Analysis Report nT5pUwoJSS.dll
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "KujE77ctKyR8x3/dODwZbEsxGmck+FW9384s5u0Kacw8y1gCN+8m2bfjJPovkn+Uzufcdfss+a43eI6oHR1KgWQmvEAO6LK8tJv+Wl7iCBPJP7eef8xKeXht/Mhk1PSj7mHnJ9lcqKMtTteEdSecVvMRtb/WSKVTFfHDva9My7AJ/NbXqHdzCG7znACswLxD", "c2_domain": ["outlook.com/login", "gmail.com", "worunekulo.club", "horunekulo.website"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 4 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_02C84C3B |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 0_2_6D4823A5 | |
Source: | Code function: | 3_2_6D4815F1 | |
Source: | Code function: | 3_2_6D481F14 | |
Source: | Code function: | 3_2_6D4823A5 | |
Source: | Code function: | 3_2_02C81168 | |
Source: | Code function: | 3_2_02C8B2F1 |
Source: | Code function: | 0_2_6D482184 | |
Source: | Code function: | 0_2_6D4B8960 | |
Source: | Code function: | 0_2_6D4C2153 | |
Source: | Code function: | 3_2_6D482184 | |
Source: | Code function: | 3_2_02C8B0CC | |
Source: | Code function: | 3_2_02C8696A | |
Source: | Code function: | 3_2_02C81B6A | |
Source: | Code function: | 3_2_6D4B8960 | |
Source: | Code function: | 3_2_6D4C2153 |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_02C87F56 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_6D4817FA |
Source: | Static PE information: |
Source: | Code function: | 0_2_6D482183 | |
Source: | Code function: | 0_2_6D482129 | |
Source: | Code function: | 0_2_6D492C16 | |
Source: | Code function: | 0_2_6D49434B | |
Source: | Code function: | 0_2_6D4C2774 | |
Source: | Code function: | 0_2_6D4977AB | |
Source: | Code function: | 0_2_6D492FA4 | |
Source: | Code function: | 3_2_6D482183 | |
Source: | Code function: | 3_2_6D482129 | |
Source: | Code function: | 3_2_02C8B0CB | |
Source: | Code function: | 3_2_02C8AD09 | |
Source: | Code function: | 3_2_6D492C16 | |
Source: | Code function: | 3_2_6D49434B | |
Source: | Code function: | 3_2_6D4C2774 | |
Source: | Code function: | 3_2_6D4977AB | |
Source: | Code function: | 3_2_6D492FA4 | |
Source: | Code function: | 4_2_06B3F7E5 |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 3_2_02C84C3B |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6D4C150C |
Source: | Code function: | 0_2_6D4817FA |
Source: | Code function: | 0_2_6D4F5770 | |
Source: | Code function: | 0_2_6D4F56A6 | |
Source: | Code function: | 0_2_6D4F52AD | |
Source: | Code function: | 3_2_6D4F5770 | |
Source: | Code function: | 3_2_6D4F56A6 | |
Source: | Code function: | 3_2_6D4F52AD |
Source: | Code function: | 0_2_6D4C150C | |
Source: | Code function: | 0_2_6D4C636F | |
Source: | Code function: | 0_2_6D4C2F08 | |
Source: | Code function: | 3_2_6D4C150C | |
Source: | Code function: | 3_2_6D4C636F | |
Source: | Code function: | 3_2_6D4C2F08 |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_02C82D6E |
Source: | Code function: | 0_2_6D4C7660 | |
Source: | Code function: | 3_2_6D4C7660 |
Source: | Code function: | 0_2_6D481237 |
Source: | Code function: | 3_2_02C82D6E |
Source: | Code function: | 0_2_6D481CDD |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation1 | Path Interception | Process Injection12 | Masquerading1 | Input Capture1 | System Time Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection12 | LSASS Memory | Security Software Discovery11 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Rundll321 | NTDS | Account Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing1 | LSA Secrets | System Owner/User Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery2 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery23 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | ReversingLabs | Win32.Trojan.Zusy | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
outlook.com | 40.97.153.146 | true | false | high | |
HHN-efz.ms-acdc.office.com | 52.97.233.66 | true | false | high | |
www.outlook.com | unknown | unknown | false | high | |
outlook.office365.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.97.233.66 | HHN-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.101.137.82 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.97.153.146 | outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 412166 |
Start date: | 12.05.2021 |
Start time: | 13:05:21 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | nT5pUwoJSS.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 19 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.troj.winDLL@15/9@3/3 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:07:40 | API Interceptor | |
13:08:01 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
40.97.153.146 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HHN-efz.ms-acdc.office.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
outlook.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12274 |
Entropy (8bit): | 3.760387811626687 |
Encrypted: | false |
SSDEEP: | 192:+5WBNis0oXZHNXwRjed+E/u7sOS274ItWco:Z7iqXJNXwRjeh/u7sOX4ItWco |
MD5: | 65B1A8F8223E4AB018A95B43305BB1C8 |
SHA1: | 48B24682C2E0631A963EB2BEF63ABD6F50ECF4C5 |
SHA-256: | 5C437229DCC881F3B4F37B7BB9B772AADD7AD70D95C1E89E9A451E8C94726565 |
SHA-512: | B8368FBD391A5E5076D6ECE48C7D72A54678CE7804E745C7F734AD7C0D5F9C950C261ACBAD104FCA66DA226B637B0947043A395E90F4CEE78AD4C4F2FC3B4F1A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 59358 |
Entropy (8bit): | 1.9984891529039928 |
Encrypted: | false |
SSDEEP: | 192:fMcuApA1pdJOjc9qElfIpsp6Arg76Sn/kc/XOYAg04xG2OFY+GkxMHhrUlnaOuIq:zrA1pbOiPc7NN/r1xOY+GkxMHYaOuJp |
MD5: | 2DFACEB2A6B8E2DB10FA736DE4498EAC |
SHA1: | 59577B330853D4007FFD428C7A70100F6373F93E |
SHA-256: | DF885B82793B6A37F202AD54154B6CDAC1F386C92701CF861E596B7AC12BAD52 |
SHA-512: | E48799E4955583C38E32D6BB69659B283872CA62DB27C401B8649FC3B6E5378CEBBEFDD65BF57CD53438DC72A10605644F1EB0FCE533D40726D15876ABB98A17 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8290 |
Entropy (8bit): | 3.6921112436173114 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiRjB6dq6YTJ64LZLGgmfTkOS3A+pDB89ba6TsfSmkYm:RrlsNiVB6dq6Y964tagmfTkOS3qa64fs |
MD5: | D2AE7D4FC19E3D3F00CB3BBA18716414 |
SHA1: | F27E57C80022F1AD378735B72957A6A4B05805E4 |
SHA-256: | A73833AD0DB5A85528DAD79B81C85DB2EC216A26CE6E5E54EE4EFAF76ACD3C37 |
SHA-512: | EF0D028A7827972648BC05A27D663712021B1B60ADA68BEE39322953D14959E472A79B7929F6DDFA7CCCD49BB5A064FCEB1EBF41BF1A4DA7FA042F844D27016D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4629 |
Entropy (8bit): | 4.450080143760217 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsLtJgtWI96UWSC8BZ78fm8M4JCds9FK+q8/5CA4SrSMd:uITfLH9NSN/4JgwDWMd |
MD5: | 3A363033BCDA509CC11610F8EAE185F1 |
SHA1: | 78454D6E43EC4DA98F46B02EF181673BCD929E6E |
SHA-256: | E9E57C10B891757381366073C1037A28BD36DB3DAB60F99BEE3D2690BC0107EB |
SHA-512: | 2EEE18A1B383B6EFD63A077EB19D6962376420E14767329925B1C99B8FE4E415A2482D67B9DF1D39FE3FF0744AF5407F6AA97304F6FF5B1CADDB7B3170EB834A |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7680840235180313 |
Encrypted: | false |
SSDEEP: | 192:rwZPZTw22TwzWTwttTwyifTwVJnzMTwLvd6vbBTwuYpB:rgxilQArz0 |
MD5: | F75591F98019D2A0608F3FB097EA2F15 |
SHA1: | 4787CAEFE912FB167C6FEB9FE00EEC553BDEA5FC |
SHA-256: | EB3FC9C41D9193ED4B8409124C88AF54D920E178F2CF2FBF466CA0CEA4C4A534 |
SHA-512: | 8D9EF494C0885A2E3A489E923F8934839E91B90383DD56785E715EECC13F0170C3696DDFFF0200AEC840505CF2EF538A393BDD870573BBC676F7D75D9C781D80 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27392 |
Entropy (8bit): | 1.8524964337535361 |
Encrypted: | false |
SSDEEP: | 192:rHZUQs6Skhjl2pWAM0KIRKDDZBRIRKDDZNKD/A:r5d3L9cYVTCKD5CKDvKDo |
MD5: | 8B7FC14949EEB4934FD6671CDF794B2E |
SHA1: | 258C482B68B3B6141A58274D970E0B6207DB7ED9 |
SHA-256: | 9EC0132700BAA61FE67AFAFF537B02FE5A31E856547FD0D7528964F4AC7EC3B6 |
SHA-512: | E29B09803C09DE623B3BB597AF7A4993B948AEE901871C459E6B2A5F024B15313688FBBAD3F181B042C39DBCDE1B9C3321DCDD67D6E696A60BA2854AC11F9C70 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.488012965147007 |
Encrypted: | false |
SSDEEP: | 3:oVXUXvcXSdH8JOGXnEXvcSeFUUCn:o9UXEXwqEXES |
MD5: | 174BE973E6B0C3BD797883F3212802DF |
SHA1: | 954D60C1360503B14A9E51AB3ACA4BDD2A5C0EB4 |
SHA-256: | C13A06C3F7825D7230CB567F756CDE4F8CADDE35A8FBED07F36E4688E0432EBA |
SHA-512: | 2E197883B6869C97B25DF329FFDB17A3AFAFEADF364613E0DB314B3CCFEC53E74658F36F66B605987E48B8BB53CD63B017242DC22228EC2121E56DA6A4434702 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39681 |
Entropy (8bit): | 0.5798862163096153 |
Encrypted: | false |
SSDEEP: | 192:kBqoxKAuqR+9DhAjxIRKDDZ3IRKDDZjIRKDDZo:kBqoxKAuqR+9DhAjxCKDdCKDRCKD2 |
MD5: | 4B91B3F5A88EEBB6F58712D6DAC44382 |
SHA1: | 3E64372F0900AD52FE1259E702A1F0C2DE8004B0 |
SHA-256: | E2BA9974330571C2AD06972236C49D39DABF23514931341E6CCD45518C3F1AF4 |
SHA-512: | DFE874DEB1728240E12D778A374C521AD84BD7FA013D222665EF5E2032540DDB3333CEF9B722C1FEADC4E8077980F9F915517590A628CBCB0F5B4788CB9EBCFB |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.4074938468026375 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loTwP9loTwP9lWTwkci:kBqoITwQTwuTwO |
MD5: | A7BD0ABE7B8FC7B1D1EADEC39A42E343 |
SHA1: | 83109B9245E2D070D04B32FA123C9D81EC10F66F |
SHA-256: | 51542B6CDC943EB6BE14D54417295C84A4FAF1FE953309D01F82ACAC05E59684 |
SHA-512: | B4B3E3AA2E56352062DDD43124FE1E1E8615C586546498A43346A6A8A27204601F55AA9405F90596767ECDFC2B2845AFE2A2F27CD04EE3953DFF71B1F4DBCE45 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.324538219307157 |
TrID: |
|
File name: | nT5pUwoJSS.dll |
File size: | 478720 |
MD5: | 6fdbd25f7a84da80ee9d8577122c3291 |
SHA1: | 39a52cbc48be934cf953d4699e8a1ea5ff53a5bf |
SHA256: | 4bf6e9d4067cb905631ddf7452ac571c4ed9800c7eb8fc7e51b688e1154f52e3 |
SHA512: | 935e43b18efb458f246523976f6b71655cf5c4465cddc86e5b91a9acc8e5d77f3bc3d2b0414d9e08114f286afd682cb9364193babaec4cd6b6ca871abf5b79de |
SSDEEP: | 12288:4Z31u8+a95+CA9lROexg8P7CbxXTTbWA:4Z31P9wr9lROog8W/ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C...".J.".J.".J...J.".J.pwJ.".J4mrJ.".J.pqJ.".J.pgJ.".J.p`J.".J...J.".J.".J.#.J.pkJ.".J.pvJ.".J.ppJ.".J.puJ.".JRich.".J....... |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1041953 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE |
Time Stamp: | 0x608B79B0 [Fri Apr 30 03:29:52 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | a2f0d616525ae6c643810961c7d4fdfe |
Entrypoint Preview |
---|
Instruction |
---|
mov edi, edi |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007FC9209ACBD7h |
call 00007FC9209B153Ch |
push dword ptr [ebp+08h] |
mov ecx, dword ptr [ebp+10h] |
mov edx, dword ptr [ebp+0Ch] |
call 00007FC9209ACAC1h |
pop ecx |
pop ebp |
retn 000Ch |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
xor ecx, ecx |
cmp eax, dword ptr [01073618h+ecx*8] |
je 00007FC9209ACBE5h |
inc ecx |
cmp ecx, 2Dh |
jc 00007FC9209ACBC3h |
lea ecx, dword ptr [eax-13h] |
cmp ecx, 11h |
jnbe 00007FC9209ACBE0h |
push 0000000Dh |
pop eax |
pop ebp |
ret |
mov eax, dword ptr [0107361Ch+ecx*8] |
pop ebp |
ret |
add eax, FFFFFF44h |
push 0000000Eh |
pop ecx |
cmp ecx, eax |
sbb eax, eax |
and eax, ecx |
add eax, 08h |
pop ebp |
ret |
call 00007FC9209AE4A6h |
test eax, eax |
jne 00007FC9209ACBD8h |
mov eax, 01073780h |
ret |
add eax, 08h |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
mov dword ptr [0108B5ACh], eax |
pop ebp |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push dword ptr [0108B5ACh] |
call 00007FC9209AE2A6h |
pop ecx |
test eax, eax |
je 00007FC9209ACBE1h |
push dword ptr [ebp+08h] |
call eax |
pop ecx |
test eax, eax |
je 00007FC9209ACBD7h |
xor eax, eax |
inc eax |
pop ebp |
ret |
xor eax, eax |
pop ebp |
ret |
mov edi, edi |
push esi |
push edi |
xor esi, esi |
mov edi, 0108B5B8h |
cmp dword ptr [0107378Ch+esi*8], 01h |
jne 00007FC9209ACBF0h |
lea eax, dword ptr [00000088h+esi*8] |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x72630 | 0x6f | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x71e64 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8d000 | 0x3bc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x8e000 | 0x1544 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x49190 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x70c08 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x49000 | 0x15c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4732e | 0x47400 | False | 0.745877878289 | data | 6.57408998047 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x49000 | 0x2969f | 0x29800 | False | 0.65666768637 | data | 5.42368765721 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x73000 | 0x1917c | 0x1400 | False | 0.2435546875 | data | 3.63177828336 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8d000 | 0x3bc | 0x400 | False | 0.4091796875 | data | 3.09285651514 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x8e000 | 0x2588 | 0x2600 | False | 0.456106085526 | data | 4.61056666922 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x8d058 | 0x364 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | QueryPerformanceCounter, GetVolumeInformationW, GetSystemTime, GetModuleHandleW, GetVersionExW, OpenProcess, GetDateFormatW, FindResourceW, LockResource, GetLocalTime, HeapCreate, CreateFileW, HeapFree, HeapCompact, HeapAlloc, VirtualProtectEx, GetCurrentDirectoryW, SetConsoleCP, SetConsoleOutputCP, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, LoadLibraryA, GetLastError, HeapReAlloc, RtlUnwind, GetCurrentThreadId, GetCommandLineA, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, HeapDestroy, VirtualFree, VirtualAlloc, Sleep, GetProcAddress, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, LCMapStringA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, RaiseException, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount |
ole32.dll | CoCreateInstance, CoUninitialize, OleInitialize, OleUninitialize, CoInitialize |
WINSPOOL.DRV | EnumPrintersW, GetPrinterDataW, GetPrinterW, DocumentPropertiesW, OpenPrinterW, ClosePrinter |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Eithernothing | 1 | 0x103a020 |
Order | 2 | 0x1039f40 |
Smileschool | 3 | 0x1039b20 |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Notice sister Corporation. All rights reserved |
InternalName | Slow |
FileVersion | 3.2.1.380 |
CompanyName | Notice sister Corporation |
ProductName | Notice sister Soil read |
Observe | 38 |
ProductVersion | 3.2.1 |
FileDescription | Notice sister Soil read Skinneed |
OriginalFilename | Tail.dll |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 13:07:56.524216890 CEST | 49753 | 80 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.524513006 CEST | 49754 | 80 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.652859926 CEST | 80 | 49753 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:56.653002977 CEST | 49753 | 80 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.653544903 CEST | 80 | 49754 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:56.653630018 CEST | 49754 | 80 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.654592991 CEST | 49753 | 80 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.787769079 CEST | 80 | 49753 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:56.788000107 CEST | 49753 | 80 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.788275957 CEST | 49753 | 80 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.807976961 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.917027950 CEST | 80 | 49753 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:56.939476013 CEST | 443 | 49755 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:56.939598083 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:56.956787109 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:57.088217020 CEST | 443 | 49755 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:57.088253975 CEST | 443 | 49755 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:57.088278055 CEST | 443 | 49755 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:57.088347912 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:57.088407993 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:57.135567904 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:57.141473055 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:57.267406940 CEST | 443 | 49755 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:57.267497063 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:57.273684978 CEST | 443 | 49755 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:57.273825884 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:57.274255991 CEST | 49755 | 443 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:57.340895891 CEST | 49757 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.341072083 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.389771938 CEST | 443 | 49757 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.389811039 CEST | 443 | 49756 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.389878988 CEST | 49757 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.389921904 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.391278028 CEST | 49757 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.392539024 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.404428005 CEST | 443 | 49755 | 40.97.153.146 | 192.168.2.4 |
May 12, 2021 13:07:57.440767050 CEST | 443 | 49757 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.440804958 CEST | 443 | 49757 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.440829992 CEST | 443 | 49757 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.440850973 CEST | 49757 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.440888882 CEST | 49757 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.441837072 CEST | 443 | 49756 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.441859961 CEST | 443 | 49756 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.441878080 CEST | 443 | 49756 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.441922903 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.441966057 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.456420898 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.456739902 CEST | 49757 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.457509995 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.507992983 CEST | 443 | 49757 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.508028984 CEST | 443 | 49756 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.508058071 CEST | 443 | 49756 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.508086920 CEST | 49757 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.508121967 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.510467052 CEST | 443 | 49756 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.510528088 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.511269093 CEST | 49756 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:57.559741020 CEST | 443 | 49756 | 52.97.233.66 | 192.168.2.4 |
May 12, 2021 13:07:57.595808029 CEST | 49758 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.595855951 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.645627022 CEST | 443 | 49759 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.645654917 CEST | 443 | 49758 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.645747900 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.645814896 CEST | 49758 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.649241924 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.650088072 CEST | 49758 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.701133013 CEST | 443 | 49759 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.701167107 CEST | 443 | 49759 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.701189041 CEST | 443 | 49759 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.701257944 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.701292038 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.701807976 CEST | 443 | 49758 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.701838017 CEST | 443 | 49758 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.701862097 CEST | 443 | 49758 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.701891899 CEST | 49758 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.701932907 CEST | 49758 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.715931892 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.716289043 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.720307112 CEST | 49758 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.765304089 CEST | 443 | 49759 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.766113043 CEST | 443 | 49759 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.766210079 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.770592928 CEST | 443 | 49758 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.770699978 CEST | 49758 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.794503927 CEST | 443 | 49759 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.794528008 CEST | 443 | 49759 | 40.101.137.82 | 192.168.2.4 |
May 12, 2021 13:07:57.794564962 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:57.794585943 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:58.988245010 CEST | 49754 | 80 | 192.168.2.4 | 40.97.153.146 |
May 12, 2021 13:07:58.988343954 CEST | 49759 | 443 | 192.168.2.4 | 40.101.137.82 |
May 12, 2021 13:07:58.989630938 CEST | 49757 | 443 | 192.168.2.4 | 52.97.233.66 |
May 12, 2021 13:07:58.989656925 CEST | 49758 | 443 | 192.168.2.4 | 40.101.137.82 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 13:06:00.430233955 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:00.479023933 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:01.537579060 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:01.589147091 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:01.686364889 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:01.749185085 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:02.330004930 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:02.381606102 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:03.079670906 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:03.131386995 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:03.838140965 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:03.890248060 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:05.137980938 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:05.186661959 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:06.116621017 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:06.165359974 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:07.012972116 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:07.064455986 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:06:59.158689022 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:06:59.218735933 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:13.575684071 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:13.624511003 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:33.184400082 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:33.233283997 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:34.089867115 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:34.147365093 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:35.026246071 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:35.086539030 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:35.351069927 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:35.401068926 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:36.008440971 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:36.083830118 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:37.127737045 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:37.176460028 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:38.093313932 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:38.143081903 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:39.032254934 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:39.081478119 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:41.426986933 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:41.476294041 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:42.213614941 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:42.263492107 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:42.913527966 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:42.973959923 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:43.147269964 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:43.198693991 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:44.032737017 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:44.083465099 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:54.982896090 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:55.040282965 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:56.442893982 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:56.493007898 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:57.287398100 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:57.337733984 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:07:57.538420916 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:07:57.587490082 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
May 12, 2021 13:08:01.508614063 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
May 12, 2021 13:08:01.557399988 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 12, 2021 13:07:56.442893982 CEST | 192.168.2.4 | 8.8.8.8 | 0x4465 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 13:07:57.287398100 CEST | 192.168.2.4 | 8.8.8.8 | 0x80a2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 13:07:57.538420916 CEST | 192.168.2.4 | 8.8.8.8 | 0x4050 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 12, 2021 13:07:35.401068926 CEST | 8.8.8.8 | 192.168.2.4 | 0x64b5 | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 13:07:56.493007898 CEST | 8.8.8.8 | 192.168.2.4 | 0x4465 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:56.493007898 CEST | 8.8.8.8 | 192.168.2.4 | 0x4465 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:56.493007898 CEST | 8.8.8.8 | 192.168.2.4 | 0x4465 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:56.493007898 CEST | 8.8.8.8 | 192.168.2.4 | 0x4465 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:56.493007898 CEST | 8.8.8.8 | 192.168.2.4 | 0x4465 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:56.493007898 CEST | 8.8.8.8 | 192.168.2.4 | 0x4465 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:56.493007898 CEST | 8.8.8.8 | 192.168.2.4 | 0x4465 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:56.493007898 CEST | 8.8.8.8 | 192.168.2.4 | 0x4465 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:57.337733984 CEST | 8.8.8.8 | 192.168.2.4 | 0x80a2 | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 13:07:57.337733984 CEST | 8.8.8.8 | 192.168.2.4 | 0x80a2 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 13:07:57.337733984 CEST | 8.8.8.8 | 192.168.2.4 | 0x80a2 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 13:07:57.337733984 CEST | 8.8.8.8 | 192.168.2.4 | 0x80a2 | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 13:07:57.337733984 CEST | 8.8.8.8 | 192.168.2.4 | 0x80a2 | No error (0) | 52.97.233.66 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:57.337733984 CEST | 8.8.8.8 | 192.168.2.4 | 0x80a2 | No error (0) | 40.101.137.98 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:57.337733984 CEST | 8.8.8.8 | 192.168.2.4 | 0x80a2 | No error (0) | 52.98.152.178 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:57.337733984 CEST | 8.8.8.8 | 192.168.2.4 | 0x80a2 | No error (0) | 52.97.233.82 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:57.587490082 CEST | 8.8.8.8 | 192.168.2.4 | 0x4050 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 13:07:57.587490082 CEST | 8.8.8.8 | 192.168.2.4 | 0x4050 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 13:07:57.587490082 CEST | 8.8.8.8 | 192.168.2.4 | 0x4050 | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 13:07:57.587490082 CEST | 8.8.8.8 | 192.168.2.4 | 0x4050 | No error (0) | 40.101.137.82 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:57.587490082 CEST | 8.8.8.8 | 192.168.2.4 | 0x4050 | No error (0) | 52.97.233.98 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:57.587490082 CEST | 8.8.8.8 | 192.168.2.4 | 0x4050 | No error (0) | 40.101.136.18 | A (IP address) | IN (0x0001) | ||
May 12, 2021 13:07:57.587490082 CEST | 8.8.8.8 | 192.168.2.4 | 0x4050 | No error (0) | 52.98.175.18 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49753 | 40.97.153.146 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 12, 2021 13:07:56.654592991 CEST | 1552 | OUT | |
May 12, 2021 13:07:56.787769079 CEST | 1552 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 13:06:05 |
Start date: | 12/05/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x190000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:06:06 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:06:06 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:06:06 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 13:06:10 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:06:14 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:07:51 |
Start date: | 12/05/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xcf0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:07:53 |
Start date: | 12/05/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7fded0000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 13:07:54 |
Start date: | 12/05/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe90000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 6D481237, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4B8960, Relevance: 3.7, Strings: 2, Instructions: 1211COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D481F56, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4810E8, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D48173D, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4BFB70, Relevance: 4.7, APIs: 3, Instructions: 242COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4B7FA0, Relevance: 1.7, APIs: 1, Instructions: 161COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C1BB1, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C30B2, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6D4C150C, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D481CDD, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D482184, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4F52AD, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4F56A6, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4BAA10, Relevance: 19.7, APIs: 13, Instructions: 172COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C4BCB, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C3880, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C0157, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4BDE60, Relevance: 6.3, APIs: 4, Instructions: 282COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4BCE60, Relevance: 6.2, APIs: 4, Instructions: 176COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C1585, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C3FEC, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 02C84C3B, Relevance: 34.7, APIs: 23, Instructions: 222memoryfiletimeCOMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4815F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D481F14, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D481237, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C854DA, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D481F56, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4810E8, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C86BC0, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D48173D, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8579B, Relevance: 4.6, APIs: 3, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C88A1D, Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D481E32, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 90% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C859F9, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C83F0E, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C86456, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4B7FA0, Relevance: 1.7, APIs: 1, Instructions: 161COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8497C, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C1BB1, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4810BC, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C30B2, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D481699, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
C-Code - Quality: 85% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C867C4, Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
C-Code - Quality: 70% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C84B9D, Relevance: 1.3, APIs: 1, Instructions: 43memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C86872, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 92% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C150C, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4BAA10, Relevance: 19.7, APIs: 13, Instructions: 172COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8AD95, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 209libraryCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C84EEC, Relevance: 10.6, APIs: 7, Instructions: 109librarymemoryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C88840, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C4BCB, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C83F60, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C81363, Relevance: 7.6, APIs: 5, Instructions: 83COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C3880, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C85722, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C0157, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C814CE, Relevance: 7.5, APIs: 5, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4BDE60, Relevance: 6.3, APIs: 4, Instructions: 282COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4BCE60, Relevance: 6.2, APIs: 4, Instructions: 176COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C88D85, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C812F8, Relevance: 6.1, APIs: 4, Instructions: 124COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C88634, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C864A0, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 48stringCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D481CDD, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C88AED, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C1585, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6D4C3FEC, Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C8469F, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C88389, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C88FE0, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02C88007, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |