Analysis Report 457b22da_by_Libranalysis
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: FormBook |
---|
{"C2 list": ["www.rogegalmish.com/a8si/"], "decoy": ["mosquitocontrolpro.com", "omfgphil.com", "qqkit.net", "compusolutionsac.com", "skynetaccess.com", "helmetmoto.com", "webdomoupravitel.com", "thepocket-onlinelesson.xyz", "stefaniehirsch.space", "goalsandballs.com", "xn--bro-ba-3ya.com", "tomrings.com", "4520oceanviewavenue.com", "mamaebemorientada.com", "shopwreathrails.com", "restaurantestancia.com", "annaquatics.info", "mnarchitect.design", "best-cleaner.com", "jobhuizhan.com", "check-info-bank.network", "boostcoachingonline.com", "basimogroup.com", "076fb5.com", "conansr.icu", "numbereightturquoise.com", "southernbrushworks.com", "home-inland.com", "irrpa.com", "ethereumdailypay.com", "betsysellsswfl.com", "cutebyconstance.website", "modelsnt.com", "medifilt.com", "tracisolomon.xyz", "dchaulingdisposal.com", "minchenhy.com", "smart4earth.com", "rackembilliards.com", "benschiller-coaching.com", "virtualroasters.com", "applewholesales.com", "thesidspot.com", "grechenblogs.com", "marshlandlogisticsservices.net", "covidokotoks.com", "mirabilla.com", "hunab.tech", "foreverjsdesigns.com", "heipacc.info", "simon-schilling.com", "shirleyeluiz.com", "juguetibicicollectors.com", "70shousemanchester.com", "tranthaolinh.net", "urbanpokebar.com", "madras-spice.com", "fulmardelta.net", "drisu-goalkeeping.com", "jiotest.com", "vitatiensa.com", "melbournebusinesslawyers.net", "rajehomes.com", "company-for-you.com"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 18 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 1 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments | Show sources |
Source: | Author: Oleg Kolesnikov @securonix invrep_de, oscd.community: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00C91660 | |
Source: | Code function: | 0_2_00C91577 | |
Source: | Code function: | 0_2_04BF6FB4 | |
Source: | Code function: | 0_2_04BFA9E8 | |
Source: | Code function: | 4_2_00406A9A | |
Source: | Code function: | 9_2_008F6A9A |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Performs DNS queries to domains with low reputation | Show sources |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
PE file contains section with special chars | Show sources |
Source: | Static PE information: |
PE file has nameless sections | Show sources |
Source: | Static PE information: |
Source: | Code function: | 4_2_004181C0 | |
Source: | Code function: | 4_2_00418270 | |
Source: | Code function: | 4_2_004182F0 | |
Source: | Code function: | 4_2_004183A0 | |
Source: | Code function: | 4_2_0041826A | |
Source: | Code function: | 4_2_0041839A | |
Source: | Code function: | 4_2_019599A0 | |
Source: | Code function: | 4_2_019595D0 | |
Source: | Code function: | 4_2_01959910 | |
Source: | Code function: | 4_2_01959540 | |
Source: | Code function: | 4_2_019598F0 | |
Source: | Code function: | 4_2_01959840 | |
Source: | Code function: | 4_2_01959860 | |
Source: | Code function: | 4_2_01959780 | |
Source: | Code function: | 4_2_019597A0 | |
Source: | Code function: | 4_2_01959FE0 | |
Source: | Code function: | 4_2_01959710 | |
Source: | Code function: | 4_2_019596E0 | |
Source: | Code function: | 4_2_01959A00 | |
Source: | Code function: | 4_2_01959A20 | |
Source: | Code function: | 4_2_01959A50 | |
Source: | Code function: | 4_2_01959660 | |
Source: | Code function: | 4_2_019599D0 | |
Source: | Code function: | 4_2_019595F0 | |
Source: | Code function: | 4_2_0195AD30 | |
Source: | Code function: | 4_2_01959520 | |
Source: | Code function: | 4_2_01959950 | |
Source: | Code function: | 4_2_01959560 | |
Source: | Code function: | 4_2_019598A0 | |
Source: | Code function: | 4_2_01959820 | |
Source: | Code function: | 4_2_0195B040 | |
Source: | Code function: | 4_2_0195A3B0 | |
Source: | Code function: | 4_2_0195A710 | |
Source: | Code function: | 4_2_01959B00 | |
Source: | Code function: | 4_2_01959730 | |
Source: | Code function: | 4_2_01959770 | |
Source: | Code function: | 4_2_0195A770 | |
Source: | Code function: | 4_2_01959760 | |
Source: | Code function: | 4_2_01959A80 | |
Source: | Code function: | 4_2_019596D0 | |
Source: | Code function: | 4_2_01959610 | |
Source: | Code function: | 4_2_01959A10 | |
Source: | Code function: | 4_2_01959650 | |
Source: | Code function: | 4_2_01959670 | |
Source: | Code function: | 9_2_04989840 | |
Source: | Code function: | 9_2_04989860 | |
Source: | Code function: | 9_2_049899A0 | |
Source: | Code function: | 9_2_049895D0 | |
Source: | Code function: | 9_2_04989910 | |
Source: | Code function: | 9_2_04989540 | |
Source: | Code function: | 9_2_049896D0 | |
Source: | Code function: | 9_2_049896E0 | |
Source: | Code function: | 9_2_04989650 | |
Source: | Code function: | 9_2_04989A50 | |
Source: | Code function: | 9_2_04989660 | |
Source: | Code function: | 9_2_04989780 | |
Source: | Code function: | 9_2_04989FE0 | |
Source: | Code function: | 9_2_04989710 | |
Source: | Code function: | 9_2_049898A0 | |
Source: | Code function: | 9_2_049898F0 | |
Source: | Code function: | 9_2_04989820 | |
Source: | Code function: | 9_2_0498B040 | |
Source: | Code function: | 9_2_049899D0 | |
Source: | Code function: | 9_2_049895F0 | |
Source: | Code function: | 9_2_0498AD30 | |
Source: | Code function: | 9_2_04989520 | |
Source: | Code function: | 9_2_04989950 | |
Source: | Code function: | 9_2_04989560 | |
Source: | Code function: | 9_2_04989A80 | |
Source: | Code function: | 9_2_04989610 | |
Source: | Code function: | 9_2_04989A10 | |
Source: | Code function: | 9_2_04989A00 | |
Source: | Code function: | 9_2_04989A20 | |
Source: | Code function: | 9_2_04989670 | |
Source: | Code function: | 9_2_0498A3B0 | |
Source: | Code function: | 9_2_049897A0 | |
Source: | Code function: | 9_2_0498A710 | |
Source: | Code function: | 9_2_04989B00 | |
Source: | Code function: | 9_2_04989730 | |
Source: | Code function: | 9_2_04989770 | |
Source: | Code function: | 9_2_0498A770 | |
Source: | Code function: | 9_2_04989760 | |
Source: | Code function: | 9_2_009081C0 | |
Source: | Code function: | 9_2_009082F0 | |
Source: | Code function: | 9_2_00908270 | |
Source: | Code function: | 9_2_009083A0 | |
Source: | Code function: | 9_2_0090826A | |
Source: | Code function: | 9_2_0090839A |
Source: | Code function: | 0_2_00C92CC9 | |
Source: | Code function: | 0_2_00C904E1 | |
Source: | Code function: | 0_2_00C91881 | |
Source: | Code function: | 0_2_00C92450 | |
Source: | Code function: | 0_2_00C96C79 | |
Source: | Code function: | 0_2_00C94590 | |
Source: | Code function: | 0_2_00C9B1A8 | |
Source: | Code function: | 0_2_00C936B0 | |
Source: | Code function: | 0_2_00C944A0 | |
Source: | Code function: | 0_2_00C94466 | |
Source: | Code function: | 0_2_00C95411 | |
Source: | Code function: | 0_2_00C95420 | |
Source: | Code function: | 0_2_00C96820 | |
Source: | Code function: | 0_2_00C96830 | |
Source: | Code function: | 0_2_00C9A1B0 | |
Source: | Code function: | 0_2_00C976DA | |
Source: | Code function: | 0_2_00C96A99 | |
Source: | Code function: | 0_2_00C96AA8 | |
Source: | Code function: | 0_2_00C96600 | |
Source: | Code function: | 0_2_00C96610 | |
Source: | Code function: | 0_2_00C95210 | |
Source: | Code function: | 0_2_00C95F91 | |
Source: | Code function: | 0_2_00C95FA0 | |
Source: | Code function: | 0_2_00C923B4 | |
Source: | Code function: | 0_2_04BF1FD0 | |
Source: | Code function: | 0_2_04BF56C8 | |
Source: | Code function: | 0_2_04BF80D0 | |
Source: | Code function: | 0_2_04BF1FC2 | |
Source: | Code function: | 0_2_053EAB38 | |
Source: | Code function: | 0_2_053E35F0 | |
Source: | Code function: | 0_2_053E003F | |
Source: | Code function: | 0_2_053E0006 | |
Source: | Code function: | 0_2_053E8870 | |
Source: | Code function: | 0_2_053E0040 | |
Source: | Code function: | 0_2_053E84C8 | |
Source: | Code function: | 0_2_053E3F37 | |
Source: | Code function: | 0_2_053E3F32 | |
Source: | Code function: | 0_2_053E5F10 | |
Source: | Code function: | 0_2_053E5F68 | |
Source: | Code function: | 0_2_053E3F40 | |
Source: | Code function: | 0_2_053E2F90 | |
Source: | Code function: | 0_2_053E2FF0 | |
Source: | Code function: | 0_2_053E2FEF | |
Source: | Code function: | 0_2_053E43E8 | |
Source: | Code function: | 0_2_053E43E7 | |
Source: | Code function: | 0_2_053E43D7 | |
Source: | Code function: | 0_2_053E526F | |
Source: | Code function: | 0_2_053E5280 | |
Source: | Code function: | 4_2_00401030 | |
Source: | Code function: | 4_2_0041C273 | |
Source: | Code function: | 4_2_0041BAA2 | |
Source: | Code function: | 4_2_00408C5B | |
Source: | Code function: | 4_2_00408C60 | |
Source: | Code function: | 4_2_0041BC22 | |
Source: | Code function: | 4_2_0041CC24 | |
Source: | Code function: | 4_2_0041B4A6 | |
Source: | Code function: | 4_2_0041BD4F | |
Source: | Code function: | 4_2_0041C501 | |
Source: | Code function: | 4_2_00402D87 | |
Source: | Code function: | 4_2_00402D90 | |
Source: | Code function: | 4_2_0041BDBD | |
Source: | Code function: | 4_2_0041BF3C | |
Source: | Code function: | 4_2_0041C7A5 | |
Source: | Code function: | 4_2_00402FB0 | |
Source: | Code function: | 4_2_01942581 | |
Source: | Code function: | 4_2_0192D5E0 | |
Source: | Code function: | 4_2_0191F900 | |
Source: | Code function: | 4_2_01910D20 | |
Source: | Code function: | 4_2_01934120 | |
Source: | Code function: | 4_2_019E1D55 | |
Source: | Code function: | 4_2_0192B090 | |
Source: | Code function: | 4_2_019420A0 | |
Source: | Code function: | 4_2_0192841F | |
Source: | Code function: | 4_2_019D1002 | |
Source: | Code function: | 4_2_0194EBB0 | |
Source: | Code function: | 4_2_01936E30 | |
Source: | Code function: | 9_2_0495B090 | |
Source: | Code function: | 9_2_04A120A8 | |
Source: | Code function: | 9_2_049720A0 | |
Source: | Code function: | 9_2_0495841F | |
Source: | Code function: | 9_2_04A01002 | |
Source: | Code function: | 9_2_04972581 | |
Source: | Code function: | 9_2_0495D5E0 | |
Source: | Code function: | 9_2_0494F900 | |
Source: | Code function: | 9_2_04A12D07 | |
Source: | Code function: | 9_2_04940D20 | |
Source: | Code function: | 9_2_04964120 | |
Source: | Code function: | 9_2_04A11D55 | |
Source: | Code function: | 9_2_04A122AE | |
Source: | Code function: | 9_2_04A12EF7 | |
Source: | Code function: | 9_2_04966E30 | |
Source: | Code function: | 9_2_0497EBB0 | |
Source: | Code function: | 9_2_04A11FF1 | |
Source: | Code function: | 9_2_04A12B28 | |
Source: | Code function: | 9_2_0090B4A6 | |
Source: | Code function: | 9_2_0090CC24 | |
Source: | Code function: | 9_2_008F8C5B | |
Source: | Code function: | 9_2_008F8C60 | |
Source: | Code function: | 9_2_008F2D87 | |
Source: | Code function: | 9_2_008F2D90 | |
Source: | Code function: | 9_2_0090C7A5 | |
Source: | Code function: | 9_2_008F2FB0 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_04BFE0E3 | |
Source: | Code function: | 0_2_053E1F09 | |
Source: | Code function: | 4_2_004161E8 | |
Source: | Code function: | 4_2_004151D9 | |
Source: | Code function: | 4_2_0041B408 | |
Source: | Code function: | 4_2_0041B472 | |
Source: | Code function: | 4_2_0041B408 | |
Source: | Code function: | 4_2_0041B472 | |
Source: | Code function: | 4_2_0041543E | |
Source: | Code function: | 4_2_00415496 | |
Source: | Code function: | 4_2_00E3B9FE | |
Source: | Code function: | 4_2_00E3811D | |
Source: | Code function: | 4_2_00E3B5D2 | |
Source: | Code function: | 4_2_00E3BB54 | |
Source: | Code function: | 4_2_00E3BB5A | |
Source: | Code function: | 4_2_00E3BB36 | |
Source: | Code function: | 4_2_00E384A8 | |
Source: | Code function: | 4_2_00E3AE36 | |
Source: | Code function: | 4_2_00E3B60E | |
Source: | Code function: | 4_2_00E3B5D2 | |
Source: | Code function: | 4_2_00E3AE36 | |
Source: | Code function: | 4_2_00E3B650 | |
Source: | Code function: | 4_2_00E3902C | |
Source: | Code function: | 4_2_0196D0E4 | |
Source: | Code function: | 9_2_0499D0E4 | |
Source: | Code function: | 9_2_009051D9 | |
Source: | Code function: | 9_2_009061E8 | |
Source: | Code function: | 9_2_0090B408 | |
Source: | Code function: | 9_2_00905496 | |
Source: | Code function: | 9_2_0090B408 | |
Source: | Code function: | 9_2_0090B472 |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 4_2_004088B0 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) | Show sources |
Source: | Code function: | 0_2_00C91660 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 4_2_004088B0 |
Source: | Code function: | 4_2_00409B20 |
Source: | Code function: | 4_2_01942990 | |
Source: | Code function: | 4_2_0194FD9B | |
Source: | Code function: | 4_2_0194FD9B | |
Source: | Code function: | 4_2_0194A185 | |
Source: | Code function: | 4_2_0193C182 | |
Source: | Code function: | 4_2_01942581 | |
Source: | Code function: | 4_2_01942581 | |
Source: | Code function: | 4_2_01942581 | |
Source: | Code function: | 4_2_01942581 | |
Source: | Code function: | 4_2_01912D8A | |
Source: | Code function: | 4_2_01912D8A | |
Source: | Code function: | 4_2_01912D8A | |
Source: | Code function: | 4_2_01912D8A | |
Source: | Code function: | 4_2_01912D8A | |
Source: | Code function: | 4_2_01941DB5 | |
Source: | Code function: | 4_2_01941DB5 | |
Source: | Code function: | 4_2_01941DB5 | |
Source: | Code function: | 4_2_019951BE | |
Source: | Code function: | 4_2_019951BE | |
Source: | Code function: | 4_2_019951BE | |
Source: | Code function: | 4_2_019951BE | |
Source: | Code function: | 4_2_019461A0 | |
Source: | Code function: | 4_2_019461A0 | |
Source: | Code function: | 4_2_019435A1 | |
Source: | Code function: | 4_2_019969A6 | |
Source: | Code function: | 4_2_019C8DF1 | |
Source: | Code function: | 4_2_0191B1E1 | |
Source: | Code function: | 4_2_0191B1E1 | |
Source: | Code function: | 4_2_0191B1E1 | |
Source: | Code function: | 4_2_019A41E8 | |
Source: | Code function: | 4_2_0192D5E0 | |
Source: | Code function: | 4_2_0192D5E0 | |
Source: | Code function: | 4_2_01919100 | |
Source: | Code function: | 4_2_01919100 | |
Source: | Code function: | 4_2_01919100 | |
Source: | Code function: | 4_2_0191AD30 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_01923D34 | |
Source: | Code function: | 4_2_019E8D34 | |
Source: | Code function: | 4_2_0194513A | |
Source: | Code function: | 4_2_0194513A | |
Source: | Code function: | 4_2_0199A537 | |
Source: | Code function: | 4_2_01944D3B | |
Source: | Code function: | 4_2_01944D3B | |
Source: | Code function: | 4_2_01944D3B | |
Source: | Code function: | 4_2_01934120 | |
Source: | Code function: | 4_2_01934120 | |
Source: | Code function: | 4_2_01934120 | |
Source: | Code function: | 4_2_01934120 | |
Source: | Code function: | 4_2_01934120 | |
Source: | Code function: | 4_2_01937D50 | |
Source: | Code function: | 4_2_01953D43 | |
Source: | Code function: | 4_2_0193B944 | |
Source: | Code function: | 4_2_0193B944 | |
Source: | Code function: | 4_2_01993540 | |
Source: | Code function: | 4_2_0191B171 | |
Source: | Code function: | 4_2_0191B171 | |
Source: | Code function: | 4_2_0193C577 | |
Source: | Code function: | 4_2_0193C577 | |
Source: | Code function: | 4_2_0191C962 | |
Source: | Code function: | 4_2_0192849B | |
Source: | Code function: | 4_2_01919080 | |
Source: | Code function: | 4_2_01993884 | |
Source: | Code function: | 4_2_01993884 | |
Source: | Code function: | 4_2_0194F0BF | |
Source: | Code function: | 4_2_0194F0BF | |
Source: | Code function: | 4_2_0194F0BF | |
Source: | Code function: | 4_2_019420A0 | |
Source: | Code function: | 4_2_019420A0 | |
Source: | Code function: | 4_2_019420A0 | |
Source: | Code function: | 4_2_019420A0 | |
Source: | Code function: | 4_2_019420A0 | |
Source: | Code function: | 4_2_019420A0 | |
Source: | Code function: | 4_2_019590AF | |
Source: | Code function: | 4_2_019E8CD6 | |
Source: | Code function: | 4_2_019AB8D0 | |
Source: | Code function: | 4_2_019AB8D0 | |
Source: | Code function: | 4_2_019AB8D0 | |
Source: | Code function: | 4_2_019AB8D0 | |
Source: | Code function: | 4_2_019AB8D0 | |
Source: | Code function: | 4_2_019AB8D0 | |
Source: | Code function: | 4_2_019D14FB | |
Source: | Code function: | 4_2_01996CF0 | |
Source: | Code function: | 4_2_01996CF0 | |
Source: | Code function: | 4_2_01996CF0 | |
Source: | Code function: | 4_2_019158EC | |
Source: | Code function: | 4_2_019E4015 | |
Source: | Code function: | 4_2_019E4015 | |
Source: | Code function: | 4_2_01997016 | |
Source: | Code function: | 4_2_01997016 | |
Source: | Code function: | 4_2_01997016 | |
Source: | Code function: | 4_2_019E740D | |
Source: | Code function: | 4_2_019E740D | |
Source: | Code function: | 4_2_019E740D | |
Source: | Code function: | 4_2_01996C0A | |
Source: | Code function: | 4_2_01996C0A | |
Source: | Code function: | 4_2_01996C0A | |
Source: | Code function: | 4_2_01996C0A | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_019D1C06 | |
Source: | Code function: | 4_2_0192B02A | |
Source: | Code function: | 4_2_0192B02A | |
Source: | Code function: | 4_2_0192B02A | |
Source: | Code function: | 4_2_0192B02A | |
Source: | Code function: | 4_2_0194BC2C | |
Source: | Code function: | 4_2_0194002D | |
Source: | Code function: | 4_2_0194002D | |
Source: | Code function: | 4_2_0194002D | |
Source: | Code function: | 4_2_0194002D | |
Source: | Code function: | 4_2_0194002D | |
Source: | Code function: | 4_2_01930050 | |
Source: | Code function: | 4_2_01930050 | |
Source: | Code function: | 4_2_019AC450 | |
Source: | Code function: | 4_2_019AC450 | |
Source: | Code function: | 4_2_0194A44B | |
Source: | Code function: | 4_2_019E1074 | |
Source: | Code function: | 4_2_019D2073 | |
Source: | Code function: | 4_2_0193746D | |
Source: | Code function: | 4_2_01942397 | |
Source: | Code function: | 4_2_0194B390 | |
Source: | Code function: | 4_2_01928794 | |
Source: | Code function: | 4_2_01997794 | |
Source: | Code function: | 4_2_01997794 | |
Source: | Code function: | 4_2_01997794 | |
Source: | Code function: | 4_2_019D138A | |
Source: | Code function: | 4_2_019CD380 | |
Source: | Code function: | 4_2_01921B8F | |
Source: | Code function: | 4_2_01921B8F | |
Source: | Code function: | 4_2_01944BAD | |
Source: | Code function: | 4_2_01944BAD | |
Source: | Code function: | 4_2_01944BAD | |
Source: | Code function: | 4_2_019E5BA5 | |
Source: | Code function: | 4_2_019953CA | |
Source: | Code function: | 4_2_019953CA | |
Source: | Code function: | 4_2_019537F5 | |
Source: | Code function: | 4_2_019403E2 | |
Source: | Code function: | 4_2_019403E2 | |
Source: | Code function: | 4_2_019403E2 | |
Source: | Code function: | 4_2_019403E2 | |
Source: | Code function: | 4_2_019403E2 | |
Source: | Code function: | 4_2_019403E2 | |
Source: | Code function: | 4_2_0193F716 | |
Source: | Code function: | 4_2_019D131B | |
Source: | Code function: | 4_2_019AFF10 | |
Source: | Code function: | 4_2_019AFF10 | |
Source: | Code function: | 4_2_019E070D | |
Source: | Code function: | 4_2_019E070D | |
Source: | Code function: | 4_2_0194A70E | |
Source: | Code function: | 4_2_0194A70E | |
Source: | Code function: | 4_2_0194E730 | |
Source: | Code function: | 4_2_01914F2E | |
Source: | Code function: | 4_2_01914F2E | |
Source: | Code function: | 4_2_019E8B58 | |
Source: | Code function: | 4_2_0191F358 | |
Source: | Code function: | 4_2_0191DB40 | |
Source: | Code function: | 4_2_0192EF40 | |
Source: | Code function: | 4_2_01943B7A | |
Source: | Code function: | 4_2_01943B7A | |
Source: | Code function: | 4_2_0191DB60 | |
Source: | Code function: | 4_2_0192FF60 | |
Source: | Code function: | 4_2_019E8F6A | |
Source: | Code function: | 4_2_0194D294 | |
Source: | Code function: | 4_2_0194D294 | |
Source: | Code function: | 4_2_019AFE87 | |
Source: | Code function: | 4_2_0192AAB0 | |
Source: | Code function: | 4_2_0192AAB0 | |
Source: | Code function: | 4_2_0194FAB0 | |
Source: | Code function: | 4_2_019152A5 | |
Source: | Code function: | 4_2_019152A5 | |
Source: | Code function: | 4_2_019152A5 | |
Source: | Code function: | 4_2_019152A5 | |
Source: | Code function: | 4_2_019152A5 | |
Source: | Code function: | 4_2_019E0EA5 | |
Source: | Code function: | 4_2_019E0EA5 | |
Source: | Code function: | 4_2_019E0EA5 | |
Source: | Code function: | 4_2_019946A7 | |
Source: | Code function: | 4_2_019E8ED6 | |
Source: | Code function: | 4_2_01958EC7 | |
Source: | Code function: | 4_2_019436CC | |
Source: | Code function: | 4_2_019CFEC0 | |
Source: | Code function: | 4_2_01942ACB | |
Source: | Code function: | 4_2_019276E2 | |
Source: | Code function: | 4_2_01942AE4 | |
Source: | Code function: | 4_2_019416E0 | |
Source: | Code function: | 4_2_0191AA16 | |
Source: | Code function: | 4_2_0191AA16 | |
Source: | Code function: | 4_2_0194A61C | |
Source: | Code function: | 4_2_0194A61C | |
Source: | Code function: | 4_2_01933A1C | |
Source: | Code function: | 4_2_0191C600 | |
Source: | Code function: | 4_2_0191C600 | |
Source: | Code function: | 4_2_0191C600 | |
Source: | Code function: | 4_2_01948E00 | |
Source: | Code function: | 4_2_01928A0A | |
Source: | Code function: | 4_2_019CFE3F | |
Source: | Code function: | 4_2_0191E620 | |
Source: | Code function: | 4_2_01954A2C | |
Source: | Code function: | 4_2_01954A2C | |
Source: | Code function: | 4_2_019A4257 | |
Source: | Code function: | 4_2_01919240 | |
Source: | Code function: | 4_2_01919240 | |
Source: | Code function: | 4_2_01919240 | |
Source: | Code function: | 4_2_01919240 | |
Source: | Code function: | 4_2_01927E41 | |
Source: | Code function: | 4_2_01927E41 | |
Source: | Code function: | 4_2_01927E41 | |
Source: | Code function: | 4_2_01927E41 | |
Source: | Code function: | 4_2_01927E41 | |
Source: | Code function: | 4_2_01927E41 | |
Source: | Code function: | 4_2_0193AE73 | |
Source: | Code function: | 4_2_0193AE73 | |
Source: | Code function: | 4_2_0193AE73 | |
Source: | Code function: | 4_2_0193AE73 | |
Source: | Code function: | 4_2_0193AE73 | |
Source: | Code function: | 4_2_0195927A | |
Source: | Code function: | 4_2_019CB260 | |
Source: | Code function: | 4_2_019CB260 | |
Source: | Code function: | 4_2_019E8A62 | |
Source: | Code function: | 4_2_0192766D | |
Source: | Code function: | 9_2_0495849B | |
Source: | Code function: | 9_2_04949080 | |
Source: | Code function: | 9_2_049C3884 | |
Source: | Code function: | 9_2_049C3884 | |
Source: | Code function: | 9_2_0497F0BF | |
Source: | Code function: | 9_2_0497F0BF | |
Source: | Code function: | 9_2_0497F0BF | |
Source: | Code function: | 9_2_049890AF | |
Source: | Code function: | 9_2_049720A0 | |
Source: | Code function: | 9_2_049720A0 | |
Source: | Code function: | 9_2_049720A0 | |
Source: | Code function: | 9_2_049720A0 | |
Source: | Code function: | 9_2_049720A0 | |
Source: | Code function: | 9_2_049720A0 | |
Source: | Code function: | 9_2_049DB8D0 | |
Source: | Code function: | 9_2_049DB8D0 | |
Source: | Code function: | 9_2_049DB8D0 | |
Source: | Code function: | 9_2_049DB8D0 | |
Source: | Code function: | 9_2_049DB8D0 | |
Source: | Code function: | 9_2_049DB8D0 | |
Source: | Code function: | 9_2_04A014FB | |
Source: | Code function: | 9_2_049C6CF0 | |
Source: | Code function: | 9_2_049C6CF0 | |
Source: | Code function: | 9_2_049C6CF0 | |
Source: | Code function: | 9_2_04A18CD6 | |
Source: | Code function: | 9_2_049458EC | |
Source: | Code function: | 9_2_049C7016 | |
Source: | Code function: | 9_2_049C7016 | |
Source: | Code function: | 9_2_049C7016 | |
Source: | Code function: | 9_2_049C6C0A | |
Source: | Code function: | 9_2_049C6C0A | |
Source: | Code function: | 9_2_049C6C0A | |
Source: | Code function: | 9_2_049C6C0A | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A01C06 | |
Source: | Code function: | 9_2_04A1740D | |
Source: | Code function: | 9_2_04A1740D | |
Source: | Code function: | 9_2_04A1740D | |
Source: | Code function: | 9_2_04A14015 | |
Source: | Code function: | 9_2_04A14015 | |
Source: | Code function: | 9_2_0497002D | |
Source: | Code function: | 9_2_0497002D | |
Source: | Code function: | 9_2_0497002D | |
Source: | Code function: | 9_2_0497002D | |
Source: | Code function: | 9_2_0497002D | |
Source: | Code function: | 9_2_0497BC2C | |
Source: | Code function: | 9_2_0495B02A | |
Source: | Code function: | 9_2_0495B02A | |
Source: | Code function: | 9_2_0495B02A | |
Source: | Code function: | 9_2_0495B02A | |
Source: | Code function: | 9_2_04960050 | |
Source: | Code function: | 9_2_04960050 | |
Source: | Code function: | 9_2_049DC450 | |
Source: | Code function: | 9_2_049DC450 | |
Source: | Code function: | 9_2_04A02073 | |
Source: | Code function: | 9_2_04A11074 | |
Source: | Code function: | 9_2_0497A44B | |
Source: | Code function: | 9_2_0496746D | |
Source: | Code function: | 9_2_04972990 | |
Source: | Code function: | 9_2_0497FD9B | |
Source: | Code function: | 9_2_0497FD9B | |
Source: | Code function: | 9_2_04A105AC | |
Source: | Code function: | 9_2_04A105AC | |
Source: | Code function: | 9_2_0497A185 | |
Source: | Code function: | 9_2_0496C182 | |
Source: | Code function: | 9_2_04972581 | |
Source: | Code function: | 9_2_04972581 | |
Source: | Code function: | 9_2_04972581 | |
Source: | Code function: | 9_2_04972581 | |
Source: | Code function: | 9_2_04942D8A | |
Source: | Code function: | 9_2_04942D8A | |
Source: | Code function: | 9_2_04942D8A | |
Source: | Code function: | 9_2_04942D8A | |
Source: | Code function: | 9_2_04942D8A | |
Source: | Code function: | 9_2_04971DB5 | |
Source: | Code function: | 9_2_04971DB5 | |
Source: | Code function: | 9_2_04971DB5 | |
Source: | Code function: | 9_2_049C51BE | |
Source: | Code function: | 9_2_049C51BE | |
Source: | Code function: | 9_2_049C51BE | |
Source: | Code function: | 9_2_049C51BE | |
Source: | Code function: | 9_2_049735A1 | |
Source: | Code function: | 9_2_049761A0 | |
Source: | Code function: | 9_2_049761A0 | |
Source: | Code function: | 9_2_049C69A6 | |
Source: | Code function: | 9_2_049C6DC9 | |
Source: | Code function: | 9_2_049C6DC9 | |
Source: | Code function: | 9_2_049C6DC9 | |
Source: | Code function: | 9_2_049C6DC9 | |
Source: | Code function: | 9_2_049C6DC9 | |
Source: | Code function: | 9_2_049C6DC9 | |
Source: | Code function: | 9_2_049F8DF1 | |
Source: | Code function: | 9_2_0494B1E1 | |
Source: | Code function: | 9_2_0494B1E1 | |
Source: | Code function: | 9_2_0494B1E1 | |
Source: | Code function: | 9_2_049D41E8 | |
Source: | Code function: | 9_2_0495D5E0 | |
Source: | Code function: | 9_2_0495D5E0 | |
Source: | Code function: | 9_2_04949100 | |
Source: | Code function: | 9_2_04949100 | |
Source: | Code function: | 9_2_04949100 | |
Source: | Code function: | 9_2_04A18D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_04953D34 | |
Source: | Code function: | 9_2_0494AD30 | |
Source: | Code function: | 9_2_049CA537 | |
Source: | Code function: | 9_2_04974D3B | |
Source: | Code function: | 9_2_04974D3B | |
Source: | Code function: | 9_2_04974D3B | |
Source: | Code function: | 9_2_0497513A | |
Source: | Code function: | 9_2_0497513A | |
Source: | Code function: | 9_2_04964120 | |
Source: | Code function: | 9_2_04964120 | |
Source: | Code function: | 9_2_04964120 | |
Source: | Code function: | 9_2_04964120 | |
Source: | Code function: | 9_2_04964120 | |
Source: | Code function: | 9_2_04967D50 | |
Source: | Code function: | 9_2_0496B944 | |
Source: | Code function: | 9_2_0496B944 | |
Source: | Code function: | 9_2_04983D43 | |
Source: | Code function: | 9_2_049C3540 | |
Source: | Code function: | 9_2_0496C577 | |
Source: | Code function: | 9_2_0496C577 | |
Source: | Code function: | 9_2_0494B171 | |
Source: | Code function: | 9_2_0494B171 | |
Source: | Code function: | 9_2_0494C962 | |
Source: | Code function: | 9_2_0497D294 | |
Source: | Code function: | 9_2_0497D294 | |
Source: | Code function: | 9_2_04A10EA5 | |
Source: | Code function: | 9_2_04A10EA5 | |
Source: | Code function: | 9_2_04A10EA5 | |
Source: | Code function: | 9_2_049DFE87 | |
Source: | Code function: | 9_2_0495AAB0 | |
Source: | Code function: | 9_2_0495AAB0 | |
Source: | Code function: | 9_2_0497FAB0 | |
Source: | Code function: | 9_2_049452A5 | |
Source: | Code function: | 9_2_049452A5 | |
Source: | Code function: | 9_2_049452A5 | |
Source: | Code function: | 9_2_049452A5 | |
Source: | Code function: | 9_2_049452A5 | |
Source: | Code function: | 9_2_049C46A7 | |
Source: | Code function: | 9_2_049736CC | |
Source: | Code function: | 9_2_04972ACB | |
Source: | Code function: | 9_2_049FFEC0 | |
Source: | Code function: | 9_2_04988EC7 | |
Source: | Code function: | 9_2_04972AE4 | |
Source: | Code function: | 9_2_049716E0 | |
Source: | Code function: | 9_2_04A18ED6 | |
Source: | Code function: | 9_2_049576E2 | |
Source: | Code function: | 9_2_0494AA16 | |
Source: | Code function: | 9_2_0494AA16 | |
Source: | Code function: | 9_2_04945210 | |
Source: | Code function: | 9_2_04945210 | |
Source: | Code function: | 9_2_04945210 | |
Source: | Code function: | 9_2_04945210 | |
Source: | Code function: | 9_2_04963A1C | |
Source: | Code function: | 9_2_0497A61C | |
Source: | Code function: | 9_2_0497A61C | |
Source: | Code function: | 9_2_0494C600 | |
Source: | Code function: | 9_2_0494C600 | |
Source: | Code function: | 9_2_0494C600 | |
Source: | Code function: | 9_2_04978E00 | |
Source: | Code function: | 9_2_04958A0A | |
Source: | Code function: | 9_2_049FFE3F | |
Source: | Code function: | 9_2_04A01608 | |
Source: | Code function: | 9_2_0494E620 | |
Source: | Code function: | 9_2_04984A2C | |
Source: | Code function: | 9_2_04984A2C | |
Source: | Code function: | 9_2_04A18A62 | |
Source: | Code function: | 9_2_049D4257 | |
Source: | Code function: | 9_2_04949240 | |
Source: | Code function: | 9_2_04949240 | |
Source: | Code function: | 9_2_04949240 | |
Source: | Code function: | 9_2_04949240 | |
Source: | Code function: | 9_2_04957E41 | |
Source: | Code function: | 9_2_04957E41 | |
Source: | Code function: | 9_2_04957E41 | |
Source: | Code function: | 9_2_04957E41 | |
Source: | Code function: | 9_2_04957E41 | |
Source: | Code function: | 9_2_04957E41 | |
Source: | Code function: | 9_2_0498927A | |
Source: | Code function: | 9_2_0496AE73 | |
Source: | Code function: | 9_2_0496AE73 | |
Source: | Code function: | 9_2_0496AE73 | |
Source: | Code function: | 9_2_0496AE73 | |
Source: | Code function: | 9_2_0496AE73 | |
Source: | Code function: | 9_2_0495766D | |
Source: | Code function: | 9_2_049FB260 | |
Source: | Code function: | 9_2_049FB260 | |
Source: | Code function: | 9_2_04972397 | |
Source: | Code function: | 9_2_04958794 | |
Source: | Code function: | 9_2_04A15BA5 | |
Source: | Code function: | 9_2_0497B390 | |
Source: | Code function: | 9_2_049C7794 | |
Source: | Code function: | 9_2_049C7794 | |
Source: | Code function: | 9_2_049C7794 | |
Source: | Code function: | 9_2_04951B8F | |
Source: | Code function: | 9_2_04951B8F | |
Source: | Code function: | 9_2_049FD380 | |
Source: | Code function: | 9_2_04A0138A | |
Source: | Code function: | 9_2_04974BAD | |
Source: | Code function: | 9_2_04974BAD | |
Source: | Code function: | 9_2_04974BAD | |
Source: | Code function: | 9_2_049C53CA | |
Source: | Code function: | 9_2_049C53CA | |
Source: | Code function: | 9_2_049837F5 | |
Source: | Code function: | 9_2_049703E2 | |
Source: | Code function: | 9_2_049703E2 | |
Source: | Code function: | 9_2_049703E2 | |
Source: | Code function: | 9_2_049703E2 | |
Source: | Code function: | 9_2_049703E2 | |
Source: | Code function: | 9_2_049703E2 | |
Source: | Code function: | 9_2_0496DBE9 | |
Source: | Code function: | 9_2_0496F716 | |
Source: | Code function: | 9_2_049DFF10 | |
Source: | Code function: | 9_2_049DFF10 | |
Source: | Code function: | 9_2_0497A70E | |
Source: | Code function: | 9_2_0497A70E | |
Source: | Code function: | 9_2_0497E730 | |
Source: | Code function: | 9_2_04A1070D | |
Source: | Code function: | 9_2_04A1070D | |
Source: | Code function: | 9_2_04944F2E | |
Source: | Code function: | 9_2_04944F2E | |
Source: | Code function: | 9_2_04A0131B | |
Source: | Code function: | 9_2_04A18F6A | |
Source: | Code function: | 9_2_0494F358 | |
Source: | Code function: | 9_2_0494DB40 | |
Source: | Code function: | 9_2_0495EF40 | |
Source: | Code function: | 9_2_04973B7A | |
Source: | Code function: | 9_2_04973B7A | |
Source: | Code function: | 9_2_0494DB60 | |
Source: | Code function: | 9_2_0495FF60 | |
Source: | Code function: | 9_2_04A18B58 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Queues an APC in another process (thread injection) | Show sources |
Source: | Thread APC queued: | Jump to behavior |
Sample uses process hollowing technique | Show sources |
Source: | Section unmapped: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Shared Modules1 | Path Interception | Process Injection612 | Masquerading1 | Input Capture1 | Security Software Discovery321 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion31 | Security Account Manager | Virtualization/Sandbox Evasion31 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection612 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information1 | LSA Secrets | System Information Discovery112 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information4 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Rundll321 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Software Packing13 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | ReversingLabs | Win32.Trojan.Wacatac | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
4520oceanviewavenue.com | 184.168.131.241 | true | true | unknown | |
home-inland.com | 81.88.52.88 | true | true | unknown | |
www.shirleyeluiz.com | 34.95.69.141 | true | false | unknown | |
rogegalmish.com | 192.232.222.43 | true | true | unknown | |
www.thepocket-onlinelesson.xyz | 202.210.8.86 | true | true | unknown | |
www.omfgphil.com | 64.98.145.30 | true | true | unknown | |
drisu-goalkeeping.com | 81.169.145.162 | true | true | unknown | |
boostcoachingonline.com | 184.168.131.241 | true | true | unknown | |
www.skynetaccess.com | 52.128.23.153 | true | true | unknown | |
www.best-cleaner.com | 156.252.96.189 | true | true | unknown | |
www.drisu-goalkeeping.com | unknown | unknown | true | unknown | |
www.boostcoachingonline.com | unknown | unknown | true | unknown | |
www.home-inland.com | unknown | unknown | true | unknown | |
www.tracisolomon.xyz | unknown | unknown | true | unknown | |
www.4520oceanviewavenue.com | unknown | unknown | true | unknown | |
www.rogegalmish.com | unknown | unknown | true | unknown | |
www.webdomoupravitel.com | unknown | unknown | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| low | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.128.23.153 | www.skynetaccess.com | United States | 19324 | DOSARRESTUS | true | |
192.232.222.43 | rogegalmish.com | United States | 46606 | UNIFIEDLAYER-AS-1US | true | |
202.210.8.86 | www.thepocket-onlinelesson.xyz | Japan | 2519 | VECTANTARTERIANetworksCorporationJP | true | |
64.98.145.30 | www.omfgphil.com | Canada | 32491 | TUCOWS-3CA | true | |
156.252.96.189 | www.best-cleaner.com | Seychelles | 132839 | POWERLINE-AS-APPOWERLINEDATACENTERHK | true | |
34.95.69.141 | www.shirleyeluiz.com | United States | 15169 | GOOGLEUS | false | |
81.169.145.162 | drisu-goalkeeping.com | Germany | 6724 | STRATOSTRATOAGDE | true | |
184.168.131.241 | 4520oceanviewavenue.com | United States | 26496 | AS-26496-GO-DADDY-COM-LLCUS | true |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 412121 |
Start date: | 12.05.2021 |
Start time: | 12:23:27 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 10m 39s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 457b22da_by_Libranalysis (renamed file extension from none to exe) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@7/1@12/8 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:24:27 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
52.128.23.153 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
202.210.8.86 | Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
www.thepocket-onlinelesson.xyz | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
UNIFIEDLAYER-AS-1US | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
VECTANTARTERIANetworksCorporationJP | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
DOSARRESTUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\457b22da_by_Libranalysis.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1314 |
Entropy (8bit): | 5.350128552078965 |
Encrypted: | false |
SSDEEP: | 24:ML9E4Ks2f84jE4Kx1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MxHKXfvjHKx1qHiYHKhQnoPtHoxHhAHR |
MD5: | 8198C64CE0786EABD4C792E7E6FC30E5 |
SHA1: | 71E1676126F4616B18C751A0A775B2D64944A15A |
SHA-256: | C58018934011086A883D1D56B21F6C1916B1CD83206ADD1865C9BDD29DADCBC4 |
SHA-512: | EE293C0F88A12AB10041F66DDFAE89BC11AB3B3AAD8604F1A418ABE43DF0980245C3B7F8FEB709AEE8E9474841A280E073EC063045EA39948E853AA6B4EC0FB0 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.70861569543812 |
TrID: |
|
File name: | 457b22da_by_Libranalysis.exe |
File size: | 973824 |
MD5: | 457b22da77d4db093a31dd80a4b8963f |
SHA1: | 83dc32633108d309f6b6b50a42dc102e7375f54c |
SHA256: | 8dc4c1a88f19df4a3731991e632688147b6132bcb6cffa2dfbef8ee081c6ddae |
SHA512: | 988bc10454baea85766b9af43d51073a155b17c63525795b55984e362b81e2e11717b947ce11c05d010682f8b92f5c73cc3918401b23cbaa44bfe976dec6d45e |
SSDEEP: | 24576:0Fu7fEF8VAJUFZ+MEEcg1B3DBp3LQySL683Olkck:oKeco9gXdBs681c |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T..`..............P.............. ....... ....@.. .......................@............@................................ |
File Icon |
---|
Icon Hash: | c4b2f0f0f0f0b2c4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4f200a |
Entrypoint Section: | |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x609B8954 [Wed May 12 07:52:52 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [004F2000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xb887c | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc4000 | 0x2b910 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xf0000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xf2000 | 0x8 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0xb8000 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
U#j;F_` | 0x2000 | 0xb5830 | 0xb5a00 | False | 1.00031723159 | data | 7.99977911602 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.text | 0xb8000 | 0xbe88 | 0xc000 | False | 0.443664550781 | data | 5.98775061458 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xc4000 | 0x2b910 | 0x2ba00 | False | 0.166323424069 | data | 4.59329432672 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xf0000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0980041756627 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
0xf2000 | 0x10 | 0x200 | False | 0.044921875 | data | 0.142635768149 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xc42e0 | 0x2f94 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0xc7274 | 0x10828 | dBase III DBT, version number 0, next free block index 40 | ||
RT_ICON | 0xd7a9c | 0x94a8 | data | ||
RT_ICON | 0xe0f44 | 0x5488 | data | ||
RT_ICON | 0xe63cc | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 57599, next used block 4278648832 | ||
RT_ICON | 0xea5f4 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xecb9c | 0x10a8 | dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0xedc44 | 0x988 | data | ||
RT_ICON | 0xee5cc | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0xeea34 | 0x84 | data | ||
RT_GROUP_ICON | 0xeeab8 | 0x14 | data | ||
RT_VERSION | 0xeeacc | 0x3dc | data | ||
RT_MANIFEST | 0xeeea8 | 0xa65 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2013 |
Assembly Version | 3.0.0.0 |
InternalName | DynamicPartitionEnumeratorForIndexRangeAbstract.exe |
FileVersion | 3.0.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | ServerManager_Core |
ProductVersion | 3.0.0.0 |
FileDescription | ServerManager_Core |
OriginalFilename | DynamicPartitionEnumeratorForIndexRangeAbstract.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/12/21-12:25:36.062502 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49731 | 80 | 192.168.2.3 | 34.95.69.141 |
05/12/21-12:25:36.062502 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49731 | 80 | 192.168.2.3 | 34.95.69.141 |
05/12/21-12:25:36.062502 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49731 | 80 | 192.168.2.3 | 34.95.69.141 |
05/12/21-12:26:02.702057 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
05/12/21-12:26:02.702057 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
05/12/21-12:26:02.702057 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
05/12/21-12:26:30.319867 | TCP | 2031453 | ET TROJAN FormBook CnC Checkin (GET) | 49746 | 80 | 192.168.2.3 | 184.168.131.241 |
05/12/21-12:26:30.319867 | TCP | 2031449 | ET TROJAN FormBook CnC Checkin (GET) | 49746 | 80 | 192.168.2.3 | 184.168.131.241 |
05/12/21-12:26:30.319867 | TCP | 2031412 | ET TROJAN FormBook CnC Checkin (GET) | 49746 | 80 | 192.168.2.3 | 184.168.131.241 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 12:25:24.196033955 CEST | 49728 | 80 | 192.168.2.3 | 52.128.23.153 |
May 12, 2021 12:25:24.380028963 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.380197048 CEST | 49728 | 80 | 192.168.2.3 | 52.128.23.153 |
May 12, 2021 12:25:24.565099001 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.565185070 CEST | 49728 | 80 | 192.168.2.3 | 52.128.23.153 |
May 12, 2021 12:25:24.747908115 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.747936010 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.747955084 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.747977018 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.747996092 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.748023033 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.748044968 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.748064041 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.748070955 CEST | 49728 | 80 | 192.168.2.3 | 52.128.23.153 |
May 12, 2021 12:25:24.748081923 CEST | 80 | 49728 | 52.128.23.153 | 192.168.2.3 |
May 12, 2021 12:25:24.748102903 CEST | 49728 | 80 | 192.168.2.3 | 52.128.23.153 |
May 12, 2021 12:25:24.748121023 CEST | 49728 | 80 | 192.168.2.3 | 52.128.23.153 |
May 12, 2021 12:25:24.748218060 CEST | 49728 | 80 | 192.168.2.3 | 52.128.23.153 |
May 12, 2021 12:25:30.060600996 CEST | 49730 | 80 | 192.168.2.3 | 202.210.8.86 |
May 12, 2021 12:25:30.334333897 CEST | 80 | 49730 | 202.210.8.86 | 192.168.2.3 |
May 12, 2021 12:25:30.334551096 CEST | 49730 | 80 | 192.168.2.3 | 202.210.8.86 |
May 12, 2021 12:25:30.334672928 CEST | 49730 | 80 | 192.168.2.3 | 202.210.8.86 |
May 12, 2021 12:25:30.608279943 CEST | 80 | 49730 | 202.210.8.86 | 192.168.2.3 |
May 12, 2021 12:25:30.836106062 CEST | 49730 | 80 | 192.168.2.3 | 202.210.8.86 |
May 12, 2021 12:25:31.151423931 CEST | 80 | 49730 | 202.210.8.86 | 192.168.2.3 |
May 12, 2021 12:25:32.124258041 CEST | 80 | 49730 | 202.210.8.86 | 192.168.2.3 |
May 12, 2021 12:25:32.124294996 CEST | 80 | 49730 | 202.210.8.86 | 192.168.2.3 |
May 12, 2021 12:25:32.124427080 CEST | 49730 | 80 | 192.168.2.3 | 202.210.8.86 |
May 12, 2021 12:25:32.126872063 CEST | 49730 | 80 | 192.168.2.3 | 202.210.8.86 |
May 12, 2021 12:25:36.021060944 CEST | 49731 | 80 | 192.168.2.3 | 34.95.69.141 |
May 12, 2021 12:25:36.062160015 CEST | 80 | 49731 | 34.95.69.141 | 192.168.2.3 |
May 12, 2021 12:25:36.062482119 CEST | 49731 | 80 | 192.168.2.3 | 34.95.69.141 |
May 12, 2021 12:25:36.062501907 CEST | 49731 | 80 | 192.168.2.3 | 34.95.69.141 |
May 12, 2021 12:25:36.103591919 CEST | 80 | 49731 | 34.95.69.141 | 192.168.2.3 |
May 12, 2021 12:25:36.103701115 CEST | 80 | 49731 | 34.95.69.141 | 192.168.2.3 |
May 12, 2021 12:25:36.103723049 CEST | 80 | 49731 | 34.95.69.141 | 192.168.2.3 |
May 12, 2021 12:25:36.103907108 CEST | 49731 | 80 | 192.168.2.3 | 34.95.69.141 |
May 12, 2021 12:25:36.104039907 CEST | 49731 | 80 | 192.168.2.3 | 34.95.69.141 |
May 12, 2021 12:25:36.144942999 CEST | 80 | 49731 | 34.95.69.141 | 192.168.2.3 |
May 12, 2021 12:25:46.233526945 CEST | 49738 | 80 | 192.168.2.3 | 81.169.145.162 |
May 12, 2021 12:25:46.276640892 CEST | 80 | 49738 | 81.169.145.162 | 192.168.2.3 |
May 12, 2021 12:25:46.276766062 CEST | 49738 | 80 | 192.168.2.3 | 81.169.145.162 |
May 12, 2021 12:25:46.276973963 CEST | 49738 | 80 | 192.168.2.3 | 81.169.145.162 |
May 12, 2021 12:25:46.319863081 CEST | 80 | 49738 | 81.169.145.162 | 192.168.2.3 |
May 12, 2021 12:25:46.322741985 CEST | 80 | 49738 | 81.169.145.162 | 192.168.2.3 |
May 12, 2021 12:25:46.322768927 CEST | 80 | 49738 | 81.169.145.162 | 192.168.2.3 |
May 12, 2021 12:25:46.322952032 CEST | 49738 | 80 | 192.168.2.3 | 81.169.145.162 |
May 12, 2021 12:25:46.323085070 CEST | 49738 | 80 | 192.168.2.3 | 81.169.145.162 |
May 12, 2021 12:25:46.366920948 CEST | 80 | 49738 | 81.169.145.162 | 192.168.2.3 |
May 12, 2021 12:25:51.537710905 CEST | 49739 | 80 | 192.168.2.3 | 192.232.222.43 |
May 12, 2021 12:25:51.724255085 CEST | 80 | 49739 | 192.232.222.43 | 192.168.2.3 |
May 12, 2021 12:25:51.724494934 CEST | 49739 | 80 | 192.168.2.3 | 192.232.222.43 |
May 12, 2021 12:25:51.724770069 CEST | 49739 | 80 | 192.168.2.3 | 192.232.222.43 |
May 12, 2021 12:25:51.909885883 CEST | 80 | 49739 | 192.232.222.43 | 192.168.2.3 |
May 12, 2021 12:25:52.212724924 CEST | 49739 | 80 | 192.168.2.3 | 192.232.222.43 |
May 12, 2021 12:25:52.438540936 CEST | 80 | 49739 | 192.232.222.43 | 192.168.2.3 |
May 12, 2021 12:25:53.418782949 CEST | 80 | 49739 | 192.232.222.43 | 192.168.2.3 |
May 12, 2021 12:25:53.418852091 CEST | 49739 | 80 | 192.168.2.3 | 192.232.222.43 |
May 12, 2021 12:25:53.419245958 CEST | 80 | 49739 | 192.232.222.43 | 192.168.2.3 |
May 12, 2021 12:25:53.419298887 CEST | 49739 | 80 | 192.168.2.3 | 192.232.222.43 |
May 12, 2021 12:26:02.400471926 CEST | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
May 12, 2021 12:26:02.701750040 CEST | 80 | 49740 | 156.252.96.189 | 192.168.2.3 |
May 12, 2021 12:26:02.701894045 CEST | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
May 12, 2021 12:26:02.702056885 CEST | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
May 12, 2021 12:26:03.004113913 CEST | 80 | 49740 | 156.252.96.189 | 192.168.2.3 |
May 12, 2021 12:26:03.197813988 CEST | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
May 12, 2021 12:26:03.283816099 CEST | 80 | 49740 | 156.252.96.189 | 192.168.2.3 |
May 12, 2021 12:26:03.283859015 CEST | 80 | 49740 | 156.252.96.189 | 192.168.2.3 |
May 12, 2021 12:26:03.284008026 CEST | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
May 12, 2021 12:26:03.285224915 CEST | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
May 12, 2021 12:26:03.500299931 CEST | 80 | 49740 | 156.252.96.189 | 192.168.2.3 |
May 12, 2021 12:26:03.500483036 CEST | 49740 | 80 | 192.168.2.3 | 156.252.96.189 |
May 12, 2021 12:26:08.280189037 CEST | 49741 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:08.492702961 CEST | 80 | 49741 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:08.492861986 CEST | 49741 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:08.493067980 CEST | 49741 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:08.696099997 CEST | 80 | 49741 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:08.756416082 CEST | 80 | 49741 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:08.756465912 CEST | 80 | 49741 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:08.756701946 CEST | 49741 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:08.756794930 CEST | 49741 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:08.959125996 CEST | 80 | 49741 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:13.933931112 CEST | 49744 | 80 | 192.168.2.3 | 64.98.145.30 |
May 12, 2021 12:26:14.072640896 CEST | 80 | 49744 | 64.98.145.30 | 192.168.2.3 |
May 12, 2021 12:26:14.072834015 CEST | 49744 | 80 | 192.168.2.3 | 64.98.145.30 |
May 12, 2021 12:26:14.073214054 CEST | 49744 | 80 | 192.168.2.3 | 64.98.145.30 |
May 12, 2021 12:26:14.211807966 CEST | 80 | 49744 | 64.98.145.30 | 192.168.2.3 |
May 12, 2021 12:26:14.218874931 CEST | 80 | 49744 | 64.98.145.30 | 192.168.2.3 |
May 12, 2021 12:26:14.218928099 CEST | 80 | 49744 | 64.98.145.30 | 192.168.2.3 |
May 12, 2021 12:26:14.219176054 CEST | 49744 | 80 | 192.168.2.3 | 64.98.145.30 |
May 12, 2021 12:26:14.219377995 CEST | 49744 | 80 | 192.168.2.3 | 64.98.145.30 |
May 12, 2021 12:26:30.125844955 CEST | 49746 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:30.319618940 CEST | 80 | 49746 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:30.319713116 CEST | 49746 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:30.319866896 CEST | 49746 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:30.512630939 CEST | 80 | 49746 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:30.541549921 CEST | 80 | 49746 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:30.541579962 CEST | 80 | 49746 | 184.168.131.241 | 192.168.2.3 |
May 12, 2021 12:26:30.541796923 CEST | 49746 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:30.541826963 CEST | 49746 | 80 | 192.168.2.3 | 184.168.131.241 |
May 12, 2021 12:26:30.734571934 CEST | 80 | 49746 | 184.168.131.241 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 12:24:11.490417957 CEST | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:11.539120913 CEST | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:12.578938007 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:12.631120920 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:14.035444975 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:14.084173918 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:15.181551933 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:15.231316090 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:15.543701887 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:15.605519056 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:15.981714010 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:16.033436060 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:17.336888075 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:17.385696888 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:18.181982040 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:18.230753899 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:19.137824059 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:19.189327002 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:20.389323950 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:20.438283920 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:21.650604963 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:21.702214956 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:22.792871952 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:22.842051983 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:24.150654078 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:24.202336073 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:24.988667965 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:25.037595987 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:26.231024981 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:26.281500101 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:27.036566973 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:27.085688114 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:30.414036036 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:30.462858915 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:31.331482887 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:31.382544994 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:32.426213026 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:32.475207090 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:24:44.212776899 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:24:44.275077105 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:01.522687912 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:01.571486950 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:04.099765062 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:04.171396017 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:24.027081966 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:24.189014912 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:27.239752054 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:27.298490047 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:29.761121035 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:30.059087992 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:35.858010054 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:36.019768000 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:40.691852093 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:40.749140978 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:43.211719990 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:43.281693935 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:46.166529894 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:46.232381105 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:51.342669964 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:51.535154104 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:25:57.237812042 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:25:57.300525904 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:26:02.336038113 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:26:02.398396015 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:26:08.219162941 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:26:08.278670073 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:26:11.962909937 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:26:12.037271976 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:26:13.767909050 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:26:13.805685997 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:26:13.867902040 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:26:13.931727886 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:26:19.256853104 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:26:19.358293056 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:26:24.372886896 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:26:24.451124907 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
May 12, 2021 12:26:30.060688972 CEST | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
May 12, 2021 12:26:30.125046015 CEST | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 12, 2021 12:25:24.027081966 CEST | 192.168.2.3 | 8.8.8.8 | 0xa172 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:25:29.761121035 CEST | 192.168.2.3 | 8.8.8.8 | 0x4a6e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:25:35.858010054 CEST | 192.168.2.3 | 8.8.8.8 | 0x66a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:25:46.166529894 CEST | 192.168.2.3 | 8.8.8.8 | 0x2fa3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:25:51.342669964 CEST | 192.168.2.3 | 8.8.8.8 | 0x1f0b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:25:57.237812042 CEST | 192.168.2.3 | 8.8.8.8 | 0x7055 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:26:02.336038113 CEST | 192.168.2.3 | 8.8.8.8 | 0x6182 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:26:08.219162941 CEST | 192.168.2.3 | 8.8.8.8 | 0xb6c6 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:26:13.767909050 CEST | 192.168.2.3 | 8.8.8.8 | 0x609b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:26:19.256853104 CEST | 192.168.2.3 | 8.8.8.8 | 0x3a0c | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:26:24.372886896 CEST | 192.168.2.3 | 8.8.8.8 | 0x2e78 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 12:26:30.060688972 CEST | 192.168.2.3 | 8.8.8.8 | 0xdff9 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 12, 2021 12:25:24.189014912 CEST | 8.8.8.8 | 192.168.2.3 | 0xa172 | No error (0) | 52.128.23.153 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:25:30.059087992 CEST | 8.8.8.8 | 192.168.2.3 | 0x4a6e | No error (0) | 202.210.8.86 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:25:36.019768000 CEST | 8.8.8.8 | 192.168.2.3 | 0x66a3 | No error (0) | 34.95.69.141 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:25:46.232381105 CEST | 8.8.8.8 | 192.168.2.3 | 0x2fa3 | No error (0) | drisu-goalkeeping.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 12:25:46.232381105 CEST | 8.8.8.8 | 192.168.2.3 | 0x2fa3 | No error (0) | 81.169.145.162 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:25:51.535154104 CEST | 8.8.8.8 | 192.168.2.3 | 0x1f0b | No error (0) | rogegalmish.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 12:25:51.535154104 CEST | 8.8.8.8 | 192.168.2.3 | 0x1f0b | No error (0) | 192.232.222.43 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:25:57.300525904 CEST | 8.8.8.8 | 192.168.2.3 | 0x7055 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
May 12, 2021 12:26:02.398396015 CEST | 8.8.8.8 | 192.168.2.3 | 0x6182 | No error (0) | 156.252.96.189 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:26:08.278670073 CEST | 8.8.8.8 | 192.168.2.3 | 0xb6c6 | No error (0) | 4520oceanviewavenue.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 12:26:08.278670073 CEST | 8.8.8.8 | 192.168.2.3 | 0xb6c6 | No error (0) | 184.168.131.241 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:26:13.931727886 CEST | 8.8.8.8 | 192.168.2.3 | 0x609b | No error (0) | 64.98.145.30 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:26:19.358293056 CEST | 8.8.8.8 | 192.168.2.3 | 0x3a0c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
May 12, 2021 12:26:24.451124907 CEST | 8.8.8.8 | 192.168.2.3 | 0x2e78 | No error (0) | home-inland.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 12:26:24.451124907 CEST | 8.8.8.8 | 192.168.2.3 | 0x2e78 | No error (0) | 81.88.52.88 | A (IP address) | IN (0x0001) | ||
May 12, 2021 12:26:30.125046015 CEST | 8.8.8.8 | 192.168.2.3 | 0xdff9 | No error (0) | boostcoachingonline.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 12:26:30.125046015 CEST | 8.8.8.8 | 192.168.2.3 | 0xdff9 | No error (0) | 184.168.131.241 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49728 | 52.128.23.153 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:25:24.565185070 CEST | 1282 | OUT | |
May 12, 2021 12:25:24.747936010 CEST | 1282 | IN | |
May 12, 2021 12:25:24.747955084 CEST | 1284 | IN | |
May 12, 2021 12:25:24.747977018 CEST | 1285 | IN | |
May 12, 2021 12:25:24.747996092 CEST | 1286 | IN | |
May 12, 2021 12:25:24.748023033 CEST | 1288 | IN | |
May 12, 2021 12:25:24.748044968 CEST | 1289 | IN | |
May 12, 2021 12:25:24.748064041 CEST | 1290 | IN | |
May 12, 2021 12:25:24.748081923 CEST | 1291 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49730 | 202.210.8.86 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:25:30.334672928 CEST | 1298 | OUT | |
May 12, 2021 12:25:32.124258041 CEST | 1299 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49731 | 34.95.69.141 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:25:36.062501907 CEST | 1300 | OUT | |
May 12, 2021 12:25:36.103701115 CEST | 1303 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49738 | 81.169.145.162 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:25:46.276973963 CEST | 5546 | OUT | |
May 12, 2021 12:25:46.322741985 CEST | 5547 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.3 | 49739 | 192.232.222.43 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:25:51.724770069 CEST | 5548 | OUT | |
May 12, 2021 12:25:53.418782949 CEST | 5549 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.3 | 49740 | 156.252.96.189 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:26:02.702056885 CEST | 5550 | OUT | |
May 12, 2021 12:26:03.283816099 CEST | 5551 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.3 | 49741 | 184.168.131.241 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:26:08.493067980 CEST | 5552 | OUT | |
May 12, 2021 12:26:08.756416082 CEST | 5553 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.3 | 49744 | 64.98.145.30 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:26:14.073214054 CEST | 5570 | OUT | |
May 12, 2021 12:26:14.218874931 CEST | 5572 | IN | |
May 12, 2021 12:26:14.218928099 CEST | 5572 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.3 | 49746 | 184.168.131.241 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 12:26:30.319866896 CEST | 5588 | OUT | |
May 12, 2021 12:26:30.541549921 CEST | 5589 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:24:19 |
Start date: | 12/05/2021 |
Path: | C:\Users\user\Desktop\457b22da_by_Libranalysis.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x250000 |
File size: | 973824 bytes |
MD5 hash: | 457B22DA77D4DB093A31DD80A4B8963F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:24:28 |
Start date: | 12/05/2021 |
Path: | C:\Users\user\Desktop\457b22da_by_Libranalysis.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd80000 |
File size: | 973824 bytes |
MD5 hash: | 457B22DA77D4DB093A31DD80A4B8963F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 12:24:31 |
Start date: | 12/05/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff714890000 |
File size: | 3933184 bytes |
MD5 hash: | AD5296B280E8F522A8A897C96BAB0E1D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:24:45 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1340000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 12:24:50 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:24:50 |
Start date: | 12/05/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 00C904E1, Relevance: 2.6, Strings: 2, Instructions: 143COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C91577, Relevance: 1.7, APIs: 1, Instructions: 187COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C944A0, Relevance: 1.6, Strings: 1, Instructions: 392COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C94466, Relevance: 1.6, Strings: 1, Instructions: 381COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C91660, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C94590, Relevance: 1.5, Strings: 1, Instructions: 296COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C9B1A8, Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C923B4, Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C976DA, Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C92450, Relevance: .2, Instructions: 207COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C92CC9, Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053EAB38, Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C91881, Relevance: .1, Instructions: 112COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF1FC2, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF1FD0, Relevance: .1, Instructions: 86COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C96C79, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C936B0, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF78E8, Relevance: 1.7, APIs: 1, Instructions: 228COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF9B0C, Relevance: 1.7, APIs: 1, Instructions: 185COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF9B18, Relevance: 1.7, APIs: 1, Instructions: 182COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BFD604, Relevance: 1.6, APIs: 1, Instructions: 126COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BFF676, Relevance: 1.6, APIs: 1, Instructions: 126COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF2AC0, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E6F21, Relevance: 1.6, APIs: 1, Instructions: 109COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF2AC8, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E6F28, Relevance: 1.6, APIs: 1, Instructions: 106COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BFAB74, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C91779, Relevance: 1.6, APIs: 1, Instructions: 97memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C91780, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C99DB0, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053EA188, Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C903C8, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF7AD8, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E6A91, Relevance: 1.6, APIs: 1, Instructions: 74threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E6A98, Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0D01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C0D005, Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BFD7FD, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00BFD7FC, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 053E3F40, Relevance: 1.5, Strings: 1, Instructions: 246COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E3F37, Relevance: 1.5, Strings: 1, Instructions: 238COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E3F32, Relevance: 1.5, Strings: 1, Instructions: 238COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C96820, Relevance: 1.4, Strings: 1, Instructions: 167COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C96830, Relevance: 1.4, Strings: 1, Instructions: 167COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C95210, Relevance: 1.4, Strings: 1, Instructions: 116COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF80D0, Relevance: .5, Instructions: 522COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E5F10, Relevance: .3, Instructions: 291COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E5F68, Relevance: .3, Instructions: 278COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF56C8, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E84C8, Relevance: .2, Instructions: 216COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C9A1B0, Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C95420, Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C95411, Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E8870, Relevance: .2, Instructions: 162COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C95FA0, Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E43E8, Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E43D7, Relevance: .2, Instructions: 156COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C95F91, Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E43E7, Relevance: .2, Instructions: 152COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E2FF0, Relevance: .1, Instructions: 137COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E2F90, Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E2FEF, Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0006, Relevance: .1, Instructions: 115COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C96A99, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C96AA8, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C96600, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00C96610, Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E0040, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E526F, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E5280, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E003F, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BF6FB4, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04BFA9E8, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 053E35F0, Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0041826A, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
C-Code - Quality: 21% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418270, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
C-Code - Quality: 37% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041839A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49memorynativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004182F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019599A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019595D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019598F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019597A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019596E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004088B0, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00407206, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66threadwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004184C3, Relevance: 3.0, APIs: 2, Instructions: 36memoryCOMMON
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418665, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041862A, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418508, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418456, Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004184D0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418510, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418599, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0195967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 019CB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019D1C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
C-Code - Quality: 44% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01923D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
C-Code - Quality: 96% |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01948E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
C-Code - Quality: 44% |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01928794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
C-Code - Quality: 83% |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01927E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
C-Code - Quality: 93% |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019951BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
C-Code - Quality: 77% |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0193B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
C-Code - Quality: 78% |
|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
C-Code - Quality: 80% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01912D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
C-Code - Quality: 63% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
C-Code - Quality: 80% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
C-Code - Quality: 75% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01993540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
C-Code - Quality: 75% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01993884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
C-Code - Quality: 72% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
C-Code - Quality: 33% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01921B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
C-Code - Quality: 72% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0193F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
C-Code - Quality: 100% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019C8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
C-Code - Quality: 71% |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019AFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E5BA5, Relevance: .6, Instructions: 592COMMON
C-Code - Quality: 88% |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01934120, Relevance: .4, Instructions: 444COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019420A0, Relevance: .4, Instructions: 420COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0192D5E0, Relevance: .4, Instructions: 353COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0192849B, Relevance: .3, Instructions: 290COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194513A, Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019403E2, Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191C600, Relevance: .2, Instructions: 225COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019AB8D0, Relevance: .2, Instructions: 199COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019152A5, Relevance: .2, Instructions: 161COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01942AE4, Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0192EF40, Relevance: .1, Instructions: 147COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E740D, Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01942990, Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01944D3B, Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01944BAD, Relevance: .1, Instructions: 131COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01928A0A, Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019969A6, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01953D43, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194A61C, Relevance: .1, Instructions: 106COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0193C182, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01997016, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194A70E, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019461A0, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191AA16, Relevance: .1, Instructions: 93COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01958EC7, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01954A2C, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194E730, Relevance: .1, Instructions: 89COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194BC2C, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01941DB5, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01919100, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01930050, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01996C0A, Relevance: .1, Instructions: 79COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019590AF, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01943B7A, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01996CF0, Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E070D, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01997794, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0193AE73, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194FD9B, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194B390, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01919240, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019A4257, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01942397, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019946A7, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191C962, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019537F5, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194002D, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0192766D, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01919080, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019AC450, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E4015, Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019D14FB, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019D138A, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019158EC, Relevance: .0, Instructions: 47COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0192B02A, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E1074, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFEC0, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CFE3F, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8ED6, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8A62, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191DB60, Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191B1E1, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019AFE87, Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019D131B, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8F6A, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0193C577, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8D34, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019D2073, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0195927A, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8CD6, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0193746D, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01914F2E, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019E8B58, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194A44B, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191F358, Relevance: .0, Instructions: 28COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0192FF60, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019A41E8, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019CD380, Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0194A185, Relevance: .0, Instructions: 20COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019416E0, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019953CA, Relevance: .0, Instructions: 16COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019435A1, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0192AAB0, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0199A537, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191DB40, Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0191AD30, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019436CC, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019276E2, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01933A1C, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01937D50, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01942ACB, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019599D0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019595F0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0195AD30, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959520, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959950, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959560, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019598A0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959820, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0195B040, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0195A3B0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0195A710, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959B00, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959730, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959770, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0195A770, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959760, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959A80, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019596D0, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959610, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959A10, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959650, Relevance: .0, Instructions: 4COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01959670, Relevance: .0, Instructions: 2COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 009081C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009082F0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049899A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049895D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049896D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049896E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04989710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008F7206, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66threadwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00906EE0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00906ED6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 79sleepCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00907003, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009084C3, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 009084D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00908665, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0090862A, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00907010, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00908456, Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008FD407, Relevance: 1.5, APIs: 1, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00908490, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00908630, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 008FD410, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0498967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |