Analysis Report PRODUCT INQUIRY FROM PAKISTAN.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "staffs@globaloffs-site.comyLxCDRZ2smtp.globaloffs-site.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AntiVM_3 | Yara detected AntiVM_3 | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
Click to see the 6 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_2 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_02301718 | |
Source: | Code function: | 0_2_023016D1 | |
Source: | Code function: | 0_2_04946F14 | |
Source: | Code function: | 0_2_0494A948 |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to register a low level keyboard hook | Show sources |
Source: | Code function: | 4_2_01402298 |
Installs a global keyboard hook | Show sources |
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
System Summary: |
---|
.NET source code contains very large array initializations | Show sources |
Source: | Large array initialization: |
PE file contains section with special chars | Show sources |
Source: | Static PE information: |
PE file has nameless sections | Show sources |
Source: | Static PE information: |
Source: | Code function: | 0_2_02303690 | |
Source: | Code function: | 0_2_0230B288 | |
Source: | Code function: | 0_2_02309FD0 | |
Source: | Code function: | 0_2_02302CC0 | |
Source: | Code function: | 0_2_02300538 | |
Source: | Code function: | 0_2_02302520 | |
Source: | Code function: | 0_2_02304578 | |
Source: | Code function: | 0_2_02304A08 | |
Source: | Code function: | 0_2_0230A2A8 | |
Source: | Code function: | 0_2_02303680 | |
Source: | Code function: | 0_2_023066C0 | |
Source: | Code function: | 0_2_02306B50 | |
Source: | Code function: | 0_2_02305431 | |
Source: | Code function: | 0_2_02306010 | |
Source: | Code function: | 0_2_02302478 | |
Source: | Code function: | 0_2_02305440 | |
Source: | Code function: | 0_2_0230A8B0 | |
Source: | Code function: | 0_2_02302CB2 | |
Source: | Code function: | 0_2_02307898 | |
Source: | Code function: | 0_2_02304489 | |
Source: | Code function: | 0_2_023068F8 | |
Source: | Code function: | 0_2_023068E8 | |
Source: | Code function: | 0_2_02306D30 | |
Source: | Code function: | 0_2_02306D20 | |
Source: | Code function: | 0_2_0230052A | |
Source: | Code function: | 0_2_02303158 | |
Source: | Code function: | 0_2_02301948 | |
Source: | Code function: | 0_2_02303149 | |
Source: | Code function: | 0_2_04949261 | |
Source: | Code function: | 0_2_04945628 | |
Source: | Code function: | 0_2_04948030 | |
Source: | Code function: | 0_2_04D59C70 | |
Source: | Code function: | 0_2_04D57DDF | |
Source: | Code function: | 0_2_04D55560 | |
Source: | Code function: | 0_2_04D55E68 | |
Source: | Code function: | 0_2_04D50054 | |
Source: | Code function: | 0_2_04D589D0 | |
Source: | Code function: | 0_2_04D55948 | |
Source: | Code function: | 0_2_04D5D298 | |
Source: | Code function: | 0_2_04D59260 | |
Source: | Code function: | 0_2_04D55230 | |
Source: | Code function: | 0_2_04D533B0 | |
Source: | Code function: | 0_2_04D5CC80 | |
Source: | Code function: | 0_2_04D5CC70 | |
Source: | Code function: | 0_2_04D55551 | |
Source: | Code function: | 0_2_04D5CE91 | |
Source: | Code function: | 0_2_04D5CEA0 | |
Source: | Code function: | 0_2_04D57E51 | |
Source: | Code function: | 0_2_04D55E5B | |
Source: | Code function: | 0_2_04D5C630 | |
Source: | Code function: | 0_2_04D5C621 | |
Source: | Code function: | 0_2_04D55768 | |
Source: | Code function: | 0_2_04D5D098 | |
Source: | Code function: | 0_2_04D5D0A8 | |
Source: | Code function: | 0_2_04D589BB | |
Source: | Code function: | 4_2_00BE51B2 | |
Source: | Code function: | 4_2_012BC768 | |
Source: | Code function: | 4_2_012B5B90 | |
Source: | Code function: | 4_2_012BDA80 | |
Source: | Code function: | 4_2_012B1ECC | |
Source: | Code function: | 4_2_012BA70E | |
Source: | Code function: | 4_2_012BA770 | |
Source: | Code function: | 4_2_012B82D0 | |
Source: | Code function: | 4_2_0140D100 | |
Source: | Code function: | 4_2_0140C118 | |
Source: | Code function: | 4_2_014016E8 | |
Source: | Code function: | 4_2_014B5DC0 | |
Source: | Code function: | 4_2_014B64F8 | |
Source: | Code function: | 4_2_014B57C8 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Data Obfuscation: |
---|
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_000BFFC8 | |
Source: | Code function: | 0_2_02308617 | |
Source: | Code function: | 0_2_02308621 | |
Source: | Code function: | 0_2_04949EA1 | |
Source: | Code function: | 4_2_00BE76F0 | |
Source: | Code function: | 4_2_00BE7A9E | |
Source: | Code function: | 4_2_00BE76AE | |
Source: | Code function: | 4_2_00BE7BFA | |
Source: | Code function: | 4_2_00BE7672 | |
Source: | Code function: | 4_2_00BE7BF4 | |
Source: | Code function: | 4_2_00BE7BD6 | |
Source: | Code function: | 4_2_00BE7672 | |
Source: | Code function: | 4_2_014BB5E9 |
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection: |
---|
Moves itself to temp directory | Show sources |
Source: | File moved: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Yara detected AntiVM3 | Show sources |
Source: | File source: | ||
Source: | File source: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) | Show sources |
Source: | Code function: | 0_2_02301718 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 4_2_012B8D68 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | Path Interception | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | System Information Discovery114 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Deobfuscate/Decode Files or Information1 | Input Capture21 | Query Registry1 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information3 | Credentials in Registry1 | Security Software Discovery321 | SMB/Windows Admin Shares | Email Collection1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Software Packing13 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture21 | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Masquerading11 | LSA Secrets | Virtualization/Sandbox Evasion141 | SSH | Clipboard Data1 | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Virtualization/Sandbox Evasion141 | Cached Domain Credentials | Application Window Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection112 | DCSync | Remote System Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | ByteCode-MSIL.Trojan.AgentTesla | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Spy.Gen8 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
us2.smtp.mailhostbox.com | 208.91.199.224 | true | false | high | |
smtp.globaloffs-site.com | unknown | unknown | true | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
208.91.199.224 | us2.smtp.mailhostbox.com | United States | 394695 | PUBLIC-DOMAIN-REGISTRYUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 412582 |
Start date: | 12.05.2021 |
Start time: | 19:43:13 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | PRODUCT INQUIRY FROM PAKISTAN.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 29 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@3/2@4/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
19:44:14 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
208.91.199.224 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
us2.smtp.mailhostbox.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
PUBLIC-DOMAIN-REGISTRYUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1314 |
Entropy (8bit): | 5.350128552078965 |
Encrypted: | false |
SSDEEP: | 24:ML9E4Ks2f84jE4Kx1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MxHKXfvjHKx1qHiYHKhQnoPtHoxHhAHR |
MD5: | 8198C64CE0786EABD4C792E7E6FC30E5 |
SHA1: | 71E1676126F4616B18C751A0A775B2D64944A15A |
SHA-256: | C58018934011086A883D1D56B21F6C1916B1CD83206ADD1865C9BDD29DADCBC4 |
SHA-512: | EE293C0F88A12AB10041F66DDFAE89BC11AB3B3AAD8604F1A418ABE43DF0980245C3B7F8FEB709AEE8E9474841A280E073EC063045EA39948E853AA6B4EC0FB0 |
Malicious: | true |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 0.6969296358976265 |
Encrypted: | false |
SSDEEP: | 24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBo2+tYeF+X:T5LLOpEO5J/Kn7U1uBo2UYeQ |
MD5: | A9DBC7B8E523ABE3B02D77DBF2FCD645 |
SHA1: | DF5EE16ECF4B3B02E312F935AE81D4C5D2E91CA8 |
SHA-256: | 39B4E45A062DEA6F541C18FA1A15C5C0DB43A59673A26E2EB5B8A4345EE767AE |
SHA-512: | 3CF87455263E395313E779D4F440D8405D86244E04B5F577BB9FA2F4A2069DE019D340F6B2F6EF420DEE3D3DEEFD4B58DA3FCA3BB802DE348E1A810D6379CC3B |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.966739726233845 |
TrID: |
|
File name: | PRODUCT INQUIRY FROM PAKISTAN.exe |
File size: | 852992 |
MD5: | 6efee5c2282e20bafb495451512c5ca7 |
SHA1: | 72d3a5bac34e50b19f4df7ae42f37a950e099e5c |
SHA256: | 860b99eb4a09674fe70d72bb997b2cf38bfc62eb2794a13d623048d5f5b422d2 |
SHA512: | 939f453caaad2cce39923fbd8e087f0d68db727ef2c16dbbd18ab33d9b58d9d1ca45f75e513d45efaa1dada6c7c2d3fa6a94b35b57fa62db52cb31cca7eeb3f0 |
SSDEEP: | 12288:pyO2UHJZ/6hAkXkyKLPPjAY5Ii/4mTX46632n05ZhYq/zYLmvk4FcXac0usx+zFt:NHJohAukyKLPLAxmSYqr5bZuyGSEV |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..`..............P......>.......`...@... ....@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | f2d2e9fcc4ead362 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4d600a |
Entrypoint Section: | |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x609B854F [Wed May 12 07:35:43 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [004D6000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc4914 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xd0000 | 0x34e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xd4000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd6000 | 0x8 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0xc4000 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
tOdw-f5 | 0x2000 | 0xc0430 | 0xc0600 | False | 1.00031854085 | data | 7.99978655824 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.text | 0xc4000 | 0xbf48 | 0xc000 | False | 0.444864908854 | data | 5.99523807789 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0xd0000 | 0x34e8 | 0x3600 | False | 0.361834490741 | data | 5.25644950333 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xd4000 | 0xc | 0x200 | False | 0.044921875 | data | 0.0980041756627 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
0xd6000 | 0x10 | 0x200 | False | 0.044921875 | data | 0.142635768149 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xd0130 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0 | ||
RT_GROUP_ICON | 0xd26d8 | 0x14 | data | ||
RT_VERSION | 0xd26ec | 0x394 | data | ||
RT_MANIFEST | 0xd2a80 | 0xa65 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0000 0x04b0 |
LegalCopyright | Copyright 2013 |
Assembly Version | 3.0.0.0 |
InternalName | SecuritySafeCriticalAttribute.exe |
FileVersion | 3.0.0.0 |
CompanyName | |
LegalTrademarks | |
Comments | |
ProductName | ServerManager_Core |
ProductVersion | 3.0.0.0 |
FileDescription | ServerManager_Core |
OriginalFilename | SecuritySafeCriticalAttribute.exe |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/12/21-19:45:56.368072 | TCP | 2030171 | ET TROJAN AgentTesla Exfil Via SMTP | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
05/12/21-19:45:59.211267 | TCP | 2030171 | ET TROJAN AgentTesla Exfil Via SMTP | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 19:45:54.595738888 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:54.761893988 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:54.766186953 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:55.346564054 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:55.352231979 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:55.516464949 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:55.516491890 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:55.518551111 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:55.686163902 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:55.692404032 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:55.858733892 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:55.860264063 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:56.025664091 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:56.026678085 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:56.197799921 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:56.198604107 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:56.363210917 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:56.368072033 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:56.368257046 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:56.368385077 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:56.368483067 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:56.532382011 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:56.532553911 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:56.588491917 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:56.735131025 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:57.486198902 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:57.651779890 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:57.651809931 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:57.651875019 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:57.657607079 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:57.821738958 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:57.860732079 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:58.025146008 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:58.025234938 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:58.197154999 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:58.197532892 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:58.362965107 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:58.362986088 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:58.363831043 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:58.529488087 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:58.534030914 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:58.700325966 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:58.700753927 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:58.866141081 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:58.866465092 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.039623022 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:59.040100098 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.204902887 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:59.211168051 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.211266994 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.211455107 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.211469889 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.211596012 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.211663961 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.211725950 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.211798906 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
May 12, 2021 19:45:59.375585079 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:59.375674963 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:59.375775099 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:59.375838995 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:59.415575027 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:59.431745052 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 |
May 12, 2021 19:45:59.485426903 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2021 19:43:59.224813938 CEST | 56590 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:43:59.285340071 CEST | 53 | 56590 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:43:59.564558983 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:43:59.616162062 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:00.457453966 CEST | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:00.511548042 CEST | 53 | 53775 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:01.631833076 CEST | 51837 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:01.683595896 CEST | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:02.895919085 CEST | 55411 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:02.944668055 CEST | 53 | 55411 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:05.173396111 CEST | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:05.222266912 CEST | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:06.644130945 CEST | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:06.692852020 CEST | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:08.096457958 CEST | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:08.148211956 CEST | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:10.672255039 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:10.721375942 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:13.107789040 CEST | 58717 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:13.157049894 CEST | 53 | 58717 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:14.273667097 CEST | 59762 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:14.325664043 CEST | 53 | 59762 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:15.160633087 CEST | 54329 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:15.209743977 CEST | 53 | 54329 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:16.304476023 CEST | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:16.365219116 CEST | 53 | 58052 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:17.525924921 CEST | 54008 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:17.583611965 CEST | 53 | 54008 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:18.953445911 CEST | 59451 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:19.002532005 CEST | 53 | 59451 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:19.919316053 CEST | 52914 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:19.968133926 CEST | 53 | 52914 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:20.332041979 CEST | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:20.390768051 CEST | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:21.694616079 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:21.743330002 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:22.995572090 CEST | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:23.044259071 CEST | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:25.013695002 CEST | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:25.074450970 CEST | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:26.464652061 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:26.513268948 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:34.585084915 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:34.650090933 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:45.167170048 CEST | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:45.224750042 CEST | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:44:53.968266010 CEST | 50452 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:44:54.034739017 CEST | 53 | 50452 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:14.893815041 CEST | 59730 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:14.969223022 CEST | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:19.726541996 CEST | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:19.790828943 CEST | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:36.072041035 CEST | 51919 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:36.267502069 CEST | 53 | 51919 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:36.831161976 CEST | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:36.892123938 CEST | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:37.475807905 CEST | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:37.581991911 CEST | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:37.726138115 CEST | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:37.788824081 CEST | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:38.029793978 CEST | 60983 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:38.089878082 CEST | 53 | 60983 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:38.643950939 CEST | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:38.706350088 CEST | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:39.245731115 CEST | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:39.305742979 CEST | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:39.816066980 CEST | 56064 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:39.873152018 CEST | 53 | 56064 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:40.806899071 CEST | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:40.860469103 CEST | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:41.667094946 CEST | 61457 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:41.728502035 CEST | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:42.235435009 CEST | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:42.389705896 CEST | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:53.653337002 CEST | 60599 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:53.710711002 CEST | 53 | 60599 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:54.308971882 CEST | 59571 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:54.498368979 CEST | 53 | 59571 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:54.513879061 CEST | 52689 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:54.575346947 CEST | 53 | 52689 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:55.724800110 CEST | 50290 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:55.799751043 CEST | 53 | 50290 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:57.703577995 CEST | 60427 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:57.763330936 CEST | 53 | 60427 | 8.8.8.8 | 192.168.2.7 |
May 12, 2021 19:45:57.801608086 CEST | 56209 | 53 | 192.168.2.7 | 8.8.8.8 |
May 12, 2021 19:45:57.858694077 CEST | 53 | 56209 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 12, 2021 19:45:54.308971882 CEST | 192.168.2.7 | 8.8.8.8 | 0xd480 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:45:54.513879061 CEST | 192.168.2.7 | 8.8.8.8 | 0x8a60 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:45:57.703577995 CEST | 192.168.2.7 | 8.8.8.8 | 0x1d54 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2021 19:45:57.801608086 CEST | 192.168.2.7 | 8.8.8.8 | 0x9e07 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 12, 2021 19:45:54.498368979 CEST | 8.8.8.8 | 192.168.2.7 | 0xd480 | No error (0) | us2.smtp.mailhostbox.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 19:45:54.498368979 CEST | 8.8.8.8 | 192.168.2.7 | 0xd480 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:54.498368979 CEST | 8.8.8.8 | 192.168.2.7 | 0xd480 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:54.498368979 CEST | 8.8.8.8 | 192.168.2.7 | 0xd480 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:54.498368979 CEST | 8.8.8.8 | 192.168.2.7 | 0xd480 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:54.575346947 CEST | 8.8.8.8 | 192.168.2.7 | 0x8a60 | No error (0) | us2.smtp.mailhostbox.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 19:45:54.575346947 CEST | 8.8.8.8 | 192.168.2.7 | 0x8a60 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:54.575346947 CEST | 8.8.8.8 | 192.168.2.7 | 0x8a60 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:54.575346947 CEST | 8.8.8.8 | 192.168.2.7 | 0x8a60 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:54.575346947 CEST | 8.8.8.8 | 192.168.2.7 | 0x8a60 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:57.763330936 CEST | 8.8.8.8 | 192.168.2.7 | 0x1d54 | No error (0) | us2.smtp.mailhostbox.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 19:45:57.763330936 CEST | 8.8.8.8 | 192.168.2.7 | 0x1d54 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:57.763330936 CEST | 8.8.8.8 | 192.168.2.7 | 0x1d54 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:57.763330936 CEST | 8.8.8.8 | 192.168.2.7 | 0x1d54 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:57.763330936 CEST | 8.8.8.8 | 192.168.2.7 | 0x1d54 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:57.858694077 CEST | 8.8.8.8 | 192.168.2.7 | 0x9e07 | No error (0) | us2.smtp.mailhostbox.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2021 19:45:57.858694077 CEST | 8.8.8.8 | 192.168.2.7 | 0x9e07 | No error (0) | 208.91.199.224 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:57.858694077 CEST | 8.8.8.8 | 192.168.2.7 | 0x9e07 | No error (0) | 208.91.198.143 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:57.858694077 CEST | 8.8.8.8 | 192.168.2.7 | 0x9e07 | No error (0) | 208.91.199.223 | A (IP address) | IN (0x0001) | ||
May 12, 2021 19:45:57.858694077 CEST | 8.8.8.8 | 192.168.2.7 | 0x9e07 | No error (0) | 208.91.199.225 | A (IP address) | IN (0x0001) |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
May 12, 2021 19:45:55.346564054 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 220 us2.outbound.mailhostbox.com ESMTP Postfix |
May 12, 2021 19:45:55.352231979 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 | EHLO 347688 |
May 12, 2021 19:45:55.516491890 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 250-us2.outbound.mailhostbox.com 250-PIPELINING 250-SIZE 41648128 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN |
May 12, 2021 19:45:55.518551111 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 | AUTH login c3RhZmZzQGdsb2JhbG9mZnMtc2l0ZS5jb20= |
May 12, 2021 19:45:55.686163902 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 334 UGFzc3dvcmQ6 |
May 12, 2021 19:45:55.858733892 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 235 2.7.0 Authentication successful |
May 12, 2021 19:45:55.860264063 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 | MAIL FROM:<staffs@globaloffs-site.com> |
May 12, 2021 19:45:56.025664091 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 250 2.1.0 Ok |
May 12, 2021 19:45:56.026678085 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 | RCPT TO:<staffs@globaloffs-site.com> |
May 12, 2021 19:45:56.197799921 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 250 2.1.5 Ok |
May 12, 2021 19:45:56.198604107 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 | DATA |
May 12, 2021 19:45:56.363210917 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 354 End data with <CR><LF>.<CR><LF> |
May 12, 2021 19:45:56.368483067 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 | . |
May 12, 2021 19:45:56.588491917 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 250 2.0.0 Ok: queued as 203341C1AF1 |
May 12, 2021 19:45:57.486198902 CEST | 49745 | 587 | 192.168.2.7 | 208.91.199.224 | QUIT |
May 12, 2021 19:45:57.651779890 CEST | 587 | 49745 | 208.91.199.224 | 192.168.2.7 | 221 2.0.0 Bye |
May 12, 2021 19:45:58.197154999 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 | 220 us2.outbound.mailhostbox.com ESMTP Postfix |
May 12, 2021 19:45:58.197532892 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 | EHLO 347688 |
May 12, 2021 19:45:58.362986088 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 | 250-us2.outbound.mailhostbox.com 250-PIPELINING 250-SIZE 41648128 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN |
May 12, 2021 19:45:58.363831043 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 | AUTH login c3RhZmZzQGdsb2JhbG9mZnMtc2l0ZS5jb20= |
May 12, 2021 19:45:58.529488087 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 | 334 UGFzc3dvcmQ6 |
May 12, 2021 19:45:58.700325966 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 | 235 2.7.0 Authentication successful |
May 12, 2021 19:45:58.700753927 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 | MAIL FROM:<staffs@globaloffs-site.com> |
May 12, 2021 19:45:58.866141081 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 | 250 2.1.0 Ok |
May 12, 2021 19:45:58.866465092 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 | RCPT TO:<staffs@globaloffs-site.com> |
May 12, 2021 19:45:59.039623022 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 | 250 2.1.5 Ok |
May 12, 2021 19:45:59.040100098 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 | DATA |
May 12, 2021 19:45:59.204902887 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 | 354 End data with <CR><LF>.<CR><LF> |
May 12, 2021 19:45:59.211798906 CEST | 49747 | 587 | 192.168.2.7 | 208.91.199.224 | . |
May 12, 2021 19:45:59.431745052 CEST | 587 | 49747 | 208.91.199.224 | 192.168.2.7 | 250 2.0.0 Ok: queued as EDB881C2A04 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 19:44:05 |
Start date: | 12/05/2021 |
Path: | C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x10000 |
File size: | 852992 bytes |
MD5 hash: | 6EFEE5C2282E20BAFB495451512C5CA7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 19:44:15 |
Start date: | 12/05/2021 |
Path: | C:\Users\user\Desktop\PRODUCT INQUIRY FROM PAKISTAN.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb20000 |
File size: | 852992 bytes |
MD5 hash: | 6EFEE5C2282E20BAFB495451512C5CA7 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 02304578, Relevance: 4.0, Strings: 3, Instructions: 296COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0230B288, Relevance: 4.0, Strings: 3, Instructions: 272COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02309FD0, Relevance: 3.9, Strings: 3, Instructions: 175COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D55230, Relevance: 2.7, Strings: 2, Instructions: 218COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02304489, Relevance: 1.6, Strings: 1, Instructions: 390COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023016D1, Relevance: 1.6, APIs: 1, Instructions: 120COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02301718, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02302478, Relevance: 1.5, Strings: 1, Instructions: 266COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D589BB, Relevance: 1.5, Strings: 1, Instructions: 211COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D589D0, Relevance: 1.5, Strings: 1, Instructions: 207COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02302520, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D59260, Relevance: 1.4, Strings: 1, Instructions: 151COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02300538, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0230052A, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D533B0, Relevance: .9, Instructions: 880COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D55768, Relevance: .4, Instructions: 438COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D50054, Relevance: .3, Instructions: 344COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04949261, Relevance: .3, Instructions: 328COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D55E68, Relevance: .3, Instructions: 301COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D55E5B, Relevance: .3, Instructions: 299COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D55948, Relevance: .3, Instructions: 298COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D55560, Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D55551, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02302CB2, Relevance: .1, Instructions: 145COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02302CC0, Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D57DDF, Relevance: .1, Instructions: 123COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D59C70, Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02303690, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5D298, Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D57E51, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02303680, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049427E9, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 125threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 049427F8, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D54D98, Relevance: 2.6, Strings: 2, Instructions: 118COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D54DEB, Relevance: 2.6, Strings: 2, Instructions: 79COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0494D530, Relevance: 1.8, APIs: 1, Instructions: 316COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D51FB1, Relevance: 1.7, Strings: 1, Instructions: 489COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04947848, Relevance: 1.7, APIs: 1, Instructions: 227COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04949A6C, Relevance: 1.7, APIs: 1, Instructions: 189COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04949A78, Relevance: 1.7, APIs: 1, Instructions: 182COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0494F5D6, Relevance: 1.7, APIs: 1, Instructions: 161COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0494D564, Relevance: 1.6, APIs: 1, Instructions: 126COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04942A18, Relevance: 1.6, APIs: 1, Instructions: 112COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04942A20, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0494AAD4, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02301838, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02309EC0, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023003E1, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04947A38, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D513B8, Relevance: .7, Instructions: 701COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D54238, Relevance: .5, Instructions: 516COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D50618, Relevance: .5, Instructions: 472COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D50BF8, Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5362B, Relevance: .1, Instructions: 120COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D50E90, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D59479, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D50EA0, Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D59488, Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D57C43, Relevance: .1, Instructions: 78COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D595B1, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5B169, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D52590, Relevance: .1, Instructions: 70COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D52689, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5B288, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D55180, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D53F08, Relevance: .0, Instructions: 44COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5A2B2, Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D57E0F, Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D58636, Relevance: .0, Instructions: 23COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D51E20, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5A752, Relevance: .0, Instructions: 17COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D57E20, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02305440, Relevance: 2.7, Strings: 2, Instructions: 180COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02305431, Relevance: 2.7, Strings: 2, Instructions: 178COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02303158, Relevance: 1.4, Strings: 1, Instructions: 165COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02303149, Relevance: 1.4, Strings: 1, Instructions: 163COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023068F8, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023068E8, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04948030, Relevance: .5, Instructions: 527COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04945628, Relevance: .3, Instructions: 265COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0230A2A8, Relevance: .2, Instructions: 223COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02306010, Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5C630, Relevance: .2, Instructions: 160COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5C621, Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5CE91, Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5CEA0, Relevance: .1, Instructions: 143COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5D098, Relevance: .1, Instructions: 118COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02307898, Relevance: .1, Instructions: 116COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5D0A8, Relevance: .1, Instructions: 114COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023066C0, Relevance: .1, Instructions: 113COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5CC70, Relevance: .1, Instructions: 110COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02304A08, Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02306B50, Relevance: .1, Instructions: 108COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04D5CC80, Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0494A948, Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 04946F14, Relevance: .1, Instructions: 88COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0230A8B0, Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02301948, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02306D30, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02306D20, Relevance: .1, Instructions: 71COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01402298, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014B0A70, Relevance: 9.7, APIs: 4, Strings: 1, Instructions: 984libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01401308, Relevance: 1.6, APIs: 1, Instructions: 132COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 01402778, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014013D8, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014CD01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014CD006, Relevance: .1, Instructions: 62COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|