code function: | 4_2_02C94C3B | |
Source: | Code function: | 4_2_6E1E5AB0 |
Source: | Code function: | 1_2_6E1A36C0 |
Source: | Code function: | 1_2_6E1E0480 |
Source: | Code function: | 1_2_6E1717FA |
Source: | Code function: | 1_2_6E1E4E20 | |
Source: | Code function: | 1_2_6E1E4CE0 | |
Source: | Code function: | 1_2_6E1E4D80 | |
Source: | Code function: | 1_2_6E1B7960 | |
Source: | Code function: | 1_2_6E23C536 | |
Source: | Code function: | 1_2_6E23C46C | |
Source: | Code function: | 1_2_6E23C073 | |
Source: | Code function: | 4_2_6E1E4E20 | |
Source: | Code function: | 4_2_6E1E4CE0 | |
Source: | Code function: | 4_2_6E1E4D80 | |
Source: | Code function: | 4_2_6E1B7960 | |
Source: | Code function: | 4_2_6E23C536 | |
Source: | Code function: | 4_2_6E23C46C | |
Source: | Code function: | 4_2_6E23C073 |
Source: | Code function: | 1_2_6E1A36C0 | |
Source: | Code function: | 1_2_6E1B4F60 | |
Source: | Code function: | 1_2_6E1A38F0 | |
Source: | Code function: | 1_2_6E1A3990 | |
Source: | Code function: | 4_2_6E1A36C0 | |
Source: | Code function: | 4_2_6E1B4F60 | |
Source: | Code function: | 4_2_6E1A38F0 | |
Source: | Code function: | 4_2_6E1A3990 |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 4_2_02C92D6E |
Source: | Code function: | 1_2_6E171237 |
Source: | Code function: | 4_2_02C92D6E |
Source: | Code function: | 1_2_6E171CDD |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | Application Shimming1 | Process Injection12 | Masquerading1 | Input Capture1 | System Time Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Application Shimming1 | Process Injection12 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Security Software Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Rundll321 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | Account Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Owner/User Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery13 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
outlook.com | 40.97.161.50 | true | false | high | |
HHN-efz.ms-acdc.office.com | 52.97.201.34 | true | false | high | |
FRA-efz.ms-acdc.office.com | 40.101.12.82 | true | false | high | |
www.outlook.com | unknown | unknown | false | high | |
outlook.office365.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.97.201.34 | HHN-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.97.161.50 | outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.101.12.82 | FRA-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 410818 |
Start date: | 11.05.2021 |
Start time: | 11:09:21 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 609a460e94791.tiff.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Run with higher sleep bypass |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.troj.winDLL@14/5@3/3 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
52.97.201.34 | Get hash | malicious | Browse | ||
40.97.161.50 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
40.101.12.82 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
outlook.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
HHN-efz.ms-acdc.office.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
FRA-efz.ms-acdc.office.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.767330112336001 |
Encrypted: | false |
SSDEEP: | 48:IwhGcprYGwpLdjG/ap8nGIpcFmQGvnZpvFkaGocnRqp9F0jGo4gnsn1pm6GWcnzA:rXZAZdD2ZWkJtGAfBeS1Mj6GICKT/NDB |
MD5: | 156D3CAF9E8A794ADFC20BEF63EEA127 |
SHA1: | AF7F7711A0A50AC466904AF1088B915D447CC937 |
SHA-256: | 52D1E225E5A48663A4E782CEE505EF4EFCB03B57D86EB1AEAE2BCB514D55FA88 |
SHA-512: | E5F0BF27719A6BE7C63C2D1976443B37CCE0741EE08096BF7757B7501CDE2EF28B2183CB5DEB5A34B514D5EFD36D40EAD7F4599EAC060613ED12F05C928833C2 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27428 |
Entropy (8bit): | 1.864673958093044 |
Encrypted: | false |
SSDEEP: | 96:rrZYQ06AHBSYjB/2RWBkMyG2NXLER2NXLnA:rrZYQ06AHkYjB/2RWBkMyG2NbER2NbnA |
MD5: | AD45202875B5B3222E4A0FA70E557E36 |
SHA1: | 262462EB28F2EE5AA4AB87168782A3225D7C2766 |
SHA-256: | 322B18772F6CEE64ACF8D3DF9A5B5E189FC5C11ED8113396D3E8A080C6F73F57 |
SHA-512: | 8B4786EDCC10EB81485BB689D2FEAADBECDC52E7DA026E7D6201D77D84D86C5CC368F844FAB8B1AA7E95B7418599A11E63719EFD1F3772E6594F99C69C8C7C48 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.21211232961955 |
Encrypted: | false |
SSDEEP: | 3:oVXUXhXf7Tz8JOGXnEXhXf7T4LX+n:o9UXhP7vqEXhP7Su |
MD5: | D37E17C754DC8265F6B19F375B3B2A7B |
SHA1: | DB6EB0959B70CB613479E0C56B4B298F120A12C5 |
SHA-256: | 98D3B53E62F7515A00599868EC0299B37D4A3F09B2C864023EC62A52CE8A8356 |
SHA-512: | B0AE75F39E8D1EFB9ED6136F128166053A01E3FE9A971DA55993FBEE36ECCF09D8747E912C1D98D69634454ECD93E29A7546F8ADE9D1B5157052009359C882C8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39753 |
Entropy (8bit): | 0.5952183110788842 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+lLpY7t2NXLY2NXLk2NXLd:kBqoxKAuqR+lLpY7t2NbY2Nbk2Nbd |
MD5: | 3332CE02133F1A2B17659763DD9F9ED8 |
SHA1: | 2CCFF0E9B9AC268A48483F244C2549AC30046A95 |
SHA-256: | 9EB41D80206763DADE5A30133DF5EDEBA27E69BAFDFA96FC9C438933A7B93518 |
SHA-512: | 06AD119BF6B0ECF2397AED8527A4BD69057E52365B10129408DFB61DC62C6D8B7CEC88EC54E360CFADC7BAEB785B5652FD27C0F255AEEDD056D66FC5B1C777B7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.4106988703667074 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lo19loV9lWGOyqyN4:kBqoI+glt9 |
MD5: | B7796152E2D67FE2A933DE459C627111 |
SHA1: | ADDA7FFAC9F85AAF9ADD7FFED33C359333CF2017 |
SHA-256: | 8FE8BAB0CBA61FF6244059D467FE8A550F96650FA9B247DA1C5C99F64C68AC2E |
SHA-512: | CB66D870F71B7BCB93B74276733079062BCDD216183D64C5624235C797887BFEA7DCAAB002A0ED2B644C118636B7B45C279B0CB7F0ADA8338DC2FE724DCD67AE |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.388590209681191 |
TrID: |
|
File name: | 609a460e94791.tiff.dll |
File size: | 841216 |
MD5: | 50a299d1e92d9205e123404c8e05904d |
SHA1: | c188272ab757dbbf14e74781fc90fcefe4aeb615 |
SHA256: | 3b56b7298c366a323d28658a455abf0d4e78fa197a43ce13bedab05f26901d34 |
SHA512: | ec30f36d70ddbb6ba4aaccb3342e0a0ffbd586d2784370500a94e33aa650d1c56d3712ffc3a9e15a0558194ce26d1b76d9f2a8953220684bef634e57f4579df1 |
SSDEEP: | 12288:mzCoYRvNZrA8Res/TPUOjUUGcqcoWEx9kMGUS6vOV5y4gnuD5wtqqB7ol:VdNZr5RLL1AZ/clUnHvk5hgU |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...L..`...........!.................0....................................................@..........................{..x.. |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1033080 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x6092C34C [Wed May 5 16:09:48 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | dc55991f7b8a912c780d10d352635290 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007FC658BC9A27h |
call 00007FC658BCA6F7h |
mov eax, dword ptr [ebp+10h] |
push eax |
mov ecx, dword ptr [ebp+0Ch] |
push ecx |
mov edx, dword ptr [ebp+08h] |
push edx |
call 00007FC658BC9806h |
add esp, 0Ch |
pop ebp |
retn 000Ch |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push ecx |
mov dword ptr [ebp-04h], ecx |
mov esp, ebp |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push ecx |
mov eax, dword ptr [ebp+08h] |
mov ecx, dword ptr [eax] |
mov dword ptr [ebp-04h], ecx |
mov eax, dword ptr [ebp-04h] |
mov esp, ebp |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push eax |
call 00007FC658BC99F9h |
add esp, 04h |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push eax |
call 00007FC658BC9A99h |
add esp, 04h |
test eax, eax |
je 00007FC658BC9A23h |
int3 |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push eax |
call 00007FC658BC9A79h |
add esp, 04h |
test eax, eax |
je 00007FC658BC9A29h |
mov ecx, 00000041h |
int 29h |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
push ebp |
mov ebp, esp |
push ecx |
mov eax, dword ptr [ebp+08h] |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xc7bb0 | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc7c28 | 0x64 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xe8000 | 0x3a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xe9000 | 0x51e0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xc5ecc | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xc5f20 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9b000 | 0x1a4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x997af | 0x99800 | False | 0.488934942488 | data | 6.50079371898 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x9b000 | 0x2d5aa | 0x2d600 | False | 0.326892863292 | data | 4.74980452387 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xc9000 | 0x1efdc | 0xe00 | False | 0.209821428571 | data | 3.01039741419 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xe8000 | 0x3a0 | 0x400 | False | 0.404296875 | data | 3.03375733203 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xe9000 | 0x51e0 | 0x5200 | False | 0.770293445122 | data | 6.74990882481 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0xe8060 | 0x340 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | CreateFileW, GetWindowsDirectoryW, ReadFile, GetConsoleMode, OpenMutexW, CloseHandle, GetFileSize, DeleteCriticalSection, ReadConsoleW, VirtualProtectEx, GetConsoleCP, FlushFileBuffers, SetFilePointerEx, GetFileSizeEx, SetStdHandle, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, EncodePointer, FreeLibrary, LoadLibraryExW, GetModuleFileNameW, GetModuleHandleExW, ExitProcess, HeapAlloc, HeapValidate, GetSystemInfo, GetCurrentThread, GetStdHandle, GetFileType, WriteFile, OutputDebugStringW, WriteConsoleW, SetConsoleCtrlHandler, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, DecodePointer |
UxTheme.dll | CloseThemeData |
AVIFIL32.dll | AVIFileGetStream, AVIFileOpenW, AVIFileExit, AVIFileInit, AVIFileEndRecord |
TAPI32.dll | lineRedirectW, lineInitialize, lineHold, lineShutdown, lineTranslateAddressW |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Hundredpopulate@@8 | 1 | 0x1030208 |
Mark@@12 | 2 | 0x10303fe |
Seefit@@8 | 3 | 0x103046c |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Dad plan Corporation. All rights reserved |
InternalName | Team Lonesell |
FileVersion | 7.2.6.201 |
CompanyName | Dad plan Corporation |
These | 95 |
ProductName | Dad plan Fair fell |
ProductVersion | 7.2.6.201 |
FileDescription | Dad plan Fair fell |
OriginalFilename | fall.dll |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 11, 2021 11:12:44.427018881 CEST | 49732 | 80 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.427045107 CEST | 49733 | 80 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.607211113 CEST | 80 | 49732 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:44.607337952 CEST | 49732 | 80 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.608804941 CEST | 49732 | 80 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.612221003 CEST | 80 | 49733 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:44.612348080 CEST | 49733 | 80 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.792617083 CEST | 80 | 49732 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:44.792712927 CEST | 49732 | 80 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.792838097 CEST | 49732 | 80 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.806026936 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.971962929 CEST | 80 | 49732 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:44.987812042 CEST | 443 | 49734 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:44.987920046 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:44.997282028 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:45.180705070 CEST | 443 | 49734 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:45.180744886 CEST | 443 | 49734 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:45.180768013 CEST | 443 | 49734 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:45.180855989 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:45.276611090 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:45.285624981 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:45.459654093 CEST | 443 | 49734 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:45.460292101 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:45.470313072 CEST | 443 | 49734 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:45.472281933 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:45.576265097 CEST | 49734 | 443 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:45.659774065 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.661045074 CEST | 49736 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.708501101 CEST | 443 | 49735 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.709875107 CEST | 443 | 49736 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.710011959 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.710911989 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.710912943 CEST | 49736 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.711765051 CEST | 49736 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.757880926 CEST | 443 | 49734 | 40.97.161.50 | 192.168.2.6 |
May 11, 2021 11:12:45.760519028 CEST | 443 | 49735 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.760541916 CEST | 443 | 49735 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.760556936 CEST | 443 | 49735 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.760607958 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.760670900 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.761409998 CEST | 443 | 49736 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.761429071 CEST | 443 | 49736 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.761445045 CEST | 443 | 49736 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.761499882 CEST | 49736 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.761563063 CEST | 49736 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.774986029 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.776258945 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.784162045 CEST | 49736 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.826571941 CEST | 443 | 49735 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.827660084 CEST | 443 | 49735 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.827770948 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.835220098 CEST | 443 | 49735 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.835249901 CEST | 443 | 49736 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.835447073 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.835484028 CEST | 49736 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.835897923 CEST | 49735 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:45.886379957 CEST | 443 | 49735 | 52.97.201.34 | 192.168.2.6 |
May 11, 2021 11:12:45.918647051 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:45.922597885 CEST | 49738 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:45.965564966 CEST | 443 | 49737 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:45.965801001 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:45.966717958 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:45.974643946 CEST | 443 | 49738 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:45.974823952 CEST | 49738 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:45.975717068 CEST | 49738 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.017079115 CEST | 443 | 49737 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.017102003 CEST | 443 | 49737 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.017115116 CEST | 443 | 49737 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.017225027 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.031157017 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.031497955 CEST | 443 | 49738 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.031522036 CEST | 443 | 49738 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.031536102 CEST | 443 | 49738 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.031650066 CEST | 49738 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.031689882 CEST | 49738 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.032501936 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.039944887 CEST | 49738 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.079329014 CEST | 443 | 49737 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.079353094 CEST | 443 | 49737 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.079552889 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.085823059 CEST | 443 | 49737 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.085839987 CEST | 443 | 49737 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.085958958 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:46.094058990 CEST | 443 | 49738 | 40.101.12.82 | 192.168.2.6 |
May 11, 2021 11:12:46.094203949 CEST | 49738 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:48.734452009 CEST | 49737 | 443 | 192.168.2.6 | 40.101.12.82 |
May 11, 2021 11:12:48.734502077 CEST | 49733 | 80 | 192.168.2.6 | 40.97.161.50 |
May 11, 2021 11:12:48.734641075 CEST | 49736 | 443 | 192.168.2.6 | 52.97.201.34 |
May 11, 2021 11:12:48.734688997 CEST | 49738 | 443 | 192.168.2.6 | 40.101.12.82 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 11, 2021 11:10:04.627749920 CEST | 62044 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:10:04.688019037 CEST | 53 | 62044 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:10:05.065530062 CEST | 63791 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:10:05.119048119 CEST | 53 | 63791 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:10:05.514097929 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:10:05.565658092 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:10:06.473062992 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:10:06.521815062 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:10:07.315968037 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:10:07.366607904 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:10:08.172081947 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:10:08.222429991 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:10:09.185693026 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:10:09.235651016 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:10:12.379355907 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:10:12.445902109 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:11:01.546735048 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:11:01.606127977 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:11:56.163331985 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:11:56.240215063 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:09.364795923 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:09.416450024 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:13.470910072 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:13.550908089 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:14.031019926 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:14.105607033 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:14.831053019 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:14.882730961 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:16.026129007 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:16.076328039 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:16.941219091 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:17.005312920 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:17.129851103 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:17.178631067 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:18.321643114 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:18.373451948 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:19.467077017 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:19.518699884 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:21.247014046 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:21.301250935 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:24.820668936 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:24.873788118 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:25.939068079 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:25.987807989 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:27.270266056 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:27.319264889 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:42.907170057 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:42.967122078 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:44.360722065 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:44.412343025 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:45.587485075 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:45.647985935 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:45.865833044 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:45.916495085 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:50.559823990 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:50.628758907 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:53.348803043 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:53.413844109 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:12:58.119138956 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:12:58.181350946 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:13:12.908103943 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:13:12.966835022 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:13:13.940148115 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:13:13.998016119 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:13:14.508028984 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:13:14.608186960 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:13:14.986512899 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:13:15.043967009 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:13:15.190351009 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:13:15.330728054 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:13:15.921439886 CEST | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:13:16.058612108 CEST | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:13:17.004277945 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:13:17.061121941 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
May 11, 2021 11:13:21.021867037 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
May 11, 2021 11:13:21.079363108 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 11, 2021 11:12:44.360722065 CEST | 192.168.2.6 | 8.8.8.8 | 0x5036 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 11, 2021 11:12:45.587485075 CEST | 192.168.2.6 | 8.8.8.8 | 0xd3a9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 11, 2021 11:12:45.865833044 CEST | 192.168.2.6 | 8.8.8.8 | 0x6381 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 11, 2021 11:12:13.550908089 CEST | 8.8.8.8 | 192.168.2.6 | 0x1017 | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 11:12:44.412343025 CEST | 8.8.8.8 | 192.168.2.6 | 0x5036 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:44.412343025 CEST | 8.8.8.8 | 192.168.2.6 | 0x5036 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:44.412343025 CEST | 8.8.8.8 | 192.168.2.6 | 0x5036 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:44.412343025 CEST | 8.8.8.8 | 192.168.2.6 | 0x5036 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:44.412343025 CEST | 8.8.8.8 | 192.168.2.6 | 0x5036 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:44.412343025 CEST | 8.8.8.8 | 192.168.2.6 | 0x5036 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:44.412343025 CEST | 8.8.8.8 | 192.168.2.6 | 0x5036 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:44.412343025 CEST | 8.8.8.8 | 192.168.2.6 | 0x5036 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:45.647985935 CEST | 8.8.8.8 | 192.168.2.6 | 0xd3a9 | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 11:12:45.647985935 CEST | 8.8.8.8 | 192.168.2.6 | 0xd3a9 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 11:12:45.647985935 CEST | 8.8.8.8 | 192.168.2.6 | 0xd3a9 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 11:12:45.647985935 CEST | 8.8.8.8 | 192.168.2.6 | 0xd3a9 | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 11:12:45.647985935 CEST | 8.8.8.8 | 192.168.2.6 | 0xd3a9 | No error (0) | 52.97.201.34 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:45.647985935 CEST | 8.8.8.8 | 192.168.2.6 | 0xd3a9 | No error (0) | 52.97.233.50 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:45.647985935 CEST | 8.8.8.8 | 192.168.2.6 | 0xd3a9 | No error (0) | 40.101.136.2 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:45.647985935 CEST | 8.8.8.8 | 192.168.2.6 | 0xd3a9 | No error (0) | 40.101.137.66 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:45.916495085 CEST | 8.8.8.8 | 192.168.2.6 | 0x6381 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 11:12:45.916495085 CEST | 8.8.8.8 | 192.168.2.6 | 0x6381 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 11:12:45.916495085 CEST | 8.8.8.8 | 192.168.2.6 | 0x6381 | No error (0) | FRA-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 11, 2021 11:12:45.916495085 CEST | 8.8.8.8 | 192.168.2.6 | 0x6381 | No error (0) | 40.101.12.82 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:45.916495085 CEST | 8.8.8.8 | 192.168.2.6 | 0x6381 | No error (0) | 52.97.179.194 | A (IP address) | IN (0x0001) | ||
May 11, 2021 11:12:45.916495085 CEST | 8.8.8.8 | 192.168.2.6 | 0x6381 | No error (0) | 52.97.189.98 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49732 | 40.97.161.50 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 11, 2021 11:12:44.608804941 CEST | 1261 | OUT | |
May 11, 2021 11:12:44.792617083 CEST | 1262 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 11:10:12 |
Start date: | 11/05/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe70000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 11:10:12 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:10:12 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa40000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:10:12 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa40000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 11:10:16 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa40000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:10:20 |
Start date: | 11/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa40000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:12:42 |
Start date: | 11/05/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff721e20000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 11:12:43 |
Start date: | 11/05/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3e0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 6E23C536, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 318memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E171237, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1715F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E171F14, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E171352, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 81filetimeCOMMON
C-Code - Quality: 69% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E171F56, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1710E8, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E17173D, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E171E32, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1710BC, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E171699, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6E1A11D0, Relevance: 61.8, APIs: 41, Instructions: 290libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E171CDD, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B4F60, Relevance: 4.6, APIs: 3, Instructions: 81COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A38F0, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E172184, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E23C073, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E23C46C, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E4CE0, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E4D80, Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B7960, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E4E20, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AC550, Relevance: 33.2, APIs: 22, Instructions: 210COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AC8E0, Relevance: 30.3, APIs: 20, Instructions: 327COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B3840, Relevance: 25.7, APIs: 17, Instructions: 154COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AE490, Relevance: 24.2, APIs: 16, Instructions: 187COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B1570, Relevance: 19.6, APIs: 13, Instructions: 111COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B40B0, Relevance: 16.6, APIs: 11, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B0980, Relevance: 15.2, APIs: 10, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B1F50, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B0C30, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B0DD0, Relevance: 12.1, APIs: 8, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A9A30, Relevance: 12.1, APIs: 8, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A67D0, Relevance: 9.1, APIs: 6, Instructions: 148COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B2650, Relevance: 9.1, APIs: 6, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AEA30, Relevance: 9.1, APIs: 6, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AC470, Relevance: 9.1, APIs: 6, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E5290, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 221timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AD370, Relevance: 7.6, APIs: 5, Instructions: 149COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B3330, Relevance: 7.6, APIs: 5, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A2D80, Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AEE30, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A6D10, Relevance: 6.2, APIs: 4, Instructions: 211COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E4FC0, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E23F0, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E5100, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B9370, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 02C94C3B, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 222memoryfiletimeCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E23C536, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 318memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C92D6E, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 103memoryCOMMON
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C924B4, Relevance: 40.5, APIs: 22, Strings: 1, Instructions: 245memorystringCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98494, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 150timememoryCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C981E7, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 72filetimeCOMMON
C-Code - Quality: 74% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C954DA, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C9579B, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98A1D, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76memoryCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C96BC0, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C9450C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51memorytimeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C959F9, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C967C4, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 57memoryCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C94B9D, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 43memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C96517, Relevance: 3.0, APIs: 2, Instructions: 43memoryCOMMON
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C93F0E, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C96456, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1DC530, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C9497C, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C927A2, Relevance: 1.3, APIs: 1, Instructions: 26stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02C9696A, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 223memoryCOMMONCrypto
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A11D0, Relevance: 61.8, APIs: 41, Instructions: 290libraryloaderCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C92941, Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 201memorystringCOMMON
C-Code - Quality: 66% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AC550, Relevance: 33.2, APIs: 22, Instructions: 210COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AC8E0, Relevance: 30.3, APIs: 20, Instructions: 327COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B3840, Relevance: 25.7, APIs: 17, Instructions: 154COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AE490, Relevance: 24.2, APIs: 16, Instructions: 187COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C9AD95, Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 209libraryCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B1570, Relevance: 19.6, APIs: 13, Instructions: 111COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B40B0, Relevance: 16.6, APIs: 11, Instructions: 117COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C94EEC, Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 109librarymemoryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B0980, Relevance: 15.2, APIs: 10, Instructions: 203COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B1F50, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B0C30, Relevance: 13.6, APIs: 9, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B0DD0, Relevance: 12.1, APIs: 8, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B35D0, Relevance: 12.1, APIs: 8, Instructions: 121COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A9A30, Relevance: 12.1, APIs: 8, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98840, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A67D0, Relevance: 9.1, APIs: 6, Instructions: 148COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B2650, Relevance: 9.1, APIs: 6, Instructions: 127COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AEA30, Relevance: 9.1, APIs: 6, Instructions: 115COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AC470, Relevance: 9.1, APIs: 6, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E5290, Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 221timeCOMMON
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C93F60, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C9A961, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 42% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C95053, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92synchronizationCOMMON
C-Code - Quality: 38% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C9804C, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29sleepmemoryCOMMON
C-Code - Quality: 50% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C95DDD, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28sleepmemoryCOMMON
C-Code - Quality: 37% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AD370, Relevance: 7.6, APIs: 5, Instructions: 149COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B3330, Relevance: 7.6, APIs: 5, Instructions: 116COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A2D80, Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1AEE30, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C95722, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1A6D10, Relevance: 6.2, APIs: 4, Instructions: 211COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98D85, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E4FC0, Relevance: 6.1, APIs: 4, Instructions: 101COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E23F0, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1E5100, Relevance: 6.1, APIs: 4, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98634, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C964A0, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 64% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98AED, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C9469F, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1B9370, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 175timeCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98389, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98FE0, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C98007, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |